################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2024-11-22 11:14:06 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.153.1.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299357/; classtype:trojan-activity;sid:84162457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.249.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299356/; classtype:trojan-activity;sid:84162456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299355/; classtype:trojan-activity;sid:84162455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.35.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299354/; classtype:trojan-activity;sid:84162454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.162.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299353/; classtype:trojan-activity;sid:84162453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.180.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299351/; classtype:trojan-activity;sid:84162451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.255.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299352/; classtype:trojan-activity;sid:84162452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299350/; classtype:trojan-activity;sid:84162450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.240.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299349/; classtype:trojan-activity;sid:84162449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.242.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299348/; classtype:trojan-activity;sid:84162448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.189.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299347/; classtype:trojan-activity;sid:84162447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.240.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299346/; classtype:trojan-activity;sid:84162446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.70.80.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299345/; classtype:trojan-activity;sid:84162445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.161.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299344/; classtype:trojan-activity;sid:84162444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.12.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299343/; classtype:trojan-activity;sid:84162443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.180.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299342/; classtype:trojan-activity;sid:84162442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.59.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299341/; classtype:trojan-activity;sid:84162441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299340/; classtype:trojan-activity;sid:84162440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.126.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299338/; classtype:trojan-activity;sid:84162438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.125.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299339/; classtype:trojan-activity;sid:84162439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299337/; classtype:trojan-activity;sid:84162437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.10.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299336/; classtype:trojan-activity;sid:84162436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.190.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299335/; classtype:trojan-activity;sid:84162435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.136.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299334/; classtype:trojan-activity;sid:84162434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/account/rolex_file.zip"; depth:23; endswith; nocase; http.host; content:"treinamento.convenio.to.gov.br"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299333/; classtype:trojan-activity;sid:84162433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.232.13.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299332/; classtype:trojan-activity;sid:84162432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299331/; classtype:trojan-activity;sid:84162431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.101.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299329/; classtype:trojan-activity;sid:84162429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.21.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299330/; classtype:trojan-activity;sid:84162430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.240.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299328/; classtype:trojan-activity;sid:84162428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299327/; classtype:trojan-activity;sid:84162427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.10.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299326/; classtype:trojan-activity;sid:84162426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.82.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299325/; classtype:trojan-activity;sid:84162425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.130.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299324/; classtype:trojan-activity;sid:84162424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.105.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299323/; classtype:trojan-activity;sid:84162423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299322/; classtype:trojan-activity;sid:84162422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.153.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299321/; classtype:trojan-activity;sid:84162421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.26.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299319/; classtype:trojan-activity;sid:84162419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.120.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299320/; classtype:trojan-activity;sid:84162420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.217.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299317/; classtype:trojan-activity;sid:84162417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.12.40"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299318/; classtype:trojan-activity;sid:84162418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.85.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299316/; classtype:trojan-activity;sid:84162416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.95.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299315/; classtype:trojan-activity;sid:84162415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.207.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299313/; classtype:trojan-activity;sid:84162413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.165.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299314/; classtype:trojan-activity;sid:84162414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299312/; classtype:trojan-activity;sid:84162412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.242.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299311/; classtype:trojan-activity;sid:84162411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299310/; classtype:trojan-activity;sid:84162410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299309/; classtype:trojan-activity;sid:84162409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.137.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299308/; classtype:trojan-activity;sid:84162408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.3.27.240"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299306/; classtype:trojan-activity;sid:84162406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.93.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299307/; classtype:trojan-activity;sid:84162407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299305/; classtype:trojan-activity;sid:84162405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.202.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299304/; classtype:trojan-activity;sid:84162404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.255.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299303/; classtype:trojan-activity;sid:84162403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.43.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299302/; classtype:trojan-activity;sid:84162402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.228.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299300/; classtype:trojan-activity;sid:84162400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.141.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299301/; classtype:trojan-activity;sid:84162401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.136.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299299/; classtype:trojan-activity;sid:84162399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.191.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299298/; classtype:trojan-activity;sid:84162398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.165.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299297/; classtype:trojan-activity;sid:84162397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.10.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299295/; classtype:trojan-activity;sid:84162395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.137.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299294/; classtype:trojan-activity;sid:84162394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.111.17.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299293/; classtype:trojan-activity;sid:84162393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.212.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299292/; classtype:trojan-activity;sid:84162392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.68.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299291/; classtype:trojan-activity;sid:84162391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.141.32.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299290/; classtype:trojan-activity;sid:84162390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299289/; classtype:trojan-activity;sid:84162389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.128.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299286/; classtype:trojan-activity;sid:84162386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.105.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299287/; classtype:trojan-activity;sid:84162387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.207.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299285/; classtype:trojan-activity;sid:84162385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.43.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299284/; classtype:trojan-activity;sid:84162384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.130.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299282/; classtype:trojan-activity;sid:84162382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.191.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299281/; classtype:trojan-activity;sid:84162381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.184.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299280/; classtype:trojan-activity;sid:84162380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.207.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299279/; classtype:trojan-activity;sid:84162379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.219.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299278/; classtype:trojan-activity;sid:84162378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk003.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299276/; classtype:trojan-activity;sid:84162376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk002.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299277/; classtype:trojan-activity;sid:84162377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk004.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299275/; classtype:trojan-activity;sid:84162375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk007.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299274/; classtype:trojan-activity;sid:84162374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk006.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299269/; classtype:trojan-activity;sid:84162369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk005.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299270/; classtype:trojan-activity;sid:84162370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk001.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299271/; classtype:trojan-activity;sid:84162371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk009.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299272/; classtype:trojan-activity;sid:84162372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk010.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299273/; classtype:trojan-activity;sid:84162373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/apk008.apk"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299268/; classtype:trojan-activity;sid:84162368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.40.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299267/; classtype:trojan-activity;sid:84162367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.170.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299265/; classtype:trojan-activity;sid:84162365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"90.84.234.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299264/; classtype:trojan-activity;sid:84162364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.81.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299263/; classtype:trojan-activity;sid:84162363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.1.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299262/; classtype:trojan-activity;sid:84162362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.155.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299261/; classtype:trojan-activity;sid:84162361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.116.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299260/; classtype:trojan-activity;sid:84162360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.213.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299257/; classtype:trojan-activity;sid:84162357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.34.203.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299256/; classtype:trojan-activity;sid:84162356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.29.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299255/; classtype:trojan-activity;sid:84162355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.88.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299254/; classtype:trojan-activity;sid:84162354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299253/; classtype:trojan-activity;sid:84162353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.117.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299251/; classtype:trojan-activity;sid:84162351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.128.244.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299252/; classtype:trojan-activity;sid:84162352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.113.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299250/; classtype:trojan-activity;sid:84162350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.120.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299249/; classtype:trojan-activity;sid:84162349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.208.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299248/; classtype:trojan-activity;sid:84162348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.207.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299246/; classtype:trojan-activity;sid:84162346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.180.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299247/; classtype:trojan-activity;sid:84162347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.74.159.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299244/; classtype:trojan-activity;sid:84162344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.127.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299243/; classtype:trojan-activity;sid:84162343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.25.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299242/; classtype:trojan-activity;sid:84162342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.247.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299240/; classtype:trojan-activity;sid:84162340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.88.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299241/; classtype:trojan-activity;sid:84162341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.82.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299239/; classtype:trojan-activity;sid:84162339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.78.8.24"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299238/; classtype:trojan-activity;sid:84162338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.204.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299237/; classtype:trojan-activity;sid:84162337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.180.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299236/; classtype:trojan-activity;sid:84162336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299234/; classtype:trojan-activity;sid:84162334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.235.51.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299232/; classtype:trojan-activity;sid:84162332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.161.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299231/; classtype:trojan-activity;sid:84162331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.82.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299230/; classtype:trojan-activity;sid:84162330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.78.8.24"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299229/; classtype:trojan-activity;sid:84162329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.164.43.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299228/; classtype:trojan-activity;sid:84162328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.164.43.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299227/; classtype:trojan-activity;sid:84162327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.78.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299225/; classtype:trojan-activity;sid:84162325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.247.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299226/; classtype:trojan-activity;sid:84162326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.216.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299224/; classtype:trojan-activity;sid:84162324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.240.66.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299223/; classtype:trojan-activity;sid:84162323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.185.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299222/; classtype:trojan-activity;sid:84162322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.49.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299221/; classtype:trojan-activity;sid:84162321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.65.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299219/; classtype:trojan-activity;sid:84162319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.126.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299218/; classtype:trojan-activity;sid:84162318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.74.159.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299217/; classtype:trojan-activity;sid:84162317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.102.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299216/; classtype:trojan-activity;sid:84162316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.78.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299215/; classtype:trojan-activity;sid:84162315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299214/; classtype:trojan-activity;sid:84162314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.100.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299212/; classtype:trojan-activity;sid:84162312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.227.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299208/; classtype:trojan-activity;sid:84162308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.65.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299207/; classtype:trojan-activity;sid:84162307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.104.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299206/; classtype:trojan-activity;sid:84162306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.22.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299204/; classtype:trojan-activity;sid:84162304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.100.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299203/; classtype:trojan-activity;sid:84162303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299201/; classtype:trojan-activity;sid:84162301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.8.14"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299198/; classtype:trojan-activity;sid:84162298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.125.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299195/; classtype:trojan-activity;sid:84162295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.112.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299196/; classtype:trojan-activity;sid:84162296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.236.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299194/; classtype:trojan-activity;sid:84162294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.199.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299193/; classtype:trojan-activity;sid:84162293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.181.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299192/; classtype:trojan-activity;sid:84162292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.88.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299191/; classtype:trojan-activity;sid:84162291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.235.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299189/; classtype:trojan-activity;sid:84162289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.111.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299188/; classtype:trojan-activity;sid:84162288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.104.220.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299185/; classtype:trojan-activity;sid:84162285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.39.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299184/; classtype:trojan-activity;sid:84162284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.181.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299182/; classtype:trojan-activity;sid:84162282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.207.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299180/; classtype:trojan-activity;sid:84162280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.210.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299181/; classtype:trojan-activity;sid:84162281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.62.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299179/; classtype:trojan-activity;sid:84162279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.93.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299177/; classtype:trojan-activity;sid:84162277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"157.211.68.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299176/; classtype:trojan-activity;sid:84162276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.58.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299173/; classtype:trojan-activity;sid:84162273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.44.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299171/; classtype:trojan-activity;sid:84162271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299170/; classtype:trojan-activity;sid:84162270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.24.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299169/; classtype:trojan-activity;sid:84162269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.14.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299166/; classtype:trojan-activity;sid:84162266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.26.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299167/; classtype:trojan-activity;sid:84162267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.1.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299168/; classtype:trojan-activity;sid:84162268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.235.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299164/; classtype:trojan-activity;sid:84162264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299163/; classtype:trojan-activity;sid:84162263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.133.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299160/; classtype:trojan-activity;sid:84162260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.62.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299159/; classtype:trojan-activity;sid:84162259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.148.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299158/; classtype:trojan-activity;sid:84162258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.93.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299156/; classtype:trojan-activity;sid:84162256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.72.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299155/; classtype:trojan-activity;sid:84162255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.44.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299153/; classtype:trojan-activity;sid:84162253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.1.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299154/; classtype:trojan-activity;sid:84162254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.75.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299152/; classtype:trojan-activity;sid:84162252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.26.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299150/; classtype:trojan-activity;sid:84162250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.209.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299149/; classtype:trojan-activity;sid:84162249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.22.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299148/; classtype:trojan-activity;sid:84162248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.18.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299147/; classtype:trojan-activity;sid:84162247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.107.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299145/; classtype:trojan-activity;sid:84162245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.116.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299146/; classtype:trojan-activity;sid:84162246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.147.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299138/; classtype:trojan-activity;sid:84162238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.72.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299136/; classtype:trojan-activity;sid:84162236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.202.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299137/; classtype:trojan-activity;sid:84162237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.20.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299134/; classtype:trojan-activity;sid:84162234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.201.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299129/; classtype:trojan-activity;sid:84162229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.123.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299126/; classtype:trojan-activity;sid:84162226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.29.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299127/; classtype:trojan-activity;sid:84162227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.77.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299125/; classtype:trojan-activity;sid:84162225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.23.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299124/; classtype:trojan-activity;sid:84162224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.109.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299122/; classtype:trojan-activity;sid:84162222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.176.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299121/; classtype:trojan-activity;sid:84162221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.147.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299120/; classtype:trojan-activity;sid:84162220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.20.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299119/; classtype:trojan-activity;sid:84162219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.241.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299118/; classtype:trojan-activity;sid:84162218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299114/; classtype:trojan-activity;sid:84162214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.118.133.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299113/; classtype:trojan-activity;sid:84162213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.159.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299111/; classtype:trojan-activity;sid:84162211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.123.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299110/; classtype:trojan-activity;sid:84162210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.176.223.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299108/; classtype:trojan-activity;sid:84162208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299106/; classtype:trojan-activity;sid:84162206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299107/; classtype:trojan-activity;sid:84162207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.8.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299102/; classtype:trojan-activity;sid:84162202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.107.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299101/; classtype:trojan-activity;sid:84162201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.100.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299099/; classtype:trojan-activity;sid:84162199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"173.26.99.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299098/; classtype:trojan-activity;sid:84162198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.159.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299096/; classtype:trojan-activity;sid:84162196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299095/; classtype:trojan-activity;sid:84162195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.85.33.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299094/; classtype:trojan-activity;sid:84162194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.192.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299092/; classtype:trojan-activity;sid:84162192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.23.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299091/; classtype:trojan-activity;sid:84162191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.75.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299090/; classtype:trojan-activity;sid:84162190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299087/; classtype:trojan-activity;sid:84162187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.175.206.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299086/; classtype:trojan-activity;sid:84162186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.192.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299085/; classtype:trojan-activity;sid:84162185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.49.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299081/; classtype:trojan-activity;sid:84162181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.37.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299079/; classtype:trojan-activity;sid:84162179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.24.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299076/; classtype:trojan-activity;sid:84162176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.185.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299075/; classtype:trojan-activity;sid:84162175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.166.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299072/; classtype:trojan-activity;sid:84162172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.146.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299070/; classtype:trojan-activity;sid:84162170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.180.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299071/; classtype:trojan-activity;sid:84162171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.54.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299068/; classtype:trojan-activity;sid:84162168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.62.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299062/; classtype:trojan-activity;sid:84162162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.88.238.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299063/; classtype:trojan-activity;sid:84162163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.247.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299058/; classtype:trojan-activity;sid:84162158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.192.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299059/; classtype:trojan-activity;sid:84162159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"157.211.68.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299054/; classtype:trojan-activity;sid:84162154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.166.231.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299053/; classtype:trojan-activity;sid:84162153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.238.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299046/; classtype:trojan-activity;sid:84162146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.134.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299047/; classtype:trojan-activity;sid:84162147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.221.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299045/; classtype:trojan-activity;sid:84162145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.250.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299044/; classtype:trojan-activity;sid:84162144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.213.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299043/; classtype:trojan-activity;sid:84162143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.26.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299040/; classtype:trojan-activity;sid:84162140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.63.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299039/; classtype:trojan-activity;sid:84162139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.209.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299035/; classtype:trojan-activity;sid:84162135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.56.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299036/; classtype:trojan-activity;sid:84162136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299034/; classtype:trojan-activity;sid:84162134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.40.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299033/; classtype:trojan-activity;sid:84162133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.250.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299031/; classtype:trojan-activity;sid:84162131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.43.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299028/; classtype:trojan-activity;sid:84162128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"42.119.213.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299025/; classtype:trojan-activity;sid:84162125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.53.31.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299024/; classtype:trojan-activity;sid:84162124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299022/; classtype:trojan-activity;sid:84162122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.47.207.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299020/; classtype:trojan-activity;sid:84162120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.106.243.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299019/; classtype:trojan-activity;sid:84162119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.26.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299018/; classtype:trojan-activity;sid:84162118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.24.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299014/; classtype:trojan-activity;sid:84162114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.124.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299012/; classtype:trojan-activity;sid:84162112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.59.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299011/; classtype:trojan-activity;sid:84162111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.74.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299010/; classtype:trojan-activity;sid:84162110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.106.243.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299008/; classtype:trojan-activity;sid:84162108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.12.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299006/; classtype:trojan-activity;sid:84162106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.197.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299001/; classtype:trojan-activity;sid:84162101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.127.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298995/; classtype:trojan-activity;sid:84162095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.22.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298994/; classtype:trojan-activity;sid:84162094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.234.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298990/; classtype:trojan-activity;sid:84162090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.1.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298986/; classtype:trojan-activity;sid:84162086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.133.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298983/; classtype:trojan-activity;sid:84162083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.208.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298984/; classtype:trojan-activity;sid:84162084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.81.111.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298985/; classtype:trojan-activity;sid:84162085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.249.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298982/; classtype:trojan-activity;sid:84162082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.12.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298981/; classtype:trojan-activity;sid:84162081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.197.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298978/; classtype:trojan-activity;sid:84162078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.231.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298979/; classtype:trojan-activity;sid:84162079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.215.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298973/; classtype:trojan-activity;sid:84162073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.224.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298970/; classtype:trojan-activity;sid:84162070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.7.73"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298969/; classtype:trojan-activity;sid:84162069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298964/; classtype:trojan-activity;sid:84162064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.110.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298963/; classtype:trojan-activity;sid:84162063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.207.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298962/; classtype:trojan-activity;sid:84162062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.171.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298959/; classtype:trojan-activity;sid:84162059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.19.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298958/; classtype:trojan-activity;sid:84162058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.221.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298956/; classtype:trojan-activity;sid:84162056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.120.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298954/; classtype:trojan-activity;sid:84162054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.58.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298955/; classtype:trojan-activity;sid:84162055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.142.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298952/; classtype:trojan-activity;sid:84162052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.247.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298948/; classtype:trojan-activity;sid:84162048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.157.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298947/; classtype:trojan-activity;sid:84162047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.82.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298943/; classtype:trojan-activity;sid:84162043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.142.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298942/; classtype:trojan-activity;sid:84162042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.213.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298940/; classtype:trojan-activity;sid:84162040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.19.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298939/; classtype:trojan-activity;sid:84162039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.57.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298936/; classtype:trojan-activity;sid:84162036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.44.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298935/; classtype:trojan-activity;sid:84162035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298934/; classtype:trojan-activity;sid:84162034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.1.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298932/; classtype:trojan-activity;sid:84162032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.127.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298930/; classtype:trojan-activity;sid:84162030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.29.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298928/; classtype:trojan-activity;sid:84162028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.29.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298923/; classtype:trojan-activity;sid:84162023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.112.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298924/; classtype:trojan-activity;sid:84162024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.47.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298925/; classtype:trojan-activity;sid:84162025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.237.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298922/; classtype:trojan-activity;sid:84162022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.101.91.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298921/; classtype:trojan-activity;sid:84162021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.49.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298920/; classtype:trojan-activity;sid:84162020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.31.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298919/; classtype:trojan-activity;sid:84162019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.65.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298917/; classtype:trojan-activity;sid:84162017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.104.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298916/; classtype:trojan-activity;sid:84162016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.112.30.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298915/; classtype:trojan-activity;sid:84162015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.44.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298914/; classtype:trojan-activity;sid:84162014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.237.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298911/; classtype:trojan-activity;sid:84162011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.196.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298910/; classtype:trojan-activity;sid:84162010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.196.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298907/; classtype:trojan-activity;sid:84162007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.191.234.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298905/; classtype:trojan-activity;sid:84162005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.152.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298906/; classtype:trojan-activity;sid:84162006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.213.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298901/; classtype:trojan-activity;sid:84162001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.219.45.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298902/; classtype:trojan-activity;sid:84162002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.126.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298900/; classtype:trojan-activity;sid:84162000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.1.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298898/; classtype:trojan-activity;sid:84161998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298884/; classtype:trojan-activity;sid:84161984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.237.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298883/; classtype:trojan-activity;sid:84161983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.220.155.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298882/; classtype:trojan-activity;sid:84161982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.101.91.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298877/; classtype:trojan-activity;sid:84161977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.51.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298876/; classtype:trojan-activity;sid:84161976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.20.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298871/; classtype:trojan-activity;sid:84161971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.242.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298867/; classtype:trojan-activity;sid:84161967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.210.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298865/; classtype:trojan-activity;sid:84161965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.140.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298863/; classtype:trojan-activity;sid:84161963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.127.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298859/; classtype:trojan-activity;sid:84161959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298858/; classtype:trojan-activity;sid:84161958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.127.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298857/; classtype:trojan-activity;sid:84161957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.16.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298856/; classtype:trojan-activity;sid:84161956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.126.92.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298854/; classtype:trojan-activity;sid:84161954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.51.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298852/; classtype:trojan-activity;sid:84161952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.89.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298848/; classtype:trojan-activity;sid:84161948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.145.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298847/; classtype:trojan-activity;sid:84161947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.88.238.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3298845/; classtype:trojan-activity;sid:84161945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.164.66.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298843/; classtype:trojan-activity;sid:84161943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.56.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298842/; classtype:trojan-activity;sid:84161942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.15.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298841/; classtype:trojan-activity;sid:84161941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.9.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298840/; classtype:trojan-activity;sid:84161940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.228.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298839/; classtype:trojan-activity;sid:84161939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298838/; classtype:trojan-activity;sid:84161938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.197.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298837/; classtype:trojan-activity;sid:84161937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.42.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298836/; classtype:trojan-activity;sid:84161936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.17.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298835/; classtype:trojan-activity;sid:84161935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298834/; classtype:trojan-activity;sid:84161934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.78.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298833/; classtype:trojan-activity;sid:84161933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298832/; classtype:trojan-activity;sid:84161932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.78.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298829/; classtype:trojan-activity;sid:84161929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.238.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298830/; classtype:trojan-activity;sid:84161930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.20.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298831/; classtype:trojan-activity;sid:84161931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.52.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298828/; classtype:trojan-activity;sid:84161928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.96.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298827/; classtype:trojan-activity;sid:84161927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.126.92.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298826/; classtype:trojan-activity;sid:84161926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.123.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298825/; classtype:trojan-activity;sid:84161925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298824/; classtype:trojan-activity;sid:84161924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.235.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298823/; classtype:trojan-activity;sid:84161923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298822/; classtype:trojan-activity;sid:84161922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.118.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298821/; classtype:trojan-activity;sid:84161921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.49.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298820/; classtype:trojan-activity;sid:84161920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.43.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298819/; classtype:trojan-activity;sid:84161919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.135.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298817/; classtype:trojan-activity;sid:84161917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.15.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298818/; classtype:trojan-activity;sid:84161918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.31.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298816/; classtype:trojan-activity;sid:84161916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.216.197.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298815/; classtype:trojan-activity;sid:84161915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298814/; classtype:trojan-activity;sid:84161914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298813/; classtype:trojan-activity;sid:84161913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.235.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298811/; classtype:trojan-activity;sid:84161911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.228.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298812/; classtype:trojan-activity;sid:84161912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.40.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298809/; classtype:trojan-activity;sid:84161909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.37.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298810/; classtype:trojan-activity;sid:84161910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.78.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298808/; classtype:trojan-activity;sid:84161908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.47.238.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298807/; classtype:trojan-activity;sid:84161907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.198.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298806/; classtype:trojan-activity;sid:84161906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.140.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298805/; classtype:trojan-activity;sid:84161905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.97.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298804/; classtype:trojan-activity;sid:84161904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298803/; classtype:trojan-activity;sid:84161903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.228.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298802/; classtype:trojan-activity;sid:84161902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.43.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298800/; classtype:trojan-activity;sid:84161900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298801/; classtype:trojan-activity;sid:84161901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.49.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298799/; classtype:trojan-activity;sid:84161899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298798/; classtype:trojan-activity;sid:84161898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.96.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298797/; classtype:trojan-activity;sid:84161897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.237.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298796/; classtype:trojan-activity;sid:84161896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.233.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298795/; classtype:trojan-activity;sid:84161895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.31.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298794/; classtype:trojan-activity;sid:84161894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.181.158.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298793/; classtype:trojan-activity;sid:84161893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.81.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298792/; classtype:trojan-activity;sid:84161892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.34.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298791/; classtype:trojan-activity;sid:84161891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.15.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298790/; classtype:trojan-activity;sid:84161890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.209.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298789/; classtype:trojan-activity;sid:84161889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.1.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298788/; classtype:trojan-activity;sid:84161888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.221.45.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298787/; classtype:trojan-activity;sid:84161887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.59.0.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298786/; classtype:trojan-activity;sid:84161886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.10.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298784/; classtype:trojan-activity;sid:84161884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.225.242.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298785/; classtype:trojan-activity;sid:84161885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298783/; classtype:trojan-activity;sid:84161883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.3.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298782/; classtype:trojan-activity;sid:84161882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.215.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298781/; classtype:trojan-activity;sid:84161881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.83.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298780/; classtype:trojan-activity;sid:84161880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.97.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298779/; classtype:trojan-activity;sid:84161879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.251.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298778/; classtype:trojan-activity;sid:84161878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298777/; classtype:trojan-activity;sid:84161877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.215.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298776/; classtype:trojan-activity;sid:84161876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.181.158.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298775/; classtype:trojan-activity;sid:84161875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.96.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298774/; classtype:trojan-activity;sid:84161874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.228.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298773/; classtype:trojan-activity;sid:84161873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.145.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298772/; classtype:trojan-activity;sid:84161872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.8.14"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298771/; classtype:trojan-activity;sid:84161871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298770/; classtype:trojan-activity;sid:84161870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.15.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298769/; classtype:trojan-activity;sid:84161869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.221.45.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298768/; classtype:trojan-activity;sid:84161868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.209.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298766/; classtype:trojan-activity;sid:84161866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.30.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298767/; classtype:trojan-activity;sid:84161867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.208.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298765/; classtype:trojan-activity;sid:84161865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298764/; classtype:trojan-activity;sid:84161864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.135.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298763/; classtype:trojan-activity;sid:84161863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.249.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298762/; classtype:trojan-activity;sid:84161862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.65.63.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298761/; classtype:trojan-activity;sid:84161861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.83.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298760/; classtype:trojan-activity;sid:84161860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/xxx.zip"; depth:13; endswith; nocase; http.host; content:"swaceapp.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298759/; classtype:trojan-activity;sid:84161859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/xxx.zip"; depth:13; endswith; nocase; http.host; content:"jaipurraj.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298758/; classtype:trojan-activity;sid:84161858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.25.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298757/; classtype:trojan-activity;sid:84161857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.113.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298756/; classtype:trojan-activity;sid:84161856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.255.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298755/; classtype:trojan-activity;sid:84161855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.251.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298754/; classtype:trojan-activity;sid:84161854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/samat.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298753/; classtype:trojan-activity;sid:84161853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298752/; classtype:trojan-activity;sid:84161852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.29.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298751/; classtype:trojan-activity;sid:84161851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298749/; classtype:trojan-activity;sid:84161849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.208.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298750/; classtype:trojan-activity;sid:84161850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.38.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298748/; classtype:trojan-activity;sid:84161848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.162.39.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298742/; classtype:trojan-activity;sid:84161842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298743/; classtype:trojan-activity;sid:84161843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298744/; classtype:trojan-activity;sid:84161844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298745/; classtype:trojan-activity;sid:84161845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298746/; classtype:trojan-activity;sid:84161846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298747/; classtype:trojan-activity;sid:84161847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.197.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298741/; classtype:trojan-activity;sid:84161841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.240.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298740/; classtype:trojan-activity;sid:84161840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.29.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298739/; classtype:trojan-activity;sid:84161839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.113.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298738/; classtype:trojan-activity;sid:84161838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.9.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298737/; classtype:trojan-activity;sid:84161837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.240.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298736/; classtype:trojan-activity;sid:84161836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.mpsl"; depth:18; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298733/; classtype:trojan-activity;sid:84161833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.m68k"; depth:18; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298734/; classtype:trojan-activity;sid:84161834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.spc"; depth:17; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298735/; classtype:trojan-activity;sid:84161835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.255.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298732/; classtype:trojan-activity;sid:84161832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.mips"; depth:18; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298729/; classtype:trojan-activity;sid:84161829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm6"; depth:18; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298730/; classtype:trojan-activity;sid:84161830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.63.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298731/; classtype:trojan-activity;sid:84161831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.sh4"; depth:17; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298725/; classtype:trojan-activity;sid:84161825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm"; depth:17; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298726/; classtype:trojan-activity;sid:84161826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.x86"; depth:17; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298727/; classtype:trojan-activity;sid:84161827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.ppc"; depth:17; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298728/; classtype:trojan-activity;sid:84161828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm7"; depth:18; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298723/; classtype:trojan-activity;sid:84161823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm5"; depth:18; endswith; nocase; http.host; content:"68-168-213-230.cprapid.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298724/; classtype:trojan-activity;sid:84161824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298710/; classtype:trojan-activity;sid:84161810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298711/; classtype:trojan-activity;sid:84161811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298712/; classtype:trojan-activity;sid:84161812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298713/; classtype:trojan-activity;sid:84161813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298714/; classtype:trojan-activity;sid:84161814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298715/; classtype:trojan-activity;sid:84161815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298716/; classtype:trojan-activity;sid:84161816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwhdbg"; depth:7; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298717/; classtype:trojan-activity;sid:84161817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298718/; classtype:trojan-activity;sid:84161818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298719/; classtype:trojan-activity;sid:84161819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298720/; classtype:trojan-activity;sid:84161820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298721/; classtype:trojan-activity;sid:84161821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298722/; classtype:trojan-activity;sid:84161822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298707/; classtype:trojan-activity;sid:84161807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298708/; classtype:trojan-activity;sid:84161808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwkjebwi686"; depth:12; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298709/; classtype:trojan-activity;sid:84161809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.106.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298706/; classtype:trojan-activity;sid:84161806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.128.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298705/; classtype:trojan-activity;sid:84161805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.122.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298704/; classtype:trojan-activity;sid:84161804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298697/; classtype:trojan-activity;sid:84161797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298698/; classtype:trojan-activity;sid:84161798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298699/; classtype:trojan-activity;sid:84161799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298700/; classtype:trojan-activity;sid:84161800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298701/; classtype:trojan-activity;sid:84161801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298702/; classtype:trojan-activity;sid:84161802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298703/; classtype:trojan-activity;sid:84161803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298696/; classtype:trojan-activity;sid:84161796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5"; depth:3; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298665/; classtype:trojan-activity;sid:84161765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298666/; classtype:trojan-activity;sid:84161766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298667/; classtype:trojan-activity;sid:84161767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298668/; classtype:trojan-activity;sid:84161768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298669/; classtype:trojan-activity;sid:84161769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298670/; classtype:trojan-activity;sid:84161770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298671/; classtype:trojan-activity;sid:84161771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298672/; classtype:trojan-activity;sid:84161772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass.sh"; depth:8; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298673/; classtype:trojan-activity;sid:84161773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.sh"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298674/; classtype:trojan-activity;sid:84161774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298675/; classtype:trojan-activity;sid:84161775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298676/; classtype:trojan-activity;sid:84161776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298677/; classtype:trojan-activity;sid:84161777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298678/; classtype:trojan-activity;sid:84161778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdt"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298679/; classtype:trojan-activity;sid:84161779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298680/; classtype:trojan-activity;sid:84161780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink"; depth:7; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298681/; classtype:trojan-activity;sid:84161781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298682/; classtype:trojan-activity;sid:84161782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298683/; classtype:trojan-activity;sid:84161783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/create.py"; depth:10; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298684/; classtype:trojan-activity;sid:84161784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298685/; classtype:trojan-activity;sid:84161785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298686/; classtype:trojan-activity;sid:84161786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asd"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298687/; classtype:trojan-activity;sid:84161787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz"; depth:3; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298688/; classtype:trojan-activity;sid:84161788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298689/; classtype:trojan-activity;sid:84161789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298690/; classtype:trojan-activity;sid:84161790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc"; depth:3; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298691/; classtype:trojan-activity;sid:84161791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mag"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298692/; classtype:trojan-activity;sid:84161792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298693/; classtype:trojan-activity;sid:84161793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298694/; classtype:trojan-activity;sid:84161794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298695/; classtype:trojan-activity;sid:84161795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298664/; classtype:trojan-activity;sid:84161764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.38.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298663/; classtype:trojan-activity;sid:84161763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298660/; classtype:trojan-activity;sid:84161760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298661/; classtype:trojan-activity;sid:84161761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298662/; classtype:trojan-activity;sid:84161762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.mpsl"; depth:18; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298658/; classtype:trojan-activity;sid:84161758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.mips"; depth:18; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298659/; classtype:trojan-activity;sid:84161759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.x86"; depth:17; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298656/; classtype:trojan-activity;sid:84161756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.m68k"; depth:18; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298657/; classtype:trojan-activity;sid:84161757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm7"; depth:18; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298654/; classtype:trojan-activity;sid:84161754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm6"; depth:18; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298655/; classtype:trojan-activity;sid:84161755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.spc"; depth:17; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298642/; classtype:trojan-activity;sid:84161742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.ppc"; depth:17; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298643/; classtype:trojan-activity;sid:84161743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm6"; depth:18; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298644/; classtype:trojan-activity;sid:84161744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm5"; depth:18; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298645/; classtype:trojan-activity;sid:84161745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm7"; depth:18; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298646/; classtype:trojan-activity;sid:84161746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.mips"; depth:18; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298647/; classtype:trojan-activity;sid:84161747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm"; depth:17; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298648/; classtype:trojan-activity;sid:84161748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.mpsl"; depth:18; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298649/; classtype:trojan-activity;sid:84161749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.sh4"; depth:17; endswith; nocase; http.host; content:"68.168.213.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298650/; classtype:trojan-activity;sid:84161750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.sh4"; depth:17; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298651/; classtype:trojan-activity;sid:84161751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm"; depth:17; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298652/; classtype:trojan-activity;sid:84161752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.arm5"; depth:18; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298653/; classtype:trojan-activity;sid:84161753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.ppc"; depth:17; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298640/; classtype:trojan-activity;sid:84161740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.spc"; depth:17; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298641/; classtype:trojan-activity;sid:84161741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.9.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298637/; classtype:trojan-activity;sid:84161737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.x86"; depth:17; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298638/; classtype:trojan-activity;sid:84161738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/anarchy.m68k"; depth:18; endswith; nocase; http.host; content:"test.destinyalertapp.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298639/; classtype:trojan-activity;sid:84161739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298636/; classtype:trojan-activity;sid:84161736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.39.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298635/; classtype:trojan-activity;sid:84161735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.210.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298632/; classtype:trojan-activity;sid:84161732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.82.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298633/; classtype:trojan-activity;sid:84161733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.29.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298634/; classtype:trojan-activity;sid:84161734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_133.exe"; depth:15; endswith; nocase; http.host; content:"casacoimbramaputo.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298631/; classtype:trojan-activity;sid:84161731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.217.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298630/; classtype:trojan-activity;sid:84161730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.163.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298629/; classtype:trojan-activity;sid:84161729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.160.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298627/; classtype:trojan-activity;sid:84161727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.36.106.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298628/; classtype:trojan-activity;sid:84161728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.226.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298626/; classtype:trojan-activity;sid:84161726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.178.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298625/; classtype:trojan-activity;sid:84161725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.23.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298624/; classtype:trojan-activity;sid:84161724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.143.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298623/; classtype:trojan-activity;sid:84161723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.186.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298622/; classtype:trojan-activity;sid:84161722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298621/; classtype:trojan-activity;sid:84161721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.77.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298620/; classtype:trojan-activity;sid:84161720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.4.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298619/; classtype:trojan-activity;sid:84161719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"173.26.99.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298618/; classtype:trojan-activity;sid:84161718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.135.1"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298617/; classtype:trojan-activity;sid:84161717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.21.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298616/; classtype:trojan-activity;sid:84161716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samat.exe"; depth:10; endswith; nocase; http.host; content:"thedotmediagroup.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298615/; classtype:trojan-activity;sid:84161715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.186.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298614/; classtype:trojan-activity;sid:84161714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.18.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298613/; classtype:trojan-activity;sid:84161713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298612/; classtype:trojan-activity;sid:84161712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.139.178.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298611/; classtype:trojan-activity;sid:84161711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.47.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298610/; classtype:trojan-activity;sid:84161710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298609/; classtype:trojan-activity;sid:84161709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.232.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298608/; classtype:trojan-activity;sid:84161708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.207.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298607/; classtype:trojan-activity;sid:84161707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.131.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298606/; classtype:trojan-activity;sid:84161706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.178.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298605/; classtype:trojan-activity;sid:84161705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.106.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298603/; classtype:trojan-activity;sid:84161703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.4.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298604/; classtype:trojan-activity;sid:84161704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.183.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298602/; classtype:trojan-activity;sid:84161702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.226.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298601/; classtype:trojan-activity;sid:84161701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.162.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298600/; classtype:trojan-activity;sid:84161700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.245.39.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298599/; classtype:trojan-activity;sid:84161699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.152.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298598/; classtype:trojan-activity;sid:84161698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.239.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298597/; classtype:trojan-activity;sid:84161697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.245.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298594/; classtype:trojan-activity;sid:84161694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.220.47.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298595/; classtype:trojan-activity;sid:84161695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.240.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298596/; classtype:trojan-activity;sid:84161696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298593/; classtype:trojan-activity;sid:84161693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.77.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298592/; classtype:trojan-activity;sid:84161692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.182.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298591/; classtype:trojan-activity;sid:84161691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"geui.cases.pcohenlaw.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298590/; classtype:trojan-activity;sid:84161690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"jbfrh.staff.plenarykcg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298589/; classtype:trojan-activity;sid:84161689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.135.1"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298588/; classtype:trojan-activity;sid:84161688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.208.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298587/; classtype:trojan-activity;sid:84161687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.72.19.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298585/; classtype:trojan-activity;sid:84161685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.184.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298586/; classtype:trojan-activity;sid:84161686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.21.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298584/; classtype:trojan-activity;sid:84161684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.122.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298583/; classtype:trojan-activity;sid:84161683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.232.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298582/; classtype:trojan-activity;sid:84161682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.148.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298580/; classtype:trojan-activity;sid:84161680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.131.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298581/; classtype:trojan-activity;sid:84161681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.34.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298579/; classtype:trojan-activity;sid:84161679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.43.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298578/; classtype:trojan-activity;sid:84161678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.60.255.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298577/; classtype:trojan-activity;sid:84161677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.112.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298576/; classtype:trojan-activity;sid:84161676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.95.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298575/; classtype:trojan-activity;sid:84161675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.159.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298574/; classtype:trojan-activity;sid:84161674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.26.81.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298573/; classtype:trojan-activity;sid:84161673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.3.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298572/; classtype:trojan-activity;sid:84161672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.247.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298571/; classtype:trojan-activity;sid:84161671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.37.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298570/; classtype:trojan-activity;sid:84161670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.248.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298569/; classtype:trojan-activity;sid:84161669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.93.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298568/; classtype:trojan-activity;sid:84161668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298567/; classtype:trojan-activity;sid:84161667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.25.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298566/; classtype:trojan-activity;sid:84161666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"154.216.17.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298565/; classtype:trojan-activity;sid:84161665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.122.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298564/; classtype:trojan-activity;sid:84161664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.247.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298563/; classtype:trojan-activity;sid:84161663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.192.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298562/; classtype:trojan-activity;sid:84161662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.161.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298561/; classtype:trojan-activity;sid:84161661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.107.25.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298560/; classtype:trojan-activity;sid:84161660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298558/; classtype:trojan-activity;sid:84161658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.188.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298559/; classtype:trojan-activity;sid:84161659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.219.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298555/; classtype:trojan-activity;sid:84161655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.247.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298556/; classtype:trojan-activity;sid:84161656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.56.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298557/; classtype:trojan-activity;sid:84161657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.208.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298554/; classtype:trojan-activity;sid:84161654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.166.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298553/; classtype:trojan-activity;sid:84161653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.29.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298552/; classtype:trojan-activity;sid:84161652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298551/; classtype:trojan-activity;sid:84161651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.209.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298550/; classtype:trojan-activity;sid:84161650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298548/; classtype:trojan-activity;sid:84161648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298549/; classtype:trojan-activity;sid:84161649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298547/; classtype:trojan-activity;sid:84161647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298546/; classtype:trojan-activity;sid:84161646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298545/; classtype:trojan-activity;sid:84161645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.161.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298542/; classtype:trojan-activity;sid:84161642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.96.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298543/; classtype:trojan-activity;sid:84161643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.91.205.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298544/; classtype:trojan-activity;sid:84161644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.188.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298541/; classtype:trojan-activity;sid:84161641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.35.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298540/; classtype:trojan-activity;sid:84161640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298538/; classtype:trojan-activity;sid:84161638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.10.73.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298539/; classtype:trojan-activity;sid:84161639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.235.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298537/; classtype:trojan-activity;sid:84161637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.208.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298536/; classtype:trojan-activity;sid:84161636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.198.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298535/; classtype:trojan-activity;sid:84161635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.163.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298534/; classtype:trojan-activity;sid:84161634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.168.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298533/; classtype:trojan-activity;sid:84161633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.247.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298532/; classtype:trojan-activity;sid:84161632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.54.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298531/; classtype:trojan-activity;sid:84161631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.134.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298530/; classtype:trojan-activity;sid:84161630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.9.238"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298529/; classtype:trojan-activity;sid:84161629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298528/; classtype:trojan-activity;sid:84161628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.209.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298527/; classtype:trojan-activity;sid:84161627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.111.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298526/; classtype:trojan-activity;sid:84161626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.60.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298525/; classtype:trojan-activity;sid:84161625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.219.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298522/; classtype:trojan-activity;sid:84161622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.23.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298523/; classtype:trojan-activity;sid:84161623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.121.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298524/; classtype:trojan-activity;sid:84161624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.54.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298521/; classtype:trojan-activity;sid:84161621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.237.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298520/; classtype:trojan-activity;sid:84161620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.91.205.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298519/; classtype:trojan-activity;sid:84161619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.39.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298517/; classtype:trojan-activity;sid:84161617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.exe"; depth:9; endswith; nocase; http.host; content:"176.113.115.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298518/; classtype:trojan-activity;sid:84161618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.190.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298516/; classtype:trojan-activity;sid:84161616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.163.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298515/; classtype:trojan-activity;sid:84161615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298513/; classtype:trojan-activity;sid:84161613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.70.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298514/; classtype:trojan-activity;sid:84161614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/funnyjellyfish.exe"; depth:25; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298512/; classtype:trojan-activity;sid:84161612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.207.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298511/; classtype:trojan-activity;sid:84161611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.197.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298510/; classtype:trojan-activity;sid:84161610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.164.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298509/; classtype:trojan-activity;sid:84161609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.77.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298508/; classtype:trojan-activity;sid:84161608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.15.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298507/; classtype:trojan-activity;sid:84161607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.39.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298506/; classtype:trojan-activity;sid:84161606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.33.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298505/; classtype:trojan-activity;sid:84161605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.54.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298504/; classtype:trojan-activity;sid:84161604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298503/; classtype:trojan-activity;sid:84161603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.24.236"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298502/; classtype:trojan-activity;sid:84161602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.160.170.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298501/; classtype:trojan-activity;sid:84161601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.29.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298500/; classtype:trojan-activity;sid:84161600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.160.170.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298499/; classtype:trojan-activity;sid:84161599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.183.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298498/; classtype:trojan-activity;sid:84161598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.190.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298497/; classtype:trojan-activity;sid:84161597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.93.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298496/; classtype:trojan-activity;sid:84161596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.118.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298495/; classtype:trojan-activity;sid:84161595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.207.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298494/; classtype:trojan-activity;sid:84161594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.68.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298493/; classtype:trojan-activity;sid:84161593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.25.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298492/; classtype:trojan-activity;sid:84161592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.197.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298491/; classtype:trojan-activity;sid:84161591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298489/; classtype:trojan-activity;sid:84161589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.154.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298490/; classtype:trojan-activity;sid:84161590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.120.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298488/; classtype:trojan-activity;sid:84161588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.221.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298487/; classtype:trojan-activity;sid:84161587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.244.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298486/; classtype:trojan-activity;sid:84161586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.29.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298485/; classtype:trojan-activity;sid:84161585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.207.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298484/; classtype:trojan-activity;sid:84161584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.68.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298483/; classtype:trojan-activity;sid:84161583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.56.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298482/; classtype:trojan-activity;sid:84161582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298481/; classtype:trojan-activity;sid:84161581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298480/; classtype:trojan-activity;sid:84161580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.88.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298479/; classtype:trojan-activity;sid:84161579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.132.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298478/; classtype:trojan-activity;sid:84161578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.221.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298477/; classtype:trojan-activity;sid:84161577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.148.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298475/; classtype:trojan-activity;sid:84161575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.220.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298476/; classtype:trojan-activity;sid:84161576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.25.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298474/; classtype:trojan-activity;sid:84161574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.52.121.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298473/; classtype:trojan-activity;sid:84161573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.235.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298471/; classtype:trojan-activity;sid:84161571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.109.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298472/; classtype:trojan-activity;sid:84161572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.91.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298470/; classtype:trojan-activity;sid:84161570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298469/; classtype:trojan-activity;sid:84161569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.74.13.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298468/; classtype:trojan-activity;sid:84161568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298467/; classtype:trojan-activity;sid:84161567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.77.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298466/; classtype:trojan-activity;sid:84161566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.238.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298465/; classtype:trojan-activity;sid:84161565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.60.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298464/; classtype:trojan-activity;sid:84161564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.81.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298463/; classtype:trojan-activity;sid:84161563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.234.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298462/; classtype:trojan-activity;sid:84161562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.235.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298460/; classtype:trojan-activity;sid:84161560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.52.121.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298461/; classtype:trojan-activity;sid:84161561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.114.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298457/; classtype:trojan-activity;sid:84161557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.207.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298458/; classtype:trojan-activity;sid:84161558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.48.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298459/; classtype:trojan-activity;sid:84161559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.124.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298456/; classtype:trojan-activity;sid:84161556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.148.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298455/; classtype:trojan-activity;sid:84161555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.22.217.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298454/; classtype:trojan-activity;sid:84161554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.202.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298453/; classtype:trojan-activity;sid:84161553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.245.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298452/; classtype:trojan-activity;sid:84161552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.33.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298451/; classtype:trojan-activity;sid:84161551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.3.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298450/; classtype:trojan-activity;sid:84161550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.60.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298449/; classtype:trojan-activity;sid:84161549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298448/; classtype:trojan-activity;sid:84161548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.42.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298447/; classtype:trojan-activity;sid:84161547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.241.49.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298446/; classtype:trojan-activity;sid:84161546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298445/; classtype:trojan-activity;sid:84161545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.81.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298442/; classtype:trojan-activity;sid:84161542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298443/; classtype:trojan-activity;sid:84161543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.21.60.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298444/; classtype:trojan-activity;sid:84161544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.157.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298441/; classtype:trojan-activity;sid:84161541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.33.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298440/; classtype:trojan-activity;sid:84161540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.210.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298439/; classtype:trojan-activity;sid:84161539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.32.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298438/; classtype:trojan-activity;sid:84161538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.242.164.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298437/; classtype:trojan-activity;sid:84161537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.217.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298436/; classtype:trojan-activity;sid:84161536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.150.179.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298434/; classtype:trojan-activity;sid:84161534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298435/; classtype:trojan-activity;sid:84161535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298433/; classtype:trojan-activity;sid:84161533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.157.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298432/; classtype:trojan-activity;sid:84161532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.42.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298431/; classtype:trojan-activity;sid:84161531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.88.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298430/; classtype:trojan-activity;sid:84161530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298429/; classtype:trojan-activity;sid:84161529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.247.249.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298428/; classtype:trojan-activity;sid:84161528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.107.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298427/; classtype:trojan-activity;sid:84161527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index_files/funnyjellyfish.exe"; depth:31; endswith; nocase; http.host; content:"jinxisvh.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298426/; classtype:trojan-activity;sid:84161526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298425/; classtype:trojan-activity;sid:84161525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.184.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298424/; classtype:trojan-activity;sid:84161524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.11.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298423/; classtype:trojan-activity;sid:84161523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.6.84"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298422/; classtype:trojan-activity;sid:84161522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.55.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298421/; classtype:trojan-activity;sid:84161521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.83.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298420/; classtype:trojan-activity;sid:84161520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.193.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298418/; classtype:trojan-activity;sid:84161518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.152.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298419/; classtype:trojan-activity;sid:84161519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.39.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298417/; classtype:trojan-activity;sid:84161517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.88.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298416/; classtype:trojan-activity;sid:84161516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.31.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298415/; classtype:trojan-activity;sid:84161515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.39.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298414/; classtype:trojan-activity;sid:84161514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.34.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298413/; classtype:trojan-activity;sid:84161513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.157.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298412/; classtype:trojan-activity;sid:84161512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.37.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298411/; classtype:trojan-activity;sid:84161511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.240.2.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298410/; classtype:trojan-activity;sid:84161510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.243.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298409/; classtype:trojan-activity;sid:84161509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.170.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298408/; classtype:trojan-activity;sid:84161508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.5.54.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298407/; classtype:trojan-activity;sid:84161507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.11.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298406/; classtype:trojan-activity;sid:84161506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.93.32.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298405/; classtype:trojan-activity;sid:84161505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.31.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298404/; classtype:trojan-activity;sid:84161504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.96.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298402/; classtype:trojan-activity;sid:84161502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298403/; classtype:trojan-activity;sid:84161503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.16.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298401/; classtype:trojan-activity;sid:84161501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.31.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298400/; classtype:trojan-activity;sid:84161500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.184.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298399/; classtype:trojan-activity;sid:84161499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.12.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298398/; classtype:trojan-activity;sid:84161498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netpower.exe"; depth:13; endswith; nocase; http.host; content:"124.70.140.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298397/; classtype:trojan-activity;sid:84161497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.93.32.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298396/; classtype:trojan-activity;sid:84161496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.12.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298395/; classtype:trojan-activity;sid:84161495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.114.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298394/; classtype:trojan-activity;sid:84161494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.161.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298393/; classtype:trojan-activity;sid:84161493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.30.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298392/; classtype:trojan-activity;sid:84161492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.80.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298390/; classtype:trojan-activity;sid:84161490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.245.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298391/; classtype:trojan-activity;sid:84161491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298389/; classtype:trojan-activity;sid:84161489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.53.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298388/; classtype:trojan-activity;sid:84161488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.102.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298387/; classtype:trojan-activity;sid:84161487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.178.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298386/; classtype:trojan-activity;sid:84161486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"149.100.164.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298385/; classtype:trojan-activity;sid:84161485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.189.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298384/; classtype:trojan-activity;sid:84161484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298383/; classtype:trojan-activity;sid:84161483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.224.170.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298382/; classtype:trojan-activity;sid:84161482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.57.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298381/; classtype:trojan-activity;sid:84161481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298380/; classtype:trojan-activity;sid:84161480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.116.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298379/; classtype:trojan-activity;sid:84161479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.50.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298378/; classtype:trojan-activity;sid:84161478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secv2/main/downloads/statement_1382374.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298377/; classtype:trojan-activity;sid:84161477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298375/; classtype:trojan-activity;sid:84161475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298376/; classtype:trojan-activity;sid:84161476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.228.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298374/; classtype:trojan-activity;sid:84161474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.150.7.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298373/; classtype:trojan-activity;sid:84161473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.150.7.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298372/; classtype:trojan-activity;sid:84161472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.14.65"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298371/; classtype:trojan-activity;sid:84161471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.129.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298370/; classtype:trojan-activity;sid:84161470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.87.122.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298367/; classtype:trojan-activity;sid:84161467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.223.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298368/; classtype:trojan-activity;sid:84161468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.113.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298369/; classtype:trojan-activity;sid:84161469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.45.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298366/; classtype:trojan-activity;sid:84161466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.50.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298365/; classtype:trojan-activity;sid:84161465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.27.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298364/; classtype:trojan-activity;sid:84161464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298363/; classtype:trojan-activity;sid:84161463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.87.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298362/; classtype:trojan-activity;sid:84161462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.20.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298361/; classtype:trojan-activity;sid:84161461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.82.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298360/; classtype:trojan-activity;sid:84161460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.81.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298359/; classtype:trojan-activity;sid:84161459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.24.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298358/; classtype:trojan-activity;sid:84161458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.207.35.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298357/; classtype:trojan-activity;sid:84161457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.75.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298356/; classtype:trojan-activity;sid:84161456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.14.65"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298355/; classtype:trojan-activity;sid:84161455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.45.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298354/; classtype:trojan-activity;sid:84161454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.125.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298353/; classtype:trojan-activity;sid:84161453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.167.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298352/; classtype:trojan-activity;sid:84161452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.204.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298351/; classtype:trojan-activity;sid:84161451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.150.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298350/; classtype:trojan-activity;sid:84161450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.9.100.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298349/; classtype:trojan-activity;sid:84161449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.167.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298346/; classtype:trojan-activity;sid:84161446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.247.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298347/; classtype:trojan-activity;sid:84161447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.217.68.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298348/; classtype:trojan-activity;sid:84161448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.142.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298345/; classtype:trojan-activity;sid:84161445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.65.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298344/; classtype:trojan-activity;sid:84161444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.179.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298343/; classtype:trojan-activity;sid:84161443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.207.35.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298342/; classtype:trojan-activity;sid:84161442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.75.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298341/; classtype:trojan-activity;sid:84161441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.167.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298340/; classtype:trojan-activity;sid:84161440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298338/; classtype:trojan-activity;sid:84161438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/l.exe"; depth:12; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298339/; classtype:trojan-activity;sid:84161439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.220.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298337/; classtype:trojan-activity;sid:84161437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.42.186.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298336/; classtype:trojan-activity;sid:84161436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.93.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298335/; classtype:trojan-activity;sid:84161435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298334/; classtype:trojan-activity;sid:84161434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298333/; classtype:trojan-activity;sid:84161433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.81.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298332/; classtype:trojan-activity;sid:84161432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.56.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298331/; classtype:trojan-activity;sid:84161431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.65.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298330/; classtype:trojan-activity;sid:84161430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.136.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298329/; classtype:trojan-activity;sid:84161429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.51.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298327/; classtype:trojan-activity;sid:84161427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298328/; classtype:trojan-activity;sid:84161428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.39.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298325/; classtype:trojan-activity;sid:84161425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.126.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298326/; classtype:trojan-activity;sid:84161426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.179.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298324/; classtype:trojan-activity;sid:84161424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.136.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298323/; classtype:trojan-activity;sid:84161423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.62.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298322/; classtype:trojan-activity;sid:84161422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.184.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298320/; classtype:trojan-activity;sid:84161420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.56.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298321/; classtype:trojan-activity;sid:84161421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.105.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298319/; classtype:trojan-activity;sid:84161419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.9.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298317/; classtype:trojan-activity;sid:84161417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.49.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298318/; classtype:trojan-activity;sid:84161418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.82.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298316/; classtype:trojan-activity;sid:84161416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.62.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298315/; classtype:trojan-activity;sid:84161415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.31.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298314/; classtype:trojan-activity;sid:84161414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.142.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298313/; classtype:trojan-activity;sid:84161413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.62.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298312/; classtype:trojan-activity;sid:84161412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.199.146.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298311/; classtype:trojan-activity;sid:84161411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.139.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298310/; classtype:trojan-activity;sid:84161410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.233.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298309/; classtype:trojan-activity;sid:84161409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.55.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298308/; classtype:trojan-activity;sid:84161408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.31.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298307/; classtype:trojan-activity;sid:84161407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298306/; classtype:trojan-activity;sid:84161406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.54.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298305/; classtype:trojan-activity;sid:84161405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298304/; classtype:trojan-activity;sid:84161404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.105.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298303/; classtype:trojan-activity;sid:84161403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.81.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298302/; classtype:trojan-activity;sid:84161402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.199.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298301/; classtype:trojan-activity;sid:84161401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.242.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298300/; classtype:trojan-activity;sid:84161400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.60.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298299/; classtype:trojan-activity;sid:84161399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.54.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298298/; classtype:trojan-activity;sid:84161398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.103.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298297/; classtype:trojan-activity;sid:84161397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.65.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298296/; classtype:trojan-activity;sid:84161396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data-package/u7ghxeyp/download"; depth:31; endswith; nocase; http.host; content:"filetransfer.io"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298294/; classtype:trojan-activity;sid:84161394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data-package/u7ghxeyp/download"; depth:31; endswith; nocase; http.host; content:"filetransfer.io"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298295/; classtype:trojan-activity;sid:84161395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.167.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298293/; classtype:trojan-activity;sid:84161393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.242.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298292/; classtype:trojan-activity;sid:84161392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.90.3.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298291/; classtype:trojan-activity;sid:84161391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.199.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298290/; classtype:trojan-activity;sid:84161390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298289/; classtype:trojan-activity;sid:84161389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.179.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298288/; classtype:trojan-activity;sid:84161388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.208.75.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298287/; classtype:trojan-activity;sid:84161387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298286/; classtype:trojan-activity;sid:84161386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.160.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298284/; classtype:trojan-activity;sid:84161384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298285/; classtype:trojan-activity;sid:84161385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.179.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298283/; classtype:trojan-activity;sid:84161383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.109.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298282/; classtype:trojan-activity;sid:84161382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298281/; classtype:trojan-activity;sid:84161381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.72.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298280/; classtype:trojan-activity;sid:84161380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.167.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298279/; classtype:trojan-activity;sid:84161379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.209.16.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298278/; classtype:trojan-activity;sid:84161378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298277/; classtype:trojan-activity;sid:84161377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298276/; classtype:trojan-activity;sid:84161376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.137.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298275/; classtype:trojan-activity;sid:84161375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.93.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298274/; classtype:trojan-activity;sid:84161374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298273/; classtype:trojan-activity;sid:84161373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.209.213.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298272/; classtype:trojan-activity;sid:84161372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298270/; classtype:trojan-activity;sid:84161370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.208.75.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298271/; classtype:trojan-activity;sid:84161371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.9.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298269/; classtype:trojan-activity;sid:84161369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.234.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298268/; classtype:trojan-activity;sid:84161368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.141.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298267/; classtype:trojan-activity;sid:84161367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.19.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298265/; classtype:trojan-activity;sid:84161365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.69.216.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298266/; classtype:trojan-activity;sid:84161366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298264/; classtype:trojan-activity;sid:84161364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.133.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298263/; classtype:trojan-activity;sid:84161363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.12.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298262/; classtype:trojan-activity;sid:84161362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298261/; classtype:trojan-activity;sid:84161361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.138.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298260/; classtype:trojan-activity;sid:84161360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.88.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298259/; classtype:trojan-activity;sid:84161359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298258/; classtype:trojan-activity;sid:84161358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.88.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298257/; classtype:trojan-activity;sid:84161357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.59.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298256/; classtype:trojan-activity;sid:84161356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.42.186.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298255/; classtype:trojan-activity;sid:84161355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.160.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298254/; classtype:trojan-activity;sid:84161354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.124.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298253/; classtype:trojan-activity;sid:84161353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.147.186.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298252/; classtype:trojan-activity;sid:84161352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.235.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298251/; classtype:trojan-activity;sid:84161351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.113.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298250/; classtype:trojan-activity;sid:84161350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298249/; classtype:trojan-activity;sid:84161349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.106.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298247/; classtype:trojan-activity;sid:84161347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.200.180.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298248/; classtype:trojan-activity;sid:84161348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.31.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298246/; classtype:trojan-activity;sid:84161346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.241.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298245/; classtype:trojan-activity;sid:84161345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.68.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298244/; classtype:trojan-activity;sid:84161344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.12.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298243/; classtype:trojan-activity;sid:84161343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.246.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298241/; classtype:trojan-activity;sid:84161341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.92.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298242/; classtype:trojan-activity;sid:84161342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.251.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298240/; classtype:trojan-activity;sid:84161340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.138.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298239/; classtype:trojan-activity;sid:84161339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.88.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298238/; classtype:trojan-activity;sid:84161338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.190.102.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298237/; classtype:trojan-activity;sid:84161337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.65.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298236/; classtype:trojan-activity;sid:84161336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.191.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298235/; classtype:trojan-activity;sid:84161335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcgr23/scatas/refs/heads/main/punjb_national_bnk_024_late_return_counta_inward-clearin_jpg.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298234/; classtype:trojan-activity;sid:84161334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.57.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298232/; classtype:trojan-activity;sid:84161332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.173.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298230/; classtype:trojan-activity;sid:84161330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.89.252.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298231/; classtype:trojan-activity;sid:84161331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298229/; classtype:trojan-activity;sid:84161329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.127.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298228/; classtype:trojan-activity;sid:84161328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.217.79.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298227/; classtype:trojan-activity;sid:84161327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.192.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298226/; classtype:trojan-activity;sid:84161326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.160.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298225/; classtype:trojan-activity;sid:84161325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.215.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298224/; classtype:trojan-activity;sid:84161324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298223/; classtype:trojan-activity;sid:84161323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.126.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298222/; classtype:trojan-activity;sid:84161322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.57.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298221/; classtype:trojan-activity;sid:84161321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.210.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298220/; classtype:trojan-activity;sid:84161320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.190.102.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298218/; classtype:trojan-activity;sid:84161318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.38.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298217/; classtype:trojan-activity;sid:84161317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.64.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298216/; classtype:trojan-activity;sid:84161316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.126.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298215/; classtype:trojan-activity;sid:84161315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.221.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298214/; classtype:trojan-activity;sid:84161314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.241.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298213/; classtype:trojan-activity;sid:84161313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.64.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298212/; classtype:trojan-activity;sid:84161312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.9.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298211/; classtype:trojan-activity;sid:84161311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.164.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298210/; classtype:trojan-activity;sid:84161310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.3.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298209/; classtype:trojan-activity;sid:84161309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.246.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298208/; classtype:trojan-activity;sid:84161308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bosechang/mkt/-/raw/main/20fukrun.zip"; depth:38; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298206/; classtype:trojan-activity;sid:84161306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.192.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298203/; classtype:trojan-activity;sid:84161303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bosechang/mkt/-/raw/main/20mktbose2.bat|3f|ref_type=heads|7c|26|7c|inline=false"; depth:80; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298204/; classtype:trojan-activity;sid:84161304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bosechang/mkt/-/raw/main/20bosemkt.bat|3f|ref_type=heads|7c|26|7c|inline=false"; depth:79; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298200/; classtype:trojan-activity;sid:84161300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.153.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298199/; classtype:trojan-activity;sid:84161299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.64.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298198/; classtype:trojan-activity;sid:84161298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.30.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298196/; classtype:trojan-activity;sid:84161296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.202.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298197/; classtype:trojan-activity;sid:84161297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.96.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298195/; classtype:trojan-activity;sid:84161295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.109.146.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298194/; classtype:trojan-activity;sid:84161294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.191.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298193/; classtype:trojan-activity;sid:84161293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.133.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298191/; classtype:trojan-activity;sid:84161291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.162.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298192/; classtype:trojan-activity;sid:84161292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298190/; classtype:trojan-activity;sid:84161290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.153.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298189/; classtype:trojan-activity;sid:84161289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.248.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298188/; classtype:trojan-activity;sid:84161288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.88.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298187/; classtype:trojan-activity;sid:84161287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.30.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298186/; classtype:trojan-activity;sid:84161286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.78.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298185/; classtype:trojan-activity;sid:84161285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.91.163.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298184/; classtype:trojan-activity;sid:84161284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.194.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298183/; classtype:trojan-activity;sid:84161283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298182/; classtype:trojan-activity;sid:84161282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.112.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298181/; classtype:trojan-activity;sid:84161281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.149.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298180/; classtype:trojan-activity;sid:84161280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.159.172.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298179/; classtype:trojan-activity;sid:84161279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.16.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298178/; classtype:trojan-activity;sid:84161278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.254.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298177/; classtype:trojan-activity;sid:84161277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.9.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298176/; classtype:trojan-activity;sid:84161276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.45.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298175/; classtype:trojan-activity;sid:84161275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.146.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298174/; classtype:trojan-activity;sid:84161274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.26.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298173/; classtype:trojan-activity;sid:84161273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.137.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298172/; classtype:trojan-activity;sid:84161272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.132.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298171/; classtype:trojan-activity;sid:84161271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.17.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298170/; classtype:trojan-activity;sid:84161270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.131.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298169/; classtype:trojan-activity;sid:84161269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.14.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298168/; classtype:trojan-activity;sid:84161268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298167/; classtype:trojan-activity;sid:84161267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.26.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298166/; classtype:trojan-activity;sid:84161266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298165/; classtype:trojan-activity;sid:84161265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.96.108.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298164/; classtype:trojan-activity;sid:84161264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.216.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298163/; classtype:trojan-activity;sid:84161263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.10.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298162/; classtype:trojan-activity;sid:84161262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.137.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298161/; classtype:trojan-activity;sid:84161261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.254.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298160/; classtype:trojan-activity;sid:84161260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298159/; classtype:trojan-activity;sid:84161259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.14.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298158/; classtype:trojan-activity;sid:84161258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.188.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298157/; classtype:trojan-activity;sid:84161257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.219.18.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298156/; classtype:trojan-activity;sid:84161256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.39.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298155/; classtype:trojan-activity;sid:84161255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.251.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298154/; classtype:trojan-activity;sid:84161254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.212.241.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298153/; classtype:trojan-activity;sid:84161253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.114.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298152/; classtype:trojan-activity;sid:84161252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.162.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298151/; classtype:trojan-activity;sid:84161251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.216.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298150/; classtype:trojan-activity;sid:84161250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.153.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298148/; classtype:trojan-activity;sid:84161248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298149/; classtype:trojan-activity;sid:84161249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.161.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298147/; classtype:trojan-activity;sid:84161247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.215.167.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298145/; classtype:trojan-activity;sid:84161245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298146/; classtype:trojan-activity;sid:84161246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.162.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298144/; classtype:trojan-activity;sid:84161244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298142/; classtype:trojan-activity;sid:84161242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298143/; classtype:trojan-activity;sid:84161243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.104.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298141/; classtype:trojan-activity;sid:84161241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.34.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298140/; classtype:trojan-activity;sid:84161240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.161.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298138/; classtype:trojan-activity;sid:84161238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.234.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298139/; classtype:trojan-activity;sid:84161239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298137/; classtype:trojan-activity;sid:84161237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.153.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298136/; classtype:trojan-activity;sid:84161236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.112.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298135/; classtype:trojan-activity;sid:84161235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298134/; classtype:trojan-activity;sid:84161234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298130/; classtype:trojan-activity;sid:84161230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.183.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298131/; classtype:trojan-activity;sid:84161231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.208.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298132/; classtype:trojan-activity;sid:84161232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.143.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298133/; classtype:trojan-activity;sid:84161233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298129/; classtype:trojan-activity;sid:84161229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.52.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298128/; classtype:trojan-activity;sid:84161228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.126.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298127/; classtype:trojan-activity;sid:84161227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.15.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298126/; classtype:trojan-activity;sid:84161226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.111.117.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298125/; classtype:trojan-activity;sid:84161225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.104.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298124/; classtype:trojan-activity;sid:84161224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298122/; classtype:trojan-activity;sid:84161222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.124.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298123/; classtype:trojan-activity;sid:84161223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.53.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298121/; classtype:trojan-activity;sid:84161221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.55.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298120/; classtype:trojan-activity;sid:84161220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.215.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298119/; classtype:trojan-activity;sid:84161219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.34.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298118/; classtype:trojan-activity;sid:84161218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.80.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298117/; classtype:trojan-activity;sid:84161217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.234.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298116/; classtype:trojan-activity;sid:84161216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.62.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298115/; classtype:trojan-activity;sid:84161215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.255.24.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298114/; classtype:trojan-activity;sid:84161214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.241.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298113/; classtype:trojan-activity;sid:84161213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.220.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298112/; classtype:trojan-activity;sid:84161212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.82.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298111/; classtype:trojan-activity;sid:84161211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298109/; classtype:trojan-activity;sid:84161209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298110/; classtype:trojan-activity;sid:84161210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.213.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298108/; classtype:trojan-activity;sid:84161208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298107/; classtype:trojan-activity;sid:84161207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.184.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298106/; classtype:trojan-activity;sid:84161206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298100/; classtype:trojan-activity;sid:84161200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.17.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298101/; classtype:trojan-activity;sid:84161201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.223.185.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298102/; classtype:trojan-activity;sid:84161202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"139.59.211.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298103/; classtype:trojan-activity;sid:84161203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.167.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298104/; classtype:trojan-activity;sid:84161204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.21.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298105/; classtype:trojan-activity;sid:84161205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.187.17.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298098/; classtype:trojan-activity;sid:84161198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.187.17.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298099/; classtype:trojan-activity;sid:84161199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298097/; classtype:trojan-activity;sid:84161197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.242.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298096/; classtype:trojan-activity;sid:84161196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/mips"; depth:7; endswith; nocase; http.host; content:"85.209.133.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298095/; classtype:trojan-activity;sid:84161195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.46.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298090/; classtype:trojan-activity;sid:84161190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.118.13.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298091/; classtype:trojan-activity;sid:84161191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.221.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298092/; classtype:trojan-activity;sid:84161192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.196.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298093/; classtype:trojan-activity;sid:84161193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/mipsel"; depth:9; endswith; nocase; http.host; content:"85.209.133.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298094/; classtype:trojan-activity;sid:84161194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.70.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298083/; classtype:trojan-activity;sid:84161183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.192.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298084/; classtype:trojan-activity;sid:84161184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.124.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298085/; classtype:trojan-activity;sid:84161185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.246.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298086/; classtype:trojan-activity;sid:84161186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.246.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298087/; classtype:trojan-activity;sid:84161187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.255.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298088/; classtype:trojan-activity;sid:84161188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.230.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298089/; classtype:trojan-activity;sid:84161189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298080/; classtype:trojan-activity;sid:84161180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.87.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298081/; classtype:trojan-activity;sid:84161181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298082/; classtype:trojan-activity;sid:84161182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.92.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298079/; classtype:trojan-activity;sid:84161179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.227.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298078/; classtype:trojan-activity;sid:84161178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.225.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298077/; classtype:trojan-activity;sid:84161177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.80.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298076/; classtype:trojan-activity;sid:84161176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298075/; classtype:trojan-activity;sid:84161175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298074/; classtype:trojan-activity;sid:84161174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298073/; classtype:trojan-activity;sid:84161173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.35.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298072/; classtype:trojan-activity;sid:84161172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.59.0.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298071/; classtype:trojan-activity;sid:84161171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.90.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298070/; classtype:trojan-activity;sid:84161170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.247.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298069/; classtype:trojan-activity;sid:84161169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.128.154.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298068/; classtype:trojan-activity;sid:84161168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.235.215.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298064/; classtype:trojan-activity;sid:84161164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.83.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298065/; classtype:trojan-activity;sid:84161165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.83.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298066/; classtype:trojan-activity;sid:84161166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.199.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298067/; classtype:trojan-activity;sid:84161167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.243.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298062/; classtype:trojan-activity;sid:84161162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.209.67.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298063/; classtype:trojan-activity;sid:84161163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.202.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298061/; classtype:trojan-activity;sid:84161161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.224.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298060/; classtype:trojan-activity;sid:84161160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.69.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298059/; classtype:trojan-activity;sid:84161159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.244.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298058/; classtype:trojan-activity;sid:84161158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.93.107.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298057/; classtype:trojan-activity;sid:84161157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.86.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298056/; classtype:trojan-activity;sid:84161156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.222.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298055/; classtype:trojan-activity;sid:84161155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.84.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298054/; classtype:trojan-activity;sid:84161154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.227.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298053/; classtype:trojan-activity;sid:84161153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.223.136.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298052/; classtype:trojan-activity;sid:84161152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.87.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298051/; classtype:trojan-activity;sid:84161151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.195.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298049/; classtype:trojan-activity;sid:84161149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298050/; classtype:trojan-activity;sid:84161150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.105.33.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298048/; classtype:trojan-activity;sid:84161148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.143.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298047/; classtype:trojan-activity;sid:84161147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.52.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298046/; classtype:trojan-activity;sid:84161146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.86.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298045/; classtype:trojan-activity;sid:84161145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.203.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298044/; classtype:trojan-activity;sid:84161144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.94.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298043/; classtype:trojan-activity;sid:84161143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.221.221.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298042/; classtype:trojan-activity;sid:84161142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.253.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298041/; classtype:trojan-activity;sid:84161141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.191.175.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298040/; classtype:trojan-activity;sid:84161140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.95.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298039/; classtype:trojan-activity;sid:84161139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.62.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298038/; classtype:trojan-activity;sid:84161138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.190.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298037/; classtype:trojan-activity;sid:84161137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.217.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298036/; classtype:trojan-activity;sid:84161136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.129.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298035/; classtype:trojan-activity;sid:84161135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.33.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298033/; classtype:trojan-activity;sid:84161133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.228.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298034/; classtype:trojan-activity;sid:84161134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.245.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298032/; classtype:trojan-activity;sid:84161132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.223.136.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298031/; classtype:trojan-activity;sid:84161131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.92.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298030/; classtype:trojan-activity;sid:84161130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.48.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298029/; classtype:trojan-activity;sid:84161129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.228.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298028/; classtype:trojan-activity;sid:84161128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298027/; classtype:trojan-activity;sid:84161127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298026/; classtype:trojan-activity;sid:84161126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.108.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298025/; classtype:trojan-activity;sid:84161125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.154.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298024/; classtype:trojan-activity;sid:84161124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.119.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298023/; classtype:trojan-activity;sid:84161123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.73.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298022/; classtype:trojan-activity;sid:84161122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.71.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298021/; classtype:trojan-activity;sid:84161121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.93.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298020/; classtype:trojan-activity;sid:84161120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1ocoi0oahx25brhh0btpcqyjrulc7s98u"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298019/; classtype:trojan-activity;sid:84161119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.200.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298018/; classtype:trojan-activity;sid:84161118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=16yapfbxi3o_nwr-uwtjlkxr5-nbjkbcf"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298017/; classtype:trojan-activity;sid:84161117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.88.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298016/; classtype:trojan-activity;sid:84161116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ouqnsvcua-6atzgsybyzns5yg3vrqeb6"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298015/; classtype:trojan-activity;sid:84161115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.70.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298014/; classtype:trojan-activity;sid:84161114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.22.242.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298013/; classtype:trojan-activity;sid:84161113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.191.175.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298012/; classtype:trojan-activity;sid:84161112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.18.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298011/; classtype:trojan-activity;sid:84161111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.161.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298010/; classtype:trojan-activity;sid:84161110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.88.0.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298009/; classtype:trojan-activity;sid:84161109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.242.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298008/; classtype:trojan-activity;sid:84161108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298007/; classtype:trojan-activity;sid:84161107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298006/; classtype:trojan-activity;sid:84161106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.48.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298005/; classtype:trojan-activity;sid:84161105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.190.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298004/; classtype:trojan-activity;sid:84161104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.71.43.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298003/; classtype:trojan-activity;sid:84161103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.27.36.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298002/; classtype:trojan-activity;sid:84161102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.98.70.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298001/; classtype:trojan-activity;sid:84161101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298000/; classtype:trojan-activity;sid:84161100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.6.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297999/; classtype:trojan-activity;sid:84161099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.73.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297998/; classtype:trojan-activity;sid:84161098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297997/; classtype:trojan-activity;sid:84161097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.108.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297996/; classtype:trojan-activity;sid:84161096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297995/; classtype:trojan-activity;sid:84161095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.35.179.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297993/; classtype:trojan-activity;sid:84161093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297994/; classtype:trojan-activity;sid:84161094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.104.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297992/; classtype:trojan-activity;sid:84161092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.30.120.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297991/; classtype:trojan-activity;sid:84161091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297990/; classtype:trojan-activity;sid:84161090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.100.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297989/; classtype:trojan-activity;sid:84161089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.140.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297988/; classtype:trojan-activity;sid:84161088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.217.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297987/; classtype:trojan-activity;sid:84161087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.189.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297986/; classtype:trojan-activity;sid:84161086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fld/whatsappweb.msi"; depth:20; endswith; nocase; http.host; content:"evdeultrasoneko.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297983/; classtype:trojan-activity;sid:84161083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fld/archivonuevo.msi"; depth:21; endswith; nocase; http.host; content:"evdeultrasoneko.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297984/; classtype:trojan-activity;sid:84161084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fld/whatsappweb.msi"; depth:20; endswith; nocase; http.host; content:"evdeultrasoneko.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297985/; classtype:trojan-activity;sid:84161085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fld/archivonuevo.msi"; depth:21; endswith; nocase; http.host; content:"evdeultrasoneko.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297982/; classtype:trojan-activity;sid:84161082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.14.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297980/; classtype:trojan-activity;sid:84161080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297981/; classtype:trojan-activity;sid:84161081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.171.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297979/; classtype:trojan-activity;sid:84161079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.101.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297978/; classtype:trojan-activity;sid:84161078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.174.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297976/; classtype:trojan-activity;sid:84161076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.123.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297977/; classtype:trojan-activity;sid:84161077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.98.70.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297975/; classtype:trojan-activity;sid:84161075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.189.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297974/; classtype:trojan-activity;sid:84161074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.93.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297973/; classtype:trojan-activity;sid:84161073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.162.39.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297972/; classtype:trojan-activity;sid:84161072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.14.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297971/; classtype:trojan-activity;sid:84161071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.170.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297970/; classtype:trojan-activity;sid:84161070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.55.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297969/; classtype:trojan-activity;sid:84161069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.114.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297968/; classtype:trojan-activity;sid:84161068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.215.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297967/; classtype:trojan-activity;sid:84161067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.9.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297966/; classtype:trojan-activity;sid:84161066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297965/; classtype:trojan-activity;sid:84161065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.154.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297964/; classtype:trojan-activity;sid:84161064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.122.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297963/; classtype:trojan-activity;sid:84161063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.133.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297962/; classtype:trojan-activity;sid:84161062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.237.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297961/; classtype:trojan-activity;sid:84161061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.154.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297960/; classtype:trojan-activity;sid:84161060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.222.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297959/; classtype:trojan-activity;sid:84161059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.118.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297958/; classtype:trojan-activity;sid:84161058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.199.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297957/; classtype:trojan-activity;sid:84161057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.25.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297956/; classtype:trojan-activity;sid:84161056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.203.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297955/; classtype:trojan-activity;sid:84161055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.95.14.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297954/; classtype:trojan-activity;sid:84161054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.175.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297953/; classtype:trojan-activity;sid:84161053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297952/; classtype:trojan-activity;sid:84161052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.105.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297951/; classtype:trojan-activity;sid:84161051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297950/; classtype:trojan-activity;sid:84161050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.96.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297949/; classtype:trojan-activity;sid:84161049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297948/; classtype:trojan-activity;sid:84161048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.28.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297947/; classtype:trojan-activity;sid:84161047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.122.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297946/; classtype:trojan-activity;sid:84161046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.25.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297945/; classtype:trojan-activity;sid:84161045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297944/; classtype:trojan-activity;sid:84161044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.55.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297942/; classtype:trojan-activity;sid:84161042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.198.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297943/; classtype:trojan-activity;sid:84161043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.30.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297941/; classtype:trojan-activity;sid:84161041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.222.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297940/; classtype:trojan-activity;sid:84161040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.98.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297939/; classtype:trojan-activity;sid:84161039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.53.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297938/; classtype:trojan-activity;sid:84161038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297937/; classtype:trojan-activity;sid:84161037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.125.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297936/; classtype:trojan-activity;sid:84161036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.120.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297935/; classtype:trojan-activity;sid:84161035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297933/; classtype:trojan-activity;sid:84161033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.60.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297934/; classtype:trojan-activity;sid:84161034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.199.146.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297932/; classtype:trojan-activity;sid:84161032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297931/; classtype:trojan-activity;sid:84161031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.15.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297928/; classtype:trojan-activity;sid:84161028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.22.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297929/; classtype:trojan-activity;sid:84161029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.95.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297930/; classtype:trojan-activity;sid:84161030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.170.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297927/; classtype:trojan-activity;sid:84161027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.172.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297925/; classtype:trojan-activity;sid:84161025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.96.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297926/; classtype:trojan-activity;sid:84161026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.4.124.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297924/; classtype:trojan-activity;sid:84161024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.14.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297923/; classtype:trojan-activity;sid:84161023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.244.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297922/; classtype:trojan-activity;sid:84161022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.77.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297921/; classtype:trojan-activity;sid:84161021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.220.238.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297920/; classtype:trojan-activity;sid:84161020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.112.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297919/; classtype:trojan-activity;sid:84161019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guidanceconnectors.exe"; depth:23; endswith; nocase; http.host; content:"redappletravel.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297918/; classtype:trojan-activity;sid:84161018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.73.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297917/; classtype:trojan-activity;sid:84161017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.111.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297916/; classtype:trojan-activity;sid:84161016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.33.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297915/; classtype:trojan-activity;sid:84161015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.53.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297914/; classtype:trojan-activity;sid:84161014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.79.245.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297913/; classtype:trojan-activity;sid:84161013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.253.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297912/; classtype:trojan-activity;sid:84161012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.4.124.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297911/; classtype:trojan-activity;sid:84161011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.93.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297909/; classtype:trojan-activity;sid:84161009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.22.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297910/; classtype:trojan-activity;sid:84161010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.30.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297905/; classtype:trojan-activity;sid:84161005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.83.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297906/; classtype:trojan-activity;sid:84161006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.193.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297907/; classtype:trojan-activity;sid:84161007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.192.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297908/; classtype:trojan-activity;sid:84161008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.95.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297904/; classtype:trojan-activity;sid:84161004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.135.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297903/; classtype:trojan-activity;sid:84161003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.111.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297900/; classtype:trojan-activity;sid:84161000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.234.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297901/; classtype:trojan-activity;sid:84161001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.165.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297902/; classtype:trojan-activity;sid:84161002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.231.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297899/; classtype:trojan-activity;sid:84160999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.112.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297898/; classtype:trojan-activity;sid:84160998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.193.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297897/; classtype:trojan-activity;sid:84160997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.41.138.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297896/; classtype:trojan-activity;sid:84160996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.99.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297894/; classtype:trojan-activity;sid:84160994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.160.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297895/; classtype:trojan-activity;sid:84160995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.21.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297893/; classtype:trojan-activity;sid:84160993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.79.245.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297892/; classtype:trojan-activity;sid:84160992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.190.173.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297891/; classtype:trojan-activity;sid:84160991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297890/; classtype:trojan-activity;sid:84160990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.68.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297889/; classtype:trojan-activity;sid:84160989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.226.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297888/; classtype:trojan-activity;sid:84160988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.7.56.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297887/; classtype:trojan-activity;sid:84160987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.190.173.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297886/; classtype:trojan-activity;sid:84160986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.192.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297885/; classtype:trojan-activity;sid:84160985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.226.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297884/; classtype:trojan-activity;sid:84160984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.36.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297883/; classtype:trojan-activity;sid:84160983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.103.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297882/; classtype:trojan-activity;sid:84160982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.215.167.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297881/; classtype:trojan-activity;sid:84160981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297880/; classtype:trojan-activity;sid:84160980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297879/; classtype:trojan-activity;sid:84160979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.101.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297878/; classtype:trojan-activity;sid:84160978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.236.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297876/; classtype:trojan-activity;sid:84160976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.10.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297877/; classtype:trojan-activity;sid:84160977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.63.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297875/; classtype:trojan-activity;sid:84160975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297874/; classtype:trojan-activity;sid:84160974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.63.21.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297873/; classtype:trojan-activity;sid:84160973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297872/; classtype:trojan-activity;sid:84160972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.81.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297871/; classtype:trojan-activity;sid:84160971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.135.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297870/; classtype:trojan-activity;sid:84160970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.7.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297869/; classtype:trojan-activity;sid:84160969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.58.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297868/; classtype:trojan-activity;sid:84160968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.226.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297867/; classtype:trojan-activity;sid:84160967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.48.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297866/; classtype:trojan-activity;sid:84160966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.68.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297865/; classtype:trojan-activity;sid:84160965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.46.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297864/; classtype:trojan-activity;sid:84160964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.39.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297863/; classtype:trojan-activity;sid:84160963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.97.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297862/; classtype:trojan-activity;sid:84160962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.75.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297861/; classtype:trojan-activity;sid:84160961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.7.56.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297860/; classtype:trojan-activity;sid:84160960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.113.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297859/; classtype:trojan-activity;sid:84160959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.229.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297858/; classtype:trojan-activity;sid:84160958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.122.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297857/; classtype:trojan-activity;sid:84160957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.96.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297856/; classtype:trojan-activity;sid:84160956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297855/; classtype:trojan-activity;sid:84160955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.101.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297854/; classtype:trojan-activity;sid:84160954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.169.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297853/; classtype:trojan-activity;sid:84160953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.236.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297852/; classtype:trojan-activity;sid:84160952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.224.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297851/; classtype:trojan-activity;sid:84160951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.48.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297850/; classtype:trojan-activity;sid:84160950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.244.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297849/; classtype:trojan-activity;sid:84160949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.46.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297848/; classtype:trojan-activity;sid:84160948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.64.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297846/; classtype:trojan-activity;sid:84160946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.97.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297847/; classtype:trojan-activity;sid:84160947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.37.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297845/; classtype:trojan-activity;sid:84160945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297844/; classtype:trojan-activity;sid:84160944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.124.252"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297843/; classtype:trojan-activity;sid:84160943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297842/; classtype:trojan-activity;sid:84160942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.36.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297841/; classtype:trojan-activity;sid:84160941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.105.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297840/; classtype:trojan-activity;sid:84160940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.58.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297839/; classtype:trojan-activity;sid:84160939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.75.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297838/; classtype:trojan-activity;sid:84160938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.97.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297837/; classtype:trojan-activity;sid:84160937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.53.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297836/; classtype:trojan-activity;sid:84160936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297835/; classtype:trojan-activity;sid:84160935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.6.2"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297834/; classtype:trojan-activity;sid:84160934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.229.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297832/; classtype:trojan-activity;sid:84160932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.53.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297833/; classtype:trojan-activity;sid:84160933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.218.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297831/; classtype:trojan-activity;sid:84160931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297830/; classtype:trojan-activity;sid:84160930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.179.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297829/; classtype:trojan-activity;sid:84160929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.181.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297828/; classtype:trojan-activity;sid:84160928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.247.85.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297827/; classtype:trojan-activity;sid:84160927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.19.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297826/; classtype:trojan-activity;sid:84160926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.45.144.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297825/; classtype:trojan-activity;sid:84160925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.97.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297824/; classtype:trojan-activity;sid:84160924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.181.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297823/; classtype:trojan-activity;sid:84160923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.21.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297822/; classtype:trojan-activity;sid:84160922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297820/; classtype:trojan-activity;sid:84160920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/sillyshelf.exe"; depth:17; endswith; nocase; http.host; content:"154.216.20.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297821/; classtype:trojan-activity;sid:84160921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.96.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297819/; classtype:trojan-activity;sid:84160919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.43.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297818/; classtype:trojan-activity;sid:84160918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.45.144.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297817/; classtype:trojan-activity;sid:84160917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.253.55.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297816/; classtype:trojan-activity;sid:84160916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.148.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297815/; classtype:trojan-activity;sid:84160915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.82.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297814/; classtype:trojan-activity;sid:84160914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.247.85.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297813/; classtype:trojan-activity;sid:84160913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.231.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297812/; classtype:trojan-activity;sid:84160912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.70.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297811/; classtype:trojan-activity;sid:84160911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.75.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297810/; classtype:trojan-activity;sid:84160910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.146.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297809/; classtype:trojan-activity;sid:84160909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.63.107.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297808/; classtype:trojan-activity;sid:84160908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.125.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297807/; classtype:trojan-activity;sid:84160907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.78.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297806/; classtype:trojan-activity;sid:84160906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.101.181.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297805/; classtype:trojan-activity;sid:84160905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.255.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297804/; classtype:trojan-activity;sid:84160904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.251.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297803/; classtype:trojan-activity;sid:84160903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.185.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297800/; classtype:trojan-activity;sid:84160900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.46.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297801/; classtype:trojan-activity;sid:84160901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297802/; classtype:trojan-activity;sid:84160902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.122.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297799/; classtype:trojan-activity;sid:84160899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.70.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297798/; classtype:trojan-activity;sid:84160898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297797/; classtype:trojan-activity;sid:84160897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.9.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297796/; classtype:trojan-activity;sid:84160896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.38.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297795/; classtype:trojan-activity;sid:84160895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.111.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297794/; classtype:trojan-activity;sid:84160894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.203.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297793/; classtype:trojan-activity;sid:84160893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.101.181.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297792/; classtype:trojan-activity;sid:84160892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.59.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297788/; classtype:trojan-activity;sid:84160888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.185.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297789/; classtype:trojan-activity;sid:84160889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.44.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297790/; classtype:trojan-activity;sid:84160890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.140.186.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297791/; classtype:trojan-activity;sid:84160891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.197.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297787/; classtype:trojan-activity;sid:84160887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.179.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297786/; classtype:trojan-activity;sid:84160886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.4.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297785/; classtype:trojan-activity;sid:84160885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.101.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297784/; classtype:trojan-activity;sid:84160884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.88.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297783/; classtype:trojan-activity;sid:84160883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.70.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297782/; classtype:trojan-activity;sid:84160882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.5.54.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297781/; classtype:trojan-activity;sid:84160881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.89.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297780/; classtype:trojan-activity;sid:84160880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297779/; classtype:trojan-activity;sid:84160879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.106.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297778/; classtype:trojan-activity;sid:84160878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.227.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297775/; classtype:trojan-activity;sid:84160875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.35.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297776/; classtype:trojan-activity;sid:84160876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.47.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297777/; classtype:trojan-activity;sid:84160877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.78.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297774/; classtype:trojan-activity;sid:84160874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.101.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297773/; classtype:trojan-activity;sid:84160873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.209.134.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297772/; classtype:trojan-activity;sid:84160872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.203.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297771/; classtype:trojan-activity;sid:84160871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297770/; classtype:trojan-activity;sid:84160870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.199.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297769/; classtype:trojan-activity;sid:84160869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.99.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297768/; classtype:trojan-activity;sid:84160868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.181.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297766/; classtype:trojan-activity;sid:84160866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.239.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297767/; classtype:trojan-activity;sid:84160867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.179.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297765/; classtype:trojan-activity;sid:84160865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.185.171.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297764/; classtype:trojan-activity;sid:84160864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.89.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297763/; classtype:trojan-activity;sid:84160863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.184.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297762/; classtype:trojan-activity;sid:84160862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.59.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297760/; classtype:trojan-activity;sid:84160860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.164.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297761/; classtype:trojan-activity;sid:84160861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.181.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297759/; classtype:trojan-activity;sid:84160859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297758/; classtype:trojan-activity;sid:84160858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.78.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297756/; classtype:trojan-activity;sid:84160856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.107.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297757/; classtype:trojan-activity;sid:84160857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.47.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297755/; classtype:trojan-activity;sid:84160855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.150.3.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297754/; classtype:trojan-activity;sid:84160854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.171.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297753/; classtype:trojan-activity;sid:84160853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297752/; classtype:trojan-activity;sid:84160852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.191.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297751/; classtype:trojan-activity;sid:84160851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; depth:104; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.191.83.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297749/; classtype:trojan-activity;sid:84160849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.154.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297748/; classtype:trojan-activity;sid:84160848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297746/; classtype:trojan-activity;sid:84160846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.209.134.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297747/; classtype:trojan-activity;sid:84160847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadrepe/downloadrepe12/downloads/remco.txt"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297745/; classtype:trojan-activity;sid:84160845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadrepe/downloadrepe12/downloads/dcrrrraaatttt.txt"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297744/; classtype:trojan-activity;sid:84160844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"74.83.55.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297743/; classtype:trojan-activity;sid:84160843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rodriakd-8413d.appspot.com/o/dll%2fdllchichiiiiiii.txt|3f|alt=media|7c|26|7c|token=1a61f438-927c-41cf-bfb0-95bed96ea8c2"; depth:125; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297742/; classtype:trojan-activity;sid:84160842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.1.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297740/; classtype:trojan-activity;sid:84160840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/re7gknsp"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297741/; classtype:trojan-activity;sid:84160841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297739/; classtype:trojan-activity;sid:84160839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297738/; classtype:trojan-activity;sid:84160838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.224.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297737/; classtype:trojan-activity;sid:84160837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener.vbs"; depth:13; endswith; nocase; http.host; content:"46.246.12.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297736/; classtype:trojan-activity;sid:84160836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostedcr.vbs"; depth:13; endswith; nocase; http.host; content:"186.169.34.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297735/; classtype:trojan-activity;sid:84160835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31agosto.vbs"; depth:13; endswith; nocase; http.host; content:"186.169.34.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297734/; classtype:trojan-activity;sid:84160834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.216.26.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297733/; classtype:trojan-activity;sid:84160833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updates/system_update.ps1"; depth:26; endswith; nocase; http.host; content:"139.84.238.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297732/; classtype:trojan-activity;sid:84160832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.ps1"; depth:12; endswith; nocase; http.host; content:"139.84.238.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297730/; classtype:trojan-activity;sid:84160830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run_payload.ps1"; depth:16; endswith; nocase; http.host; content:"139.84.238.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297731/; classtype:trojan-activity;sid:84160831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.141.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297729/; classtype:trojan-activity;sid:84160829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttl.exe"; depth:8; endswith; nocase; http.host; content:"74.163.80.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297728/; classtype:trojan-activity;sid:84160828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.215.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297727/; classtype:trojan-activity;sid:84160827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.35.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297726/; classtype:trojan-activity;sid:84160826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.129.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297725/; classtype:trojan-activity;sid:84160825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.33.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297724/; classtype:trojan-activity;sid:84160824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.116.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297723/; classtype:trojan-activity;sid:84160823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.83.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297722/; classtype:trojan-activity;sid:84160822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.26.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297721/; classtype:trojan-activity;sid:84160821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.171.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297720/; classtype:trojan-activity;sid:84160820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.114.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297719/; classtype:trojan-activity;sid:84160819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.2.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297718/; classtype:trojan-activity;sid:84160818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.38.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297717/; classtype:trojan-activity;sid:84160817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.231.131.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297716/; classtype:trojan-activity;sid:84160816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.24.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297715/; classtype:trojan-activity;sid:84160815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.141.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297714/; classtype:trojan-activity;sid:84160814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.192.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297713/; classtype:trojan-activity;sid:84160813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.216.26.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297712/; classtype:trojan-activity;sid:84160812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.129.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297711/; classtype:trojan-activity;sid:84160811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297710/; classtype:trojan-activity;sid:84160810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297709/; classtype:trojan-activity;sid:84160809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.26.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297708/; classtype:trojan-activity;sid:84160808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.191.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297707/; classtype:trojan-activity;sid:84160807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297706/; classtype:trojan-activity;sid:84160806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.38.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297705/; classtype:trojan-activity;sid:84160805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.95.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297704/; classtype:trojan-activity;sid:84160804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new_img.jpg"; depth:12; endswith; nocase; http.host; content:"103.20.102.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297703/; classtype:trojan-activity;sid:84160803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/arsfcmp.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297702/; classtype:trojan-activity;sid:84160802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/dkdddhm.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297701/; classtype:trojan-activity;sid:84160801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/bhcondezp.dat"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297687/; classtype:trojan-activity;sid:84160787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/pcfeybmwi.wav"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297688/; classtype:trojan-activity;sid:84160788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/rkfqslxbi.mp4"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297689/; classtype:trojan-activity;sid:84160789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/eamfjsg.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297690/; classtype:trojan-activity;sid:84160790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/imbdeaa.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297691/; classtype:trojan-activity;sid:84160791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/foukq.dat"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297692/; classtype:trojan-activity;sid:84160792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/sjbmcgh.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297693/; classtype:trojan-activity;sid:84160793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/acienjp.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297694/; classtype:trojan-activity;sid:84160794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/nmpkerc.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297695/; classtype:trojan-activity;sid:84160795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/mfdkcim.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297696/; classtype:trojan-activity;sid:84160796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/phesamr.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297697/; classtype:trojan-activity;sid:84160797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/afkiabj.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297698/; classtype:trojan-activity;sid:84160798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/cgfhhni.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297699/; classtype:trojan-activity;sid:84160799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/rfcenrk.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297700/; classtype:trojan-activity;sid:84160800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/vpukwv.mp4"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297686/; classtype:trojan-activity;sid:84160786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/panel.zip"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297685/; classtype:trojan-activity;sid:84160785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.32.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297684/; classtype:trojan-activity;sid:84160784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/reader_add-on.vbs"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297682/; classtype:trojan-activity;sid:84160782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkmanager/darko/downloads/kol_proposal.vbs"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297683/; classtype:trojan-activity;sid:84160783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.192.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297681/; classtype:trojan-activity;sid:84160781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.220.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297680/; classtype:trojan-activity;sid:84160780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.199.146.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297679/; classtype:trojan-activity;sid:84160779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297678/; classtype:trojan-activity;sid:84160778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297677/; classtype:trojan-activity;sid:84160777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hector4576--/noviembre19/downloads/sos19nov.txt"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297676/; classtype:trojan-activity;sid:84160776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.224.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297675/; classtype:trojan-activity;sid:84160775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.139.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297674/; classtype:trojan-activity;sid:84160774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.90.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297673/; classtype:trojan-activity;sid:84160773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.8.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297672/; classtype:trojan-activity;sid:84160772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86"; depth:15; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297670/; classtype:trojan-activity;sid:84160770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.120.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297671/; classtype:trojan-activity;sid:84160771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm"; depth:15; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297669/; classtype:trojan-activity;sid:84160769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.2.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297668/; classtype:trojan-activity;sid:84160768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.i686"; depth:16; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297667/; classtype:trojan-activity;sid:84160767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.spc"; depth:15; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297653/; classtype:trojan-activity;sid:84160753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.sh4"; depth:15; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297654/; classtype:trojan-activity;sid:84160754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm7"; depth:16; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297655/; classtype:trojan-activity;sid:84160755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.m68k"; depth:16; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297656/; classtype:trojan-activity;sid:84160756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arc"; depth:15; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297657/; classtype:trojan-activity;sid:84160757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.ppc"; depth:15; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297658/; classtype:trojan-activity;sid:84160758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm6"; depth:16; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297659/; classtype:trojan-activity;sid:84160759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297660/; classtype:trojan-activity;sid:84160760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mips"; depth:16; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297661/; classtype:trojan-activity;sid:84160761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86_64"; depth:18; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297662/; classtype:trojan-activity;sid:84160762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.89.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297663/; classtype:trojan-activity;sid:84160763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.57.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297664/; classtype:trojan-activity;sid:84160764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.14.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297665/; classtype:trojan-activity;sid:84160765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.36.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297666/; classtype:trojan-activity;sid:84160766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm5"; depth:16; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297651/; classtype:trojan-activity;sid:84160751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mpsl"; depth:16; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297652/; classtype:trojan-activity;sid:84160752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297650/; classtype:trojan-activity;sid:84160750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.139.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297649/; classtype:trojan-activity;sid:84160749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"ywp.guide.borden-carleton.ca"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297648/; classtype:trojan-activity;sid:84160748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.32.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297647/; classtype:trojan-activity;sid:84160747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297646/; classtype:trojan-activity;sid:84160746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297645/; classtype:trojan-activity;sid:84160745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.15.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297644/; classtype:trojan-activity;sid:84160744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.120.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297643/; classtype:trojan-activity;sid:84160743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/build4.exe"; depth:16; endswith; nocase; http.host; content:"66.63.187.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297642/; classtype:trojan-activity;sid:84160742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.87.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297641/; classtype:trojan-activity;sid:84160741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.63.107.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297640/; classtype:trojan-activity;sid:84160740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297639/; classtype:trojan-activity;sid:84160739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.228.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297638/; classtype:trojan-activity;sid:84160738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.70.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297637/; classtype:trojan-activity;sid:84160737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.70.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297636/; classtype:trojan-activity;sid:84160736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.149.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297635/; classtype:trojan-activity;sid:84160735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/module.ocx"; depth:15; endswith; nocase; http.host; content:"shadon.net"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297633/; classtype:trojan-activity;sid:84160733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/canew.ocx"; depth:14; endswith; nocase; http.host; content:"shadon.net"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297634/; classtype:trojan-activity;sid:84160734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297632/; classtype:trojan-activity;sid:84160732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/img_0952.lnk"; depth:17; endswith; nocase; http.host; content:"shadon.net"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297629/; classtype:trojan-activity;sid:84160729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/img_0950.lnk"; depth:17; endswith; nocase; http.host; content:"shadon.net"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297630/; classtype:trojan-activity;sid:84160730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/img_0955.lnk"; depth:17; endswith; nocase; http.host; content:"shadon.net"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297631/; classtype:trojan-activity;sid:84160731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/module.ocx"; depth:15; endswith; nocase; http.host; content:"65.20.104.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297627/; classtype:trojan-activity;sid:84160727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/canew.ocx"; depth:14; endswith; nocase; http.host; content:"65.20.104.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297628/; classtype:trojan-activity;sid:84160728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/img_0950.lnk"; depth:17; endswith; nocase; http.host; content:"65.20.104.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297624/; classtype:trojan-activity;sid:84160724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/img_0952.lnk"; depth:17; endswith; nocase; http.host; content:"65.20.104.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297625/; classtype:trojan-activity;sid:84160725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/img_0955.lnk"; depth:17; endswith; nocase; http.host; content:"65.20.104.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297626/; classtype:trojan-activity;sid:84160726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.139.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297623/; classtype:trojan-activity;sid:84160723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.166.43.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297622/; classtype:trojan-activity;sid:84160722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.124.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297621/; classtype:trojan-activity;sid:84160721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.49.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297620/; classtype:trojan-activity;sid:84160720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297619/; classtype:trojan-activity;sid:84160719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297618/; classtype:trojan-activity;sid:84160718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.150.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297617/; classtype:trojan-activity;sid:84160717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/xxx.zip"; depth:13; endswith; nocase; http.host; content:"segurofinalizar.shop"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297616/; classtype:trojan-activity;sid:84160716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"jaipurraj.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297614/; classtype:trojan-activity;sid:84160714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"bsfchile.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297615/; classtype:trojan-activity;sid:84160715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.119.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297613/; classtype:trojan-activity;sid:84160713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.200.56.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297612/; classtype:trojan-activity;sid:84160712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.239.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297610/; classtype:trojan-activity;sid:84160710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.15.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297611/; classtype:trojan-activity;sid:84160711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.98.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297609/; classtype:trojan-activity;sid:84160709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.39.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297608/; classtype:trojan-activity;sid:84160708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.235.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297607/; classtype:trojan-activity;sid:84160707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.78.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297605/; classtype:trojan-activity;sid:84160705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.45.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297606/; classtype:trojan-activity;sid:84160706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297604/; classtype:trojan-activity;sid:84160704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.78.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297602/; classtype:trojan-activity;sid:84160702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.61.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297603/; classtype:trojan-activity;sid:84160703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.51.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297601/; classtype:trojan-activity;sid:84160701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.141.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297600/; classtype:trojan-activity;sid:84160700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.149.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297599/; classtype:trojan-activity;sid:84160699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.200.56.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297598/; classtype:trojan-activity;sid:84160698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.186.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297597/; classtype:trojan-activity;sid:84160697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297596/; classtype:trojan-activity;sid:84160696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.15.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297595/; classtype:trojan-activity;sid:84160695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.39.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297594/; classtype:trojan-activity;sid:84160694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.138.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297593/; classtype:trojan-activity;sid:84160693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.91.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297592/; classtype:trojan-activity;sid:84160692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.26.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297591/; classtype:trojan-activity;sid:84160691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297590/; classtype:trojan-activity;sid:84160690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297589/; classtype:trojan-activity;sid:84160689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.17.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297588/; classtype:trojan-activity;sid:84160688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.239.128.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297587/; classtype:trojan-activity;sid:84160687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.244.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297586/; classtype:trojan-activity;sid:84160686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.57.79.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297585/; classtype:trojan-activity;sid:84160685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.171.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297584/; classtype:trojan-activity;sid:84160684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.186.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297583/; classtype:trojan-activity;sid:84160683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297582/; classtype:trojan-activity;sid:84160682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.255.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297581/; classtype:trojan-activity;sid:84160681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.88.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297580/; classtype:trojan-activity;sid:84160680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/proxy146.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297579/; classtype:trojan-activity;sid:84160679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.224.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297578/; classtype:trojan-activity;sid:84160678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.35.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297576/; classtype:trojan-activity;sid:84160676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.55.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297577/; classtype:trojan-activity;sid:84160677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.88.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297575/; classtype:trojan-activity;sid:84160675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.68.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297574/; classtype:trojan-activity;sid:84160674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.96.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297571/; classtype:trojan-activity;sid:84160671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297572/; classtype:trojan-activity;sid:84160672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.25.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297573/; classtype:trojan-activity;sid:84160673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.36.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297570/; classtype:trojan-activity;sid:84160670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.28.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297569/; classtype:trojan-activity;sid:84160669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.138.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297568/; classtype:trojan-activity;sid:84160668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.239.128.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297567/; classtype:trojan-activity;sid:84160667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.86.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297566/; classtype:trojan-activity;sid:84160666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.89.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297565/; classtype:trojan-activity;sid:84160665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.62.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297564/; classtype:trojan-activity;sid:84160664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.27.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297563/; classtype:trojan-activity;sid:84160663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.198.21.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297562/; classtype:trojan-activity;sid:84160662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.8.110.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297561/; classtype:trojan-activity;sid:84160661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.32.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297560/; classtype:trojan-activity;sid:84160660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.57.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297558/; classtype:trojan-activity;sid:84160658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.2.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297559/; classtype:trojan-activity;sid:84160659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297557/; classtype:trojan-activity;sid:84160657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc_s5_proxy_1.4.6.exe"; depth:23; endswith; nocase; http.host; content:"www.abcproxy.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297556/; classtype:trojan-activity;sid:84160656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.152.9.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297555/; classtype:trojan-activity;sid:84160655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.209.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297554/; classtype:trojan-activity;sid:84160654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.25.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297553/; classtype:trojan-activity;sid:84160653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.55.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297552/; classtype:trojan-activity;sid:84160652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.102.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297551/; classtype:trojan-activity;sid:84160651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.118.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297550/; classtype:trojan-activity;sid:84160650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.86.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297549/; classtype:trojan-activity;sid:84160649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.104.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297548/; classtype:trojan-activity;sid:84160648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.230.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297547/; classtype:trojan-activity;sid:84160647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.102.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297546/; classtype:trojan-activity;sid:84160646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.36.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297545/; classtype:trojan-activity;sid:84160645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.28.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297544/; classtype:trojan-activity;sid:84160644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.169.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297543/; classtype:trojan-activity;sid:84160643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.154.237.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297542/; classtype:trojan-activity;sid:84160642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.57.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297541/; classtype:trojan-activity;sid:84160641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/pnsbt"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297539/; classtype:trojan-activity;sid:84160639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gnre8/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297540/; classtype:trojan-activity;sid:84160640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.120.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297538/; classtype:trojan-activity;sid:84160638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297537/; classtype:trojan-activity;sid:84160637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.98.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297536/; classtype:trojan-activity;sid:84160636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/lumma111.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297531/; classtype:trojan-activity;sid:84160631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.99.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297532/; classtype:trojan-activity;sid:84160632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.207.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297533/; classtype:trojan-activity;sid:84160633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.209.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297534/; classtype:trojan-activity;sid:84160634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.165.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297535/; classtype:trojan-activity;sid:84160635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.9.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297528/; classtype:trojan-activity;sid:84160628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.47.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297529/; classtype:trojan-activity;sid:84160629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297530/; classtype:trojan-activity;sid:84160630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.9.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297503/; classtype:trojan-activity;sid:84160603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.43.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297502/; classtype:trojan-activity;sid:84160602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297500/; classtype:trojan-activity;sid:84160600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.72.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297501/; classtype:trojan-activity;sid:84160601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; depth:84; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297483/; classtype:trojan-activity;sid:84160583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; depth:82; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297484/; classtype:trojan-activity;sid:84160584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; depth:87; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297485/; classtype:trojan-activity;sid:84160585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; depth:84; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297486/; classtype:trojan-activity;sid:84160586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; depth:89; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297487/; classtype:trojan-activity;sid:84160587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; depth:82; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297488/; classtype:trojan-activity;sid:84160588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; depth:87; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297489/; classtype:trojan-activity;sid:84160589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; depth:89; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297490/; classtype:trojan-activity;sid:84160590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; depth:82; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297491/; classtype:trojan-activity;sid:84160591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; depth:87; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297492/; classtype:trojan-activity;sid:84160592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; depth:89; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297493/; classtype:trojan-activity;sid:84160593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; depth:84; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297494/; classtype:trojan-activity;sid:84160594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_all"; depth:84; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297495/; classtype:trojan-activity;sid:84160595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; depth:82; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297496/; classtype:trojan-activity;sid:84160596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_pure_enc"; depth:87; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297497/; classtype:trojan-activity;sid:84160597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis_pure_enc"; depth:89; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297498/; classtype:trojan-activity;sid:84160598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen_all"; depth:82; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297499/; classtype:trojan-activity;sid:84160599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; depth:84; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297476/; classtype:trojan-activity;sid:84160576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; depth:82; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297477/; classtype:trojan-activity;sid:84160577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; depth:84; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297478/; classtype:trojan-activity;sid:84160578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; depth:82; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297479/; classtype:trojan-activity;sid:84160579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/tuyen/tuyen.b64"; depth:82; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297480/; classtype:trojan-activity;sid:84160580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; depth:84; endswith; nocase; http.host; content:"aviationchartersolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297481/; classtype:trojan-activity;sid:84160581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insurify-html-v1.1/documentation/assets/img/glyphicons/server_vip/adonis/adonis.b64"; depth:84; endswith; nocase; http.host; content:"www.aviationchartersolutions.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297482/; classtype:trojan-activity;sid:84160582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.98.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297475/; classtype:trojan-activity;sid:84160575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.164.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297474/; classtype:trojan-activity;sid:84160574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.222.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297472/; classtype:trojan-activity;sid:84160572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.215.240.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297473/; classtype:trojan-activity;sid:84160573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.150.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297471/; classtype:trojan-activity;sid:84160571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.47.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297470/; classtype:trojan-activity;sid:84160570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.47.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297469/; classtype:trojan-activity;sid:84160569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.154.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297468/; classtype:trojan-activity;sid:84160568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.255.202.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297467/; classtype:trojan-activity;sid:84160567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.255.202.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297466/; classtype:trojan-activity;sid:84160566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.30.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297465/; classtype:trojan-activity;sid:84160565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.197.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297464/; classtype:trojan-activity;sid:84160564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.63.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297463/; classtype:trojan-activity;sid:84160563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.28.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297462/; classtype:trojan-activity;sid:84160562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.107.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297461/; classtype:trojan-activity;sid:84160561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.161.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297460/; classtype:trojan-activity;sid:84160560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.72.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297456/; classtype:trojan-activity;sid:84160556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.151.76.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297457/; classtype:trojan-activity;sid:84160557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.239.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297458/; classtype:trojan-activity;sid:84160558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.35.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297459/; classtype:trojan-activity;sid:84160559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.153.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297455/; classtype:trojan-activity;sid:84160555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.212.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297454/; classtype:trojan-activity;sid:84160554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.13.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297453/; classtype:trojan-activity;sid:84160553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.188.16.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297452/; classtype:trojan-activity;sid:84160552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.137.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297451/; classtype:trojan-activity;sid:84160551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.15.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297450/; classtype:trojan-activity;sid:84160550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.250.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297448/; classtype:trojan-activity;sid:84160548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.233.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297449/; classtype:trojan-activity;sid:84160549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.214.186.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297447/; classtype:trojan-activity;sid:84160547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297446/; classtype:trojan-activity;sid:84160546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.123.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297445/; classtype:trojan-activity;sid:84160545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297444/; classtype:trojan-activity;sid:84160544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.197.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297443/; classtype:trojan-activity;sid:84160543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.185.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297441/; classtype:trojan-activity;sid:84160541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.74.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297442/; classtype:trojan-activity;sid:84160542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.184.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297440/; classtype:trojan-activity;sid:84160540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.16.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297439/; classtype:trojan-activity;sid:84160539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.23.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297438/; classtype:trojan-activity;sid:84160538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297437/; classtype:trojan-activity;sid:84160537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.221.225.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297436/; classtype:trojan-activity;sid:84160536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.15.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297435/; classtype:trojan-activity;sid:84160535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.13.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297434/; classtype:trojan-activity;sid:84160534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.239.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297433/; classtype:trojan-activity;sid:84160533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.223.185.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297432/; classtype:trojan-activity;sid:84160532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.148.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297431/; classtype:trojan-activity;sid:84160531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.184.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297430/; classtype:trojan-activity;sid:84160530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/palofd"; depth:7; endswith; nocase; http.host; content:"38.180.147.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297429/; classtype:trojan-activity;sid:84160529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.185.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297428/; classtype:trojan-activity;sid:84160528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.74.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297427/; classtype:trojan-activity;sid:84160527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.221.225.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297426/; classtype:trojan-activity;sid:84160526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"198.163.192.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297425/; classtype:trojan-activity;sid:84160525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.183.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297424/; classtype:trojan-activity;sid:84160524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.56.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297421/; classtype:trojan-activity;sid:84160521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.42.74.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297422/; classtype:trojan-activity;sid:84160522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.208.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297423/; classtype:trojan-activity;sid:84160523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.236.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297419/; classtype:trojan-activity;sid:84160519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.90.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297420/; classtype:trojan-activity;sid:84160520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"198.163.192.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297417/; classtype:trojan-activity;sid:84160517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.101.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297418/; classtype:trojan-activity;sid:84160518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.39.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297416/; classtype:trojan-activity;sid:84160516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.148.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297415/; classtype:trojan-activity;sid:84160515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.229.54.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297414/; classtype:trojan-activity;sid:84160514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.95.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297413/; classtype:trojan-activity;sid:84160513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.27.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297411/; classtype:trojan-activity;sid:84160511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"194.54.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297412/; classtype:trojan-activity;sid:84160512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atp"; depth:4; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297408/; classtype:trojan-activity;sid:84160508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atp"; depth:4; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297409/; classtype:trojan-activity;sid:84160509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atp"; depth:4; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297410/; classtype:trojan-activity;sid:84160510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.231.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297407/; classtype:trojan-activity;sid:84160507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.116.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297406/; classtype:trojan-activity;sid:84160506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297405/; classtype:trojan-activity;sid:84160505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i486"; depth:10; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297378/; classtype:trojan-activity;sid:84160478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297379/; classtype:trojan-activity;sid:84160479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297380/; classtype:trojan-activity;sid:84160480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297381/; classtype:trojan-activity;sid:84160481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i486"; depth:10; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297382/; classtype:trojan-activity;sid:84160482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297383/; classtype:trojan-activity;sid:84160483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297384/; classtype:trojan-activity;sid:84160484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297385/; classtype:trojan-activity;sid:84160485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297386/; classtype:trojan-activity;sid:84160486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297387/; classtype:trojan-activity;sid:84160487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297388/; classtype:trojan-activity;sid:84160488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297389/; classtype:trojan-activity;sid:84160489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297390/; classtype:trojan-activity;sid:84160490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297391/; classtype:trojan-activity;sid:84160491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297392/; classtype:trojan-activity;sid:84160492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297393/; classtype:trojan-activity;sid:84160493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297394/; classtype:trojan-activity;sid:84160494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297395/; classtype:trojan-activity;sid:84160495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297396/; classtype:trojan-activity;sid:84160496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297397/; classtype:trojan-activity;sid:84160497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297398/; classtype:trojan-activity;sid:84160498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297399/; classtype:trojan-activity;sid:84160499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297400/; classtype:trojan-activity;sid:84160500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297401/; classtype:trojan-activity;sid:84160501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297402/; classtype:trojan-activity;sid:84160502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297403/; classtype:trojan-activity;sid:84160503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"aiddoscnc.aisysmddos.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297404/; classtype:trojan-activity;sid:84160504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"aiddoscnc2.aisysmddos.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297377/; classtype:trojan-activity;sid:84160477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297373/; classtype:trojan-activity;sid:84160473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297374/; classtype:trojan-activity;sid:84160474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297375/; classtype:trojan-activity;sid:84160475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297376/; classtype:trojan-activity;sid:84160476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i486"; depth:10; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297372/; classtype:trojan-activity;sid:84160472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.252.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297371/; classtype:trojan-activity;sid:84160471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.111.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297369/; classtype:trojan-activity;sid:84160469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.236.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297370/; classtype:trojan-activity;sid:84160470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.229.54.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297368/; classtype:trojan-activity;sid:84160468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.132.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297367/; classtype:trojan-activity;sid:84160467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.164.248.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297366/; classtype:trojan-activity;sid:84160466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.252.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297365/; classtype:trojan-activity;sid:84160465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.60.70.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297364/; classtype:trojan-activity;sid:84160464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.245.5.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297363/; classtype:trojan-activity;sid:84160463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.226.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297362/; classtype:trojan-activity;sid:84160462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.125.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297361/; classtype:trojan-activity;sid:84160461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.111.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297359/; classtype:trojan-activity;sid:84160459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297360/; classtype:trojan-activity;sid:84160460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugin3.dll"; depth:12; endswith; nocase; http.host; content:"cheat.underground-cheat.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297358/; classtype:trojan-activity;sid:84160458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.44.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297357/; classtype:trojan-activity;sid:84160457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.144.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297355/; classtype:trojan-activity;sid:84160455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugin3.dll"; depth:12; endswith; nocase; http.host; content:"81.161.238.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297356/; classtype:trojan-activity;sid:84160456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.151.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297354/; classtype:trojan-activity;sid:84160454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.25.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297353/; classtype:trojan-activity;sid:84160453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.132.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297352/; classtype:trojan-activity;sid:84160452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.89.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297351/; classtype:trojan-activity;sid:84160451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297350/; classtype:trojan-activity;sid:84160450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.86.188.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297349/; classtype:trojan-activity;sid:84160449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.158.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297345/; classtype:trojan-activity;sid:84160445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.192.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297346/; classtype:trojan-activity;sid:84160446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.241.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297347/; classtype:trojan-activity;sid:84160447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.29.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297348/; classtype:trojan-activity;sid:84160448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winsvc.exe"; depth:11; endswith; nocase; http.host; content:"81.161.238.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297343/; classtype:trojan-activity;sid:84160443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winsvc.exe"; depth:11; endswith; nocase; http.host; content:"cheat.underground-cheat.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297344/; classtype:trojan-activity;sid:84160444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297342/; classtype:trojan-activity;sid:84160442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.41.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297341/; classtype:trojan-activity;sid:84160441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.121.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297340/; classtype:trojan-activity;sid:84160440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.21.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297339/; classtype:trojan-activity;sid:84160439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297338/; classtype:trojan-activity;sid:84160438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297337/; classtype:trojan-activity;sid:84160437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.32.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297336/; classtype:trojan-activity;sid:84160436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.247.208.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297335/; classtype:trojan-activity;sid:84160435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.144.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297334/; classtype:trojan-activity;sid:84160434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.158.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297332/; classtype:trojan-activity;sid:84160432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.87.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297333/; classtype:trojan-activity;sid:84160433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.41.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297331/; classtype:trojan-activity;sid:84160431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297330/; classtype:trojan-activity;sid:84160430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.21.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297329/; classtype:trojan-activity;sid:84160429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297328/; classtype:trojan-activity;sid:84160428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.26.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297327/; classtype:trojan-activity;sid:84160427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.6.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297326/; classtype:trojan-activity;sid:84160426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.164.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297325/; classtype:trojan-activity;sid:84160425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.82.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297324/; classtype:trojan-activity;sid:84160424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.176.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297322/; classtype:trojan-activity;sid:84160422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.87.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297323/; classtype:trojan-activity;sid:84160423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297321/; classtype:trojan-activity;sid:84160421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.74.13.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297320/; classtype:trojan-activity;sid:84160420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.170.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297319/; classtype:trojan-activity;sid:84160419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.60.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297318/; classtype:trojan-activity;sid:84160418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.20.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297317/; classtype:trojan-activity;sid:84160417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.16.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297315/; classtype:trojan-activity;sid:84160415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.188.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297316/; classtype:trojan-activity;sid:84160416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.4.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297314/; classtype:trojan-activity;sid:84160414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.235.215.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297313/; classtype:trojan-activity;sid:84160413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/factura09876567000.bat"; depth:23; endswith; nocase; http.host; content:"www.grupodulcemar.pe"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297312/; classtype:trojan-activity;sid:84160412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31/winnit.exe"; depth:14; endswith; nocase; http.host; content:"107.173.4.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297311/; classtype:trojan-activity;sid:84160411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/mt/generatethebstgoodpeoplesaroundtheworldwithgood.hta"; depth:61; endswith; nocase; http.host; content:"107.173.4.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297310/; classtype:trojan-activity;sid:84160410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.213.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297309/; classtype:trojan-activity;sid:84160409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.161.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297307/; classtype:trojan-activity;sid:84160407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.239.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297308/; classtype:trojan-activity;sid:84160408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cerebspxrrzmtdac8ykigsgnaxzagzyt"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297306/; classtype:trojan-activity;sid:84160406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ziyxcjuvj99qtxqjbjaxmsemo3ex9d8j"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297305/; classtype:trojan-activity;sid:84160405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45/ww/seethebestthignswhichgivingbestopportunities.hta"; depth:55; endswith; nocase; http.host; content:"192.3.220.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297304/; classtype:trojan-activity;sid:84160404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297303/; classtype:trojan-activity;sid:84160403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.112.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297302/; classtype:trojan-activity;sid:84160402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.193.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297301/; classtype:trojan-activity;sid:84160401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.118.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297300/; classtype:trojan-activity;sid:84160400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41/seethebestthingswhichgivingbestthignsevertogetmebackwithenitretimegiv.tif"; depth:77; endswith; nocase; http.host; content:"172.245.123.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297298/; classtype:trojan-activity;sid:84160398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41/mn/seethebestthingswhichgivenbestthingsforentiretimeforme.hta"; depth:65; endswith; nocase; http.host; content:"172.245.123.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297299/; classtype:trojan-activity;sid:84160399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/undershooting.hhk"; depth:18; endswith; nocase; http.host; content:"shalouxt.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297297/; classtype:trojan-activity;sid:84160397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.82.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297295/; classtype:trojan-activity;sid:84160395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulabmedjflhpwz78.bin"; depth:21; endswith; nocase; http.host; content:"shalouxt.top"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297296/; classtype:trojan-activity;sid:84160396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/includes/max/edderkoppen.chm"; depth:38; endswith; nocase; http.host; content:"freeagirl.de"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297294/; classtype:trojan-activity;sid:84160394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.85.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297293/; classtype:trojan-activity;sid:84160393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.6.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297292/; classtype:trojan-activity;sid:84160392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.111.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297291/; classtype:trojan-activity;sid:84160391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.253.55.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297290/; classtype:trojan-activity;sid:84160390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.231.131.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297289/; classtype:trojan-activity;sid:84160389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.255.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297288/; classtype:trojan-activity;sid:84160388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.72.210.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297285/; classtype:trojan-activity;sid:84160385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297286/; classtype:trojan-activity;sid:84160386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.89.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297287/; classtype:trojan-activity;sid:84160387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d85fd701b9057d3/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"31.177.109.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297283/; classtype:trojan-activity;sid:84160383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d85fd701b9057d3/nss3.dll"; depth:26; endswith; nocase; http.host; content:"31.177.109.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297284/; classtype:trojan-activity;sid:84160384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d85fd701b9057d3/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"31.177.109.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297278/; classtype:trojan-activity;sid:84160378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d85fd701b9057d3/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"31.177.109.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297279/; classtype:trojan-activity;sid:84160379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d85fd701b9057d3/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"31.177.109.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297280/; classtype:trojan-activity;sid:84160380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d85fd701b9057d3/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"31.177.109.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297281/; classtype:trojan-activity;sid:84160381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d85fd701b9057d3/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"31.177.109.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297282/; classtype:trojan-activity;sid:84160382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.240.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297277/; classtype:trojan-activity;sid:84160377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.155.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297276/; classtype:trojan-activity;sid:84160376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.220.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297275/; classtype:trojan-activity;sid:84160375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.75.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297274/; classtype:trojan-activity;sid:84160374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.193.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297273/; classtype:trojan-activity;sid:84160373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.125.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297272/; classtype:trojan-activity;sid:84160372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.75.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297271/; classtype:trojan-activity;sid:84160371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feilian_latestx64.zip"; depth:22; endswith; nocase; http.host; content:"cdn.wecdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297270/; classtype:trojan-activity;sid:84160370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wl_tp_extend_app_v1.0.exe"; depth:26; endswith; nocase; http.host; content:"106.42.31.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297269/; classtype:trojan-activity;sid:84160369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromex64.zip"; depth:14; endswith; nocase; http.host; content:"cdn.wecdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297268/; classtype:trojan-activity;sid:84160368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gateio-win64.zip"; depth:17; endswith; nocase; http.host; content:"cdn.wecdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297267/; classtype:trojan-activity;sid:84160367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mexc_winx64.zip"; depth:16; endswith; nocase; http.host; content:"cdn.wecdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297266/; classtype:trojan-activity;sid:84160366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/todeskx64.zip"; depth:14; endswith; nocase; http.host; content:"cdn.wecdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297265/; classtype:trojan-activity;sid:84160365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demongen-windows-arm64.exe"; depth:27; endswith; nocase; http.host; content:"194.164.59.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297264/; classtype:trojan-activity;sid:84160364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transocks_x64.zip"; depth:18; endswith; nocase; http.host; content:"cdn.wecdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297262/; classtype:trojan-activity;sid:84160362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"167.86.89.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297263/; classtype:trojan-activity;sid:84160363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wl_upgrade_new.exe"; depth:19; endswith; nocase; http.host; content:"106.42.31.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297261/; classtype:trojan-activity;sid:84160361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/215.exe"; depth:8; endswith; nocase; http.host; content:"42.193.100.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297259/; classtype:trojan-activity;sid:84160359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/214.exe"; depth:8; endswith; nocase; http.host; content:"42.193.100.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297260/; classtype:trojan-activity;sid:84160360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s4.exe"; depth:7; endswith; nocase; http.host; content:"42.193.100.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297258/; classtype:trojan-activity;sid:84160358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/212.exe"; depth:8; endswith; nocase; http.host; content:"42.193.100.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297257/; classtype:trojan-activity;sid:84160357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demongen-windows-amd64.exe"; depth:27; endswith; nocase; http.host; content:"194.164.59.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297256/; classtype:trojan-activity;sid:84160356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/213.exe"; depth:8; endswith; nocase; http.host; content:"42.193.100.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297255/; classtype:trojan-activity;sid:84160355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/99.exe"; depth:7; endswith; nocase; http.host; content:"42.193.100.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297254/; classtype:trojan-activity;sid:84160354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/208.exe"; depth:8; endswith; nocase; http.host; content:"42.193.100.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297253/; classtype:trojan-activity;sid:84160353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demongen-linux-arm64"; depth:21; endswith; nocase; http.host; content:"194.164.59.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297252/; classtype:trojan-activity;sid:84160352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demongen-linux-amd64"; depth:21; endswith; nocase; http.host; content:"194.164.59.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297251/; classtype:trojan-activity;sid:84160351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener2.vbs"; depth:14; endswith; nocase; http.host; content:"190.9.223.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297249/; classtype:trojan-activity;sid:84160349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"81.161.238.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297250/; classtype:trojan-activity;sid:84160350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demongen-darwin-amd64"; depth:22; endswith; nocase; http.host; content:"194.164.59.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297248/; classtype:trojan-activity;sid:84160348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/my_upgrade_new.exe"; depth:19; endswith; nocase; http.host; content:"106.42.31.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297247/; classtype:trojan-activity;sid:84160347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wait.exe"; depth:9; endswith; nocase; http.host; content:"106.42.31.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297245/; classtype:trojan-activity;sid:84160345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajiasu_x64.zip"; depth:15; endswith; nocase; http.host; content:"cdn.wecdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297246/; classtype:trojan-activity;sid:84160346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maomao.exe"; depth:11; endswith; nocase; http.host; content:"potok.fund"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297244/; classtype:trojan-activity;sid:84160344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maomao.exe"; depth:11; endswith; nocase; http.host; content:"potok.casa"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297243/; classtype:trojan-activity;sid:84160343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/killdefender.exe"; depth:17; endswith; nocase; http.host; content:"38.207.132.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297242/; classtype:trojan-activity;sid:84160342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.75.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297241/; classtype:trojan-activity;sid:84160341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.203.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297240/; classtype:trojan-activity;sid:84160340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.6.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297239/; classtype:trojan-activity;sid:84160339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/stealc_main1.exe"; depth:23; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297238/; classtype:trojan-activity;sid:84160338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.38.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297237/; classtype:trojan-activity;sid:84160337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.89.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297236/; classtype:trojan-activity;sid:84160336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.88.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297235/; classtype:trojan-activity;sid:84160335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.162.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297233/; classtype:trojan-activity;sid:84160333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.224.28.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297234/; classtype:trojan-activity;sid:84160334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.228.55.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297232/; classtype:trojan-activity;sid:84160332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.10.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297231/; classtype:trojan-activity;sid:84160331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.243.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297230/; classtype:trojan-activity;sid:84160330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.28.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297229/; classtype:trojan-activity;sid:84160329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297226/; classtype:trojan-activity;sid:84160326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.15.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297227/; classtype:trojan-activity;sid:84160327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.203.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297228/; classtype:trojan-activity;sid:84160328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297224/; classtype:trojan-activity;sid:84160324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.7.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297225/; classtype:trojan-activity;sid:84160325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.5.54.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297223/; classtype:trojan-activity;sid:84160323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.114.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297222/; classtype:trojan-activity;sid:84160322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.242.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297220/; classtype:trojan-activity;sid:84160320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.228.55.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297221/; classtype:trojan-activity;sid:84160321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.168.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297219/; classtype:trojan-activity;sid:84160319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.238.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297218/; classtype:trojan-activity;sid:84160318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.203.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297217/; classtype:trojan-activity;sid:84160317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.42.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297216/; classtype:trojan-activity;sid:84160316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297213/; classtype:trojan-activity;sid:84160313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.171.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297214/; classtype:trojan-activity;sid:84160314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.59.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297215/; classtype:trojan-activity;sid:84160315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.184.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297212/; classtype:trojan-activity;sid:84160312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.139.155.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297211/; classtype:trojan-activity;sid:84160311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.84.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297210/; classtype:trojan-activity;sid:84160310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.203.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297209/; classtype:trojan-activity;sid:84160309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297208/; classtype:trojan-activity;sid:84160308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.10.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297207/; classtype:trojan-activity;sid:84160307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.152.240.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297206/; classtype:trojan-activity;sid:84160306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.35.243.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297205/; classtype:trojan-activity;sid:84160305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.39.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297204/; classtype:trojan-activity;sid:84160304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.102.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297203/; classtype:trojan-activity;sid:84160303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297202/; classtype:trojan-activity;sid:84160302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.42.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297201/; classtype:trojan-activity;sid:84160301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.71.17.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297200/; classtype:trojan-activity;sid:84160300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.181.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297199/; classtype:trojan-activity;sid:84160299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.141.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297198/; classtype:trojan-activity;sid:84160298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.227.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297197/; classtype:trojan-activity;sid:84160297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.171.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297196/; classtype:trojan-activity;sid:84160296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.102.29.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297194/; classtype:trojan-activity;sid:84160294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297195/; classtype:trojan-activity;sid:84160295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.43.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297193/; classtype:trojan-activity;sid:84160293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.242.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297192/; classtype:trojan-activity;sid:84160292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.211.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297191/; classtype:trojan-activity;sid:84160291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.102.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297190/; classtype:trojan-activity;sid:84160290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.131.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297189/; classtype:trojan-activity;sid:84160289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.193.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297185/; classtype:trojan-activity;sid:84160285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297186/; classtype:trojan-activity;sid:84160286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.66.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297187/; classtype:trojan-activity;sid:84160287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297188/; classtype:trojan-activity;sid:84160288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.101.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297183/; classtype:trojan-activity;sid:84160283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.210.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297184/; classtype:trojan-activity;sid:84160284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.231.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297182/; classtype:trojan-activity;sid:84160282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.131.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297180/; classtype:trojan-activity;sid:84160280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.213.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297181/; classtype:trojan-activity;sid:84160281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.141.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297179/; classtype:trojan-activity;sid:84160279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.154.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297178/; classtype:trojan-activity;sid:84160278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.227.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297177/; classtype:trojan-activity;sid:84160277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.130.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297176/; classtype:trojan-activity;sid:84160276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297175/; classtype:trojan-activity;sid:84160275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.210.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297174/; classtype:trojan-activity;sid:84160274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.218.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297173/; classtype:trojan-activity;sid:84160273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.132.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297172/; classtype:trojan-activity;sid:84160272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.9.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297171/; classtype:trojan-activity;sid:84160271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297170/; classtype:trojan-activity;sid:84160270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.230.79.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297169/; classtype:trojan-activity;sid:84160269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.61.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297168/; classtype:trojan-activity;sid:84160268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.225.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297167/; classtype:trojan-activity;sid:84160267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.107.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297166/; classtype:trojan-activity;sid:84160266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.168.236.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297165/; classtype:trojan-activity;sid:84160265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.102.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297163/; classtype:trojan-activity;sid:84160263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.254.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297164/; classtype:trojan-activity;sid:84160264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.72.213.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297162/; classtype:trojan-activity;sid:84160262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.3.195.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297160/; classtype:trojan-activity;sid:84160260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ropsjsn_belphegor_obf.exe"; depth:26; endswith; nocase; http.host; content:"62.60.153.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297161/; classtype:trojan-activity;sid:84160261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.241.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297159/; classtype:trojan-activity;sid:84160259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.69.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297158/; classtype:trojan-activity;sid:84160258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.25.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297157/; classtype:trojan-activity;sid:84160257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.61.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297155/; classtype:trojan-activity;sid:84160255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.55.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297156/; classtype:trojan-activity;sid:84160256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297154/; classtype:trojan-activity;sid:84160254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.210.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297153/; classtype:trojan-activity;sid:84160253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.179.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297152/; classtype:trojan-activity;sid:84160252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.124.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297151/; classtype:trojan-activity;sid:84160251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.67.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297150/; classtype:trojan-activity;sid:84160250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.80.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297149/; classtype:trojan-activity;sid:84160249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v/233_faogvkghvqn"; depth:18; endswith; nocase; http.host; content:"ferreiragascuritiba.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297148/; classtype:trojan-activity;sid:84160248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"151.72.213.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297147/; classtype:trojan-activity;sid:84160247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v/233_faogvkghvqn"; depth:18; endswith; nocase; http.host; content:"ferreiragascuritiba.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297146/; classtype:trojan-activity;sid:84160246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.209.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297145/; classtype:trojan-activity;sid:84160245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.10.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297144/; classtype:trojan-activity;sid:84160244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.86.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297143/; classtype:trojan-activity;sid:84160243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.179.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297142/; classtype:trojan-activity;sid:84160242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.69.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297141/; classtype:trojan-activity;sid:84160241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.39.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297140/; classtype:trojan-activity;sid:84160240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.4.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297139/; classtype:trojan-activity;sid:84160239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.102.252"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297138/; classtype:trojan-activity;sid:84160238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.87.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297137/; classtype:trojan-activity;sid:84160237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297136/; classtype:trojan-activity;sid:84160236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.96.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297135/; classtype:trojan-activity;sid:84160235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.116.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297134/; classtype:trojan-activity;sid:84160234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.238.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297133/; classtype:trojan-activity;sid:84160233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.44.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297132/; classtype:trojan-activity;sid:84160232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.58.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297130/; classtype:trojan-activity;sid:84160230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.191.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297131/; classtype:trojan-activity;sid:84160231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297129/; classtype:trojan-activity;sid:84160229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.139.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297128/; classtype:trojan-activity;sid:84160228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.66.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297127/; classtype:trojan-activity;sid:84160227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297126/; classtype:trojan-activity;sid:84160226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297125/; classtype:trojan-activity;sid:84160225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"73.87.50.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297124/; classtype:trojan-activity;sid:84160224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.112.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297123/; classtype:trojan-activity;sid:84160223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.45.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297122/; classtype:trojan-activity;sid:84160222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.90.107.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297121/; classtype:trojan-activity;sid:84160221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.57.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297120/; classtype:trojan-activity;sid:84160220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.189.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297119/; classtype:trojan-activity;sid:84160219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.170.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297118/; classtype:trojan-activity;sid:84160218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.3.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297117/; classtype:trojan-activity;sid:84160217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.71.43.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297116/; classtype:trojan-activity;sid:84160216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.1.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297115/; classtype:trojan-activity;sid:84160215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.58.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297114/; classtype:trojan-activity;sid:84160214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.43.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297113/; classtype:trojan-activity;sid:84160213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.8.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297112/; classtype:trojan-activity;sid:84160212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.191.81.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297111/; classtype:trojan-activity;sid:84160211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.226.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297110/; classtype:trojan-activity;sid:84160210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.193.53.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297109/; classtype:trojan-activity;sid:84160209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.190.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297108/; classtype:trojan-activity;sid:84160208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.90.107.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297107/; classtype:trojan-activity;sid:84160207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.21.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297106/; classtype:trojan-activity;sid:84160206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.231.186.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297104/; classtype:trojan-activity;sid:84160204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.243.181.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297105/; classtype:trojan-activity;sid:84160205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.3.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297103/; classtype:trojan-activity;sid:84160203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.226.36.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297102/; classtype:trojan-activity;sid:84160202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.210.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297100/; classtype:trojan-activity;sid:84160200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.212.234.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297101/; classtype:trojan-activity;sid:84160201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.105.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297099/; classtype:trojan-activity;sid:84160199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.255.149.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297098/; classtype:trojan-activity;sid:84160198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.134.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297097/; classtype:trojan-activity;sid:84160197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.39.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297096/; classtype:trojan-activity;sid:84160196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.226.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297095/; classtype:trojan-activity;sid:84160195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.5.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297094/; classtype:trojan-activity;sid:84160194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.207.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297092/; classtype:trojan-activity;sid:84160192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.190.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297093/; classtype:trojan-activity;sid:84160193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.57.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297091/; classtype:trojan-activity;sid:84160191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.180.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297090/; classtype:trojan-activity;sid:84160190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.231.186.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297089/; classtype:trojan-activity;sid:84160189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.211.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297088/; classtype:trojan-activity;sid:84160188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.31.191.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297087/; classtype:trojan-activity;sid:84160187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.255.149.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297086/; classtype:trojan-activity;sid:84160186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.172.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297085/; classtype:trojan-activity;sid:84160185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.110.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297084/; classtype:trojan-activity;sid:84160184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/files/_ddldpxvx"; depth:20; endswith; nocase; http.host; content:"api.ewfiles.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297083/; classtype:trojan-activity;sid:84160183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.75.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297082/; classtype:trojan-activity;sid:84160182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.184.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297080/; classtype:trojan-activity;sid:84160180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.167.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297081/; classtype:trojan-activity;sid:84160181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.45.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297079/; classtype:trojan-activity;sid:84160179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.207.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297078/; classtype:trojan-activity;sid:84160178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.21.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297077/; classtype:trojan-activity;sid:84160177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.9.154"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297076/; classtype:trojan-activity;sid:84160176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.106.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297075/; classtype:trojan-activity;sid:84160175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.76.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297074/; classtype:trojan-activity;sid:84160174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/files/wft6esfut"; depth:20; endswith; nocase; http.host; content:"api.ewfiles.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297073/; classtype:trojan-activity;sid:84160173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/files/x8kuhjgo6"; depth:20; endswith; nocase; http.host; content:"api.ewfiles.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297072/; classtype:trojan-activity;sid:84160172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.252.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297071/; classtype:trojan-activity;sid:84160171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/files/v3ja0e0bs"; depth:20; endswith; nocase; http.host; content:"api.ewfiles.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297070/; classtype:trojan-activity;sid:84160170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/files/7m7gsdepl"; depth:20; endswith; nocase; http.host; content:"api.ewfiles.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297069/; classtype:trojan-activity;sid:84160169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/files/y2neibvzn"; depth:20; endswith; nocase; http.host; content:"api.ewfiles.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297067/; classtype:trojan-activity;sid:84160167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/kefttaeb"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297068/; classtype:trojan-activity;sid:84160168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.162.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297066/; classtype:trojan-activity;sid:84160166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.65.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297065/; classtype:trojan-activity;sid:84160165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.228.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297064/; classtype:trojan-activity;sid:84160164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.22.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297063/; classtype:trojan-activity;sid:84160163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guidanceconnectors.exe"; depth:23; endswith; nocase; http.host; content:"150.241.91.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297062/; classtype:trojan-activity;sid:84160162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.210.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297061/; classtype:trojan-activity;sid:84160161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.123.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297060/; classtype:trojan-activity;sid:84160160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part4.png"; depth:10; endswith; nocase; http.host; content:"garhoudjourm.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297056/; classtype:trojan-activity;sid:84160156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.210.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297057/; classtype:trojan-activity;sid:84160157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part3.png"; depth:10; endswith; nocase; http.host; content:"garhoudjourm.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297058/; classtype:trojan-activity;sid:84160158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.198.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297059/; classtype:trojan-activity;sid:84160159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part2.png"; depth:10; endswith; nocase; http.host; content:"garhoudjourm.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297055/; classtype:trojan-activity;sid:84160155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.240.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297054/; classtype:trojan-activity;sid:84160154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.15.239.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.246.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297052/; classtype:trojan-activity;sid:84160152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.4.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297051/; classtype:trojan-activity;sid:84160151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.93.203.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297050/; classtype:trojan-activity;sid:84160150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297049/; classtype:trojan-activity;sid:84160149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/wer/we/seemybestoptionforentiretimegivenmebackwith______suchagreatthignswithentiretimewithmegood______seethebestthignsalwaysgivnebestthigns.doc"; depth:150; endswith; nocase; http.host; content:"66.63.187.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297048/; classtype:trojan-activity;sid:84160148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.210.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297047/; classtype:trojan-activity;sid:84160147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.35.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297046/; classtype:trojan-activity;sid:84160146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33/caspol.exe"; depth:14; endswith; nocase; http.host; content:"66.63.187.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297045/; classtype:trojan-activity;sid:84160145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.193.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297044/; classtype:trojan-activity;sid:84160144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/wer/goodtoseeuthatgreatthingswithentirethingsgreatfor.hta"; depth:64; endswith; nocase; http.host; content:"66.63.187.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297043/; classtype:trojan-activity;sid:84160143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297042/; classtype:trojan-activity;sid:84160142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.101.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297041/; classtype:trojan-activity;sid:84160141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.9.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297039/; classtype:trojan-activity;sid:84160139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.34.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297040/; classtype:trojan-activity;sid:84160140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.5.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297038/; classtype:trojan-activity;sid:84160138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.198.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297037/; classtype:trojan-activity;sid:84160137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297036/; classtype:trojan-activity;sid:84160136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297035/; classtype:trojan-activity;sid:84160135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297034/; classtype:trojan-activity;sid:84160134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.58.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297033/; classtype:trojan-activity;sid:84160133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.189.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297032/; classtype:trojan-activity;sid:84160132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.142.157.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297031/; classtype:trojan-activity;sid:84160131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.104.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297030/; classtype:trojan-activity;sid:84160130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.103.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297029/; classtype:trojan-activity;sid:84160129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.138.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297028/; classtype:trojan-activity;sid:84160128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.142.157.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297027/; classtype:trojan-activity;sid:84160127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.86.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297026/; classtype:trojan-activity;sid:84160126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.95.139.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297025/; classtype:trojan-activity;sid:84160125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.25.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297024/; classtype:trojan-activity;sid:84160124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.221.225.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297023/; classtype:trojan-activity;sid:84160123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.246.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297022/; classtype:trojan-activity;sid:84160122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.103.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297021/; classtype:trojan-activity;sid:84160121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.201.111.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297020/; classtype:trojan-activity;sid:84160120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.60.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297019/; classtype:trojan-activity;sid:84160119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.15.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297018/; classtype:trojan-activity;sid:84160118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.123.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297017/; classtype:trojan-activity;sid:84160117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.86.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297016/; classtype:trojan-activity;sid:84160116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.231.166.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297015/; classtype:trojan-activity;sid:84160115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.133.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297014/; classtype:trojan-activity;sid:84160114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297013/; classtype:trojan-activity;sid:84160113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.185.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297012/; classtype:trojan-activity;sid:84160112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297011/; classtype:trojan-activity;sid:84160111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297010/; classtype:trojan-activity;sid:84160110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.4.224.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297009/; classtype:trojan-activity;sid:84160109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297008/; classtype:trojan-activity;sid:84160108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.232.65.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297007/; classtype:trojan-activity;sid:84160107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.243.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297006/; classtype:trojan-activity;sid:84160106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.60.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297005/; classtype:trojan-activity;sid:84160105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.76.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297004/; classtype:trojan-activity;sid:84160104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.60.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297003/; classtype:trojan-activity;sid:84160103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297002/; classtype:trojan-activity;sid:84160102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.35.12.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297001/; classtype:trojan-activity;sid:84160101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.87.78.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297000/; classtype:trojan-activity;sid:84160100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.50.168.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296999/; classtype:trojan-activity;sid:84160099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296998/; classtype:trojan-activity;sid:84160098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.35.12.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296997/; classtype:trojan-activity;sid:84160097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.218.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296995/; classtype:trojan-activity;sid:84160095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.38.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296996/; classtype:trojan-activity;sid:84160096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296994/; classtype:trojan-activity;sid:84160094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296993/; classtype:trojan-activity;sid:84160093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.50.168.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296992/; classtype:trojan-activity;sid:84160092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.117.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296991/; classtype:trojan-activity;sid:84160091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.49.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296990/; classtype:trojan-activity;sid:84160090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.229.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296989/; classtype:trojan-activity;sid:84160089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.4.224.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296988/; classtype:trojan-activity;sid:84160088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.174.150.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296987/; classtype:trojan-activity;sid:84160087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.89.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296986/; classtype:trojan-activity;sid:84160086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.87.177.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296985/; classtype:trojan-activity;sid:84160085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.38.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296984/; classtype:trojan-activity;sid:84160084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.126.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296983/; classtype:trojan-activity;sid:84160083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.88.2.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296982/; classtype:trojan-activity;sid:84160082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.51.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296981/; classtype:trojan-activity;sid:84160081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.170.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296980/; classtype:trojan-activity;sid:84160080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.6.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296979/; classtype:trojan-activity;sid:84160079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.126.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296978/; classtype:trojan-activity;sid:84160078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.227.17.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296977/; classtype:trojan-activity;sid:84160077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296975/; classtype:trojan-activity;sid:84160075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.116.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296976/; classtype:trojan-activity;sid:84160076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296974/; classtype:trojan-activity;sid:84160074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.218.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296973/; classtype:trojan-activity;sid:84160073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.65.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296972/; classtype:trojan-activity;sid:84160072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.117.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296971/; classtype:trojan-activity;sid:84160071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.49.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296970/; classtype:trojan-activity;sid:84160070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.65.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296968/; classtype:trojan-activity;sid:84160068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.51.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296969/; classtype:trojan-activity;sid:84160069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.126.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296967/; classtype:trojan-activity;sid:84160067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296966/; classtype:trojan-activity;sid:84160066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.6.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296965/; classtype:trojan-activity;sid:84160065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.215.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296964/; classtype:trojan-activity;sid:84160064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.181.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296963/; classtype:trojan-activity;sid:84160063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.231.166.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296962/; classtype:trojan-activity;sid:84160062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296961/; classtype:trojan-activity;sid:84160061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.210.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296959/; classtype:trojan-activity;sid:84160059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.215.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296960/; classtype:trojan-activity;sid:84160060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.226.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296958/; classtype:trojan-activity;sid:84160058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.231.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296957/; classtype:trojan-activity;sid:84160057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.135.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296956/; classtype:trojan-activity;sid:84160056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.86.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296955/; classtype:trojan-activity;sid:84160055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.67.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296954/; classtype:trojan-activity;sid:84160054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.118.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296953/; classtype:trojan-activity;sid:84160053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.245.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296951/; classtype:trojan-activity;sid:84160051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.45.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296952/; classtype:trojan-activity;sid:84160052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.196.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296950/; classtype:trojan-activity;sid:84160050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.91.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296949/; classtype:trojan-activity;sid:84160049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.246.124.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296948/; classtype:trojan-activity;sid:84160048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.92.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296947/; classtype:trojan-activity;sid:84160047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.21.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296946/; classtype:trojan-activity;sid:84160046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.87.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296945/; classtype:trojan-activity;sid:84160045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.118.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296944/; classtype:trojan-activity;sid:84160044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55/caspol.exe"; depth:14; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296943/; classtype:trojan-activity;sid:84160043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296941/; classtype:trojan-activity;sid:84160041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/swm/sw/greetingwithgreatthignsgivenbackwithentireprocessgivenmeback.hta"; depth:78; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296942/; classtype:trojan-activity;sid:84160042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/r0pct/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296940/; classtype:trojan-activity;sid:84160040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part1.png"; depth:10; endswith; nocase; http.host; content:"garhoudjourm.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296939/; classtype:trojan-activity;sid:84160039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part.png"; depth:9; endswith; nocase; http.host; content:"garhoudjourm.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296937/; classtype:trojan-activity;sid:84160037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/352/seethebestthingswithgreatsituationshandletotheprogress.hta"; depth:63; endswith; nocase; http.host; content:"192.3.22.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296938/; classtype:trojan-activity;sid:84160038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/se/seethebestthingsentiretimewithgreatthingswithloverkiss.tif"; depth:68; endswith; nocase; http.host; content:"192.3.22.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296936/; classtype:trojan-activity;sid:84160036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/lxvbq"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296935/; classtype:trojan-activity;sid:84160035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.122.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296933/; classtype:trojan-activity;sid:84160033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296934/; classtype:trojan-activity;sid:84160034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.231.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296932/; classtype:trojan-activity;sid:84160032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.110.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296931/; classtype:trojan-activity;sid:84160031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.133.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296929/; classtype:trojan-activity;sid:84160029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.72.179.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296930/; classtype:trojan-activity;sid:84160030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.5.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296928/; classtype:trojan-activity;sid:84160028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.222.199.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296927/; classtype:trojan-activity;sid:84160027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.214.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296925/; classtype:trojan-activity;sid:84160025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.102.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296926/; classtype:trojan-activity;sid:84160026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.107.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296924/; classtype:trojan-activity;sid:84160024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.150.42.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296922/; classtype:trojan-activity;sid:84160022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.64.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296923/; classtype:trojan-activity;sid:84160023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"kuotc.staff.plenarykcg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296921/; classtype:trojan-activity;sid:84160021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296919/; classtype:trojan-activity;sid:84160019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.206.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296920/; classtype:trojan-activity;sid:84160020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.182.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296917/; classtype:trojan-activity;sid:84160017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.247.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296918/; classtype:trojan-activity;sid:84160018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.27.180"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296916/; classtype:trojan-activity;sid:84160016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.25.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296915/; classtype:trojan-activity;sid:84160015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.122.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296914/; classtype:trojan-activity;sid:84160014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.217.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296913/; classtype:trojan-activity;sid:84160013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.248.74.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296912/; classtype:trojan-activity;sid:84160012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.191.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296911/; classtype:trojan-activity;sid:84160011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.146.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296910/; classtype:trojan-activity;sid:84160010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.153.69.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296909/; classtype:trojan-activity;sid:84160009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rrrrooosaa-1318a.appspot.com/o/simit%20minstransportes%20multas%2ffoto%20multas%20simit-pdf.bz2|3f|alt=media|7c|26|7c|token=78c2f0d5-34ef-49eb-9805-33f0c66f9af6"; depth:166; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296908/; classtype:trojan-activity;sid:84160008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.86.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296907/; classtype:trojan-activity;sid:84160007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.199.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296905/; classtype:trojan-activity;sid:84160005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/5txbd4verkm5fdvdtj1fs/proceso_judicial_por-_demanda_laboral_rdo-40032021-00235.7z|3f|rlkey=q323zc93uldt2nx4m3ck87w4c|7c|26|7c|st=l69yy83u|7c|26|7c|dl=1"; depth:159; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296906/; classtype:trojan-activity;sid:84160006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rrrrooosaa-1318a.appspot.com/o/fiscalias%20citaciones%2ffiscalia%20citacion%20judicial-pdf.bz2|3f|alt=media|7c|26|7c|token=84c58142-14d9-411f-bef0-805e2d23905e"; depth:165; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296903/; classtype:trojan-activity;sid:84160003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.35.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296904/; classtype:trojan-activity;sid:84160004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/hpp7n4o867rqnzngaotlf/notificaci-n-electr-nica-agradecemos-confirmar-recibido-numero-de-rad-456468-1531-6516-3213568-000-"; depth:129; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296900/; classtype:trojan-activity;sid:84160000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/hpp7n4o867rqnzngaotlf/notificaci-n-electr-nica-agradecemos-confirmar-recibido"; depth:85; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296901/; classtype:trojan-activity;sid:84160001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sr6iahjfflmmtldoaxqnudqwyc7q5mqg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296902/; classtype:trojan-activity;sid:84160002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.150.42.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296897/; classtype:trojan-activity;sid:84159997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296898/; classtype:trojan-activity;sid:84159998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.116.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296899/; classtype:trojan-activity;sid:84159999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.13.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296896/; classtype:trojan-activity;sid:84159996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.134.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296894/; classtype:trojan-activity;sid:84159994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.107.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296895/; classtype:trojan-activity;sid:84159995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.58.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296893/; classtype:trojan-activity;sid:84159993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.247.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296892/; classtype:trojan-activity;sid:84159992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.25.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296891/; classtype:trojan-activity;sid:84159991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.75.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296890/; classtype:trojan-activity;sid:84159990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.214.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296888/; classtype:trojan-activity;sid:84159988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.35.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296889/; classtype:trojan-activity;sid:84159989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.27.180"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296887/; classtype:trojan-activity;sid:84159987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296886/; classtype:trojan-activity;sid:84159986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.193.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296885/; classtype:trojan-activity;sid:84159985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.199.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296884/; classtype:trojan-activity;sid:84159984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.153.69.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296883/; classtype:trojan-activity;sid:84159983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.167.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296882/; classtype:trojan-activity;sid:84159982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.230.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296881/; classtype:trojan-activity;sid:84159981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.86.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296880/; classtype:trojan-activity;sid:84159980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.207.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296879/; classtype:trojan-activity;sid:84159979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296878/; classtype:trojan-activity;sid:84159978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.131.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296877/; classtype:trojan-activity;sid:84159977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.87.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296876/; classtype:trojan-activity;sid:84159976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.89.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296875/; classtype:trojan-activity;sid:84159975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.33.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296874/; classtype:trojan-activity;sid:84159974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.123.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296873/; classtype:trojan-activity;sid:84159973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296871/; classtype:trojan-activity;sid:84159971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.42.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296872/; classtype:trojan-activity;sid:84159972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296870/; classtype:trojan-activity;sid:84159970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.255.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296869/; classtype:trojan-activity;sid:84159969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.154.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296867/; classtype:trojan-activity;sid:84159967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.15.55.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296868/; classtype:trojan-activity;sid:84159968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.33.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296865/; classtype:trojan-activity;sid:84159965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296866/; classtype:trojan-activity;sid:84159966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.35.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296863/; classtype:trojan-activity;sid:84159963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296864/; classtype:trojan-activity;sid:84159964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.114.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296862/; classtype:trojan-activity;sid:84159962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.120.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296861/; classtype:trojan-activity;sid:84159961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.189.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296860/; classtype:trojan-activity;sid:84159960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.39.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296859/; classtype:trojan-activity;sid:84159959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296858/; classtype:trojan-activity;sid:84159958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.16.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296856/; classtype:trojan-activity;sid:84159956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.122.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296857/; classtype:trojan-activity;sid:84159957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.55.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296855/; classtype:trojan-activity;sid:84159955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.230.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296854/; classtype:trojan-activity;sid:84159954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.250.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296853/; classtype:trojan-activity;sid:84159953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.123.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296852/; classtype:trojan-activity;sid:84159952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.33.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296851/; classtype:trojan-activity;sid:84159951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.122.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296850/; classtype:trojan-activity;sid:84159950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.146.237.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296848/; classtype:trojan-activity;sid:84159948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.212.234.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296849/; classtype:trojan-activity;sid:84159949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.59.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296847/; classtype:trojan-activity;sid:84159947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.70.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296846/; classtype:trojan-activity;sid:84159946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.185.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296845/; classtype:trojan-activity;sid:84159945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.91.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296844/; classtype:trojan-activity;sid:84159944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.255.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296843/; classtype:trojan-activity;sid:84159943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.92.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296842/; classtype:trojan-activity;sid:84159942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.42.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296841/; classtype:trojan-activity;sid:84159941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296840/; classtype:trojan-activity;sid:84159940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.60.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296839/; classtype:trojan-activity;sid:84159939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.16.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296838/; classtype:trojan-activity;sid:84159938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.91.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296837/; classtype:trojan-activity;sid:84159937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.55.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296836/; classtype:trojan-activity;sid:84159936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.150.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296835/; classtype:trojan-activity;sid:84159935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.58.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296833/; classtype:trojan-activity;sid:84159933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296834/; classtype:trojan-activity;sid:84159934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296831/; classtype:trojan-activity;sid:84159931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.104.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296832/; classtype:trojan-activity;sid:84159932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.63.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296830/; classtype:trojan-activity;sid:84159930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.122.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296829/; classtype:trojan-activity;sid:84159929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296828/; classtype:trojan-activity;sid:84159928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.5.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296826/; classtype:trojan-activity;sid:84159926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.48.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296827/; classtype:trojan-activity;sid:84159927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.138.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296825/; classtype:trojan-activity;sid:84159925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.8.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296824/; classtype:trojan-activity;sid:84159924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.22.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296822/; classtype:trojan-activity;sid:84159922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.10.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296823/; classtype:trojan-activity;sid:84159923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296821/; classtype:trojan-activity;sid:84159921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.46.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296820/; classtype:trojan-activity;sid:84159920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.150.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296819/; classtype:trojan-activity;sid:84159919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.125.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296818/; classtype:trojan-activity;sid:84159918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.75.182.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296817/; classtype:trojan-activity;sid:84159917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.97.110.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296816/; classtype:trojan-activity;sid:84159916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.11.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296815/; classtype:trojan-activity;sid:84159915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296814/; classtype:trojan-activity;sid:84159914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296813/; classtype:trojan-activity;sid:84159913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.66.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296812/; classtype:trojan-activity;sid:84159912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.41.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296811/; classtype:trojan-activity;sid:84159911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.88.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296810/; classtype:trojan-activity;sid:84159910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.150.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296809/; classtype:trojan-activity;sid:84159909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.195.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296808/; classtype:trojan-activity;sid:84159908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.11.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296807/; classtype:trojan-activity;sid:84159907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296806/; classtype:trojan-activity;sid:84159906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296805/; classtype:trojan-activity;sid:84159905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296804/; classtype:trojan-activity;sid:84159904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.75.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296803/; classtype:trojan-activity;sid:84159903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.131.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296802/; classtype:trojan-activity;sid:84159902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.41.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296801/; classtype:trojan-activity;sid:84159901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.120.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296800/; classtype:trojan-activity;sid:84159900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.149.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296799/; classtype:trojan-activity;sid:84159899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.72.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296798/; classtype:trojan-activity;sid:84159898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"96.33.218.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296796/; classtype:trojan-activity;sid:84159896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.202.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296797/; classtype:trojan-activity;sid:84159897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.200.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296795/; classtype:trojan-activity;sid:84159895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.193.53.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296794/; classtype:trojan-activity;sid:84159894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296793/; classtype:trojan-activity;sid:84159893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296792/; classtype:trojan-activity;sid:84159892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.125.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296791/; classtype:trojan-activity;sid:84159891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296790/; classtype:trojan-activity;sid:84159890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.113.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296789/; classtype:trojan-activity;sid:84159889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.116.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296788/; classtype:trojan-activity;sid:84159888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296787/; classtype:trojan-activity;sid:84159887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.30.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296786/; classtype:trojan-activity;sid:84159886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296785/; classtype:trojan-activity;sid:84159885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.120.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296784/; classtype:trojan-activity;sid:84159884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.79.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296783/; classtype:trojan-activity;sid:84159883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.101.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296780/; classtype:trojan-activity;sid:84159880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.161.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296781/; classtype:trojan-activity;sid:84159881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.148.199.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296782/; classtype:trojan-activity;sid:84159882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.54.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296779/; classtype:trojan-activity;sid:84159879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.66.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296778/; classtype:trojan-activity;sid:84159878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.244.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296777/; classtype:trojan-activity;sid:84159877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296776/; classtype:trojan-activity;sid:84159876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.42.124.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296775/; classtype:trojan-activity;sid:84159875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.248.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296774/; classtype:trojan-activity;sid:84159874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.178.125.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296773/; classtype:trojan-activity;sid:84159873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.38.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296772/; classtype:trojan-activity;sid:84159872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.191.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296771/; classtype:trojan-activity;sid:84159871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296769/; classtype:trojan-activity;sid:84159869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296770/; classtype:trojan-activity;sid:84159870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.206.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296768/; classtype:trojan-activity;sid:84159868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.139.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296767/; classtype:trojan-activity;sid:84159867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.27.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296766/; classtype:trojan-activity;sid:84159866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.113.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296764/; classtype:trojan-activity;sid:84159864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296765/; classtype:trojan-activity;sid:84159865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.30.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296763/; classtype:trojan-activity;sid:84159863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.9.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296762/; classtype:trojan-activity;sid:84159862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.75.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296761/; classtype:trojan-activity;sid:84159861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.65.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296760/; classtype:trojan-activity;sid:84159860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.44.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296759/; classtype:trojan-activity;sid:84159859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296758/; classtype:trojan-activity;sid:84159858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.23.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296757/; classtype:trojan-activity;sid:84159857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.26.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296756/; classtype:trojan-activity;sid:84159856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.239.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296755/; classtype:trojan-activity;sid:84159855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.6.91.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296754/; classtype:trojan-activity;sid:84159854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.196.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296752/; classtype:trojan-activity;sid:84159852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296753/; classtype:trojan-activity;sid:84159853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.188.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296751/; classtype:trojan-activity;sid:84159851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.117.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296750/; classtype:trojan-activity;sid:84159850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.108.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296749/; classtype:trojan-activity;sid:84159849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296748/; classtype:trojan-activity;sid:84159848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.199.98.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296747/; classtype:trojan-activity;sid:84159847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296746/; classtype:trojan-activity;sid:84159846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.71.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296745/; classtype:trojan-activity;sid:84159845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.227.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296744/; classtype:trojan-activity;sid:84159844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.125.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296743/; classtype:trojan-activity;sid:84159843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.43.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296742/; classtype:trojan-activity;sid:84159842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296741/; classtype:trojan-activity;sid:84159841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.91.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296740/; classtype:trojan-activity;sid:84159840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.199.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296739/; classtype:trojan-activity;sid:84159839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.65.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296738/; classtype:trojan-activity;sid:84159838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.104.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296737/; classtype:trojan-activity;sid:84159837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296736/; classtype:trojan-activity;sid:84159836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.9.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296734/; classtype:trojan-activity;sid:84159834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.58.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296735/; classtype:trojan-activity;sid:84159835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296733/; classtype:trojan-activity;sid:84159833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296732/; classtype:trojan-activity;sid:84159832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296731/; classtype:trojan-activity;sid:84159831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.88.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296730/; classtype:trojan-activity;sid:84159830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.177.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296729/; classtype:trojan-activity;sid:84159829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.31.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296728/; classtype:trojan-activity;sid:84159828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.118.91.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296727/; classtype:trojan-activity;sid:84159827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296726/; classtype:trojan-activity;sid:84159826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296725/; classtype:trojan-activity;sid:84159825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296723/; classtype:trojan-activity;sid:84159823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.251.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296724/; classtype:trojan-activity;sid:84159824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296722/; classtype:trojan-activity;sid:84159822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.114.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296721/; classtype:trojan-activity;sid:84159821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.178.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296720/; classtype:trojan-activity;sid:84159820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.36.133.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296719/; classtype:trojan-activity;sid:84159819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.107.92.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296718/; classtype:trojan-activity;sid:84159818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.217.246.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296717/; classtype:trojan-activity;sid:84159817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296716/; classtype:trojan-activity;sid:84159816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.96.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296715/; classtype:trojan-activity;sid:84159815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.114.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296714/; classtype:trojan-activity;sid:84159814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.135.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296713/; classtype:trojan-activity;sid:84159813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.252.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296712/; classtype:trojan-activity;sid:84159812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.66.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296711/; classtype:trojan-activity;sid:84159811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.63.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296709/; classtype:trojan-activity;sid:84159809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296710/; classtype:trojan-activity;sid:84159810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296708/; classtype:trojan-activity;sid:84159808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.42.74.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296707/; classtype:trojan-activity;sid:84159807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.42.74.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296706/; classtype:trojan-activity;sid:84159806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.217.79.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296705/; classtype:trojan-activity;sid:84159805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.107.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296704/; classtype:trojan-activity;sid:84159804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.194.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296703/; classtype:trojan-activity;sid:84159803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.28.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296701/; classtype:trojan-activity;sid:84159801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.224.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296702/; classtype:trojan-activity;sid:84159802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.89.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296700/; classtype:trojan-activity;sid:84159800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.217.246.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296698/; classtype:trojan-activity;sid:84159798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.41.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296699/; classtype:trojan-activity;sid:84159799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.230.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296697/; classtype:trojan-activity;sid:84159797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.34.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296696/; classtype:trojan-activity;sid:84159796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.96.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296695/; classtype:trojan-activity;sid:84159795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.156.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296694/; classtype:trojan-activity;sid:84159794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.223.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296693/; classtype:trojan-activity;sid:84159793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.186.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296692/; classtype:trojan-activity;sid:84159792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.63.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296691/; classtype:trojan-activity;sid:84159791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.247.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296690/; classtype:trojan-activity;sid:84159790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.100.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296689/; classtype:trojan-activity;sid:84159789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.34.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296688/; classtype:trojan-activity;sid:84159788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.232.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296685/; classtype:trojan-activity;sid:84159785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.224.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296686/; classtype:trojan-activity;sid:84159786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.42.243.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296687/; classtype:trojan-activity;sid:84159787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.53.223.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296683/; classtype:trojan-activity;sid:84159783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.107.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296684/; classtype:trojan-activity;sid:84159784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296682/; classtype:trojan-activity;sid:84159782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.178.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296681/; classtype:trojan-activity;sid:84159781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.12.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296680/; classtype:trojan-activity;sid:84159780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.89.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296679/; classtype:trojan-activity;sid:84159779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.14.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296678/; classtype:trojan-activity;sid:84159778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.249.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296677/; classtype:trojan-activity;sid:84159777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.151.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296676/; classtype:trojan-activity;sid:84159776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.12.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296675/; classtype:trojan-activity;sid:84159775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.230.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296674/; classtype:trojan-activity;sid:84159774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.8.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296672/; classtype:trojan-activity;sid:84159772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.31.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296673/; classtype:trojan-activity;sid:84159773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.12.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296671/; classtype:trojan-activity;sid:84159771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296670/; classtype:trojan-activity;sid:84159770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.34.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296669/; classtype:trojan-activity;sid:84159769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.116.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296668/; classtype:trojan-activity;sid:84159768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.129.208.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296667/; classtype:trojan-activity;sid:84159767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.121.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296666/; classtype:trojan-activity;sid:84159766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.88.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296665/; classtype:trojan-activity;sid:84159765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.146.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296664/; classtype:trojan-activity;sid:84159764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.56.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296663/; classtype:trojan-activity;sid:84159763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.57.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296662/; classtype:trojan-activity;sid:84159762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.126.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296661/; classtype:trojan-activity;sid:84159761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.138.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296660/; classtype:trojan-activity;sid:84159760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.99.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296658/; classtype:trojan-activity;sid:84159758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.53.223.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296659/; classtype:trojan-activity;sid:84159759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.86.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296657/; classtype:trojan-activity;sid:84159757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296656/; classtype:trojan-activity;sid:84159756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.217.188.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296654/; classtype:trojan-activity;sid:84159754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.249.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296655/; classtype:trojan-activity;sid:84159755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296653/; classtype:trojan-activity;sid:84159753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.22.21.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296652/; classtype:trojan-activity;sid:84159752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.237.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296651/; classtype:trojan-activity;sid:84159751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.127.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296650/; classtype:trojan-activity;sid:84159750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.29.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296649/; classtype:trojan-activity;sid:84159749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.206.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296648/; classtype:trojan-activity;sid:84159748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.153.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296647/; classtype:trojan-activity;sid:84159747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.18.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296645/; classtype:trojan-activity;sid:84159745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.166.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296646/; classtype:trojan-activity;sid:84159746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.16.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296644/; classtype:trojan-activity;sid:84159744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.157.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296643/; classtype:trojan-activity;sid:84159743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.92.152.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296642/; classtype:trojan-activity;sid:84159742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.16.145"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296641/; classtype:trojan-activity;sid:84159741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296640/; classtype:trojan-activity;sid:84159740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296639/; classtype:trojan-activity;sid:84159739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.7.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296638/; classtype:trojan-activity;sid:84159738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.83.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296637/; classtype:trojan-activity;sid:84159737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.138.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296636/; classtype:trojan-activity;sid:84159736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.243.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296635/; classtype:trojan-activity;sid:84159735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.90.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296633/; classtype:trojan-activity;sid:84159733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.233.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296634/; classtype:trojan-activity;sid:84159734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.58.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296631/; classtype:trojan-activity;sid:84159731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.237.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296632/; classtype:trojan-activity;sid:84159732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.217.188.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296630/; classtype:trojan-activity;sid:84159730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.137.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296629/; classtype:trojan-activity;sid:84159729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.15.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296628/; classtype:trojan-activity;sid:84159728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296627/; classtype:trojan-activity;sid:84159727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.114.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296626/; classtype:trojan-activity;sid:84159726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.99.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296625/; classtype:trojan-activity;sid:84159725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.92.152.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296624/; classtype:trojan-activity;sid:84159724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.146.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296623/; classtype:trojan-activity;sid:84159723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.38.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296622/; classtype:trojan-activity;sid:84159722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.3.19.233"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296621/; classtype:trojan-activity;sid:84159721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.188.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296620/; classtype:trojan-activity;sid:84159720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.83.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296619/; classtype:trojan-activity;sid:84159719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296618/; classtype:trojan-activity;sid:84159718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.235.215.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296617/; classtype:trojan-activity;sid:84159717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.90.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296616/; classtype:trojan-activity;sid:84159716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"cbpsendfi.info"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296615/; classtype:trojan-activity;sid:84159715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbp_warning.pdf.lnk"; depth:20; endswith; nocase; http.host; content:"cbpsendfi.info"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296614/; classtype:trojan-activity;sid:84159714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.15.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296613/; classtype:trojan-activity;sid:84159713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.65.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296612/; classtype:trojan-activity;sid:84159712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.247.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296610/; classtype:trojan-activity;sid:84159710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.233.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296611/; classtype:trojan-activity;sid:84159711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.137.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296609/; classtype:trojan-activity;sid:84159709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.125.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296608/; classtype:trojan-activity;sid:84159708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.166.217.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296607/; classtype:trojan-activity;sid:84159707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296604/; classtype:trojan-activity;sid:84159704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296605/; classtype:trojan-activity;sid:84159705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296606/; classtype:trojan-activity;sid:84159706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296601/; classtype:trojan-activity;sid:84159701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296602/; classtype:trojan-activity;sid:84159702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296603/; classtype:trojan-activity;sid:84159703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296596/; classtype:trojan-activity;sid:84159696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296597/; classtype:trojan-activity;sid:84159697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296598/; classtype:trojan-activity;sid:84159698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296599/; classtype:trojan-activity;sid:84159699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"138.197.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296600/; classtype:trojan-activity;sid:84159700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.87.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296595/; classtype:trojan-activity;sid:84159695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.175.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296594/; classtype:trojan-activity;sid:84159694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.88.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296593/; classtype:trojan-activity;sid:84159693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.122.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296592/; classtype:trojan-activity;sid:84159692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.123.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296591/; classtype:trojan-activity;sid:84159691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.114.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296590/; classtype:trojan-activity;sid:84159690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.83.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296588/; classtype:trojan-activity;sid:84159688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.22.21.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296589/; classtype:trojan-activity;sid:84159689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.235.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296587/; classtype:trojan-activity;sid:84159687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.36.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296586/; classtype:trojan-activity;sid:84159686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.84.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296585/; classtype:trojan-activity;sid:84159685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296583/; classtype:trojan-activity;sid:84159683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296584/; classtype:trojan-activity;sid:84159684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296581/; classtype:trojan-activity;sid:84159681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296582/; classtype:trojan-activity;sid:84159682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296572/; classtype:trojan-activity;sid:84159672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296573/; classtype:trojan-activity;sid:84159673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296574/; classtype:trojan-activity;sid:84159674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296575/; classtype:trojan-activity;sid:84159675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296576/; classtype:trojan-activity;sid:84159676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296577/; classtype:trojan-activity;sid:84159677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296578/; classtype:trojan-activity;sid:84159678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296579/; classtype:trojan-activity;sid:84159679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"194.226.169.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296580/; classtype:trojan-activity;sid:84159680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.86.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296571/; classtype:trojan-activity;sid:84159671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.108.157.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296570/; classtype:trojan-activity;sid:84159670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.83.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296569/; classtype:trojan-activity;sid:84159669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.86.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296568/; classtype:trojan-activity;sid:84159668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.247.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296567/; classtype:trojan-activity;sid:84159667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296566/; classtype:trojan-activity;sid:84159666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.0.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296565/; classtype:trojan-activity;sid:84159665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.x86"; depth:16; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296562/; classtype:trojan-activity;sid:84159662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.m68k"; depth:17; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296563/; classtype:trojan-activity;sid:84159663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.arm5"; depth:17; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296564/; classtype:trojan-activity;sid:84159664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.arm6"; depth:17; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296557/; classtype:trojan-activity;sid:84159657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.arm7"; depth:17; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296558/; classtype:trojan-activity;sid:84159658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.mpsl"; depth:17; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296559/; classtype:trojan-activity;sid:84159659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.ppc"; depth:16; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296560/; classtype:trojan-activity;sid:84159660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.mips"; depth:17; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296561/; classtype:trojan-activity;sid:84159661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.sh4"; depth:16; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296556/; classtype:trojan-activity;sid:84159656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/igxmodz.arm4"; depth:17; endswith; nocase; http.host; content:"154.213.189.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296555/; classtype:trojan-activity;sid:84159655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.243.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296552/; classtype:trojan-activity;sid:84159652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.121.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296553/; classtype:trojan-activity;sid:84159653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.192.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296554/; classtype:trojan-activity;sid:84159654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/armv5l"; depth:12; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296551/; classtype:trojan-activity;sid:84159651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296550/; classtype:trojan-activity;sid:84159650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/armv6l"; depth:12; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296541/; classtype:trojan-activity;sid:84159641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296542/; classtype:trojan-activity;sid:84159642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i586"; depth:10; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296543/; classtype:trojan-activity;sid:84159643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/armv4l"; depth:12; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296544/; classtype:trojan-activity;sid:84159644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bins.sh"; depth:13; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296545/; classtype:trojan-activity;sid:84159645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296546/; classtype:trojan-activity;sid:84159646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296547/; classtype:trojan-activity;sid:84159647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296548/; classtype:trojan-activity;sid:84159648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296549/; classtype:trojan-activity;sid:84159649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.18.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296539/; classtype:trojan-activity;sid:84159639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"172.111.38.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296540/; classtype:trojan-activity;sid:84159640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.170.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296538/; classtype:trojan-activity;sid:84159638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"65.172.242.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296537/; classtype:trojan-activity;sid:84159637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.175.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296535/; classtype:trojan-activity;sid:84159635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.217.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296536/; classtype:trojan-activity;sid:84159636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.64.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296534/; classtype:trojan-activity;sid:84159634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.36.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296533/; classtype:trojan-activity;sid:84159633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.192.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296532/; classtype:trojan-activity;sid:84159632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.85.33.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296531/; classtype:trojan-activity;sid:84159631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296530/; classtype:trojan-activity;sid:84159630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/xxx.zip"; depth:13; endswith; nocase; http.host; content:"eegqzvxd.shop"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296528/; classtype:trojan-activity;sid:84159628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/xxx.zip"; depth:13; endswith; nocase; http.host; content:"viralnavigator.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296529/; classtype:trojan-activity;sid:84159629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296527/; classtype:trojan-activity;sid:84159627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.6.232"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296526/; classtype:trojan-activity;sid:84159626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.108.157.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296524/; classtype:trojan-activity;sid:84159624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.86.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296525/; classtype:trojan-activity;sid:84159625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.83.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296523/; classtype:trojan-activity;sid:84159623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.11.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296522/; classtype:trojan-activity;sid:84159622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.251.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296521/; classtype:trojan-activity;sid:84159621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.19.87"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296520/; classtype:trojan-activity;sid:84159620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.46.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296519/; classtype:trojan-activity;sid:84159619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.18.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296518/; classtype:trojan-activity;sid:84159618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.87.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296517/; classtype:trojan-activity;sid:84159617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.208.26.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296516/; classtype:trojan-activity;sid:84159616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.85.33.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296515/; classtype:trojan-activity;sid:84159615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.243.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296514/; classtype:trojan-activity;sid:84159614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.6.91.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296513/; classtype:trojan-activity;sid:84159613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.0.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296512/; classtype:trojan-activity;sid:84159612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.87.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296511/; classtype:trojan-activity;sid:84159611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.19.87"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296510/; classtype:trojan-activity;sid:84159610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.121.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296509/; classtype:trojan-activity;sid:84159609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.32"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296508/; classtype:trojan-activity;sid:84159608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.5.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296507/; classtype:trojan-activity;sid:84159607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.6.232"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296506/; classtype:trojan-activity;sid:84159606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296505/; classtype:trojan-activity;sid:84159605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.83.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296504/; classtype:trojan-activity;sid:84159604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.22.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296502/; classtype:trojan-activity;sid:84159602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.240.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296503/; classtype:trojan-activity;sid:84159603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.129.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296501/; classtype:trojan-activity;sid:84159601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.61.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296499/; classtype:trojan-activity;sid:84159599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.214.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296500/; classtype:trojan-activity;sid:84159600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.199.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296498/; classtype:trojan-activity;sid:84159598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.87.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296497/; classtype:trojan-activity;sid:84159597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296496/; classtype:trojan-activity;sid:84159596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.203.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296495/; classtype:trojan-activity;sid:84159595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.190.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296494/; classtype:trojan-activity;sid:84159594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.5.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296493/; classtype:trojan-activity;sid:84159593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.230.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296492/; classtype:trojan-activity;sid:84159592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296491/; classtype:trojan-activity;sid:84159591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.11.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296490/; classtype:trojan-activity;sid:84159590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.150.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296489/; classtype:trojan-activity;sid:84159589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.22.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296488/; classtype:trojan-activity;sid:84159588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.131.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296487/; classtype:trojan-activity;sid:84159587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.214.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296486/; classtype:trojan-activity;sid:84159586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.44.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296485/; classtype:trojan-activity;sid:84159585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.193.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296484/; classtype:trojan-activity;sid:84159584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.101.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296483/; classtype:trojan-activity;sid:84159583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.116.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296482/; classtype:trojan-activity;sid:84159582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296480/; classtype:trojan-activity;sid:84159580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296481/; classtype:trojan-activity;sid:84159581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.81.234.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296479/; classtype:trojan-activity;sid:84159579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.5.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296478/; classtype:trojan-activity;sid:84159578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.35.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296477/; classtype:trojan-activity;sid:84159577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.35.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296476/; classtype:trojan-activity;sid:84159576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.149.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296475/; classtype:trojan-activity;sid:84159575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.206.166.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296473/; classtype:trojan-activity;sid:84159573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.8.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296474/; classtype:trojan-activity;sid:84159574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.49.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296472/; classtype:trojan-activity;sid:84159572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.189.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296471/; classtype:trojan-activity;sid:84159571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296470/; classtype:trojan-activity;sid:84159570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.67.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296469/; classtype:trojan-activity;sid:84159569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.188.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296468/; classtype:trojan-activity;sid:84159568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.101.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296467/; classtype:trojan-activity;sid:84159567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.6.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296466/; classtype:trojan-activity;sid:84159566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.236.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296465/; classtype:trojan-activity;sid:84159565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296464/; classtype:trojan-activity;sid:84159564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.54.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296463/; classtype:trojan-activity;sid:84159563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.49.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296462/; classtype:trojan-activity;sid:84159562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.151.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296460/; classtype:trojan-activity;sid:84159560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296461/; classtype:trojan-activity;sid:84159561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.8.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296459/; classtype:trojan-activity;sid:84159559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.254.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296458/; classtype:trojan-activity;sid:84159558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.150.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296457/; classtype:trojan-activity;sid:84159557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.120.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296456/; classtype:trojan-activity;sid:84159556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.150.179.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296455/; classtype:trojan-activity;sid:84159555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.35.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296454/; classtype:trojan-activity;sid:84159554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.11.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296453/; classtype:trojan-activity;sid:84159553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296452/; classtype:trojan-activity;sid:84159552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.206.101.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296451/; classtype:trojan-activity;sid:84159551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.192.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296450/; classtype:trojan-activity;sid:84159550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296449/; classtype:trojan-activity;sid:84159549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.233.169.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296448/; classtype:trojan-activity;sid:84159548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.129.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296447/; classtype:trojan-activity;sid:84159547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.129.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296446/; classtype:trojan-activity;sid:84159546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.134.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296445/; classtype:trojan-activity;sid:84159545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.55.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296443/; classtype:trojan-activity;sid:84159543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.177.180.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296444/; classtype:trojan-activity;sid:84159544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.236.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296442/; classtype:trojan-activity;sid:84159542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"60.246.205.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296441/; classtype:trojan-activity;sid:84159541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.54.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296440/; classtype:trojan-activity;sid:84159540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.132.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296439/; classtype:trojan-activity;sid:84159539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.186.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296438/; classtype:trojan-activity;sid:84159538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.108.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296437/; classtype:trojan-activity;sid:84159537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.206.101.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296436/; classtype:trojan-activity;sid:84159536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.208.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296435/; classtype:trojan-activity;sid:84159535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.62.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296434/; classtype:trojan-activity;sid:84159534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296433/; classtype:trojan-activity;sid:84159533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296432/; classtype:trojan-activity;sid:84159532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.64.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296431/; classtype:trojan-activity;sid:84159531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.149.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296430/; classtype:trojan-activity;sid:84159530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.233.4.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296428/; classtype:trojan-activity;sid:84159528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.55.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296429/; classtype:trojan-activity;sid:84159529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.186.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296427/; classtype:trojan-activity;sid:84159527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.169.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296426/; classtype:trojan-activity;sid:84159526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.208.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296425/; classtype:trojan-activity;sid:84159525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.132.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296424/; classtype:trojan-activity;sid:84159524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.222.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296423/; classtype:trojan-activity;sid:84159523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.157.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296422/; classtype:trojan-activity;sid:84159522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296421/; classtype:trojan-activity;sid:84159521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.229.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296420/; classtype:trojan-activity;sid:84159520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.132.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296419/; classtype:trojan-activity;sid:84159519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.237.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296418/; classtype:trojan-activity;sid:84159518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.164.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296417/; classtype:trojan-activity;sid:84159517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.64.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296416/; classtype:trojan-activity;sid:84159516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.124.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296415/; classtype:trojan-activity;sid:84159515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.65.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296414/; classtype:trojan-activity;sid:84159514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.3.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296412/; classtype:trojan-activity;sid:84159512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.119.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296413/; classtype:trojan-activity;sid:84159513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.63.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296411/; classtype:trojan-activity;sid:84159511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.146.110.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296410/; classtype:trojan-activity;sid:84159510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.96.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296409/; classtype:trojan-activity;sid:84159509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.233.4.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296408/; classtype:trojan-activity;sid:84159508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.120.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296407/; classtype:trojan-activity;sid:84159507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.244.213.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296406/; classtype:trojan-activity;sid:84159506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.76.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296405/; classtype:trojan-activity;sid:84159505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296404/; classtype:trojan-activity;sid:84159504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.188.16.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296402/; classtype:trojan-activity;sid:84159502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.218.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296403/; classtype:trojan-activity;sid:84159503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.164.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296401/; classtype:trojan-activity;sid:84159501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296400/; classtype:trojan-activity;sid:84159500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.106.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296399/; classtype:trojan-activity;sid:84159499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.63.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296398/; classtype:trojan-activity;sid:84159498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.132.119.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296397/; classtype:trojan-activity;sid:84159497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.56.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296396/; classtype:trojan-activity;sid:84159496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.66.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296395/; classtype:trojan-activity;sid:84159495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.3.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296394/; classtype:trojan-activity;sid:84159494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.202.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296393/; classtype:trojan-activity;sid:84159493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.108.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296392/; classtype:trojan-activity;sid:84159492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.61.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296391/; classtype:trojan-activity;sid:84159491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.169.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296390/; classtype:trojan-activity;sid:84159490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.244.213.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296389/; classtype:trojan-activity;sid:84159489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.14.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296388/; classtype:trojan-activity;sid:84159488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.128.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296387/; classtype:trojan-activity;sid:84159487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.57.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296386/; classtype:trojan-activity;sid:84159486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296385/; classtype:trojan-activity;sid:84159485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.66.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296384/; classtype:trojan-activity;sid:84159484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vmapi.pdf"; depth:10; endswith; nocase; http.host; content:"2.58.56.243"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296383/; classtype:trojan-activity;sid:84159483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.3.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296381/; classtype:trojan-activity;sid:84159481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/tg-x64.zip"; depth:20; endswith; nocase; http.host; content:"telezgram.top"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296380/; classtype:trojan-activity;sid:84159480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.160.216.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296379/; classtype:trojan-activity;sid:84159479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.108.157.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296378/; classtype:trojan-activity;sid:84159478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.34.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296377/; classtype:trojan-activity;sid:84159477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.56.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296376/; classtype:trojan-activity;sid:84159476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296375/; classtype:trojan-activity;sid:84159475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296374/; classtype:trojan-activity;sid:84159474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.211.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296373/; classtype:trojan-activity;sid:84159473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296372/; classtype:trojan-activity;sid:84159472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.208.68.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296371/; classtype:trojan-activity;sid:84159471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.3.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296370/; classtype:trojan-activity;sid:84159470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296369/; classtype:trojan-activity;sid:84159469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.247.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296368/; classtype:trojan-activity;sid:84159468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.208.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296367/; classtype:trojan-activity;sid:84159467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.127.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296366/; classtype:trojan-activity;sid:84159466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.215.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296365/; classtype:trojan-activity;sid:84159465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.50.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296364/; classtype:trojan-activity;sid:84159464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296363/; classtype:trojan-activity;sid:84159463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.34.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296362/; classtype:trojan-activity;sid:84159462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.50.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296361/; classtype:trojan-activity;sid:84159461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.108.90.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296360/; classtype:trojan-activity;sid:84159460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.17.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296359/; classtype:trojan-activity;sid:84159459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.121.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296358/; classtype:trojan-activity;sid:84159458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.24.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296357/; classtype:trojan-activity;sid:84159457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296356/; classtype:trojan-activity;sid:84159456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.86.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296355/; classtype:trojan-activity;sid:84159455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.29.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296354/; classtype:trojan-activity;sid:84159454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.0.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296353/; classtype:trojan-activity;sid:84159453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.94.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296352/; classtype:trojan-activity;sid:84159452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.208.68.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296351/; classtype:trojan-activity;sid:84159451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.215.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296350/; classtype:trojan-activity;sid:84159450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.221.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296349/; classtype:trojan-activity;sid:84159449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296348/; classtype:trojan-activity;sid:84159448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.62.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296347/; classtype:trojan-activity;sid:84159447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"164.163.25.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296345/; classtype:trojan-activity;sid:84159445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.37.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296346/; classtype:trojan-activity;sid:84159446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.108.90.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296344/; classtype:trojan-activity;sid:84159444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.41.65"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296343/; classtype:trojan-activity;sid:84159443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.44.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296342/; classtype:trojan-activity;sid:84159442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.113.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296341/; classtype:trojan-activity;sid:84159441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.45.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296340/; classtype:trojan-activity;sid:84159440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.38.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296339/; classtype:trojan-activity;sid:84159439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.33.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296338/; classtype:trojan-activity;sid:84159438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/order-00908.exe"; depth:16; endswith; nocase; http.host; content:"ssa-account.info"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296337/; classtype:trojan-activity;sid:84159437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.220.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296335/; classtype:trojan-activity;sid:84159435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; depth:37; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296336/; classtype:trojan-activity;sid:84159436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sparc"; depth:39; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296333/; classtype:trojan-activity;sid:84159433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips64"; depth:40; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296334/; classtype:trojan-activity;sid:84159434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.229.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296332/; classtype:trojan-activity;sid:84159432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.145.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296331/; classtype:trojan-activity;sid:84159431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.70.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296330/; classtype:trojan-activity;sid:84159430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.22.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296329/; classtype:trojan-activity;sid:84159429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.100.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296328/; classtype:trojan-activity;sid:84159428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"efr.strategies.mvpstrat.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296327/; classtype:trojan-activity;sid:84159427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.58.188.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296326/; classtype:trojan-activity;sid:84159426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.34.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296325/; classtype:trojan-activity;sid:84159425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.3.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296323/; classtype:trojan-activity;sid:84159423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296324/; classtype:trojan-activity;sid:84159424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.244.213.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296322/; classtype:trojan-activity;sid:84159422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.62.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296321/; classtype:trojan-activity;sid:84159421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.145.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296320/; classtype:trojan-activity;sid:84159420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.208.156.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296319/; classtype:trojan-activity;sid:84159419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.248.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296318/; classtype:trojan-activity;sid:84159418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.229.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296317/; classtype:trojan-activity;sid:84159417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.58.188.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296316/; classtype:trojan-activity;sid:84159416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.203.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296315/; classtype:trojan-activity;sid:84159415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.50.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296314/; classtype:trojan-activity;sid:84159414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.240.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296313/; classtype:trojan-activity;sid:84159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.225.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296312/; classtype:trojan-activity;sid:84159412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.91.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296311/; classtype:trojan-activity;sid:84159411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296310/; classtype:trojan-activity;sid:84159410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296309/; classtype:trojan-activity;sid:84159409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.155.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296308/; classtype:trojan-activity;sid:84159408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.241.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296307/; classtype:trojan-activity;sid:84159407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.7.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296305/; classtype:trojan-activity;sid:84159405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.149.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296304/; classtype:trojan-activity;sid:84159404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.50.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296303/; classtype:trojan-activity;sid:84159403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.230.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296302/; classtype:trojan-activity;sid:84159402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.214.186.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296301/; classtype:trojan-activity;sid:84159401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.72.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296300/; classtype:trojan-activity;sid:84159400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.91.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296299/; classtype:trojan-activity;sid:84159399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/man%20-%20copy.bat"; depth:19; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296297/; classtype:trojan-activity;sid:84159397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mainbas.bat"; depth:12; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296298/; classtype:trojan-activity;sid:84159398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.14.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296296/; classtype:trojan-activity;sid:84159396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296295/; classtype:trojan-activity;sid:84159395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.62.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296294/; classtype:trojan-activity;sid:84159394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296293/; classtype:trojan-activity;sid:84159393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.224.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296292/; classtype:trojan-activity;sid:84159392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.53.98.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296291/; classtype:trojan-activity;sid:84159391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.72.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296290/; classtype:trojan-activity;sid:84159390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.19.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296289/; classtype:trojan-activity;sid:84159389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296287/; classtype:trojan-activity;sid:84159387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.239.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296288/; classtype:trojan-activity;sid:84159388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.95.93.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296286/; classtype:trojan-activity;sid:84159386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.125.123.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296284/; classtype:trojan-activity;sid:84159384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.166.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296285/; classtype:trojan-activity;sid:84159385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296283/; classtype:trojan-activity;sid:84159383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.216.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296282/; classtype:trojan-activity;sid:84159382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.33.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296281/; classtype:trojan-activity;sid:84159381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.224.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296280/; classtype:trojan-activity;sid:84159380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.72.19.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296279/; classtype:trojan-activity;sid:84159379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.53.98.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296278/; classtype:trojan-activity;sid:84159378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.228.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296277/; classtype:trojan-activity;sid:84159377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.111.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296276/; classtype:trojan-activity;sid:84159376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.164.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296274/; classtype:trojan-activity;sid:84159374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.218.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296275/; classtype:trojan-activity;sid:84159375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.5.83"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296273/; classtype:trojan-activity;sid:84159373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.137.250.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296272/; classtype:trojan-activity;sid:84159372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/documents/tools/getadapterinfo.exe"; depth:41; endswith; nocase; http.host; content:"huayusoft.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296271/; classtype:trojan-activity;sid:84159371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blecher.exe"; depth:12; endswith; nocase; http.host; content:"109.120.139.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296270/; classtype:trojan-activity;sid:84159370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.137.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296269/; classtype:trojan-activity;sid:84159369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.216.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296268/; classtype:trojan-activity;sid:84159368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296267/; classtype:trojan-activity;sid:84159367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.23.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296264/; classtype:trojan-activity;sid:84159364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.13.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296265/; classtype:trojan-activity;sid:84159365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.150.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296266/; classtype:trojan-activity;sid:84159366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.109.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296263/; classtype:trojan-activity;sid:84159363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296262/; classtype:trojan-activity;sid:84159362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.33.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296261/; classtype:trojan-activity;sid:84159361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296260/; classtype:trojan-activity;sid:84159360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.24.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296257/; classtype:trojan-activity;sid:84159357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.103.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296258/; classtype:trojan-activity;sid:84159358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.248.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296259/; classtype:trojan-activity;sid:84159359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296256/; classtype:trojan-activity;sid:84159356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.230.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296255/; classtype:trojan-activity;sid:84159355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.230.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296254/; classtype:trojan-activity;sid:84159354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbsa6402673928901533/hbsa6402673928901533.lnk"; depth:46; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296253/; classtype:trojan-activity;sid:84159353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/receipt580328018732jksra/receipt580328018732jksra.lnk"; depth:54; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296248/; classtype:trojan-activity;sid:84159348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvbsa830932sdav430/tvbsa830932sdav430.lnk"; depth:42; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296249/; classtype:trojan-activity;sid:84159349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bnew.bat"; depth:9; endswith; nocase; http.host; content:"native-shipments-forty-polar.trycloudflare.com"; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296250/; classtype:trojan-activity;sid:84159350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvsrus74903gbsaybnsaer/bvsrus74903gbsaybnsaer.lnk"; depth:50; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296251/; classtype:trojan-activity;sid:84159351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urvsa8302msanvbakda09/urvsa8302msanvbakda09_pdf.lnk"; depth:52; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296252/; classtype:trojan-activity;sid:84159352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"112.113.128.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296247/; classtype:trojan-activity;sid:84159347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.96.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296246/; classtype:trojan-activity;sid:84159346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.6.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296244/; classtype:trojan-activity;sid:84159344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.206.166.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296245/; classtype:trojan-activity;sid:84159345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296243/; classtype:trojan-activity;sid:84159343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.174.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296242/; classtype:trojan-activity;sid:84159342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.120.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296241/; classtype:trojan-activity;sid:84159341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.93.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296240/; classtype:trojan-activity;sid:84159340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.90.3.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296239/; classtype:trojan-activity;sid:84159339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.104.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296238/; classtype:trojan-activity;sid:84159338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.148.159.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296235/; classtype:trojan-activity;sid:84159335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.34.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296236/; classtype:trojan-activity;sid:84159336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.120.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296237/; classtype:trojan-activity;sid:84159337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~azeredo/teste/toolkit.ez-activator.2.1.2/office%202010%20toolkit.exe"; depth:70; endswith; nocase; http.host; content:"mtm.ufsc.br"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296234/; classtype:trojan-activity;sid:84159334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10afebdbffcd4742c81a3cb0f6ce4092156b4375/system/ps1_to_exe_(installer).exe"; depth:75; endswith; nocase; http.host; content:"files1.majorgeeks.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296233/; classtype:trojan-activity;sid:84159333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.131.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296232/; classtype:trojan-activity;sid:84159332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.24.146.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296231/; classtype:trojan-activity;sid:84159331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahedm.zip"; depth:10; endswith; nocase; http.host; content:"native-shipments-forty-polar.trycloudflare.com"; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296227/; classtype:trojan-activity;sid:84159327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"native-shipments-forty-polar.trycloudflare.com"; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296228/; classtype:trojan-activity;sid:84159328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhedm.zip"; depth:10; endswith; nocase; http.host; content:"native-shipments-forty-polar.trycloudflare.com"; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296229/; classtype:trojan-activity;sid:84159329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startuppp.bat"; depth:14; endswith; nocase; http.host; content:"native-shipments-forty-polar.trycloudflare.com"; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296226/; classtype:trojan-activity;sid:84159326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urvsa8302msanvbakda09/urvsa8302msanvbakda09_pdf.lnk"; depth:52; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296225/; classtype:trojan-activity;sid:84159325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvsrus74903gbsaybnsaer/bvsrus74903gbsaybnsaer.lnk"; depth:50; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296224/; classtype:trojan-activity;sid:84159324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/receipt580328018732jksra/receipt580328018732jksra.lnk"; depth:54; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296221/; classtype:trojan-activity;sid:84159321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rechaung/57966470_14200_20240604_pdf.lnk"; depth:41; endswith; nocase; http.host; content:"native-shipments-forty-polar.trycloudflare.com"; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296222/; classtype:trojan-activity;sid:84159322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvbsa830932sdav430/tvbsa830932sdav430.lnk"; depth:42; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296223/; classtype:trojan-activity;sid:84159323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.54.77"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296219/; classtype:trojan-activity;sid:84159319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbsa6402673928901533/hbsa6402673928901533.lnk"; depth:46; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296220/; classtype:trojan-activity;sid:84159320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/csc.vbs"; depth:8; endswith; nocase; http.host; content:"native-shipments-forty-polar.trycloudflare.com"; depth:46; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296218/; classtype:trojan-activity;sid:84159318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.174.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296217/; classtype:trojan-activity;sid:84159317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.177.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296216/; classtype:trojan-activity;sid:84159316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.66.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296215/; classtype:trojan-activity;sid:84159315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.5.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296214/; classtype:trojan-activity;sid:84159314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.230.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296213/; classtype:trojan-activity;sid:84159313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/treportsz30/treportsz30setup.exe"; depth:33; endswith; nocase; http.host; content:"treports.in"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296212/; classtype:trojan-activity;sid:84159312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/pc/ireader-pc-win10.exe"; depth:31; endswith; nocase; http.host; content:"61.154.0.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296211/; classtype:trojan-activity;sid:84159311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/propask/cheat1/releases/download/cheat/123.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296210/; classtype:trojan-activity;sid:84159310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdd_biaoge/soft/down.exe"; depth:25; endswith; nocase; http.host; content:"49.232.174.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296207/; classtype:trojan-activity;sid:84159307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e6%96%b0%e7%82%b9%e7%94%b5%e5%ad%90%e4%ba%a4%e6%98%93%e6%a1%86%e6%9e%b6%e6%94%af%e6%92%91%e6%9c%8d%e5%8a%a1/pdfimages.exe"; depth:123; endswith; nocase; http.host; content:"180.117.160.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296208/; classtype:trojan-activity;sid:84159308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crm/exe/update.exe"; depth:19; endswith; nocase; http.host; content:"www.zhikey.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsp/d3d10.dll"; depth:14; endswith; nocase; http.host; content:"88.209.197.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296205/; classtype:trojan-activity;sid:84159305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setups/1/jtupdate.exe"; depth:22; endswith; nocase; http.host; content:"mipl.info"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296206/; classtype:trojan-activity;sid:84159306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kituri/adobe%20acrobat%20xi%20pro%2011.0.16%20multilingual%20+%20crack%20[sadeempc]/crack/amt%20emulator%200.8%20by%20painter/amtemu.v0.8-painter.exe"; depth:150; endswith; nocase; http.host; content:"161.97.88.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296203/; classtype:trojan-activity;sid:84159303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/movavi%20video%20editor%20plus%202021%20v21.4.0%20x64/crack/bb2018.dll"; depth:71; endswith; nocase; http.host; content:"bgyeger.r6.hu"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296204/; classtype:trojan-activity;sid:84159304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"38.207.132.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296202/; classtype:trojan-activity;sid:84159302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon_x64.exe"; depth:15; endswith; nocase; http.host; content:"38.207.132.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296201/; classtype:trojan-activity;sid:84159301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.131.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296200/; classtype:trojan-activity;sid:84159300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.90.3.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296199/; classtype:trojan-activity;sid:84159299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.150.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296198/; classtype:trojan-activity;sid:84159298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.54.77"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296197/; classtype:trojan-activity;sid:84159297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.89.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296196/; classtype:trojan-activity;sid:84159296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.26.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296195/; classtype:trojan-activity;sid:84159295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.127.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296194/; classtype:trojan-activity;sid:84159294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.46.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296193/; classtype:trojan-activity;sid:84159293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.122.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296192/; classtype:trojan-activity;sid:84159292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.74.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296191/; classtype:trojan-activity;sid:84159291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.100.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296190/; classtype:trojan-activity;sid:84159290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.177.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296189/; classtype:trojan-activity;sid:84159289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.243.133.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296188/; classtype:trojan-activity;sid:84159288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.230.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296187/; classtype:trojan-activity;sid:84159287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.199.109.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296186/; classtype:trojan-activity;sid:84159286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296185/; classtype:trojan-activity;sid:84159285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.231.203.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296184/; classtype:trojan-activity;sid:84159284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.226.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296183/; classtype:trojan-activity;sid:84159283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.70.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296182/; classtype:trojan-activity;sid:84159282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.14.57.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296180/; classtype:trojan-activity;sid:84159280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.87.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296181/; classtype:trojan-activity;sid:84159281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296179/; classtype:trojan-activity;sid:84159279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.14.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296177/; classtype:trojan-activity;sid:84159277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.89.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296178/; classtype:trojan-activity;sid:84159278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.201.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296176/; classtype:trojan-activity;sid:84159276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296175/; classtype:trojan-activity;sid:84159275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.14.57.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296174/; classtype:trojan-activity;sid:84159274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.138.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296173/; classtype:trojan-activity;sid:84159273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.100.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296172/; classtype:trojan-activity;sid:84159272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.243.133.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296171/; classtype:trojan-activity;sid:84159271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.exe"; depth:10; endswith; nocase; http.host; content:"bhcc.com.sa"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296170/; classtype:trojan-activity;sid:84159270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.3.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296169/; classtype:trojan-activity;sid:84159269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.87.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296168/; classtype:trojan-activity;sid:84159268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.220.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296167/; classtype:trojan-activity;sid:84159267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.172.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296165/; classtype:trojan-activity;sid:84159265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.214.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296166/; classtype:trojan-activity;sid:84159266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.70.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296164/; classtype:trojan-activity;sid:84159264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.85.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296163/; classtype:trojan-activity;sid:84159263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.16.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296162/; classtype:trojan-activity;sid:84159262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296161/; classtype:trojan-activity;sid:84159261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.63.246.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296160/; classtype:trojan-activity;sid:84159260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.97.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296159/; classtype:trojan-activity;sid:84159259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e5%b7%85%e3%82%bd%e5%b3%b0[%e9%95%bf%e4%b9%85]3.exe"; depth:53; endswith; nocase; http.host; content:"www.333zz.top"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296158/; classtype:trojan-activity;sid:84159258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d78be06952a942aeaaddf90bec673982:prerequisites/vc_redist.x64.exe"; depth:65; endswith; nocase; http.host; content:"sin1.contabostorage.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296157/; classtype:trojan-activity;sid:84159257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.9.101"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296156/; classtype:trojan-activity;sid:84159256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.81.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296155/; classtype:trojan-activity;sid:84159255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296154/; classtype:trojan-activity;sid:84159254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.78.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296153/; classtype:trojan-activity;sid:84159253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.226.105.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296152/; classtype:trojan-activity;sid:84159252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.87.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296151/; classtype:trojan-activity;sid:84159251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.54.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296150/; classtype:trojan-activity;sid:84159250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.226.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296149/; classtype:trojan-activity;sid:84159249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296148/; classtype:trojan-activity;sid:84159248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xj/%e6%97%b6%e6%97%b6%e5%bd%a9%20v6.7.2%20%208-21.zip"; depth:54; endswith; nocase; http.host; content:"xj.55555com.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296147/; classtype:trojan-activity;sid:84159247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fastad4.exe"; depth:12; endswith; nocase; http.host; content:"mintfiles.s3.amazonaws.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296146/; classtype:trojan-activity;sid:84159246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.53.54.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296145/; classtype:trojan-activity;sid:84159245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.54.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296144/; classtype:trojan-activity;sid:84159244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.46.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296143/; classtype:trojan-activity;sid:84159243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.149.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296142/; classtype:trojan-activity;sid:84159242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.15.23"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296141/; classtype:trojan-activity;sid:84159241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296140/; classtype:trojan-activity;sid:84159240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.141.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296139/; classtype:trojan-activity;sid:84159239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.45.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296137/; classtype:trojan-activity;sid:84159237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296138/; classtype:trojan-activity;sid:84159238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.18.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296136/; classtype:trojan-activity;sid:84159236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.210.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296135/; classtype:trojan-activity;sid:84159235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.191.178.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296134/; classtype:trojan-activity;sid:84159234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.53.54.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296133/; classtype:trojan-activity;sid:84159233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.99.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296132/; classtype:trojan-activity;sid:84159232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.15.23"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296131/; classtype:trojan-activity;sid:84159231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.21.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296130/; classtype:trojan-activity;sid:84159230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.87.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296129/; classtype:trojan-activity;sid:84159229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.46.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296128/; classtype:trojan-activity;sid:84159228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296127/; classtype:trojan-activity;sid:84159227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296126/; classtype:trojan-activity;sid:84159226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.19.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296125/; classtype:trojan-activity;sid:84159225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296124/; classtype:trojan-activity;sid:84159224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.230.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296123/; classtype:trojan-activity;sid:84159223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.19.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296122/; classtype:trojan-activity;sid:84159222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.104.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296121/; classtype:trojan-activity;sid:84159221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.89.252.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296120/; classtype:trojan-activity;sid:84159220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.70.181.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296119/; classtype:trojan-activity;sid:84159219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.104.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296118/; classtype:trojan-activity;sid:84159218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.61.114.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296117/; classtype:trojan-activity;sid:84159217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.169.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296115/; classtype:trojan-activity;sid:84159215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296116/; classtype:trojan-activity;sid:84159216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.239.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296113/; classtype:trojan-activity;sid:84159213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.17.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296114/; classtype:trojan-activity;sid:84159214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.102.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296112/; classtype:trojan-activity;sid:84159212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.121.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296111/; classtype:trojan-activity;sid:84159211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.59.114.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296110/; classtype:trojan-activity;sid:84159210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.86.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296109/; classtype:trojan-activity;sid:84159209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296108/; classtype:trojan-activity;sid:84159208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlos_121/sos/downloads/envio_copia_de_la_notificacion_electronica_demanda.tar.bin.tar.001"; depth:92; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296107/; classtype:trojan-activity;sid:84159207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296106/; classtype:trojan-activity;sid:84159206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.168.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296105/; classtype:trojan-activity;sid:84159205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.181.187.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296104/; classtype:trojan-activity;sid:84159204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.90.3.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296103/; classtype:trojan-activity;sid:84159203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296102/; classtype:trojan-activity;sid:84159202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.206.166.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296101/; classtype:trojan-activity;sid:84159201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296100/; classtype:trojan-activity;sid:84159200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.143.1"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296099/; classtype:trojan-activity;sid:84159199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296098/; classtype:trojan-activity;sid:84159198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296096/; classtype:trojan-activity;sid:84159196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296097/; classtype:trojan-activity;sid:84159197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296095/; classtype:trojan-activity;sid:84159195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296089/; classtype:trojan-activity;sid:84159189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296090/; classtype:trojan-activity;sid:84159190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296091/; classtype:trojan-activity;sid:84159191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296092/; classtype:trojan-activity;sid:84159192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296093/; classtype:trojan-activity;sid:84159193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296094/; classtype:trojan-activity;sid:84159194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296085/; classtype:trojan-activity;sid:84159185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296086/; classtype:trojan-activity;sid:84159186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296087/; classtype:trojan-activity;sid:84159187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296088/; classtype:trojan-activity;sid:84159188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296078/; classtype:trojan-activity;sid:84159178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296079/; classtype:trojan-activity;sid:84159179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.105.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296080/; classtype:trojan-activity;sid:84159180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296081/; classtype:trojan-activity;sid:84159181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296082/; classtype:trojan-activity;sid:84159182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296083/; classtype:trojan-activity;sid:84159183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296084/; classtype:trojan-activity;sid:84159184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.36.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296077/; classtype:trojan-activity;sid:84159177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.99.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296076/; classtype:trojan-activity;sid:84159176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.102.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296075/; classtype:trojan-activity;sid:84159175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.71.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296074/; classtype:trojan-activity;sid:84159174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.121.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296073/; classtype:trojan-activity;sid:84159173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.10.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296072/; classtype:trojan-activity;sid:84159172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/mixeleven.exe"; depth:20; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296071/; classtype:trojan-activity;sid:84159171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.73.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296070/; classtype:trojan-activity;sid:84159170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.157.144.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296069/; classtype:trojan-activity;sid:84159169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.19.43.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296068/; classtype:trojan-activity;sid:84159168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.101.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296066/; classtype:trojan-activity;sid:84159166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.32.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296067/; classtype:trojan-activity;sid:84159167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.225.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296065/; classtype:trojan-activity;sid:84159165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/s/e|3f|rlkey=vlr9zditnsugtc2yh5yr7p84m"; depth:46; endswith; nocase; http.host; content:"fc8g7ejc3m.dl.dropboxusercontent.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296064/; classtype:trojan-activity;sid:84159164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.89.61.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296063/; classtype:trojan-activity;sid:84159163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.88.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296062/; classtype:trojan-activity;sid:84159162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.240.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296061/; classtype:trojan-activity;sid:84159161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.134.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296060/; classtype:trojan-activity;sid:84159160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296059/; classtype:trojan-activity;sid:84159159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.96.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296056/; classtype:trojan-activity;sid:84159156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.126.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296057/; classtype:trojan-activity;sid:84159157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.243.181.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296058/; classtype:trojan-activity;sid:84159158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.102.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296055/; classtype:trojan-activity;sid:84159155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll008.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296053/; classtype:trojan-activity;sid:84159153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh007.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296054/; classtype:trojan-activity;sid:84159154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1002.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296052/; classtype:trojan-activity;sid:84159152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe010.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296047/; classtype:trojan-activity;sid:84159147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe005.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296048/; classtype:trojan-activity;sid:84159148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1003.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296049/; classtype:trojan-activity;sid:84159149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll004.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296050/; classtype:trojan-activity;sid:84159150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe004.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296051/; classtype:trojan-activity;sid:84159151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll007.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296015/; classtype:trojan-activity;sid:84159115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1005.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296016/; classtype:trojan-activity;sid:84159116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll005.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296017/; classtype:trojan-activity;sid:84159117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh008.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296018/; classtype:trojan-activity;sid:84159118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll003.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296019/; classtype:trojan-activity;sid:84159119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh010.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296020/; classtype:trojan-activity;sid:84159120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll006.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296021/; classtype:trojan-activity;sid:84159121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll002.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296022/; classtype:trojan-activity;sid:84159122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll010.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296023/; classtype:trojan-activity;sid:84159123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll001.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296024/; classtype:trojan-activity;sid:84159124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1006.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296025/; classtype:trojan-activity;sid:84159125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe002.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296026/; classtype:trojan-activity;sid:84159126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh004.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296027/; classtype:trojan-activity;sid:84159127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1010.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296028/; classtype:trojan-activity;sid:84159128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe006.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296029/; classtype:trojan-activity;sid:84159129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe008.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296030/; classtype:trojan-activity;sid:84159130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1009.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296031/; classtype:trojan-activity;sid:84159131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh002.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296032/; classtype:trojan-activity;sid:84159132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe009.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296033/; classtype:trojan-activity;sid:84159133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh003.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296034/; classtype:trojan-activity;sid:84159134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1008.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296035/; classtype:trojan-activity;sid:84159135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe003.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296036/; classtype:trojan-activity;sid:84159136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh006.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296037/; classtype:trojan-activity;sid:84159137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dll/dll009.dll"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296038/; classtype:trojan-activity;sid:84159138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh001.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296039/; classtype:trojan-activity;sid:84159139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh005.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296040/; classtype:trojan-activity;sid:84159140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh/sh009.sh"; depth:12; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296041/; classtype:trojan-activity;sid:84159141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1007.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296042/; classtype:trojan-activity;sid:84159142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe001.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296043/; classtype:trojan-activity;sid:84159143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/xkl0pnd8zfpjfh1.wiz"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296044/; classtype:trojan-activity;sid:84159144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1004.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296045/; classtype:trojan-activity;sid:84159145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/exe007.exe"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296046/; classtype:trojan-activity;sid:84159146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.46.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296014/; classtype:trojan-activity;sid:84159114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps1/ps1001.ps1"; depth:15; endswith; nocase; http.host; content:"194.90.142.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296013/; classtype:trojan-activity;sid:84159113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.218.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296012/; classtype:trojan-activity;sid:84159112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.184.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296011/; classtype:trojan-activity;sid:84159111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trashss/jpmfwq.wav"; depth:19; endswith; nocase; http.host; content:"inspirecollege.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296006/; classtype:trojan-activity;sid:84159106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trashss/fwympkg.wav"; depth:20; endswith; nocase; http.host; content:"inspirecollege.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296007/; classtype:trojan-activity;sid:84159107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trashss/kslmdnldhtq.dat"; depth:24; endswith; nocase; http.host; content:"inspirecollege.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296008/; classtype:trojan-activity;sid:84159108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trashss/pgyehm.dat"; depth:19; endswith; nocase; http.host; content:"inspirecollege.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296009/; classtype:trojan-activity;sid:84159109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trashss/ujegysfu.dat"; depth:21; endswith; nocase; http.host; content:"inspirecollege.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296010/; classtype:trojan-activity;sid:84159110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.152.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296005/; classtype:trojan-activity;sid:84159105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.59.114.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296004/; classtype:trojan-activity;sid:84159104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.183.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296003/; classtype:trojan-activity;sid:84159103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.71.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296002/; classtype:trojan-activity;sid:84159102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.247.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296001/; classtype:trojan-activity;sid:84159101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296000/; classtype:trojan-activity;sid:84159100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.134.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295999/; classtype:trojan-activity;sid:84159099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.89.61.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295998/; classtype:trojan-activity;sid:84159098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.176.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295997/; classtype:trojan-activity;sid:84159097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.224.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295996/; classtype:trojan-activity;sid:84159096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.214.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295995/; classtype:trojan-activity;sid:84159095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"95.127.233.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295994/; classtype:trojan-activity;sid:84159094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.56.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295993/; classtype:trojan-activity;sid:84159093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.74.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295992/; classtype:trojan-activity;sid:84159092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.149.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295991/; classtype:trojan-activity;sid:84159091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.200.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295990/; classtype:trojan-activity;sid:84159090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.71.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295989/; classtype:trojan-activity;sid:84159089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.121.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295988/; classtype:trojan-activity;sid:84159088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.224.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295987/; classtype:trojan-activity;sid:84159087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.149.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295986/; classtype:trojan-activity;sid:84159086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.66.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295984/; classtype:trojan-activity;sid:84159084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.181.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295985/; classtype:trojan-activity;sid:84159085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.149.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295983/; classtype:trojan-activity;sid:84159083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295982/; classtype:trojan-activity;sid:84159082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.204.235.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295981/; classtype:trojan-activity;sid:84159081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295980/; classtype:trojan-activity;sid:84159080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.196.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295979/; classtype:trojan-activity;sid:84159079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.212.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295978/; classtype:trojan-activity;sid:84159078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295977/; classtype:trojan-activity;sid:84159077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.198.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295976/; classtype:trojan-activity;sid:84159076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.200.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295975/; classtype:trojan-activity;sid:84159075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.102.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295974/; classtype:trojan-activity;sid:84159074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.85.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295973/; classtype:trojan-activity;sid:84159073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295972/; classtype:trojan-activity;sid:84159072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.139.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295971/; classtype:trojan-activity;sid:84159071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.70.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295970/; classtype:trojan-activity;sid:84159070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.249.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295969/; classtype:trojan-activity;sid:84159069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.230.60.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295968/; classtype:trojan-activity;sid:84159068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.8.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295967/; classtype:trojan-activity;sid:84159067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"154.216.17.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295966/; classtype:trojan-activity;sid:84159066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295965/; classtype:trojan-activity;sid:84159065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.28.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295964/; classtype:trojan-activity;sid:84159064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.227.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295963/; classtype:trojan-activity;sid:84159063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.196.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295962/; classtype:trojan-activity;sid:84159062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.51.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295961/; classtype:trojan-activity;sid:84159061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"63.47.120.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295960/; classtype:trojan-activity;sid:84159060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.234.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295959/; classtype:trojan-activity;sid:84159059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295958/; classtype:trojan-activity;sid:84159058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295957/; classtype:trojan-activity;sid:84159057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295955/; classtype:trojan-activity;sid:84159055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.228.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295956/; classtype:trojan-activity;sid:84159056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.230.60.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295954/; classtype:trojan-activity;sid:84159054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.150.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295953/; classtype:trojan-activity;sid:84159053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.8.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295952/; classtype:trojan-activity;sid:84159052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295950/; classtype:trojan-activity;sid:84159050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"63.47.120.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295951/; classtype:trojan-activity;sid:84159051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.38.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295949/; classtype:trojan-activity;sid:84159049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.230.60.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295948/; classtype:trojan-activity;sid:84159048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.245.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295947/; classtype:trojan-activity;sid:84159047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.243.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295946/; classtype:trojan-activity;sid:84159046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.131.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295945/; classtype:trojan-activity;sid:84159045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.210.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295944/; classtype:trojan-activity;sid:84159044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.204.235.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295943/; classtype:trojan-activity;sid:84159043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.48.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295942/; classtype:trojan-activity;sid:84159042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.152.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295941/; classtype:trojan-activity;sid:84159041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.176.121.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295940/; classtype:trojan-activity;sid:84159040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.176.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295939/; classtype:trojan-activity;sid:84159039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.187.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295938/; classtype:trojan-activity;sid:84159038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.234.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295937/; classtype:trojan-activity;sid:84159037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.150.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295936/; classtype:trojan-activity;sid:84159036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.59.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295935/; classtype:trojan-activity;sid:84159035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.38.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295934/; classtype:trojan-activity;sid:84159034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.210.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295933/; classtype:trojan-activity;sid:84159033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.243.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295932/; classtype:trojan-activity;sid:84159032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.131.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295931/; classtype:trojan-activity;sid:84159031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295930/; classtype:trojan-activity;sid:84159030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.192.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295929/; classtype:trojan-activity;sid:84159029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295927/; classtype:trojan-activity;sid:84159027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295928/; classtype:trojan-activity;sid:84159028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295925/; classtype:trojan-activity;sid:84159025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295926/; classtype:trojan-activity;sid:84159026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.187.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295924/; classtype:trojan-activity;sid:84159024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.90.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295923/; classtype:trojan-activity;sid:84159023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.207.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295922/; classtype:trojan-activity;sid:84159022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.90.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295921/; classtype:trojan-activity;sid:84159021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.121.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295919/; classtype:trojan-activity;sid:84159019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.177.200.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295920/; classtype:trojan-activity;sid:84159020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.198.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295918/; classtype:trojan-activity;sid:84159018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.104.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295917/; classtype:trojan-activity;sid:84159017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.63.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295916/; classtype:trojan-activity;sid:84159016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.214.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295915/; classtype:trojan-activity;sid:84159015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.84.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295914/; classtype:trojan-activity;sid:84159014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.239.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295913/; classtype:trojan-activity;sid:84159013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.180.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295912/; classtype:trojan-activity;sid:84159012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.87.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295910/; classtype:trojan-activity;sid:84159010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.36.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295911/; classtype:trojan-activity;sid:84159011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.206.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295909/; classtype:trojan-activity;sid:84159009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.75.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295907/; classtype:trojan-activity;sid:84159007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.136.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295908/; classtype:trojan-activity;sid:84159008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.228.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295906/; classtype:trojan-activity;sid:84159006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.18.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295905/; classtype:trojan-activity;sid:84159005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.123.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295904/; classtype:trojan-activity;sid:84159004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.81.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295903/; classtype:trojan-activity;sid:84159003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.207.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295902/; classtype:trojan-activity;sid:84159002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295901/; classtype:trojan-activity;sid:84159001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.14.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295900/; classtype:trojan-activity;sid:84159000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.213.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295899/; classtype:trojan-activity;sid:84158999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.78.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295896/; classtype:trojan-activity;sid:84158996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.51.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295897/; classtype:trojan-activity;sid:84158997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.36.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295898/; classtype:trojan-activity;sid:84158998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.207.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295895/; classtype:trojan-activity;sid:84158995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.239.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295892/; classtype:trojan-activity;sid:84158992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.157.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295893/; classtype:trojan-activity;sid:84158993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.63.21.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295894/; classtype:trojan-activity;sid:84158994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295891/; classtype:trojan-activity;sid:84158991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.180.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295890/; classtype:trojan-activity;sid:84158990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.1.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295889/; classtype:trojan-activity;sid:84158989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.87.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295888/; classtype:trojan-activity;sid:84158988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.143.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295887/; classtype:trojan-activity;sid:84158987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.111.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295885/; classtype:trojan-activity;sid:84158985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.52.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295886/; classtype:trojan-activity;sid:84158986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.18.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295884/; classtype:trojan-activity;sid:84158984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.228.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295883/; classtype:trojan-activity;sid:84158983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.187.198.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295881/; classtype:trojan-activity;sid:84158981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295882/; classtype:trojan-activity;sid:84158982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295880/; classtype:trojan-activity;sid:84158980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.87.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295879/; classtype:trojan-activity;sid:84158979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.78.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295876/; classtype:trojan-activity;sid:84158976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.63.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295877/; classtype:trojan-activity;sid:84158977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.213.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295878/; classtype:trojan-activity;sid:84158978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.51.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295875/; classtype:trojan-activity;sid:84158975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.17.53"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295873/; classtype:trojan-activity;sid:84158973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.33.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295874/; classtype:trojan-activity;sid:84158974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.142.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295872/; classtype:trojan-activity;sid:84158972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.217.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295871/; classtype:trojan-activity;sid:84158971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.212.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295870/; classtype:trojan-activity;sid:84158970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.111.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295869/; classtype:trojan-activity;sid:84158969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.143.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295868/; classtype:trojan-activity;sid:84158968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.63.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295867/; classtype:trojan-activity;sid:84158967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295866/; classtype:trojan-activity;sid:84158966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295865/; classtype:trojan-activity;sid:84158965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.22.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295864/; classtype:trojan-activity;sid:84158964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.90.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295863/; classtype:trojan-activity;sid:84158963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.142.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295862/; classtype:trojan-activity;sid:84158962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.102.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295861/; classtype:trojan-activity;sid:84158961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd1.dll"; depth:8; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295860/; classtype:trojan-activity;sid:84158960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.dll"; depth:7; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295858/; classtype:trojan-activity;sid:84158958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.exe"; depth:7; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295859/; classtype:trojan-activity;sid:84158959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pq1.exe"; depth:8; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295856/; classtype:trojan-activity;sid:84158956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb1.exe"; depth:8; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295857/; classtype:trojan-activity;sid:84158957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pq.exe"; depth:7; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295854/; classtype:trojan-activity;sid:84158954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pq2.exe"; depth:8; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295855/; classtype:trojan-activity;sid:84158955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb2.exe"; depth:8; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295852/; classtype:trojan-activity;sid:84158952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbjq..dll"; depth:10; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295853/; classtype:trojan-activity;sid:84158953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb.exe"; depth:7; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295851/; classtype:trojan-activity;sid:84158951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.22.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295850/; classtype:trojan-activity;sid:84158950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb.ini"; depth:7; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295849/; classtype:trojan-activity;sid:84158949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.198.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295848/; classtype:trojan-activity;sid:84158948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.186.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295847/; classtype:trojan-activity;sid:84158947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.240.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295846/; classtype:trojan-activity;sid:84158946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.113.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295845/; classtype:trojan-activity;sid:84158945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.127.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295844/; classtype:trojan-activity;sid:84158944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295841/; classtype:trojan-activity;sid:84158941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295842/; classtype:trojan-activity;sid:84158942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295843/; classtype:trojan-activity;sid:84158943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.111.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295840/; classtype:trojan-activity;sid:84158940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.176.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295839/; classtype:trojan-activity;sid:84158939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.95.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295838/; classtype:trojan-activity;sid:84158938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.156.89.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295837/; classtype:trojan-activity;sid:84158937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.96.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295836/; classtype:trojan-activity;sid:84158936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.101.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295835/; classtype:trojan-activity;sid:84158935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.226.102.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295834/; classtype:trojan-activity;sid:84158934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.17.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295833/; classtype:trojan-activity;sid:84158933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.221.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295832/; classtype:trojan-activity;sid:84158932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.247.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295831/; classtype:trojan-activity;sid:84158931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295830/; classtype:trojan-activity;sid:84158930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.156.89.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295828/; classtype:trojan-activity;sid:84158928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.82.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295829/; classtype:trojan-activity;sid:84158929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.37.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295827/; classtype:trojan-activity;sid:84158927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295826/; classtype:trojan-activity;sid:84158926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.186.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295825/; classtype:trojan-activity;sid:84158925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.46.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295824/; classtype:trojan-activity;sid:84158924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.136.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295823/; classtype:trojan-activity;sid:84158923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.242.49.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295822/; classtype:trojan-activity;sid:84158922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.25.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295821/; classtype:trojan-activity;sid:84158921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295820/; classtype:trojan-activity;sid:84158920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295818/; classtype:trojan-activity;sid:84158918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295819/; classtype:trojan-activity;sid:84158919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.20.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295817/; classtype:trojan-activity;sid:84158917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295816/; classtype:trojan-activity;sid:84158916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.37.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295815/; classtype:trojan-activity;sid:84158915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295814/; classtype:trojan-activity;sid:84158914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.221.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295813/; classtype:trojan-activity;sid:84158913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.184.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295812/; classtype:trojan-activity;sid:84158912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.58.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295811/; classtype:trojan-activity;sid:84158911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.66.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295810/; classtype:trojan-activity;sid:84158910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295809/; classtype:trojan-activity;sid:84158909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.101.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295808/; classtype:trojan-activity;sid:84158908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.103.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295807/; classtype:trojan-activity;sid:84158907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.103.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295806/; classtype:trojan-activity;sid:84158906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.222.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295804/; classtype:trojan-activity;sid:84158904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.81.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295805/; classtype:trojan-activity;sid:84158905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.105.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295803/; classtype:trojan-activity;sid:84158903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.90.1.35"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295802/; classtype:trojan-activity;sid:84158902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295801/; classtype:trojan-activity;sid:84158901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.245.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295800/; classtype:trojan-activity;sid:84158900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.10.92"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295799/; classtype:trojan-activity;sid:84158899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.141.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295798/; classtype:trojan-activity;sid:84158898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.39.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295797/; classtype:trojan-activity;sid:84158897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295796/; classtype:trojan-activity;sid:84158896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.89.61.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295795/; classtype:trojan-activity;sid:84158895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.141.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295794/; classtype:trojan-activity;sid:84158894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.235.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295793/; classtype:trojan-activity;sid:84158893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.58.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295792/; classtype:trojan-activity;sid:84158892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295791/; classtype:trojan-activity;sid:84158891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.0.116"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295788/; classtype:trojan-activity;sid:84158888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.222.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295789/; classtype:trojan-activity;sid:84158889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.134.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295790/; classtype:trojan-activity;sid:84158890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.10.92"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295787/; classtype:trojan-activity;sid:84158887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.81.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295786/; classtype:trojan-activity;sid:84158886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.22.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295785/; classtype:trojan-activity;sid:84158885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.221.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295784/; classtype:trojan-activity;sid:84158884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.107.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295783/; classtype:trojan-activity;sid:84158883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.66.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295782/; classtype:trojan-activity;sid:84158882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295781/; classtype:trojan-activity;sid:84158881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.149.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295780/; classtype:trojan-activity;sid:84158880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.101.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295779/; classtype:trojan-activity;sid:84158879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.215.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295777/; classtype:trojan-activity;sid:84158877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.199.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295778/; classtype:trojan-activity;sid:84158878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.20.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295776/; classtype:trojan-activity;sid:84158876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.221.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295775/; classtype:trojan-activity;sid:84158875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295774/; classtype:trojan-activity;sid:84158874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.145.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295773/; classtype:trojan-activity;sid:84158873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.15.126"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295772/; classtype:trojan-activity;sid:84158872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.189.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295771/; classtype:trojan-activity;sid:84158871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.50.124.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295770/; classtype:trojan-activity;sid:84158870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.127.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295769/; classtype:trojan-activity;sid:84158869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295768/; classtype:trojan-activity;sid:84158868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.19.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295767/; classtype:trojan-activity;sid:84158867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.209.150.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295766/; classtype:trojan-activity;sid:84158866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.16.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295765/; classtype:trojan-activity;sid:84158865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.195.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295764/; classtype:trojan-activity;sid:84158864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.47.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295763/; classtype:trojan-activity;sid:84158863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295762/; classtype:trojan-activity;sid:84158862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.26.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295761/; classtype:trojan-activity;sid:84158861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.189.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295760/; classtype:trojan-activity;sid:84158860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.145.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295759/; classtype:trojan-activity;sid:84158859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295757/; classtype:trojan-activity;sid:84158857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.54.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295758/; classtype:trojan-activity;sid:84158858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.84.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295756/; classtype:trojan-activity;sid:84158856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.47.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295755/; classtype:trojan-activity;sid:84158855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.196.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295754/; classtype:trojan-activity;sid:84158854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"151.50.124.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295753/; classtype:trojan-activity;sid:84158853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295752/; classtype:trojan-activity;sid:84158852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295750/; classtype:trojan-activity;sid:84158850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.194.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295751/; classtype:trojan-activity;sid:84158851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.110.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295749/; classtype:trojan-activity;sid:84158849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295748/; classtype:trojan-activity;sid:84158848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.140.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295747/; classtype:trojan-activity;sid:84158847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.182.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295746/; classtype:trojan-activity;sid:84158846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295745/; classtype:trojan-activity;sid:84158845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.0.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295744/; classtype:trojan-activity;sid:84158844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.224.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295742/; classtype:trojan-activity;sid:84158842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.119.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295743/; classtype:trojan-activity;sid:84158843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295741/; classtype:trojan-activity;sid:84158841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.47.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295740/; classtype:trojan-activity;sid:84158840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295739/; classtype:trojan-activity;sid:84158839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.221.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295738/; classtype:trojan-activity;sid:84158838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295737/; classtype:trojan-activity;sid:84158837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295736/; classtype:trojan-activity;sid:84158836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.196.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295735/; classtype:trojan-activity;sid:84158835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.214.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295734/; classtype:trojan-activity;sid:84158834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.84.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295733/; classtype:trojan-activity;sid:84158833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.234.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295732/; classtype:trojan-activity;sid:84158832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.244.91.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295731/; classtype:trojan-activity;sid:84158831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.131.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295730/; classtype:trojan-activity;sid:84158830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.37.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295729/; classtype:trojan-activity;sid:84158829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.234.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295728/; classtype:trojan-activity;sid:84158828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.95.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295727/; classtype:trojan-activity;sid:84158827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.244.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295726/; classtype:trojan-activity;sid:84158826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.238.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295725/; classtype:trojan-activity;sid:84158825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.114.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295724/; classtype:trojan-activity;sid:84158824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.92.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295723/; classtype:trojan-activity;sid:84158823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.119.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295722/; classtype:trojan-activity;sid:84158822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.168.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295721/; classtype:trojan-activity;sid:84158821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.47.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295720/; classtype:trojan-activity;sid:84158820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295718/; classtype:trojan-activity;sid:84158818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.78.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295719/; classtype:trojan-activity;sid:84158819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.0.116"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295716/; classtype:trojan-activity;sid:84158816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295717/; classtype:trojan-activity;sid:84158817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.116.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295715/; classtype:trojan-activity;sid:84158815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.233.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295714/; classtype:trojan-activity;sid:84158814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.27.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295712/; classtype:trojan-activity;sid:84158812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.131.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295713/; classtype:trojan-activity;sid:84158813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.43.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295711/; classtype:trojan-activity;sid:84158811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.92.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295710/; classtype:trojan-activity;sid:84158810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.249.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295709/; classtype:trojan-activity;sid:84158809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"194.54.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295708/; classtype:trojan-activity;sid:84158808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.237.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295707/; classtype:trojan-activity;sid:84158807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.45.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295706/; classtype:trojan-activity;sid:84158806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.169.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295705/; classtype:trojan-activity;sid:84158805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.155.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295704/; classtype:trojan-activity;sid:84158804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.12.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295703/; classtype:trojan-activity;sid:84158803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.28.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295702/; classtype:trojan-activity;sid:84158802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.89.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295699/; classtype:trojan-activity;sid:84158799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.116.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295700/; classtype:trojan-activity;sid:84158800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.58.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295701/; classtype:trojan-activity;sid:84158801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.3.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295698/; classtype:trojan-activity;sid:84158798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.249.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295697/; classtype:trojan-activity;sid:84158797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.247.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295696/; classtype:trojan-activity;sid:84158796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.128.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295695/; classtype:trojan-activity;sid:84158795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.225.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295694/; classtype:trojan-activity;sid:84158794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.89.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295693/; classtype:trojan-activity;sid:84158793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.28.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295692/; classtype:trojan-activity;sid:84158792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.244.213.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295690/; classtype:trojan-activity;sid:84158790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.86.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295691/; classtype:trojan-activity;sid:84158791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.93.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295688/; classtype:trojan-activity;sid:84158788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.167.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295689/; classtype:trojan-activity;sid:84158789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.43.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295687/; classtype:trojan-activity;sid:84158787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.247.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295685/; classtype:trojan-activity;sid:84158785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.178.176.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295686/; classtype:trojan-activity;sid:84158786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.169.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295684/; classtype:trojan-activity;sid:84158784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295682/; classtype:trojan-activity;sid:84158782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.146.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295683/; classtype:trojan-activity;sid:84158783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.28.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295681/; classtype:trojan-activity;sid:84158781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295680/; classtype:trojan-activity;sid:84158780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.48.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295679/; classtype:trojan-activity;sid:84158779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295678/; classtype:trojan-activity;sid:84158778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.247.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295677/; classtype:trojan-activity;sid:84158777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295676/; classtype:trojan-activity;sid:84158776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.27.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295675/; classtype:trojan-activity;sid:84158775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295674/; classtype:trojan-activity;sid:84158774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.233.169.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295673/; classtype:trojan-activity;sid:84158773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.71.223.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295672/; classtype:trojan-activity;sid:84158772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.238.136.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295671/; classtype:trojan-activity;sid:84158771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.81.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295668/; classtype:trojan-activity;sid:84158768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295669/; classtype:trojan-activity;sid:84158769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/rodda.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295670/; classtype:trojan-activity;sid:84158770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.149.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295667/; classtype:trojan-activity;sid:84158767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.138.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295666/; classtype:trojan-activity;sid:84158766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.178.176.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295665/; classtype:trojan-activity;sid:84158765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295664/; classtype:trojan-activity;sid:84158764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.103.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295661/; classtype:trojan-activity;sid:84158761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.197.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295662/; classtype:trojan-activity;sid:84158762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.170.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295663/; classtype:trojan-activity;sid:84158763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.229.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295660/; classtype:trojan-activity;sid:84158760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295659/; classtype:trojan-activity;sid:84158759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.235.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295658/; classtype:trojan-activity;sid:84158758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295657/; classtype:trojan-activity;sid:84158757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.44.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295656/; classtype:trojan-activity;sid:84158756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.251.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295655/; classtype:trojan-activity;sid:84158755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.111.17.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295654/; classtype:trojan-activity;sid:84158754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.18.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295653/; classtype:trojan-activity;sid:84158753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.247.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295652/; classtype:trojan-activity;sid:84158752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295651/; classtype:trojan-activity;sid:84158751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.138.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295649/; classtype:trojan-activity;sid:84158749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295650/; classtype:trojan-activity;sid:84158750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.71.223.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295648/; classtype:trojan-activity;sid:84158748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.251.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295647/; classtype:trojan-activity;sid:84158747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.238.136.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295646/; classtype:trojan-activity;sid:84158746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.45.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295645/; classtype:trojan-activity;sid:84158745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.93.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295644/; classtype:trojan-activity;sid:84158744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.147.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295643/; classtype:trojan-activity;sid:84158743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.138.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295641/; classtype:trojan-activity;sid:84158741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.138.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295642/; classtype:trojan-activity;sid:84158742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.111.17.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295640/; classtype:trojan-activity;sid:84158740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.27.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295639/; classtype:trojan-activity;sid:84158739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.94.193.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295638/; classtype:trojan-activity;sid:84158738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295637/; classtype:trojan-activity;sid:84158737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.215.222.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295636/; classtype:trojan-activity;sid:84158736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.3.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295635/; classtype:trojan-activity;sid:84158735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.116.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295634/; classtype:trojan-activity;sid:84158734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.138.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295633/; classtype:trojan-activity;sid:84158733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.88.224.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295632/; classtype:trojan-activity;sid:84158732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.246.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295631/; classtype:trojan-activity;sid:84158731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.8.110.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295630/; classtype:trojan-activity;sid:84158730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.41.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295629/; classtype:trojan-activity;sid:84158729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.76.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295628/; classtype:trojan-activity;sid:84158728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.95.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295627/; classtype:trojan-activity;sid:84158727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295626/; classtype:trojan-activity;sid:84158726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.16.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295625/; classtype:trojan-activity;sid:84158725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.68.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295624/; classtype:trojan-activity;sid:84158724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.240.9.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295623/; classtype:trojan-activity;sid:84158723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.140.160.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295622/; classtype:trojan-activity;sid:84158722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295621/; classtype:trojan-activity;sid:84158721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295620/; classtype:trojan-activity;sid:84158720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb9"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295618/; classtype:trojan-activity;sid:84158718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb5"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295619/; classtype:trojan-activity;sid:84158719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb4"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295610/; classtype:trojan-activity;sid:84158710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb1"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295611/; classtype:trojan-activity;sid:84158711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb10"; depth:6; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295612/; classtype:trojan-activity;sid:84158712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb6"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295613/; classtype:trojan-activity;sid:84158713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb2"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295614/; classtype:trojan-activity;sid:84158714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb11"; depth:6; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295615/; classtype:trojan-activity;sid:84158715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb3"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295616/; classtype:trojan-activity;sid:84158716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb8"; depth:5; endswith; nocase; http.host; content:"103.77.172.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295617/; classtype:trojan-activity;sid:84158717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.41.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295608/; classtype:trojan-activity;sid:84158708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295609/; classtype:trojan-activity;sid:84158709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.147.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295607/; classtype:trojan-activity;sid:84158707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.231.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295606/; classtype:trojan-activity;sid:84158706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295605/; classtype:trojan-activity;sid:84158705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.173.46.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295604/; classtype:trojan-activity;sid:84158704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295603/; classtype:trojan-activity;sid:84158703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295601/; classtype:trojan-activity;sid:84158701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.217.68.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295602/; classtype:trojan-activity;sid:84158702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295600/; classtype:trojan-activity;sid:84158700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.168.236.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295599/; classtype:trojan-activity;sid:84158699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.88.238.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295598/; classtype:trojan-activity;sid:84158698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.53.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295597/; classtype:trojan-activity;sid:84158697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.244.91.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295596/; classtype:trojan-activity;sid:84158696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.8.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295595/; classtype:trojan-activity;sid:84158695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.86.188.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295594/; classtype:trojan-activity;sid:84158694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.77.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295593/; classtype:trojan-activity;sid:84158693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.74.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295592/; classtype:trojan-activity;sid:84158692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.4.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295591/; classtype:trojan-activity;sid:84158691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295590/; classtype:trojan-activity;sid:84158690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.245.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295589/; classtype:trojan-activity;sid:84158689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295587/; classtype:trojan-activity;sid:84158687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.178.125.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295588/; classtype:trojan-activity;sid:84158688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.62.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295586/; classtype:trojan-activity;sid:84158686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295585/; classtype:trojan-activity;sid:84158685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.160.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295584/; classtype:trojan-activity;sid:84158684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.182.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295583/; classtype:trojan-activity;sid:84158683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.141.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295582/; classtype:trojan-activity;sid:84158682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.173.46.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295581/; classtype:trojan-activity;sid:84158681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.144.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295580/; classtype:trojan-activity;sid:84158680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295579/; classtype:trojan-activity;sid:84158679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.87.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295578/; classtype:trojan-activity;sid:84158678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295577/; classtype:trojan-activity;sid:84158677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"194.54.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295576/; classtype:trojan-activity;sid:84158676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.227.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295575/; classtype:trojan-activity;sid:84158675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.244.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295574/; classtype:trojan-activity;sid:84158674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.58.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295573/; classtype:trojan-activity;sid:84158673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.37.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295572/; classtype:trojan-activity;sid:84158672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.240.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295571/; classtype:trojan-activity;sid:84158671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.143.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295570/; classtype:trojan-activity;sid:84158670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.200.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295569/; classtype:trojan-activity;sid:84158669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.86.188.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295568/; classtype:trojan-activity;sid:84158668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.243.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295567/; classtype:trojan-activity;sid:84158667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.187.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295566/; classtype:trojan-activity;sid:84158666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.118.91.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295564/; classtype:trojan-activity;sid:84158664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.111.17.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295565/; classtype:trojan-activity;sid:84158665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.113.124.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295563/; classtype:trojan-activity;sid:84158663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.156.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295562/; classtype:trojan-activity;sid:84158662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.167.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295561/; classtype:trojan-activity;sid:84158661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.67.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295560/; classtype:trojan-activity;sid:84158660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.130.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295559/; classtype:trojan-activity;sid:84158659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.101.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295558/; classtype:trojan-activity;sid:84158658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.41.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295557/; classtype:trojan-activity;sid:84158657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295556/; classtype:trojan-activity;sid:84158656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.243.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295555/; classtype:trojan-activity;sid:84158655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.174.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295554/; classtype:trojan-activity;sid:84158654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.152.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295553/; classtype:trojan-activity;sid:84158653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.234.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295552/; classtype:trojan-activity;sid:84158652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.37.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295551/; classtype:trojan-activity;sid:84158651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.160.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295550/; classtype:trojan-activity;sid:84158650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.41.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295549/; classtype:trojan-activity;sid:84158649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.49.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295548/; classtype:trojan-activity;sid:84158648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.236.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295547/; classtype:trojan-activity;sid:84158647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.210.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295546/; classtype:trojan-activity;sid:84158646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.187.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295545/; classtype:trojan-activity;sid:84158645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.88.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295544/; classtype:trojan-activity;sid:84158644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.225.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295543/; classtype:trojan-activity;sid:84158643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.82.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295542/; classtype:trojan-activity;sid:84158642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.171.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295541/; classtype:trojan-activity;sid:84158641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.245.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295540/; classtype:trojan-activity;sid:84158640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.217.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295539/; classtype:trojan-activity;sid:84158639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.63.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295538/; classtype:trojan-activity;sid:84158638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.233.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295536/; classtype:trojan-activity;sid:84158636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.244.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295537/; classtype:trojan-activity;sid:84158637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295535/; classtype:trojan-activity;sid:84158635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.130.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295534/; classtype:trojan-activity;sid:84158634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295533/; classtype:trojan-activity;sid:84158633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.101.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295532/; classtype:trojan-activity;sid:84158632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.91.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295531/; classtype:trojan-activity;sid:84158631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.88.224.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295530/; classtype:trojan-activity;sid:84158630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.2.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295528/; classtype:trojan-activity;sid:84158628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.221.225.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295529/; classtype:trojan-activity;sid:84158629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.63.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295526/; classtype:trojan-activity;sid:84158626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.210.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295527/; classtype:trojan-activity;sid:84158627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295525/; classtype:trojan-activity;sid:84158625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.67.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295524/; classtype:trojan-activity;sid:84158624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.62.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295523/; classtype:trojan-activity;sid:84158623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.150.11.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295522/; classtype:trojan-activity;sid:84158622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.236.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295521/; classtype:trojan-activity;sid:84158621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.45.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295520/; classtype:trojan-activity;sid:84158620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.245.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295519/; classtype:trojan-activity;sid:84158619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.89.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295518/; classtype:trojan-activity;sid:84158618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.224.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295517/; classtype:trojan-activity;sid:84158617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.91.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295516/; classtype:trojan-activity;sid:84158616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.94.191.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295515/; classtype:trojan-activity;sid:84158615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.233.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295514/; classtype:trojan-activity;sid:84158614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.7.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295513/; classtype:trojan-activity;sid:84158613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.241.50.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295512/; classtype:trojan-activity;sid:84158612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.95.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295511/; classtype:trojan-activity;sid:84158611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.17.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295510/; classtype:trojan-activity;sid:84158610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.140.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295509/; classtype:trojan-activity;sid:84158609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.211.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295508/; classtype:trojan-activity;sid:84158608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.151.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295507/; classtype:trojan-activity;sid:84158607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.14.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295506/; classtype:trojan-activity;sid:84158606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295504/; classtype:trojan-activity;sid:84158604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.88.238.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295505/; classtype:trojan-activity;sid:84158605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.45.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295501/; classtype:trojan-activity;sid:84158601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.75.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295502/; classtype:trojan-activity;sid:84158602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.21.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295503/; classtype:trojan-activity;sid:84158603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.195.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295500/; classtype:trojan-activity;sid:84158600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.14.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295499/; classtype:trojan-activity;sid:84158599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.19.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295498/; classtype:trojan-activity;sid:84158598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.2.227"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295497/; classtype:trojan-activity;sid:84158597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.21.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295496/; classtype:trojan-activity;sid:84158596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.188.17.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295495/; classtype:trojan-activity;sid:84158595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.17.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295494/; classtype:trojan-activity;sid:84158594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.36.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295493/; classtype:trojan-activity;sid:84158593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.0.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295492/; classtype:trojan-activity;sid:84158592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295491/; classtype:trojan-activity;sid:84158591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.195.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295490/; classtype:trojan-activity;sid:84158590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.230.79.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295489/; classtype:trojan-activity;sid:84158589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.224.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295488/; classtype:trojan-activity;sid:84158588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.164.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295486/; classtype:trojan-activity;sid:84158586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.80.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295487/; classtype:trojan-activity;sid:84158587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.91.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295485/; classtype:trojan-activity;sid:84158585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.31.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295484/; classtype:trojan-activity;sid:84158584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.134.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295483/; classtype:trojan-activity;sid:84158583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.227.56.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295482/; classtype:trojan-activity;sid:84158582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.75.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295481/; classtype:trojan-activity;sid:84158581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.178.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295480/; classtype:trojan-activity;sid:84158580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295479/; classtype:trojan-activity;sid:84158579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.113.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295478/; classtype:trojan-activity;sid:84158578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295477/; classtype:trojan-activity;sid:84158577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295476/; classtype:trojan-activity;sid:84158576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.30.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295475/; classtype:trojan-activity;sid:84158575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.19.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295474/; classtype:trojan-activity;sid:84158574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.87.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295473/; classtype:trojan-activity;sid:84158573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.17.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295472/; classtype:trojan-activity;sid:84158572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.98.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295471/; classtype:trojan-activity;sid:84158571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.54.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295470/; classtype:trojan-activity;sid:84158570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.63.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295469/; classtype:trojan-activity;sid:84158569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295468/; classtype:trojan-activity;sid:84158568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.164.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295467/; classtype:trojan-activity;sid:84158567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.176.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295466/; classtype:trojan-activity;sid:84158566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.82.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295465/; classtype:trojan-activity;sid:84158565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.80.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295464/; classtype:trojan-activity;sid:84158564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.104.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295463/; classtype:trojan-activity;sid:84158563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.81.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295462/; classtype:trojan-activity;sid:84158562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.87.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295461/; classtype:trojan-activity;sid:84158561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.134.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3295460/; classtype:trojan-activity;sid:84158560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.31.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295459/; classtype:trojan-activity;sid:84158559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.96.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295458/; classtype:trojan-activity;sid:84158558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.98.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295457/; classtype:trojan-activity;sid:84158557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.60.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295456/; classtype:trojan-activity;sid:84158556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.134.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295455/; classtype:trojan-activity;sid:84158555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295454/; classtype:trojan-activity;sid:84158554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.161.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295453/; classtype:trojan-activity;sid:84158553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.87.28.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295452/; classtype:trojan-activity;sid:84158552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295451/; classtype:trojan-activity;sid:84158551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.176.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295450/; classtype:trojan-activity;sid:84158550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295449/; classtype:trojan-activity;sid:84158549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.125.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295448/; classtype:trojan-activity;sid:84158548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295447/; classtype:trojan-activity;sid:84158547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.235.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295446/; classtype:trojan-activity;sid:84158546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295445/; classtype:trojan-activity;sid:84158545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.96.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295444/; classtype:trojan-activity;sid:84158544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.231.113.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295443/; classtype:trojan-activity;sid:84158543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.84.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295442/; classtype:trojan-activity;sid:84158542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.74.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295441/; classtype:trojan-activity;sid:84158541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.12.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295440/; classtype:trojan-activity;sid:84158540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.87.28.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295439/; classtype:trojan-activity;sid:84158539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.125.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295438/; classtype:trojan-activity;sid:84158538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295437/; classtype:trojan-activity;sid:84158537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.56.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295436/; classtype:trojan-activity;sid:84158536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.125.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295435/; classtype:trojan-activity;sid:84158535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.84.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295434/; classtype:trojan-activity;sid:84158534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.119.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295433/; classtype:trojan-activity;sid:84158533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.223.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295429/; classtype:trojan-activity;sid:84158529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.100.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295430/; classtype:trojan-activity;sid:84158530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.158.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295431/; classtype:trojan-activity;sid:84158531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.220.238.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295432/; classtype:trojan-activity;sid:84158532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295428/; classtype:trojan-activity;sid:84158528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.34.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295427/; classtype:trojan-activity;sid:84158527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.74.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295426/; classtype:trojan-activity;sid:84158526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.228.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295425/; classtype:trojan-activity;sid:84158525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.32.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295424/; classtype:trojan-activity;sid:84158524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.12.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295423/; classtype:trojan-activity;sid:84158523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.12.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295422/; classtype:trojan-activity;sid:84158522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.172.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295421/; classtype:trojan-activity;sid:84158521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.56.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295420/; classtype:trojan-activity;sid:84158520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.21.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295419/; classtype:trojan-activity;sid:84158519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.86.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295418/; classtype:trojan-activity;sid:84158518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.44.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295417/; classtype:trojan-activity;sid:84158517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295416/; classtype:trojan-activity;sid:84158516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295415/; classtype:trojan-activity;sid:84158515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.230.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295414/; classtype:trojan-activity;sid:84158514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.32.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295413/; classtype:trojan-activity;sid:84158513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.49.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295412/; classtype:trojan-activity;sid:84158512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.94.67.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295411/; classtype:trojan-activity;sid:84158511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295410/; classtype:trojan-activity;sid:84158510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295409/; classtype:trojan-activity;sid:84158509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.68.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295408/; classtype:trojan-activity;sid:84158508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.135.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295407/; classtype:trojan-activity;sid:84158507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.93.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295406/; classtype:trojan-activity;sid:84158506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.131.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295405/; classtype:trojan-activity;sid:84158505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.21.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295403/; classtype:trojan-activity;sid:84158503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.44.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295404/; classtype:trojan-activity;sid:84158504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.86.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295402/; classtype:trojan-activity;sid:84158502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295401/; classtype:trojan-activity;sid:84158501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.177.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295400/; classtype:trojan-activity;sid:84158500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.104.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295399/; classtype:trojan-activity;sid:84158499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.14.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295398/; classtype:trojan-activity;sid:84158498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.4.224.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295397/; classtype:trojan-activity;sid:84158497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.234.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295396/; classtype:trojan-activity;sid:84158496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.32.50.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295394/; classtype:trojan-activity;sid:84158494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.249.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295395/; classtype:trojan-activity;sid:84158495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295393/; classtype:trojan-activity;sid:84158493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.234.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295392/; classtype:trojan-activity;sid:84158492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.121.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295391/; classtype:trojan-activity;sid:84158491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.114.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295390/; classtype:trojan-activity;sid:84158490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295389/; classtype:trojan-activity;sid:84158489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.68.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295388/; classtype:trojan-activity;sid:84158488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.83.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295386/; classtype:trojan-activity;sid:84158486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.58.18.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295387/; classtype:trojan-activity;sid:84158487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.20.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295385/; classtype:trojan-activity;sid:84158485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/xxx.zip"; depth:13; endswith; nocase; http.host; content:"petshopsg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295383/; classtype:trojan-activity;sid:84158483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/xxx.zip"; depth:13; endswith; nocase; http.host; content:"inayatullah.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295384/; classtype:trojan-activity;sid:84158484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.32.50.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295381/; classtype:trojan-activity;sid:84158481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.68.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295382/; classtype:trojan-activity;sid:84158482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.240.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295380/; classtype:trojan-activity;sid:84158480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.144.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295379/; classtype:trojan-activity;sid:84158479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.152.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295378/; classtype:trojan-activity;sid:84158478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.236.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295377/; classtype:trojan-activity;sid:84158477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.46.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295376/; classtype:trojan-activity;sid:84158476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.4.224.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295375/; classtype:trojan-activity;sid:84158475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.95.46.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295373/; classtype:trojan-activity;sid:84158473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.18.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295374/; classtype:trojan-activity;sid:84158474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.104.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295372/; classtype:trojan-activity;sid:84158472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.174.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295371/; classtype:trojan-activity;sid:84158471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295370/; classtype:trojan-activity;sid:84158470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.13.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295369/; classtype:trojan-activity;sid:84158469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.121.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295368/; classtype:trojan-activity;sid:84158468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.18.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295367/; classtype:trojan-activity;sid:84158467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295366/; classtype:trojan-activity;sid:84158466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/potwierdzenie.exe"; depth:24; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295365/; classtype:trojan-activity;sid:84158465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.80.162.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295364/; classtype:trojan-activity;sid:84158464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295363/; classtype:trojan-activity;sid:84158463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/nidbfhk.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295361/; classtype:trojan-activity;sid:84158461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.205.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295362/; classtype:trojan-activity;sid:84158462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/dfkoiec.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295360/; classtype:trojan-activity;sid:84158460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.152.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295359/; classtype:trojan-activity;sid:84158459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.147.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295357/; classtype:trojan-activity;sid:84158457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295358/; classtype:trojan-activity;sid:84158458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295355/; classtype:trojan-activity;sid:84158455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295356/; classtype:trojan-activity;sid:84158456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295351/; classtype:trojan-activity;sid:84158451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295352/; classtype:trojan-activity;sid:84158452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295353/; classtype:trojan-activity;sid:84158453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295354/; classtype:trojan-activity;sid:84158454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295347/; classtype:trojan-activity;sid:84158447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295348/; classtype:trojan-activity;sid:84158448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295349/; classtype:trojan-activity;sid:84158449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295350/; classtype:trojan-activity;sid:84158450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295344/; classtype:trojan-activity;sid:84158444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295345/; classtype:trojan-activity;sid:84158445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295346/; classtype:trojan-activity;sid:84158446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295339/; classtype:trojan-activity;sid:84158439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295340/; classtype:trojan-activity;sid:84158440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295341/; classtype:trojan-activity;sid:84158441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295342/; classtype:trojan-activity;sid:84158442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295343/; classtype:trojan-activity;sid:84158443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"panel.chanbaba.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295338/; classtype:trojan-activity;sid:84158438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295337/; classtype:trojan-activity;sid:84158437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295334/; classtype:trojan-activity;sid:84158434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295335/; classtype:trojan-activity;sid:84158435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295336/; classtype:trojan-activity;sid:84158436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295331/; classtype:trojan-activity;sid:84158431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295332/; classtype:trojan-activity;sid:84158432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295333/; classtype:trojan-activity;sid:84158433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295329/; classtype:trojan-activity;sid:84158429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"158.220.106.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295330/; classtype:trojan-activity;sid:84158430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.188.16.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295328/; classtype:trojan-activity;sid:84158428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.mpsl"; depth:16; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295326/; classtype:trojan-activity;sid:84158426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.55.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295327/; classtype:trojan-activity;sid:84158427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.ppc"; depth:15; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295325/; classtype:trojan-activity;sid:84158425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.sh4"; depth:15; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295323/; classtype:trojan-activity;sid:84158423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.41.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295324/; classtype:trojan-activity;sid:84158424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.m68k"; depth:16; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295315/; classtype:trojan-activity;sid:84158415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.arm6"; depth:16; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295316/; classtype:trojan-activity;sid:84158416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.arm5"; depth:16; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295317/; classtype:trojan-activity;sid:84158417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.spc"; depth:15; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295318/; classtype:trojan-activity;sid:84158418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.arm"; depth:15; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295319/; classtype:trojan-activity;sid:84158419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.mips"; depth:16; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295320/; classtype:trojan-activity;sid:84158420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.arm7"; depth:16; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295321/; classtype:trojan-activity;sid:84158421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/owari.x86"; depth:15; endswith; nocase; http.host; content:"89.34.230.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295322/; classtype:trojan-activity;sid:84158422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.174.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295314/; classtype:trojan-activity;sid:84158414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.75.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295313/; classtype:trojan-activity;sid:84158413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.125.241.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295310/; classtype:trojan-activity;sid:84158410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.234.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295311/; classtype:trojan-activity;sid:84158411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.89.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295312/; classtype:trojan-activity;sid:84158412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295308/; classtype:trojan-activity;sid:84158408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.158.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295309/; classtype:trojan-activity;sid:84158409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.38.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295307/; classtype:trojan-activity;sid:84158407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.250.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295306/; classtype:trojan-activity;sid:84158406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.192.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295305/; classtype:trojan-activity;sid:84158405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.211.42.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295304/; classtype:trojan-activity;sid:84158404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295303/; classtype:trojan-activity;sid:84158403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.147.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295302/; classtype:trojan-activity;sid:84158402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295301/; classtype:trojan-activity;sid:84158401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.16.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295300/; classtype:trojan-activity;sid:84158400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.55.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295298/; classtype:trojan-activity;sid:84158398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.113.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295299/; classtype:trojan-activity;sid:84158399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.116.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295297/; classtype:trojan-activity;sid:84158397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.77.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295296/; classtype:trojan-activity;sid:84158396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.158.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295295/; classtype:trojan-activity;sid:84158395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.176.68.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295294/; classtype:trojan-activity;sid:84158394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.77.4.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295293/; classtype:trojan-activity;sid:84158393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.255.133.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295292/; classtype:trojan-activity;sid:84158392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.193.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295290/; classtype:trojan-activity;sid:84158390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.214.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295291/; classtype:trojan-activity;sid:84158391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.255.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295289/; classtype:trojan-activity;sid:84158389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.177.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295288/; classtype:trojan-activity;sid:84158388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.77.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295287/; classtype:trojan-activity;sid:84158387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"ndur.events.socalpocis.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295286/; classtype:trojan-activity;sid:84158386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295285/; classtype:trojan-activity;sid:84158385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.186.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295283/; classtype:trojan-activity;sid:84158383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.15.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295284/; classtype:trojan-activity;sid:84158384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.17.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295282/; classtype:trojan-activity;sid:84158382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.193.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295281/; classtype:trojan-activity;sid:84158381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.99.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295280/; classtype:trojan-activity;sid:84158380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.255.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295279/; classtype:trojan-activity;sid:84158379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.226.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295278/; classtype:trojan-activity;sid:84158378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.242.49.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295277/; classtype:trojan-activity;sid:84158377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295276/; classtype:trojan-activity;sid:84158376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295275/; classtype:trojan-activity;sid:84158375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"185.248.15.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295273/; classtype:trojan-activity;sid:84158373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.15.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295274/; classtype:trojan-activity;sid:84158374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.78.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295272/; classtype:trojan-activity;sid:84158372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.174.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295271/; classtype:trojan-activity;sid:84158371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.215.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295270/; classtype:trojan-activity;sid:84158370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.71.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295269/; classtype:trojan-activity;sid:84158369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.226.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295268/; classtype:trojan-activity;sid:84158368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.146.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295267/; classtype:trojan-activity;sid:84158367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295266/; classtype:trojan-activity;sid:84158366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.96.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295265/; classtype:trojan-activity;sid:84158365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.242.49.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295264/; classtype:trojan-activity;sid:84158364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.78.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295262/; classtype:trojan-activity;sid:84158362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.17.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295263/; classtype:trojan-activity;sid:84158363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.92.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295261/; classtype:trojan-activity;sid:84158361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.253.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295260/; classtype:trojan-activity;sid:84158360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.214.158.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295259/; classtype:trojan-activity;sid:84158359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295258/; classtype:trojan-activity;sid:84158358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.87.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295257/; classtype:trojan-activity;sid:84158357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.153.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295256/; classtype:trojan-activity;sid:84158356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.87.0.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295255/; classtype:trojan-activity;sid:84158355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.215.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295254/; classtype:trojan-activity;sid:84158354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.146.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295253/; classtype:trojan-activity;sid:84158353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"tuw.events.socalpocis.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295252/; classtype:trojan-activity;sid:84158352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295251/; classtype:trojan-activity;sid:84158351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295250/; classtype:trojan-activity;sid:84158350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.246.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295249/; classtype:trojan-activity;sid:84158349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295248/; classtype:trojan-activity;sid:84158348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.15.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295247/; classtype:trojan-activity;sid:84158347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.92.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295246/; classtype:trojan-activity;sid:84158346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.21.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295245/; classtype:trojan-activity;sid:84158345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295244/; classtype:trojan-activity;sid:84158344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295243/; classtype:trojan-activity;sid:84158343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.56.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295242/; classtype:trojan-activity;sid:84158342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.83.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295241/; classtype:trojan-activity;sid:84158341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.246.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295240/; classtype:trojan-activity;sid:84158340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.172.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295239/; classtype:trojan-activity;sid:84158339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.255.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295238/; classtype:trojan-activity;sid:84158338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.152.147.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295237/; classtype:trojan-activity;sid:84158337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.40.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295236/; classtype:trojan-activity;sid:84158336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.191.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295235/; classtype:trojan-activity;sid:84158335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295234/; classtype:trojan-activity;sid:84158334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.172.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295233/; classtype:trojan-activity;sid:84158333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.235.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295232/; classtype:trojan-activity;sid:84158332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.245.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295231/; classtype:trojan-activity;sid:84158331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.255.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295230/; classtype:trojan-activity;sid:84158330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.152.147.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295228/; classtype:trojan-activity;sid:84158328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.173.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295229/; classtype:trojan-activity;sid:84158329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.152.170.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295226/; classtype:trojan-activity;sid:84158326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.38.19.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295227/; classtype:trojan-activity;sid:84158327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.246.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295225/; classtype:trojan-activity;sid:84158325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.12.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295224/; classtype:trojan-activity;sid:84158324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.51.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295223/; classtype:trojan-activity;sid:84158323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.109.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295222/; classtype:trojan-activity;sid:84158322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295221/; classtype:trojan-activity;sid:84158321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.235.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295220/; classtype:trojan-activity;sid:84158320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.78.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295219/; classtype:trojan-activity;sid:84158319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.53.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295218/; classtype:trojan-activity;sid:84158318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.152.147.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295217/; classtype:trojan-activity;sid:84158317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.203.68.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295216/; classtype:trojan-activity;sid:84158316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.214.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295215/; classtype:trojan-activity;sid:84158315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.249.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295214/; classtype:trojan-activity;sid:84158314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.109.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295213/; classtype:trojan-activity;sid:84158313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.12.37"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295212/; classtype:trojan-activity;sid:84158312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.78.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295211/; classtype:trojan-activity;sid:84158311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.18.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295210/; classtype:trojan-activity;sid:84158310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.18.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295209/; classtype:trojan-activity;sid:84158309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.69.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295208/; classtype:trojan-activity;sid:84158308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.220.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295207/; classtype:trojan-activity;sid:84158307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.235.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295204/; classtype:trojan-activity;sid:84158304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.214.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295205/; classtype:trojan-activity;sid:84158305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.248.230.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295206/; classtype:trojan-activity;sid:84158306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295200/; classtype:trojan-activity;sid:84158300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295201/; classtype:trojan-activity;sid:84158301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295202/; classtype:trojan-activity;sid:84158302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.131.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295203/; classtype:trojan-activity;sid:84158303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.60.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295199/; classtype:trojan-activity;sid:84158299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.131.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295193/; classtype:trojan-activity;sid:84158293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.189.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295194/; classtype:trojan-activity;sid:84158294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.91.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295195/; classtype:trojan-activity;sid:84158295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.57.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295196/; classtype:trojan-activity;sid:84158296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.57.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295197/; classtype:trojan-activity;sid:84158297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.179.249.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295198/; classtype:trojan-activity;sid:84158298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295187/; classtype:trojan-activity;sid:84158287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295188/; classtype:trojan-activity;sid:84158288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.44.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295189/; classtype:trojan-activity;sid:84158289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295190/; classtype:trojan-activity;sid:84158290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.4.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295191/; classtype:trojan-activity;sid:84158291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295192/; classtype:trojan-activity;sid:84158292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.51.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295186/; classtype:trojan-activity;sid:84158286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295185/; classtype:trojan-activity;sid:84158285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.4.204.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295184/; classtype:trojan-activity;sid:84158284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.3.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295183/; classtype:trojan-activity;sid:84158283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.214.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295182/; classtype:trojan-activity;sid:84158282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.54.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295181/; classtype:trojan-activity;sid:84158281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.154.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295180/; classtype:trojan-activity;sid:84158280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.191.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295178/; classtype:trojan-activity;sid:84158278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.89.252.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295179/; classtype:trojan-activity;sid:84158279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.188.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295170/; classtype:trojan-activity;sid:84158270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.89.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295171/; classtype:trojan-activity;sid:84158271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.163.81.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295172/; classtype:trojan-activity;sid:84158272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.114.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295173/; classtype:trojan-activity;sid:84158273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.146.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295174/; classtype:trojan-activity;sid:84158274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.187.17.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295175/; classtype:trojan-activity;sid:84158275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"178.244.214.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295176/; classtype:trojan-activity;sid:84158276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.244.214.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295177/; classtype:trojan-activity;sid:84158277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.204.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295169/; classtype:trojan-activity;sid:84158269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.88.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295168/; classtype:trojan-activity;sid:84158268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.220.73.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295167/; classtype:trojan-activity;sid:84158267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.154.196.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295166/; classtype:trojan-activity;sid:84158266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.62.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295165/; classtype:trojan-activity;sid:84158265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/megafund/gambinho.exe"; depth:22; endswith; nocase; http.host; content:"end-vt.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295164/; classtype:trojan-activity;sid:84158264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94082236017531.dll"; depth:19; endswith; nocase; http.host; content:"94.159.113.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295163/; classtype:trojan-activity;sid:84158263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"85.192.37.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295162/; classtype:trojan-activity;sid:84158262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.182.153.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295161/; classtype:trojan-activity;sid:84158261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295158/; classtype:trojan-activity;sid:84158258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.214.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295159/; classtype:trojan-activity;sid:84158259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.14.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295160/; classtype:trojan-activity;sid:84158260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.236.160.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295157/; classtype:trojan-activity;sid:84158257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.248.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295156/; classtype:trojan-activity;sid:84158256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.154.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295155/; classtype:trojan-activity;sid:84158255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.194.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295154/; classtype:trojan-activity;sid:84158254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53/cg/bestthingsalwaysgetbesrentirelifethingstogdomybetterthignswithgreat.hta"; depth:78; endswith; nocase; http.host; content:"107.172.44.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295153/; classtype:trojan-activity;sid:84158253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53/seemybestnetworkwhichgivebestthingsentirelifewithme.tif"; depth:59; endswith; nocase; http.host; content:"107.172.44.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295152/; classtype:trojan-activity;sid:84158252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/bmfplgqmxzovv105.bin"; depth:27; endswith; nocase; http.host; content:"heavyequipmentsales.au"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295151/; classtype:trojan-activity;sid:84158251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/verdensalt.asi"; depth:21; endswith; nocase; http.host; content:"heavyequipmentsales.au"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295150/; classtype:trojan-activity;sid:84158250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gx2ez0dxc3zo342-rxkec4d-mhyak-pe"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295148/; classtype:trojan-activity;sid:84158248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1klrrxmj0mpao4gvbs34infj1sqexs5wp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295149/; classtype:trojan-activity;sid:84158249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.81.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295147/; classtype:trojan-activity;sid:84158247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36/caspol.exe"; depth:14; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295145/; classtype:trojan-activity;sid:84158245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37/caspol.exe"; depth:14; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295146/; classtype:trojan-activity;sid:84158246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/rf/seemybestbeautifulgirlwhowantbestthignsenitrelifetimethingstobe.hta"; depth:77; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295143/; classtype:trojan-activity;sid:84158243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/de/givemebestwithentiretimegivenmebestthingsalwaysforgetbacknew.hta"; depth:74; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295144/; classtype:trojan-activity;sid:84158244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/657/caspol.exe"; depth:15; endswith; nocase; http.host; content:"66.63.187.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295142/; classtype:trojan-activity;sid:84158242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/noc/seemefasterthanbeforewithhisbestthingsinonlineforgetreadyfor.hta"; depth:75; endswith; nocase; http.host; content:"66.63.187.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295141/; classtype:trojan-activity;sid:84158241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.239.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295140/; classtype:trojan-activity;sid:84158240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.214.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295139/; classtype:trojan-activity;sid:84158239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.170.144.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295138/; classtype:trojan-activity;sid:84158238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.35.225.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295137/; classtype:trojan-activity;sid:84158237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.208.26.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295132/; classtype:trojan-activity;sid:84158232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"85.192.37.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295133/; classtype:trojan-activity;sid:84158233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.6.77"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295134/; classtype:trojan-activity;sid:84158234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"85.192.37.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295135/; classtype:trojan-activity;sid:84158235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.235.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295136/; classtype:trojan-activity;sid:84158236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295130/; classtype:trojan-activity;sid:84158230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.177.151.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295131/; classtype:trojan-activity;sid:84158231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.204.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295128/; classtype:trojan-activity;sid:84158228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.54.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295129/; classtype:trojan-activity;sid:84158229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295127/; classtype:trojan-activity;sid:84158227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.104.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295126/; classtype:trojan-activity;sid:84158226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.102.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295125/; classtype:trojan-activity;sid:84158225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.201.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295124/; classtype:trojan-activity;sid:84158224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295123/; classtype:trojan-activity;sid:84158223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.248.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295122/; classtype:trojan-activity;sid:84158222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.239.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295120/; classtype:trojan-activity;sid:84158220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zfsrvbrrquo53.bin"; depth:18; endswith; nocase; http.host; content:"185.222.57.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295121/; classtype:trojan-activity;sid:84158221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.167.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295119/; classtype:trojan-activity;sid:84158219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.27.37.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295118/; classtype:trojan-activity;sid:84158218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.3.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295117/; classtype:trojan-activity;sid:84158217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295116/; classtype:trojan-activity;sid:84158216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.96.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295115/; classtype:trojan-activity;sid:84158215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.6.91.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295114/; classtype:trojan-activity;sid:84158214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.7.204.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295113/; classtype:trojan-activity;sid:84158213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/mipsel"; depth:9; endswith; nocase; http.host; content:"85.209.133.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295112/; classtype:trojan-activity;sid:84158212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.33.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295111/; classtype:trojan-activity;sid:84158211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.234.160.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295110/; classtype:trojan-activity;sid:84158210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.141.245.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295108/; classtype:trojan-activity;sid:84158208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.141.245.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295109/; classtype:trojan-activity;sid:84158209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"31.141.245.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295107/; classtype:trojan-activity;sid:84158207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295106/; classtype:trojan-activity;sid:84158206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.127.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295105/; classtype:trojan-activity;sid:84158205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.224.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295104/; classtype:trojan-activity;sid:84158204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.169.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295103/; classtype:trojan-activity;sid:84158203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.130.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295102/; classtype:trojan-activity;sid:84158202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.6.91.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295101/; classtype:trojan-activity;sid:84158201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.7.204.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295100/; classtype:trojan-activity;sid:84158200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.157.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295099/; classtype:trojan-activity;sid:84158199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.54.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295098/; classtype:trojan-activity;sid:84158198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.15.165"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295097/; classtype:trojan-activity;sid:84158197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botpilled/rbot"; depth:15; endswith; nocase; http.host; content:"31.56.7.159"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295096/; classtype:trojan-activity;sid:84158196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.44.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295095/; classtype:trojan-activity;sid:84158195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"154.213.187.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295094/; classtype:trojan-activity;sid:84158194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.70.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295093/; classtype:trojan-activity;sid:84158193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.php|3f|s=mints13"; depth:19; endswith; nocase; http.host; content:"rigzuvzi3bnz3.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295092/; classtype:trojan-activity;sid:84158192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.95.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295091/; classtype:trojan-activity;sid:84158191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.169.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295090/; classtype:trojan-activity;sid:84158190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.37.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295089/; classtype:trojan-activity;sid:84158189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.99.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295088/; classtype:trojan-activity;sid:84158188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.99.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295087/; classtype:trojan-activity;sid:84158187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.154.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295086/; classtype:trojan-activity;sid:84158186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.30.241.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295084/; classtype:trojan-activity;sid:84158184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.156.89.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295085/; classtype:trojan-activity;sid:84158185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.44.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295083/; classtype:trojan-activity;sid:84158183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.96.51"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295082/; classtype:trojan-activity;sid:84158182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.54.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295081/; classtype:trojan-activity;sid:84158181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.252.219.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295080/; classtype:trojan-activity;sid:84158180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295077/; classtype:trojan-activity;sid:84158177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"youxj.staff.plenarykcg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295078/; classtype:trojan-activity;sid:84158178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.206.159.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295079/; classtype:trojan-activity;sid:84158179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.208.100.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295076/; classtype:trojan-activity;sid:84158176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.117.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295075/; classtype:trojan-activity;sid:84158175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.153.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295074/; classtype:trojan-activity;sid:84158174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295073/; classtype:trojan-activity;sid:84158173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.154.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295072/; classtype:trojan-activity;sid:84158172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.246.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295071/; classtype:trojan-activity;sid:84158171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.252.219.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295070/; classtype:trojan-activity;sid:84158170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.137.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295069/; classtype:trojan-activity;sid:84158169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.163.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295068/; classtype:trojan-activity;sid:84158168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.141.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295067/; classtype:trojan-activity;sid:84158167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.241.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295066/; classtype:trojan-activity;sid:84158166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aieurghnb/mips"; depth:15; endswith; nocase; http.host; content:"154.216.18.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295065/; classtype:trojan-activity;sid:84158165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295064/; classtype:trojan-activity;sid:84158164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.217.188.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295061/; classtype:trojan-activity;sid:84158161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.218.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295062/; classtype:trojan-activity;sid:84158162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.6.200"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295063/; classtype:trojan-activity;sid:84158163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.65.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295060/; classtype:trojan-activity;sid:84158160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.89.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295059/; classtype:trojan-activity;sid:84158159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.171.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295058/; classtype:trojan-activity;sid:84158158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.9.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295057/; classtype:trojan-activity;sid:84158157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.139.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295055/; classtype:trojan-activity;sid:84158155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.134.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295056/; classtype:trojan-activity;sid:84158156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.109.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295053/; classtype:trojan-activity;sid:84158153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.137.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295054/; classtype:trojan-activity;sid:84158154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.67.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295052/; classtype:trojan-activity;sid:84158152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295051/; classtype:trojan-activity;sid:84158151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.164.178.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295050/; classtype:trojan-activity;sid:84158150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.9.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295049/; classtype:trojan-activity;sid:84158149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.237.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295048/; classtype:trojan-activity;sid:84158148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.109.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295047/; classtype:trojan-activity;sid:84158147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295046/; classtype:trojan-activity;sid:84158146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.15.11.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295045/; classtype:trojan-activity;sid:84158145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.237.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295044/; classtype:trojan-activity;sid:84158144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.3.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295043/; classtype:trojan-activity;sid:84158143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.115.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295042/; classtype:trojan-activity;sid:84158142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.98.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295041/; classtype:trojan-activity;sid:84158141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.27.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295039/; classtype:trojan-activity;sid:84158139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.139.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295040/; classtype:trojan-activity;sid:84158140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/lummac21.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295038/; classtype:trojan-activity;sid:84158138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.160.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295037/; classtype:trojan-activity;sid:84158137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"92.101.37.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295036/; classtype:trojan-activity;sid:84158136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.73.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295035/; classtype:trojan-activity;sid:84158135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.15.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295034/; classtype:trojan-activity;sid:84158134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295033/; classtype:trojan-activity;sid:84158133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.163.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295032/; classtype:trojan-activity;sid:84158132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.247.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295031/; classtype:trojan-activity;sid:84158131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"ready-bathroom-carter-membrane.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295030/; classtype:trojan-activity;sid:84158130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"ready-bathroom-carter-membrane.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295029/; classtype:trojan-activity;sid:84158129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.160.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295028/; classtype:trojan-activity;sid:84158128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.25.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295027/; classtype:trojan-activity;sid:84158127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.246.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295026/; classtype:trojan-activity;sid:84158126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.115.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295024/; classtype:trojan-activity;sid:84158124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.158.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295025/; classtype:trojan-activity;sid:84158125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295023/; classtype:trojan-activity;sid:84158123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295022/; classtype:trojan-activity;sid:84158122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.138.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295021/; classtype:trojan-activity;sid:84158121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295020/; classtype:trojan-activity;sid:84158120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.247.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295018/; classtype:trojan-activity;sid:84158118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.160.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295019/; classtype:trojan-activity;sid:84158119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.35.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295017/; classtype:trojan-activity;sid:84158117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295016/; classtype:trojan-activity;sid:84158116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.99.5.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295015/; classtype:trojan-activity;sid:84158115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.164.248.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295014/; classtype:trojan-activity;sid:84158114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.191.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295013/; classtype:trojan-activity;sid:84158113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.25.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295012/; classtype:trojan-activity;sid:84158112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/5q0yfui8952dbdk2bzxtk/rechnung-10923331-pdf.zip|3f|rlkey=cl9m35y963jw0ao7l41mmqmtd|7c|26|7c|st=jeg6hbwe|7c|26|7c|dl=0"; depth:125; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295011/; classtype:trojan-activity;sid:84158111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tat.vbs"; depth:8; endswith; nocase; http.host; content:"ni-olympic-forests-invoice.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295008/; classtype:trojan-activity;sid:84158108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voi.bat"; depth:8; endswith; nocase; http.host; content:"ni-olympic-forests-invoice.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295009/; classtype:trojan-activity;sid:84158109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/dkm-9067291.pdf.lnk"; depth:23; endswith; nocase; http.host; content:"ni-olympic-forests-invoice.trycloudflare.com"; depth:44; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295010/; classtype:trojan-activity;sid:84158110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.74.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295007/; classtype:trojan-activity;sid:84158107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.47.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295006/; classtype:trojan-activity;sid:84158106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.138.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295004/; classtype:trojan-activity;sid:84158104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.1.227.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295005/; classtype:trojan-activity;sid:84158105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.189.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295001/; classtype:trojan-activity;sid:84158101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.95.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295002/; classtype:trojan-activity;sid:84158102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.15.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295003/; classtype:trojan-activity;sid:84158103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.248.15.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294999/; classtype:trojan-activity;sid:84158099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295000/; classtype:trojan-activity;sid:84158100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.252.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294998/; classtype:trojan-activity;sid:84158098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomeset.zip"; depth:13; endswith; nocase; http.host; content:"pub-62d5cdf3fcfb4f1a97de07d140c6faa6.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294997/; classtype:trojan-activity;sid:84158097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.252.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294996/; classtype:trojan-activity;sid:84158096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.124.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294995/; classtype:trojan-activity;sid:84158095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.80.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294994/; classtype:trojan-activity;sid:84158094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.81.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294993/; classtype:trojan-activity;sid:84158093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.154.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294992/; classtype:trojan-activity;sid:84158092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.83.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294991/; classtype:trojan-activity;sid:84158091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.97.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294990/; classtype:trojan-activity;sid:84158090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.74.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294989/; classtype:trojan-activity;sid:84158089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.57.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294988/; classtype:trojan-activity;sid:84158088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.84.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294987/; classtype:trojan-activity;sid:84158087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.186.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294986/; classtype:trojan-activity;sid:84158086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.47.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294984/; classtype:trojan-activity;sid:84158084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.95.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294985/; classtype:trojan-activity;sid:84158085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.167.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294983/; classtype:trojan-activity;sid:84158083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294982/; classtype:trojan-activity;sid:84158082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.137.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294981/; classtype:trojan-activity;sid:84158081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.80.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294980/; classtype:trojan-activity;sid:84158080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.249.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294979/; classtype:trojan-activity;sid:84158079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294978/; classtype:trojan-activity;sid:84158078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.186.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294977/; classtype:trojan-activity;sid:84158077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294976/; classtype:trojan-activity;sid:84158076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adcha.zip"; depth:10; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294975/; classtype:trojan-activity;sid:84158075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fstp.zip"; depth:9; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294974/; classtype:trojan-activity;sid:84158074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wlcha.zip"; depth:10; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294973/; classtype:trojan-activity;sid:84158073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emes.bat"; depth:9; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294972/; classtype:trojan-activity;sid:84158072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/galeria.bat"; depth:12; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294971/; classtype:trojan-activity;sid:84158071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lietz/rechnung_966470_100_20240_pdf.lnk"; depth:40; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294969/; classtype:trojan-activity;sid:84158069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tardiff/inv.lnk"; depth:16; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294970/; classtype:trojan-activity;sid:84158070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attn.vbs"; depth:9; endswith; nocase; http.host; content:"german-multiple-reunion-foundation.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294968/; classtype:trojan-activity;sid:84158068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.210.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294967/; classtype:trojan-activity;sid:84158067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.101.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294966/; classtype:trojan-activity;sid:84158066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.167.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294964/; classtype:trojan-activity;sid:84158064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.84.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294965/; classtype:trojan-activity;sid:84158065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.24.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294963/; classtype:trojan-activity;sid:84158063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hghbhjknj.txt"; depth:14; endswith; nocase; http.host; content:"ump911.b-cdn.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294962/; classtype:trojan-activity;sid:84158062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.18.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294961/; classtype:trojan-activity;sid:84158061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.215.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294960/; classtype:trojan-activity;sid:84158060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294959/; classtype:trojan-activity;sid:84158059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294958/; classtype:trojan-activity;sid:84158058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.89.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294957/; classtype:trojan-activity;sid:84158057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294956/; classtype:trojan-activity;sid:84158056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.101.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294955/; classtype:trojan-activity;sid:84158055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.18.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294954/; classtype:trojan-activity;sid:84158054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.27.35.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294953/; classtype:trojan-activity;sid:84158053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.228.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294952/; classtype:trojan-activity;sid:84158052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.puscarie/.msq.tar"; depth:19; endswith; nocase; http.host; content:"66.63.187.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294950/; classtype:trojan-activity;sid:84158050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.puscarie/.msq.tar"; depth:19; endswith; nocase; http.host; content:"xkobeimparatu.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294951/; classtype:trojan-activity;sid:84158051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.24.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294949/; classtype:trojan-activity;sid:84158049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.245.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294948/; classtype:trojan-activity;sid:84158048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.18.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294947/; classtype:trojan-activity;sid:84158047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"45.125.66.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294946/; classtype:trojan-activity;sid:84158046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.36.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294945/; classtype:trojan-activity;sid:84158045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294944/; classtype:trojan-activity;sid:84158044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294942/; classtype:trojan-activity;sid:84158042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.228.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294943/; classtype:trojan-activity;sid:84158043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294941/; classtype:trojan-activity;sid:84158041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.76.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294940/; classtype:trojan-activity;sid:84158040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.144.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294939/; classtype:trojan-activity;sid:84158039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.25.224.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294938/; classtype:trojan-activity;sid:84158038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.132.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294937/; classtype:trojan-activity;sid:84158037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.91.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294936/; classtype:trojan-activity;sid:84158036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.77.68.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294935/; classtype:trojan-activity;sid:84158035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.123.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294934/; classtype:trojan-activity;sid:84158034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.226.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294933/; classtype:trojan-activity;sid:84158033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.130.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294932/; classtype:trojan-activity;sid:84158032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.236.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294931/; classtype:trojan-activity;sid:84158031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.31.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294930/; classtype:trojan-activity;sid:84158030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294929/; classtype:trojan-activity;sid:84158029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.144.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294928/; classtype:trojan-activity;sid:84158028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.232.241.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294927/; classtype:trojan-activity;sid:84158027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.195.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294926/; classtype:trojan-activity;sid:84158026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.205.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294925/; classtype:trojan-activity;sid:84158025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.164.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294924/; classtype:trojan-activity;sid:84158024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.123.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294923/; classtype:trojan-activity;sid:84158023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.141.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294922/; classtype:trojan-activity;sid:84158022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.0.180.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294921/; classtype:trojan-activity;sid:84158021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.78.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294920/; classtype:trojan-activity;sid:84158020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.247.184.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294919/; classtype:trojan-activity;sid:84158019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.255.202.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294918/; classtype:trojan-activity;sid:84158018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.245.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294917/; classtype:trojan-activity;sid:84158017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.141.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294916/; classtype:trojan-activity;sid:84158016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ledshow2.exe"; depth:13; endswith; nocase; http.host; content:"101.200.220.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294915/; classtype:trojan-activity;sid:84158015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ledshow.exe"; depth:12; endswith; nocase; http.host; content:"101.200.220.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294914/; classtype:trojan-activity;sid:84158014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ledshow1.exe"; depth:13; endswith; nocase; http.host; content:"101.200.220.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ledshowa.exe"; depth:13; endswith; nocase; http.host; content:"101.200.220.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294912/; classtype:trojan-activity;sid:84158012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.125.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294911/; classtype:trojan-activity;sid:84158011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.55.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294910/; classtype:trojan-activity;sid:84158010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.226.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294909/; classtype:trojan-activity;sid:84158009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.82.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294908/; classtype:trojan-activity;sid:84158008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.245.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294907/; classtype:trojan-activity;sid:84158007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.218.114.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294906/; classtype:trojan-activity;sid:84158006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.7.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294905/; classtype:trojan-activity;sid:84158005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.101.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294904/; classtype:trojan-activity;sid:84158004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.178.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294903/; classtype:trojan-activity;sid:84158003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.158.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294902/; classtype:trojan-activity;sid:84158002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.255.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294901/; classtype:trojan-activity;sid:84158001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.78.11.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294900/; classtype:trojan-activity;sid:84158000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.160.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294899/; classtype:trojan-activity;sid:84157999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.164.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294898/; classtype:trojan-activity;sid:84157998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.9.31"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294897/; classtype:trojan-activity;sid:84157997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.183.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294896/; classtype:trojan-activity;sid:84157996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.2.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294895/; classtype:trojan-activity;sid:84157995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.246.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294894/; classtype:trojan-activity;sid:84157994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.161.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294893/; classtype:trojan-activity;sid:84157993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.178.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294892/; classtype:trojan-activity;sid:84157992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.114.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294891/; classtype:trojan-activity;sid:84157991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294890/; classtype:trojan-activity;sid:84157990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.157.145.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294889/; classtype:trojan-activity;sid:84157989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.139.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294888/; classtype:trojan-activity;sid:84157988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/eky5rp2utq8tof1094oi2/oficio-391-notificaci-n-electr-nica-cendo-rama-radicado-153153135-000-6562.tar.uue.tar.001|3f|rlkey=dil8h7h6ffwlvt15lrrnurg70|7c|26|7c|st=z29gqnxh|7c|26|7c|dl=0"; depth:190; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294887/; classtype:trojan-activity;sid:84157987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/2o0u3qw8zexi62g35iq4n/2notificaci-n-electr-nica-esm-agradecemos-confirmar-recibido-anexamos-documentos-inmportantes.tar.uue.tar.001|3f|rlkey=6pq4a7hhf98h7xy28rkq9uqwe|7c|26|7c|st=a3pqgh99|7c|26|7c|dl=0"; depth:209; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294886/; classtype:trojan-activity;sid:84157986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/t92cp2l9m4nmvlc2bjhwt/3notificaci-n-electr-nica-cendo-rama-judicial-del-poder-p-blico-esm-confirmar-recibido.tar.cab.tar.001|3f|rlkey=1g9fmco6l3uodeos1eois744j|7c|26|7c|st=cxw7qif9|7c|26|7c|dl=0"; depth:202; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294885/; classtype:trojan-activity;sid:84157985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/259mxho3dnhaw3wxodo4d/3notificaci-n-electr-nica-judicial-auto-admisorio-demanda-laboral.tar.uue.tar.001|3f|rlkey=565r566vsgouhelnngcvb9gm0|7c|26|7c|st=pavbqg0o|7c|26|7c|dl=0"; depth:181; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294882/; classtype:trojan-activity;sid:84157982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/s0y5qg6l0vkd7m23drmqg/2notificaci-n-electr-nica-judicial-auto-admisorio-demanda-laboral.tar.uue.tar.001|3f|rlkey=tgkpr9bxgtbqhcfril01rtq4o|7c|26|7c|st=0wmyh1qy|7c|26|7c|dl=0"; depth:181; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294883/; classtype:trojan-activity;sid:84157983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/1b3qdpnqx1ho46tgb7h7u/2oficio-nro-192-notificaci-n-judicial-auto-admisorio-demanda-laboral-esm.tar.uue.tar.001|3f|rlkey=kv7tv4v03hjp1cwycaiagq3fh|7c|26|7c|st=lmaolu0a|7c|26|7c|dl=0"; depth:188; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294884/; classtype:trojan-activity;sid:84157984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/qdceo4hlwma3qipt1zb0x/4oficio-nro-192-notificaci-n-judicial-auto-admisorio-demanda-laboral-esm.tar.uue.tar.001|3f|rlkey=cyher2xyvds8baps52pr0i52q|7c|26|7c|st=az6vnzwy|7c|26|7c|dl=0"; depth:188; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294881/; classtype:trojan-activity;sid:84157981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/e7vtebfe2qdfbjt87nvhu/oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=54p6fzmx3c1eovd1btwzy0re4|7c|26|7c|st=npm5oi4l|7c|26|7c|dl=0"; depth:198; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294880/; classtype:trojan-activity;sid:84157980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/4qoef01jqan8sczprj79o/1oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=8px38d88qrq4ssw54132v5ke2|7c|26|7c|st=gg5nhz4s|7c|26|7c|dl=0"; depth:199; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294879/; classtype:trojan-activity;sid:84157979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.158.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294878/; classtype:trojan-activity;sid:84157978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.133.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294877/; classtype:trojan-activity;sid:84157977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.83.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294876/; classtype:trojan-activity;sid:84157976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.73.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294875/; classtype:trojan-activity;sid:84157975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.60.106.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294874/; classtype:trojan-activity;sid:84157974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.81.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294873/; classtype:trojan-activity;sid:84157973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.39.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294872/; classtype:trojan-activity;sid:84157972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.202.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294871/; classtype:trojan-activity;sid:84157971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294869/; classtype:trojan-activity;sid:84157969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.246.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294870/; classtype:trojan-activity;sid:84157970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.161.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294868/; classtype:trojan-activity;sid:84157968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.234.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294867/; classtype:trojan-activity;sid:84157967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.103.151.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294866/; classtype:trojan-activity;sid:84157966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.212.67.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294865/; classtype:trojan-activity;sid:84157965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.50.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294864/; classtype:trojan-activity;sid:84157964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.218.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294863/; classtype:trojan-activity;sid:84157963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.66.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294862/; classtype:trojan-activity;sid:84157962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294861/; classtype:trojan-activity;sid:84157961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.133.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294860/; classtype:trojan-activity;sid:84157960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.143.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294859/; classtype:trojan-activity;sid:84157959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.62.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294858/; classtype:trojan-activity;sid:84157958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.204.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294857/; classtype:trojan-activity;sid:84157957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.92.132.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294856/; classtype:trojan-activity;sid:84157956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294855/; classtype:trojan-activity;sid:84157955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.69.105.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294854/; classtype:trojan-activity;sid:84157954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.115.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294853/; classtype:trojan-activity;sid:84157953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.85.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294852/; classtype:trojan-activity;sid:84157952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.29.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294851/; classtype:trojan-activity;sid:84157951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.85.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294850/; classtype:trojan-activity;sid:84157950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294849/; classtype:trojan-activity;sid:84157949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.76.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294848/; classtype:trojan-activity;sid:84157948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.198.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294847/; classtype:trojan-activity;sid:84157947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.156.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294846/; classtype:trojan-activity;sid:84157946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.0.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294844/; classtype:trojan-activity;sid:84157944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.221.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294845/; classtype:trojan-activity;sid:84157945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294843/; classtype:trojan-activity;sid:84157943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.198.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294841/; classtype:trojan-activity;sid:84157941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.7.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294842/; classtype:trojan-activity;sid:84157942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.83.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294840/; classtype:trojan-activity;sid:84157940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.130.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294839/; classtype:trojan-activity;sid:84157939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.83.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294836/; classtype:trojan-activity;sid:84157936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.1.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294837/; classtype:trojan-activity;sid:84157937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12.exe"; depth:7; endswith; nocase; http.host; content:"106.53.181.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294838/; classtype:trojan-activity;sid:84157938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.188.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294835/; classtype:trojan-activity;sid:84157935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.22.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294833/; classtype:trojan-activity;sid:84157933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.92.132.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294834/; classtype:trojan-activity;sid:84157934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.15.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294832/; classtype:trojan-activity;sid:84157932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294831/; classtype:trojan-activity;sid:84157931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.148.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294830/; classtype:trojan-activity;sid:84157930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.141.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294829/; classtype:trojan-activity;sid:84157929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.124.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294828/; classtype:trojan-activity;sid:84157928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.139.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294827/; classtype:trojan-activity;sid:84157927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.11.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294826/; classtype:trojan-activity;sid:84157926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.83.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294825/; classtype:trojan-activity;sid:84157925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.199.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294824/; classtype:trojan-activity;sid:84157924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.234.160.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294823/; classtype:trojan-activity;sid:84157923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.130.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294822/; classtype:trojan-activity;sid:84157922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.22.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294821/; classtype:trojan-activity;sid:84157921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.15.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294820/; classtype:trojan-activity;sid:84157920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.170.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294819/; classtype:trojan-activity;sid:84157919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.exe"; depth:8; endswith; nocase; http.host; content:"165.227.173.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294817/; classtype:trojan-activity;sid:84157917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discovery2.exe"; depth:15; endswith; nocase; http.host; content:"165.227.173.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294818/; classtype:trojan-activity;sid:84157918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.98.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294815/; classtype:trojan-activity;sid:84157915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.112.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294816/; classtype:trojan-activity;sid:84157916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output.dll"; depth:11; endswith; nocase; http.host; content:"165.227.173.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294811/; classtype:trojan-activity;sid:84157911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output2.dll"; depth:12; endswith; nocase; http.host; content:"165.227.173.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294812/; classtype:trojan-activity;sid:84157912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output3.dll"; depth:12; endswith; nocase; http.host; content:"165.227.173.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294813/; classtype:trojan-activity;sid:84157913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output4.dll"; depth:12; endswith; nocase; http.host; content:"165.227.173.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294814/; classtype:trojan-activity;sid:84157914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.txt"; depth:8; endswith; nocase; http.host; content:"27.102.130.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294810/; classtype:trojan-activity;sid:84157910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/configureregistrysettings.ps1"; depth:30; endswith; nocase; http.host; content:"103.247.164.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.183.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294808/; classtype:trojan-activity;sid:84157908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6gbkj5.rar"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294807/; classtype:trojan-activity;sid:84157907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8139.ps1"; depth:9; endswith; nocase; http.host; content:"27.102.130.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294806/; classtype:trojan-activity;sid:84157906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.139.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294805/; classtype:trojan-activity;sid:84157905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.139.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294804/; classtype:trojan-activity;sid:84157904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.242.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294803/; classtype:trojan-activity;sid:84157903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.234.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294802/; classtype:trojan-activity;sid:84157902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.206.159.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294801/; classtype:trojan-activity;sid:84157901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.42.243.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294799/; classtype:trojan-activity;sid:84157899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.230.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294800/; classtype:trojan-activity;sid:84157900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.50.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294798/; classtype:trojan-activity;sid:84157898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294797/; classtype:trojan-activity;sid:84157897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.254.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294796/; classtype:trojan-activity;sid:84157896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.98.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294795/; classtype:trojan-activity;sid:84157895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.226.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294794/; classtype:trojan-activity;sid:84157894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.64.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294793/; classtype:trojan-activity;sid:84157893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.133.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294792/; classtype:trojan-activity;sid:84157892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.195.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294791/; classtype:trojan-activity;sid:84157891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.139.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294790/; classtype:trojan-activity;sid:84157890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.31.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294789/; classtype:trojan-activity;sid:84157889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.170.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294788/; classtype:trojan-activity;sid:84157888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.176.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294787/; classtype:trojan-activity;sid:84157887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.11.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294786/; classtype:trojan-activity;sid:84157886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.39.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294785/; classtype:trojan-activity;sid:84157885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.225.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294783/; classtype:trojan-activity;sid:84157883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.215.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294784/; classtype:trojan-activity;sid:84157884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.34.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294782/; classtype:trojan-activity;sid:84157882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.1.100"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294781/; classtype:trojan-activity;sid:84157881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.42.44.94"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294780/; classtype:trojan-activity;sid:84157880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.122.255.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294778/; classtype:trojan-activity;sid:84157878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.88.147.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294779/; classtype:trojan-activity;sid:84157879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.122.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294776/; classtype:trojan-activity;sid:84157876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.235.175.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294777/; classtype:trojan-activity;sid:84157877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.215.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294775/; classtype:trojan-activity;sid:84157875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.242.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294774/; classtype:trojan-activity;sid:84157874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.227.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294773/; classtype:trojan-activity;sid:84157873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.11.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294772/; classtype:trojan-activity;sid:84157872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.4.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294771/; classtype:trojan-activity;sid:84157871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.34.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294770/; classtype:trojan-activity;sid:84157870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294769/; classtype:trojan-activity;sid:84157869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.225.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294768/; classtype:trojan-activity;sid:84157868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/16fukrun.zip|3f|ref_type=heads|7c|26|7c|inline=false"; depth:81; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294767/; classtype:trojan-activity;sid:84157867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/17fukrun.zip|3f|ref_type=heads|7c|26|7c|inline=false"; depth:81; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294765/; classtype:trojan-activity;sid:84157865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/18fukrun.zip"; depth:41; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294764/; classtype:trojan-activity;sid:84157864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/update3.bat"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294762/; classtype:trojan-activity;sid:84157862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/17_advertising_campaign_and_collaboration.docx"; depth:75; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294763/; classtype:trojan-activity;sid:84157863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/18cut04.bat"; depth:40; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294753/; classtype:trojan-activity;sid:84157853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/bose18mkt.bat"; depth:42; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294754/; classtype:trojan-activity;sid:84157854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/hnbose1711.bat"; depth:43; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294755/; classtype:trojan-activity;sid:84157855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/scut18bo03.bat"; depth:43; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294756/; classtype:trojan-activity;sid:84157856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/bose2scut18.bat"; depth:44; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294757/; classtype:trojan-activity;sid:84157857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/update2.bat"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294758/; classtype:trojan-activity;sid:84157858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bose1511/mkt1511/-/raw/main/bose1511mkt.bat"; depth:44; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294759/; classtype:trojan-activity;sid:84157859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/document88.zip"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294760/; classtype:trojan-activity;sid:84157860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/document83.zip"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294761/; classtype:trojan-activity;sid:84157861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.1.100"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294752/; classtype:trojan-activity;sid:84157852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.78.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294751/; classtype:trojan-activity;sid:84157851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.174.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294750/; classtype:trojan-activity;sid:84157850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.249.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294748/; classtype:trojan-activity;sid:84157848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.33.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294749/; classtype:trojan-activity;sid:84157849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.176.101.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294747/; classtype:trojan-activity;sid:84157847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294746/; classtype:trojan-activity;sid:84157846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294745/; classtype:trojan-activity;sid:84157845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.79.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294744/; classtype:trojan-activity;sid:84157844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.3.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294743/; classtype:trojan-activity;sid:84157843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.188.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294742/; classtype:trojan-activity;sid:84157842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.68.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294741/; classtype:trojan-activity;sid:84157841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294740/; classtype:trojan-activity;sid:84157840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.109.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294739/; classtype:trojan-activity;sid:84157839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.78.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294738/; classtype:trojan-activity;sid:84157838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294737/; classtype:trojan-activity;sid:84157837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.203.68.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294736/; classtype:trojan-activity;sid:84157836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.33.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294735/; classtype:trojan-activity;sid:84157835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.68.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294734/; classtype:trojan-activity;sid:84157834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"162.191.13.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294733/; classtype:trojan-activity;sid:84157833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.94.77.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294732/; classtype:trojan-activity;sid:84157832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294731/; classtype:trojan-activity;sid:84157831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.249.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294730/; classtype:trojan-activity;sid:84157830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.175.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294729/; classtype:trojan-activity;sid:84157829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294728/; classtype:trojan-activity;sid:84157828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.114.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294726/; classtype:trojan-activity;sid:84157826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data-package/a2vhdpja/download"; depth:31; endswith; nocase; http.host; content:"filetransfer.io"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294727/; classtype:trojan-activity;sid:84157827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294725/; classtype:trojan-activity;sid:84157825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/link/process/solpen.zip"; depth:24; endswith; nocase; http.host; content:"storageinstance.oss-ap-southeast-1.aliyuncs.com"; depth:47; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294723/; classtype:trojan-activity;sid:84157823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/link/process/pennicle.txt"; depth:26; endswith; nocase; http.host; content:"storageinstance.oss-ap-southeast-1.aliyuncs.com"; depth:47; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294724/; classtype:trojan-activity;sid:84157824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.79.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294722/; classtype:trojan-activity;sid:84157822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.134.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294721/; classtype:trojan-activity;sid:84157821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.154.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294720/; classtype:trojan-activity;sid:84157820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294719/; classtype:trojan-activity;sid:84157819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.45.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294718/; classtype:trojan-activity;sid:84157818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.163.81.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294717/; classtype:trojan-activity;sid:84157817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.57.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294716/; classtype:trojan-activity;sid:84157816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294715/; classtype:trojan-activity;sid:84157815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.178.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294713/; classtype:trojan-activity;sid:84157813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.196.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294714/; classtype:trojan-activity;sid:84157814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.99.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294712/; classtype:trojan-activity;sid:84157812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.136.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294711/; classtype:trojan-activity;sid:84157811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.81.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294710/; classtype:trojan-activity;sid:84157810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294709/; classtype:trojan-activity;sid:84157809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.6.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294708/; classtype:trojan-activity;sid:84157808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294707/; classtype:trojan-activity;sid:84157807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294706/; classtype:trojan-activity;sid:84157806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.24.171"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294704/; classtype:trojan-activity;sid:84157804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294705/; classtype:trojan-activity;sid:84157805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294703/; classtype:trojan-activity;sid:84157803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294702/; classtype:trojan-activity;sid:84157802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.158.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294701/; classtype:trojan-activity;sid:84157801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.154.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294700/; classtype:trojan-activity;sid:84157800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.185.157.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294699/; classtype:trojan-activity;sid:84157799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294698/; classtype:trojan-activity;sid:84157798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.110.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294697/; classtype:trojan-activity;sid:84157797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.255.133.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294696/; classtype:trojan-activity;sid:84157796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.28.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294695/; classtype:trojan-activity;sid:84157795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.6.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294694/; classtype:trojan-activity;sid:84157794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.52.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294693/; classtype:trojan-activity;sid:84157793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.36.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294692/; classtype:trojan-activity;sid:84157792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294691/; classtype:trojan-activity;sid:84157791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294690/; classtype:trojan-activity;sid:84157790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.111.117.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294689/; classtype:trojan-activity;sid:84157789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.65.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294688/; classtype:trojan-activity;sid:84157788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294687/; classtype:trojan-activity;sid:84157787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.60.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294686/; classtype:trojan-activity;sid:84157786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.173.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294685/; classtype:trojan-activity;sid:84157785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294684/; classtype:trojan-activity;sid:84157784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.110.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294683/; classtype:trojan-activity;sid:84157783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.7.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294682/; classtype:trojan-activity;sid:84157782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294681/; classtype:trojan-activity;sid:84157781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.188.16.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294680/; classtype:trojan-activity;sid:84157780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294679/; classtype:trojan-activity;sid:84157779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294678/; classtype:trojan-activity;sid:84157778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.36.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294677/; classtype:trojan-activity;sid:84157777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.234.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294675/; classtype:trojan-activity;sid:84157775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.120.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294676/; classtype:trojan-activity;sid:84157776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294674/; classtype:trojan-activity;sid:84157774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294673/; classtype:trojan-activity;sid:84157773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.109.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294672/; classtype:trojan-activity;sid:84157772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.244.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294671/; classtype:trojan-activity;sid:84157771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.188.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294670/; classtype:trojan-activity;sid:84157770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294669/; classtype:trojan-activity;sid:84157769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.107.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294668/; classtype:trojan-activity;sid:84157768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.172.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294667/; classtype:trojan-activity;sid:84157767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.191.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294666/; classtype:trojan-activity;sid:84157766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.247.143.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294665/; classtype:trojan-activity;sid:84157765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.16.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294664/; classtype:trojan-activity;sid:84157764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.66.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294663/; classtype:trojan-activity;sid:84157763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.10.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294662/; classtype:trojan-activity;sid:84157762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.59.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294661/; classtype:trojan-activity;sid:84157761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.250.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294660/; classtype:trojan-activity;sid:84157760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.213.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294659/; classtype:trojan-activity;sid:84157759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.90.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294658/; classtype:trojan-activity;sid:84157758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.124.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294657/; classtype:trojan-activity;sid:84157757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"77.247.88.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294656/; classtype:trojan-activity;sid:84157756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.156.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294655/; classtype:trojan-activity;sid:84157755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.109.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294654/; classtype:trojan-activity;sid:84157754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.39.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294653/; classtype:trojan-activity;sid:84157753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.244.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294652/; classtype:trojan-activity;sid:84157752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.20.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294651/; classtype:trojan-activity;sid:84157751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294650/; classtype:trojan-activity;sid:84157750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294649/; classtype:trojan-activity;sid:84157749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.198.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294647/; classtype:trojan-activity;sid:84157747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.16.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294648/; classtype:trojan-activity;sid:84157748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.92.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294646/; classtype:trojan-activity;sid:84157746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.55.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294645/; classtype:trojan-activity;sid:84157745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.64.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294644/; classtype:trojan-activity;sid:84157744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.90.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294643/; classtype:trojan-activity;sid:84157743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.183.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294642/; classtype:trojan-activity;sid:84157742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.118.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294641/; classtype:trojan-activity;sid:84157741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.59.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294640/; classtype:trojan-activity;sid:84157740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.124.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294639/; classtype:trojan-activity;sid:84157739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.216.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294637/; classtype:trojan-activity;sid:84157737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294638/; classtype:trojan-activity;sid:84157738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.78.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294636/; classtype:trojan-activity;sid:84157736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294635/; classtype:trojan-activity;sid:84157735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.108.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294634/; classtype:trojan-activity;sid:84157734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.138.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294633/; classtype:trojan-activity;sid:84157733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.8.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294631/; classtype:trojan-activity;sid:84157731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.176.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294632/; classtype:trojan-activity;sid:84157732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.216.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294630/; classtype:trojan-activity;sid:84157730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.224.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294629/; classtype:trojan-activity;sid:84157729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.109.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294628/; classtype:trojan-activity;sid:84157728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.170.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294627/; classtype:trojan-activity;sid:84157727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.140.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294626/; classtype:trojan-activity;sid:84157726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.11.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294625/; classtype:trojan-activity;sid:84157725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.92.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294624/; classtype:trojan-activity;sid:84157724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.251.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294623/; classtype:trojan-activity;sid:84157723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.118.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294622/; classtype:trojan-activity;sid:84157722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294621/; classtype:trojan-activity;sid:84157721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.227.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294620/; classtype:trojan-activity;sid:84157720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.9.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294618/; classtype:trojan-activity;sid:84157718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.78.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294617/; classtype:trojan-activity;sid:84157717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.140.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294616/; classtype:trojan-activity;sid:84157716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.251.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294615/; classtype:trojan-activity;sid:84157715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.251.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294614/; classtype:trojan-activity;sid:84157714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.218.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294613/; classtype:trojan-activity;sid:84157713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.191.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294612/; classtype:trojan-activity;sid:84157712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.208.191.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294611/; classtype:trojan-activity;sid:84157711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.71.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294610/; classtype:trojan-activity;sid:84157710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.128.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294609/; classtype:trojan-activity;sid:84157709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294608/; classtype:trojan-activity;sid:84157708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294607/; classtype:trojan-activity;sid:84157707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294606/; classtype:trojan-activity;sid:84157706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.9.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294605/; classtype:trojan-activity;sid:84157705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294604/; classtype:trojan-activity;sid:84157704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.109.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294603/; classtype:trojan-activity;sid:84157703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.110.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294602/; classtype:trojan-activity;sid:84157702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.187.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294601/; classtype:trojan-activity;sid:84157701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294600/; classtype:trojan-activity;sid:84157700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.161.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294599/; classtype:trojan-activity;sid:84157699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.218.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294598/; classtype:trojan-activity;sid:84157698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.83.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294597/; classtype:trojan-activity;sid:84157697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.140.194.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294596/; classtype:trojan-activity;sid:84157696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.237.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294595/; classtype:trojan-activity;sid:84157695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.198.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294593/; classtype:trojan-activity;sid:84157693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.232.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294594/; classtype:trojan-activity;sid:84157694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.26.81.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294592/; classtype:trojan-activity;sid:84157692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294591/; classtype:trojan-activity;sid:84157691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.22.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294590/; classtype:trojan-activity;sid:84157690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.189.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294589/; classtype:trojan-activity;sid:84157689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294586/; classtype:trojan-activity;sid:84157686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.187.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294587/; classtype:trojan-activity;sid:84157687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294588/; classtype:trojan-activity;sid:84157688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294585/; classtype:trojan-activity;sid:84157685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294584/; classtype:trojan-activity;sid:84157684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.128.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294583/; classtype:trojan-activity;sid:84157683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.182.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294582/; classtype:trojan-activity;sid:84157682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.96.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294581/; classtype:trojan-activity;sid:84157681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.211.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294579/; classtype:trojan-activity;sid:84157679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.189.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294580/; classtype:trojan-activity;sid:84157680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.199.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294578/; classtype:trojan-activity;sid:84157678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.103.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294577/; classtype:trojan-activity;sid:84157677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.96.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294576/; classtype:trojan-activity;sid:84157676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.50.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294575/; classtype:trojan-activity;sid:84157675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.186.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294574/; classtype:trojan-activity;sid:84157674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.74.13.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294572/; classtype:trojan-activity;sid:84157672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.166.210.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294573/; classtype:trojan-activity;sid:84157673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.157.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294571/; classtype:trojan-activity;sid:84157671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.28.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294570/; classtype:trojan-activity;sid:84157670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.82.226.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294569/; classtype:trojan-activity;sid:84157669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.128.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294568/; classtype:trojan-activity;sid:84157668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.109.147.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294567/; classtype:trojan-activity;sid:84157667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294566/; classtype:trojan-activity;sid:84157666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.176.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294565/; classtype:trojan-activity;sid:84157665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"mbw.events.socalpocis.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294564/; classtype:trojan-activity;sid:84157664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294562/; classtype:trojan-activity;sid:84157662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.182.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294563/; classtype:trojan-activity;sid:84157663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.161.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294561/; classtype:trojan-activity;sid:84157661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.141.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294560/; classtype:trojan-activity;sid:84157660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.109.147.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294559/; classtype:trojan-activity;sid:84157659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.164.178.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294558/; classtype:trojan-activity;sid:84157658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.186.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294557/; classtype:trojan-activity;sid:84157657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.10.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294556/; classtype:trojan-activity;sid:84157656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.87.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294555/; classtype:trojan-activity;sid:84157655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.50.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294554/; classtype:trojan-activity;sid:84157654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294553/; classtype:trojan-activity;sid:84157653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.232.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294552/; classtype:trojan-activity;sid:84157652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.254.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294551/; classtype:trojan-activity;sid:84157651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.149.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294550/; classtype:trojan-activity;sid:84157650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.2.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294549/; classtype:trojan-activity;sid:84157649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.92.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294548/; classtype:trojan-activity;sid:84157648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.18.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294547/; classtype:trojan-activity;sid:84157647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.123.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294546/; classtype:trojan-activity;sid:84157646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.161.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294545/; classtype:trojan-activity;sid:84157645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.228.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294544/; classtype:trojan-activity;sid:84157644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.211.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294543/; classtype:trojan-activity;sid:84157643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294542/; classtype:trojan-activity;sid:84157642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294541/; classtype:trojan-activity;sid:84157641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.213.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294540/; classtype:trojan-activity;sid:84157640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.92.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294539/; classtype:trojan-activity;sid:84157639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.89.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294538/; classtype:trojan-activity;sid:84157638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.125.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294537/; classtype:trojan-activity;sid:84157637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.231.165.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294536/; classtype:trojan-activity;sid:84157636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.192.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294535/; classtype:trojan-activity;sid:84157635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.99.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294534/; classtype:trojan-activity;sid:84157634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294533/; classtype:trojan-activity;sid:84157633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.20.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294532/; classtype:trojan-activity;sid:84157632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294529/; classtype:trojan-activity;sid:84157629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294530/; classtype:trojan-activity;sid:84157630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.200.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294531/; classtype:trojan-activity;sid:84157631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.18.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294528/; classtype:trojan-activity;sid:84157628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.243.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294527/; classtype:trojan-activity;sid:84157627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.35.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294525/; classtype:trojan-activity;sid:84157625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"208.168.244.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294526/; classtype:trojan-activity;sid:84157626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.103.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294524/; classtype:trojan-activity;sid:84157624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.141.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294523/; classtype:trojan-activity;sid:84157623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.213.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294522/; classtype:trojan-activity;sid:84157622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294521/; classtype:trojan-activity;sid:84157621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.83.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294520/; classtype:trojan-activity;sid:84157620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.89.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294519/; classtype:trojan-activity;sid:84157619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.76.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294518/; classtype:trojan-activity;sid:84157618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.160.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294517/; classtype:trojan-activity;sid:84157617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.244.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294516/; classtype:trojan-activity;sid:84157616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.147.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294515/; classtype:trojan-activity;sid:84157615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.140.194.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294514/; classtype:trojan-activity;sid:84157614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.76.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294513/; classtype:trojan-activity;sid:84157613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.76.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294512/; classtype:trojan-activity;sid:84157612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294511/; classtype:trojan-activity;sid:84157611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294510/; classtype:trojan-activity;sid:84157610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.103.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294509/; classtype:trojan-activity;sid:84157609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.0.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294507/; classtype:trojan-activity;sid:84157607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.134.171.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294508/; classtype:trojan-activity;sid:84157608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.245.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294506/; classtype:trojan-activity;sid:84157606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.149.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294505/; classtype:trojan-activity;sid:84157605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294504/; classtype:trojan-activity;sid:84157604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.196.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294503/; classtype:trojan-activity;sid:84157603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.99.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294502/; classtype:trojan-activity;sid:84157602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294501/; classtype:trojan-activity;sid:84157601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.37.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294500/; classtype:trojan-activity;sid:84157600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.62.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294499/; classtype:trojan-activity;sid:84157599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.244.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294498/; classtype:trojan-activity;sid:84157598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.39.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294497/; classtype:trojan-activity;sid:84157597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.173.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294496/; classtype:trojan-activity;sid:84157596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294495/; classtype:trojan-activity;sid:84157595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.193.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294494/; classtype:trojan-activity;sid:84157594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.157.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294493/; classtype:trojan-activity;sid:84157593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.157.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294492/; classtype:trojan-activity;sid:84157592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.141.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294491/; classtype:trojan-activity;sid:84157591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.236.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294490/; classtype:trojan-activity;sid:84157590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.29.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294489/; classtype:trojan-activity;sid:84157589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294488/; classtype:trojan-activity;sid:84157588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294487/; classtype:trojan-activity;sid:84157587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.73.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294486/; classtype:trojan-activity;sid:84157586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.40.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294485/; classtype:trojan-activity;sid:84157585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.180.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294484/; classtype:trojan-activity;sid:84157584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.234.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294483/; classtype:trojan-activity;sid:84157583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.114.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294482/; classtype:trojan-activity;sid:84157582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.243.225.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294481/; classtype:trojan-activity;sid:84157581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"cms.events.socalpocis.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294479/; classtype:trojan-activity;sid:84157579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewprofile"; depth:12; endswith; nocase; http.host; content:"8cdf8.language.sebtomato.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294480/; classtype:trojan-activity;sid:84157580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.154.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294478/; classtype:trojan-activity;sid:84157578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.94.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294477/; classtype:trojan-activity;sid:84157577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.101.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294476/; classtype:trojan-activity;sid:84157576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.196.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294475/; classtype:trojan-activity;sid:84157575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294474/; classtype:trojan-activity;sid:84157574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.94.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294473/; classtype:trojan-activity;sid:84157573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.101.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294472/; classtype:trojan-activity;sid:84157572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.56.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294471/; classtype:trojan-activity;sid:84157571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.207.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294470/; classtype:trojan-activity;sid:84157570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.111.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294469/; classtype:trojan-activity;sid:84157569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294468/; classtype:trojan-activity;sid:84157568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.76.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294467/; classtype:trojan-activity;sid:84157567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.54.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294466/; classtype:trojan-activity;sid:84157566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.40.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294465/; classtype:trojan-activity;sid:84157565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.228.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294464/; classtype:trojan-activity;sid:84157564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.201.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294463/; classtype:trojan-activity;sid:84157563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.114.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294462/; classtype:trojan-activity;sid:84157562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.105.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294461/; classtype:trojan-activity;sid:84157561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.16.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294460/; classtype:trojan-activity;sid:84157560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.186.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294459/; classtype:trojan-activity;sid:84157559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.27.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294458/; classtype:trojan-activity;sid:84157558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294457/; classtype:trojan-activity;sid:84157557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.169.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294456/; classtype:trojan-activity;sid:84157556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.180.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294455/; classtype:trojan-activity;sid:84157555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.15.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294454/; classtype:trojan-activity;sid:84157554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.207.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294453/; classtype:trojan-activity;sid:84157553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294452/; classtype:trojan-activity;sid:84157552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.243.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294451/; classtype:trojan-activity;sid:84157551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.56.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294450/; classtype:trojan-activity;sid:84157550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294449/; classtype:trojan-activity;sid:84157549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.198.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294448/; classtype:trojan-activity;sid:84157548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.16.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294447/; classtype:trojan-activity;sid:84157547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.27.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294446/; classtype:trojan-activity;sid:84157546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.38.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294445/; classtype:trojan-activity;sid:84157545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.49.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294444/; classtype:trojan-activity;sid:84157544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.58.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294441/; classtype:trojan-activity;sid:84157541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.246.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294442/; classtype:trojan-activity;sid:84157542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294443/; classtype:trojan-activity;sid:84157543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.161.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294440/; classtype:trojan-activity;sid:84157540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.75.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294439/; classtype:trojan-activity;sid:84157539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.186.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294438/; classtype:trojan-activity;sid:84157538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.228.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294437/; classtype:trojan-activity;sid:84157537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.46.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294436/; classtype:trojan-activity;sid:84157536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.164.207.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294435/; classtype:trojan-activity;sid:84157535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.169.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294434/; classtype:trojan-activity;sid:84157534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.41.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294433/; classtype:trojan-activity;sid:84157533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.227.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294432/; classtype:trojan-activity;sid:84157532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.156.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294430/; classtype:trojan-activity;sid:84157530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294431/; classtype:trojan-activity;sid:84157531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.105.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294429/; classtype:trojan-activity;sid:84157529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.148.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294428/; classtype:trojan-activity;sid:84157528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.179.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294427/; classtype:trojan-activity;sid:84157527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.125.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294426/; classtype:trojan-activity;sid:84157526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.95.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294425/; classtype:trojan-activity;sid:84157525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.180.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294424/; classtype:trojan-activity;sid:84157524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.44.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294423/; classtype:trojan-activity;sid:84157523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.104.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294422/; classtype:trojan-activity;sid:84157522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.201.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294421/; classtype:trojan-activity;sid:84157521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.95.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294420/; classtype:trojan-activity;sid:84157520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.201.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294419/; classtype:trojan-activity;sid:84157519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.224.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294418/; classtype:trojan-activity;sid:84157518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.228.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294416/; classtype:trojan-activity;sid:84157516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.196.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294417/; classtype:trojan-activity;sid:84157517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294415/; classtype:trojan-activity;sid:84157515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.112.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294414/; classtype:trojan-activity;sid:84157514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.46.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294413/; classtype:trojan-activity;sid:84157513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.203.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294412/; classtype:trojan-activity;sid:84157512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.94.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294411/; classtype:trojan-activity;sid:84157511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.41.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294410/; classtype:trojan-activity;sid:84157510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.199.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294409/; classtype:trojan-activity;sid:84157509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.197.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294408/; classtype:trojan-activity;sid:84157508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294407/; classtype:trojan-activity;sid:84157507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.242.235.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294406/; classtype:trojan-activity;sid:84157506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.201.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294405/; classtype:trojan-activity;sid:84157505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.199.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294404/; classtype:trojan-activity;sid:84157504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.143.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294402/; classtype:trojan-activity;sid:84157502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.243.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294403/; classtype:trojan-activity;sid:84157503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.164.207.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294401/; classtype:trojan-activity;sid:84157501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.95.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294400/; classtype:trojan-activity;sid:84157500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.123.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294398/; classtype:trojan-activity;sid:84157498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.41.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294399/; classtype:trojan-activity;sid:84157499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294386/; classtype:trojan-activity;sid:84157486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294387/; classtype:trojan-activity;sid:84157487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294388/; classtype:trojan-activity;sid:84157488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294389/; classtype:trojan-activity;sid:84157489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294390/; classtype:trojan-activity;sid:84157490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294391/; classtype:trojan-activity;sid:84157491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294392/; classtype:trojan-activity;sid:84157492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294393/; classtype:trojan-activity;sid:84157493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294394/; classtype:trojan-activity;sid:84157494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294395/; classtype:trojan-activity;sid:84157495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"161.97.175.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294396/; classtype:trojan-activity;sid:84157496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294397/; classtype:trojan-activity;sid:84157497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.60.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294385/; classtype:trojan-activity;sid:84157485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.77.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294384/; classtype:trojan-activity;sid:84157484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.233.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294383/; classtype:trojan-activity;sid:84157483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"152.252.61.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294382/; classtype:trojan-activity;sid:84157482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.151.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294381/; classtype:trojan-activity;sid:84157481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.152.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294380/; classtype:trojan-activity;sid:84157480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.170.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294379/; classtype:trojan-activity;sid:84157479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.100.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294378/; classtype:trojan-activity;sid:84157478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294377/; classtype:trojan-activity;sid:84157477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.253.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294376/; classtype:trojan-activity;sid:84157476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.67.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294375/; classtype:trojan-activity;sid:84157475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294374/; classtype:trojan-activity;sid:84157474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.60.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294373/; classtype:trojan-activity;sid:84157473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.243.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294372/; classtype:trojan-activity;sid:84157472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"152.252.61.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294371/; classtype:trojan-activity;sid:84157471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.77.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294370/; classtype:trojan-activity;sid:84157470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.161.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294355/; classtype:trojan-activity;sid:84157455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.41.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294354/; classtype:trojan-activity;sid:84157454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.151.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294353/; classtype:trojan-activity;sid:84157453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294352/; classtype:trojan-activity;sid:84157452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.233.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294351/; classtype:trojan-activity;sid:84157451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294350/; classtype:trojan-activity;sid:84157450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.241.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294349/; classtype:trojan-activity;sid:84157449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.152.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294348/; classtype:trojan-activity;sid:84157448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.255.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294347/; classtype:trojan-activity;sid:84157447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294346/; classtype:trojan-activity;sid:84157446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294345/; classtype:trojan-activity;sid:84157445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.62.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294344/; classtype:trojan-activity;sid:84157444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.35.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294343/; classtype:trojan-activity;sid:84157443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294342/; classtype:trojan-activity;sid:84157442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.214.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294341/; classtype:trojan-activity;sid:84157441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.178.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294340/; classtype:trojan-activity;sid:84157440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294339/; classtype:trojan-activity;sid:84157439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.174.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294338/; classtype:trojan-activity;sid:84157438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294337/; classtype:trojan-activity;sid:84157437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm"; depth:14; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294336/; classtype:trojan-activity;sid:84157436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.sh4"; depth:14; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294323/; classtype:trojan-activity;sid:84157423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i586"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294324/; classtype:trojan-activity;sid:84157424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.spc"; depth:14; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294325/; classtype:trojan-activity;sid:84157425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.x86"; depth:14; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294326/; classtype:trojan-activity;sid:84157426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm5"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294327/; classtype:trojan-activity;sid:84157427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.m68k"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294328/; classtype:trojan-activity;sid:84157428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc"; depth:14; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294329/; classtype:trojan-activity;sid:84157429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mpsl"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294330/; classtype:trojan-activity;sid:84157430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i686"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294331/; classtype:trojan-activity;sid:84157431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc440"; depth:17; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294332/; classtype:trojan-activity;sid:84157432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm6"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294333/; classtype:trojan-activity;sid:84157433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm7"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294334/; classtype:trojan-activity;sid:84157434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mips"; depth:15; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294335/; classtype:trojan-activity;sid:84157435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm7"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294322/; classtype:trojan-activity;sid:84157422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm"; depth:14; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294308/; classtype:trojan-activity;sid:84157408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.spc"; depth:14; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294309/; classtype:trojan-activity;sid:84157409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i686"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294310/; classtype:trojan-activity;sid:84157410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc"; depth:14; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294311/; classtype:trojan-activity;sid:84157411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.m68k"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294312/; classtype:trojan-activity;sid:84157412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i586"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294313/; classtype:trojan-activity;sid:84157413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc440"; depth:17; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294314/; classtype:trojan-activity;sid:84157414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm5"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294315/; classtype:trojan-activity;sid:84157415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mips"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294316/; classtype:trojan-activity;sid:84157416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mpsl"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294317/; classtype:trojan-activity;sid:84157417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm6"; depth:15; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294318/; classtype:trojan-activity;sid:84157418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.sh4"; depth:14; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294319/; classtype:trojan-activity;sid:84157419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294320/; classtype:trojan-activity;sid:84157420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.x86"; depth:14; endswith; nocase; http.host; content:"502.hanzstore.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294321/; classtype:trojan-activity;sid:84157421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.129.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294307/; classtype:trojan-activity;sid:84157407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.26.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294306/; classtype:trojan-activity;sid:84157406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"bot.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294305/; classtype:trojan-activity;sid:84157405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294304/; classtype:trojan-activity;sid:84157404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294303/; classtype:trojan-activity;sid:84157403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.161.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294302/; classtype:trojan-activity;sid:84157402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.spc"; depth:14; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294301/; classtype:trojan-activity;sid:84157401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc440"; depth:17; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294298/; classtype:trojan-activity;sid:84157398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm6"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294299/; classtype:trojan-activity;sid:84157399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm"; depth:14; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294300/; classtype:trojan-activity;sid:84157400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.m68k"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294287/; classtype:trojan-activity;sid:84157387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.x86"; depth:14; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294288/; classtype:trojan-activity;sid:84157388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294289/; classtype:trojan-activity;sid:84157389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i686"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294290/; classtype:trojan-activity;sid:84157390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mpsl"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294291/; classtype:trojan-activity;sid:84157391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm5"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294292/; classtype:trojan-activity;sid:84157392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm7"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294293/; classtype:trojan-activity;sid:84157393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mips"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294294/; classtype:trojan-activity;sid:84157394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i586"; depth:15; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294295/; classtype:trojan-activity;sid:84157395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.sh4"; depth:14; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294296/; classtype:trojan-activity;sid:84157396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc"; depth:14; endswith; nocase; http.host; content:"gay.minehard.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294297/; classtype:trojan-activity;sid:84157397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc"; depth:14; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294281/; classtype:trojan-activity;sid:84157381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.m68k"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294282/; classtype:trojan-activity;sid:84157382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i686"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294283/; classtype:trojan-activity;sid:84157383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm7"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294284/; classtype:trojan-activity;sid:84157384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mpsl"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294285/; classtype:trojan-activity;sid:84157385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm6"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294286/; classtype:trojan-activity;sid:84157386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc440"; depth:17; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294270/; classtype:trojan-activity;sid:84157370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm5"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294271/; classtype:trojan-activity;sid:84157371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm7"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294272/; classtype:trojan-activity;sid:84157372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mips"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294273/; classtype:trojan-activity;sid:84157373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm"; depth:14; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294274/; classtype:trojan-activity;sid:84157374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i586"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294275/; classtype:trojan-activity;sid:84157375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.spc"; depth:14; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294276/; classtype:trojan-activity;sid:84157376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.x86"; depth:14; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294277/; classtype:trojan-activity;sid:84157377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.sh4"; depth:14; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294278/; classtype:trojan-activity;sid:84157378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm5"; depth:15; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294279/; classtype:trojan-activity;sid:84157379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc440"; depth:17; endswith; nocase; http.host; content:"toibinghiensegay.minehard.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294280/; classtype:trojan-activity;sid:84157380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294266/; classtype:trojan-activity;sid:84157366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.239.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294267/; classtype:trojan-activity;sid:84157367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm6"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294268/; classtype:trojan-activity;sid:84157368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.224.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294269/; classtype:trojan-activity;sid:84157369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i686"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294264/; classtype:trojan-activity;sid:84157364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.i586"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294265/; classtype:trojan-activity;sid:84157365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.x86"; depth:14; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294256/; classtype:trojan-activity;sid:84157356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.arm"; depth:14; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294257/; classtype:trojan-activity;sid:84157357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.sh4"; depth:14; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294258/; classtype:trojan-activity;sid:84157358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.m68k"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294259/; classtype:trojan-activity;sid:84157359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mips"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294260/; classtype:trojan-activity;sid:84157360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.ppc"; depth:14; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294261/; classtype:trojan-activity;sid:84157361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.mpsl"; depth:15; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294262/; classtype:trojan-activity;sid:84157362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yagi.spc"; depth:14; endswith; nocase; http.host; content:"139.59.242.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294263/; classtype:trojan-activity;sid:84157363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.214.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294255/; classtype:trojan-activity;sid:84157355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294254/; classtype:trojan-activity;sid:84157354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.35.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294253/; classtype:trojan-activity;sid:84157353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/kkfmcjf.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294250/; classtype:trojan-activity;sid:84157350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/bpokoes.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294251/; classtype:trojan-activity;sid:84157351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/fgmjkjb.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294252/; classtype:trojan-activity;sid:84157352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.252.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294249/; classtype:trojan-activity;sid:84157349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.16.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294248/; classtype:trojan-activity;sid:84157348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.241.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294247/; classtype:trojan-activity;sid:84157347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.61.230.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294246/; classtype:trojan-activity;sid:84157346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294245/; classtype:trojan-activity;sid:84157345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.77.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294244/; classtype:trojan-activity;sid:84157344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294243/; classtype:trojan-activity;sid:84157343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.70.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294242/; classtype:trojan-activity;sid:84157342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.100.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294241/; classtype:trojan-activity;sid:84157341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.233.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294240/; classtype:trojan-activity;sid:84157340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.214.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294239/; classtype:trojan-activity;sid:84157339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294238/; classtype:trojan-activity;sid:84157338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.214.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294237/; classtype:trojan-activity;sid:84157337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.16.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294236/; classtype:trojan-activity;sid:84157336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294235/; classtype:trojan-activity;sid:84157335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.211.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294234/; classtype:trojan-activity;sid:84157334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.3.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294233/; classtype:trojan-activity;sid:84157333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294232/; classtype:trojan-activity;sid:84157332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.77.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294231/; classtype:trojan-activity;sid:84157331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.252.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294230/; classtype:trojan-activity;sid:84157330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.147.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294229/; classtype:trojan-activity;sid:84157329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.58.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294228/; classtype:trojan-activity;sid:84157328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294227/; classtype:trojan-activity;sid:84157327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.187.250.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294226/; classtype:trojan-activity;sid:84157326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294224/; classtype:trojan-activity;sid:84157324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294225/; classtype:trojan-activity;sid:84157325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.24.71"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294223/; classtype:trojan-activity;sid:84157323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.124.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294222/; classtype:trojan-activity;sid:84157322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.109.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294221/; classtype:trojan-activity;sid:84157321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.250.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294220/; classtype:trojan-activity;sid:84157320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294219/; classtype:trojan-activity;sid:84157319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.22.12"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294218/; classtype:trojan-activity;sid:84157318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.104.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294217/; classtype:trojan-activity;sid:84157317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.68.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294216/; classtype:trojan-activity;sid:84157316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294215/; classtype:trojan-activity;sid:84157315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.205.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294214/; classtype:trojan-activity;sid:84157314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.164.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294213/; classtype:trojan-activity;sid:84157313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.124.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294212/; classtype:trojan-activity;sid:84157312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.8.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294211/; classtype:trojan-activity;sid:84157311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.82.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294210/; classtype:trojan-activity;sid:84157310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294209/; classtype:trojan-activity;sid:84157309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.78.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294208/; classtype:trojan-activity;sid:84157308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294207/; classtype:trojan-activity;sid:84157307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.45.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294206/; classtype:trojan-activity;sid:84157306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294205/; classtype:trojan-activity;sid:84157305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.43.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294204/; classtype:trojan-activity;sid:84157304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.41.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294203/; classtype:trojan-activity;sid:84157303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pineapple.zip"; depth:14; endswith; nocase; http.host; content:"blacksmatter.live"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294202/; classtype:trojan-activity;sid:84157302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.210.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294200/; classtype:trojan-activity;sid:84157300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.220.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294201/; classtype:trojan-activity;sid:84157301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.107.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294198/; classtype:trojan-activity;sid:84157298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.20.3.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294199/; classtype:trojan-activity;sid:84157299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.24.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294197/; classtype:trojan-activity;sid:84157297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.5.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294196/; classtype:trojan-activity;sid:84157296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294194/; classtype:trojan-activity;sid:84157294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.82.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294195/; classtype:trojan-activity;sid:84157295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.39.129.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294193/; classtype:trojan-activity;sid:84157293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.45.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294192/; classtype:trojan-activity;sid:84157292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294190/; classtype:trojan-activity;sid:84157290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.105.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294191/; classtype:trojan-activity;sid:84157291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.71.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294189/; classtype:trojan-activity;sid:84157289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.30.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294188/; classtype:trojan-activity;sid:84157288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.193.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294187/; classtype:trojan-activity;sid:84157287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.230.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294186/; classtype:trojan-activity;sid:84157286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.51.101.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294185/; classtype:trojan-activity;sid:84157285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.109.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294184/; classtype:trojan-activity;sid:84157284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.128.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294183/; classtype:trojan-activity;sid:84157283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.175.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294182/; classtype:trojan-activity;sid:84157282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.41.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294181/; classtype:trojan-activity;sid:84157281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.67.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294180/; classtype:trojan-activity;sid:84157280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.128.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294179/; classtype:trojan-activity;sid:84157279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.107.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294178/; classtype:trojan-activity;sid:84157278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.222.118.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294177/; classtype:trojan-activity;sid:84157277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294176/; classtype:trojan-activity;sid:84157276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.39.129.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294175/; classtype:trojan-activity;sid:84157275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.71.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294174/; classtype:trojan-activity;sid:84157274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.45.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294173/; classtype:trojan-activity;sid:84157273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294172/; classtype:trojan-activity;sid:84157272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294171/; classtype:trojan-activity;sid:84157271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.105.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294170/; classtype:trojan-activity;sid:84157270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294169/; classtype:trojan-activity;sid:84157269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.44.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294168/; classtype:trojan-activity;sid:84157268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.168.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294167/; classtype:trojan-activity;sid:84157267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.49.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294166/; classtype:trojan-activity;sid:84157266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.71.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294165/; classtype:trojan-activity;sid:84157265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.185.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294164/; classtype:trojan-activity;sid:84157264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.216.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294163/; classtype:trojan-activity;sid:84157263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.96.186"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294162/; classtype:trojan-activity;sid:84157262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.96.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294161/; classtype:trojan-activity;sid:84157261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.112.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294160/; classtype:trojan-activity;sid:84157260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.85.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294156/; classtype:trojan-activity;sid:84157256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.181.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294157/; classtype:trojan-activity;sid:84157257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.97.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294158/; classtype:trojan-activity;sid:84157258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.124.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294159/; classtype:trojan-activity;sid:84157259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.141.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294155/; classtype:trojan-activity;sid:84157255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.44.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294154/; classtype:trojan-activity;sid:84157254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.71.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294153/; classtype:trojan-activity;sid:84157253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.49.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294152/; classtype:trojan-activity;sid:84157252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.216.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294151/; classtype:trojan-activity;sid:84157251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.251.217.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294150/; classtype:trojan-activity;sid:84157250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294149/; classtype:trojan-activity;sid:84157249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.9.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294148/; classtype:trojan-activity;sid:84157248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.244.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294147/; classtype:trojan-activity;sid:84157247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.185.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294146/; classtype:trojan-activity;sid:84157246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.133.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294145/; classtype:trojan-activity;sid:84157245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294144/; classtype:trojan-activity;sid:84157244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.93.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294143/; classtype:trojan-activity;sid:84157243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294142/; classtype:trojan-activity;sid:84157242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.58.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294141/; classtype:trojan-activity;sid:84157241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.95.3.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294139/; classtype:trojan-activity;sid:84157239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.154.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294140/; classtype:trojan-activity;sid:84157240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.108.177.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294138/; classtype:trojan-activity;sid:84157238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.52.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294137/; classtype:trojan-activity;sid:84157237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.131.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294136/; classtype:trojan-activity;sid:84157236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.244.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294135/; classtype:trojan-activity;sid:84157235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.244.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294134/; classtype:trojan-activity;sid:84157234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.76.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294133/; classtype:trojan-activity;sid:84157233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.26.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294132/; classtype:trojan-activity;sid:84157232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.96.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294131/; classtype:trojan-activity;sid:84157231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.209.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294130/; classtype:trojan-activity;sid:84157230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.111.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294129/; classtype:trojan-activity;sid:84157229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.110.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294128/; classtype:trojan-activity;sid:84157228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.35.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294127/; classtype:trojan-activity;sid:84157227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.110.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294126/; classtype:trojan-activity;sid:84157226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.207.39.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294125/; classtype:trojan-activity;sid:84157225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.52.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294124/; classtype:trojan-activity;sid:84157224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.94.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294123/; classtype:trojan-activity;sid:84157223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.249.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294122/; classtype:trojan-activity;sid:84157222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294121/; classtype:trojan-activity;sid:84157221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.19.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294120/; classtype:trojan-activity;sid:84157220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.254.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294119/; classtype:trojan-activity;sid:84157219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.114.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294118/; classtype:trojan-activity;sid:84157218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.36.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294117/; classtype:trojan-activity;sid:84157217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.207.39.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294116/; classtype:trojan-activity;sid:84157216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.218.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294115/; classtype:trojan-activity;sid:84157215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.240.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294113/; classtype:trojan-activity;sid:84157213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.247.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294114/; classtype:trojan-activity;sid:84157214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.218.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294111/; classtype:trojan-activity;sid:84157211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.65.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294112/; classtype:trojan-activity;sid:84157212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.17.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294109/; classtype:trojan-activity;sid:84157209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294110/; classtype:trojan-activity;sid:84157210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.177.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294108/; classtype:trojan-activity;sid:84157208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.178.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294106/; classtype:trojan-activity;sid:84157206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.176.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294107/; classtype:trojan-activity;sid:84157207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.107.25.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294105/; classtype:trojan-activity;sid:84157205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.143.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294104/; classtype:trojan-activity;sid:84157204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.120.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294103/; classtype:trojan-activity;sid:84157203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.218.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294102/; classtype:trojan-activity;sid:84157202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.146.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294101/; classtype:trojan-activity;sid:84157201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.19.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294100/; classtype:trojan-activity;sid:84157200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294099/; classtype:trojan-activity;sid:84157199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.64.130.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294098/; classtype:trojan-activity;sid:84157198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.62.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294097/; classtype:trojan-activity;sid:84157197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.148.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294096/; classtype:trojan-activity;sid:84157196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.94.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294095/; classtype:trojan-activity;sid:84157195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.177.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294094/; classtype:trojan-activity;sid:84157194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.170.218.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294093/; classtype:trojan-activity;sid:84157193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.176.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294092/; classtype:trojan-activity;sid:84157192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294091/; classtype:trojan-activity;sid:84157191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.152.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294090/; classtype:trojan-activity;sid:84157190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.66.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294089/; classtype:trojan-activity;sid:84157189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294088/; classtype:trojan-activity;sid:84157188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.208.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294087/; classtype:trojan-activity;sid:84157187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.120.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294086/; classtype:trojan-activity;sid:84157186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.142.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294085/; classtype:trojan-activity;sid:84157185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.101.37.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294084/; classtype:trojan-activity;sid:84157184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.139.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294082/; classtype:trojan-activity;sid:84157182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294083/; classtype:trojan-activity;sid:84157183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.178.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294081/; classtype:trojan-activity;sid:84157181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.64.130.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294080/; classtype:trojan-activity;sid:84157180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.66.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294079/; classtype:trojan-activity;sid:84157179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.246.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294078/; classtype:trojan-activity;sid:84157178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.112.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294077/; classtype:trojan-activity;sid:84157177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294076/; classtype:trojan-activity;sid:84157176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.4.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294075/; classtype:trojan-activity;sid:84157175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.95.62.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294073/; classtype:trojan-activity;sid:84157173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.168.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294074/; classtype:trojan-activity;sid:84157174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.208.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294072/; classtype:trojan-activity;sid:84157172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.90.244.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294071/; classtype:trojan-activity;sid:84157171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.160.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294070/; classtype:trojan-activity;sid:84157170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.57.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294069/; classtype:trojan-activity;sid:84157169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.223.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294068/; classtype:trojan-activity;sid:84157168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.90.244.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294067/; classtype:trojan-activity;sid:84157167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.122.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294066/; classtype:trojan-activity;sid:84157166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.246.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294065/; classtype:trojan-activity;sid:84157165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294064/; classtype:trojan-activity;sid:84157164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.157.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294063/; classtype:trojan-activity;sid:84157163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.182.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294062/; classtype:trojan-activity;sid:84157162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.184.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294061/; classtype:trojan-activity;sid:84157161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.229.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294060/; classtype:trojan-activity;sid:84157160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.160.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294059/; classtype:trojan-activity;sid:84157159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.247.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294058/; classtype:trojan-activity;sid:84157158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.184.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294057/; classtype:trojan-activity;sid:84157157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.199.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294055/; classtype:trojan-activity;sid:84157155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.213.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294056/; classtype:trojan-activity;sid:84157156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.131.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294054/; classtype:trojan-activity;sid:84157154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.23.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294053/; classtype:trojan-activity;sid:84157153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.157.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294052/; classtype:trojan-activity;sid:84157152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.246.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294051/; classtype:trojan-activity;sid:84157151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.229.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294050/; classtype:trojan-activity;sid:84157150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.157.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294049/; classtype:trojan-activity;sid:84157149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.228.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294048/; classtype:trojan-activity;sid:84157148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.228.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294047/; classtype:trojan-activity;sid:84157147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294046/; classtype:trojan-activity;sid:84157146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.243.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294044/; classtype:trojan-activity;sid:84157144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.165.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294045/; classtype:trojan-activity;sid:84157145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.171.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294043/; classtype:trojan-activity;sid:84157143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.202.246.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294041/; classtype:trojan-activity;sid:84157141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.99.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294042/; classtype:trojan-activity;sid:84157142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.137.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294040/; classtype:trojan-activity;sid:84157140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.83.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294039/; classtype:trojan-activity;sid:84157139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.208.26.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294037/; classtype:trojan-activity;sid:84157137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.37.183.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294038/; classtype:trojan-activity;sid:84157138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.0.201"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294035/; classtype:trojan-activity;sid:84157135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.199.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294036/; classtype:trojan-activity;sid:84157136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"ygtvv.events.socalpocis.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294034/; classtype:trojan-activity;sid:84157134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.8.213"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294033/; classtype:trojan-activity;sid:84157133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294032/; classtype:trojan-activity;sid:84157132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.83.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294031/; classtype:trojan-activity;sid:84157131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.202.246.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294030/; classtype:trojan-activity;sid:84157130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294029/; classtype:trojan-activity;sid:84157129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.137.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294028/; classtype:trojan-activity;sid:84157128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.234.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294027/; classtype:trojan-activity;sid:84157127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.59.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294026/; classtype:trojan-activity;sid:84157126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.94.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294024/; classtype:trojan-activity;sid:84157124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.50.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294025/; classtype:trojan-activity;sid:84157125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294023/; classtype:trojan-activity;sid:84157123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.7.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294022/; classtype:trojan-activity;sid:84157122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.8.213"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294021/; classtype:trojan-activity;sid:84157121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.226.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294020/; classtype:trojan-activity;sid:84157120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.107.239.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294019/; classtype:trojan-activity;sid:84157119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294018/; classtype:trojan-activity;sid:84157118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294017/; classtype:trojan-activity;sid:84157117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.151.253.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294016/; classtype:trojan-activity;sid:84157116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.248.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294015/; classtype:trojan-activity;sid:84157115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.50.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294014/; classtype:trojan-activity;sid:84157114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294013/; classtype:trojan-activity;sid:84157113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.99.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294012/; classtype:trojan-activity;sid:84157112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294011/; classtype:trojan-activity;sid:84157111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.181.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294010/; classtype:trojan-activity;sid:84157110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.107.239.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294009/; classtype:trojan-activity;sid:84157109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294008/; classtype:trojan-activity;sid:84157108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294006/; classtype:trojan-activity;sid:84157106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.59.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294007/; classtype:trojan-activity;sid:84157107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.186.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294005/; classtype:trojan-activity;sid:84157105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.57.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294004/; classtype:trojan-activity;sid:84157104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294003/; classtype:trojan-activity;sid:84157103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.197.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294001/; classtype:trojan-activity;sid:84157101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.7.204.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294002/; classtype:trojan-activity;sid:84157102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.248.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3294000/; classtype:trojan-activity;sid:84157100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.139.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293999/; classtype:trojan-activity;sid:84157099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293998/; classtype:trojan-activity;sid:84157098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.51.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293997/; classtype:trojan-activity;sid:84157097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.20.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293996/; classtype:trojan-activity;sid:84157096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293995/; classtype:trojan-activity;sid:84157095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.89.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293991/; classtype:trojan-activity;sid:84157091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.93.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293992/; classtype:trojan-activity;sid:84157092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.226.36.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293993/; classtype:trojan-activity;sid:84157093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293994/; classtype:trojan-activity;sid:84157094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.1.146"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293990/; classtype:trojan-activity;sid:84157090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.17.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293989/; classtype:trojan-activity;sid:84157089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.95.62.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293988/; classtype:trojan-activity;sid:84157088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.69.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293987/; classtype:trojan-activity;sid:84157087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.139.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293986/; classtype:trojan-activity;sid:84157086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.1.146"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293985/; classtype:trojan-activity;sid:84157085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.186.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293984/; classtype:trojan-activity;sid:84157084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.108.177.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293983/; classtype:trojan-activity;sid:84157083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.69.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293982/; classtype:trojan-activity;sid:84157082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.57.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293980/; classtype:trojan-activity;sid:84157080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293981/; classtype:trojan-activity;sid:84157081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.133.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293978/; classtype:trojan-activity;sid:84157078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.174.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293979/; classtype:trojan-activity;sid:84157079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.149.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293977/; classtype:trojan-activity;sid:84157077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.207.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293976/; classtype:trojan-activity;sid:84157076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.7.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293975/; classtype:trojan-activity;sid:84157075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.90.244.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293974/; classtype:trojan-activity;sid:84157074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.14.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293973/; classtype:trojan-activity;sid:84157073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.166.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293972/; classtype:trojan-activity;sid:84157072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.236.160.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293970/; classtype:trojan-activity;sid:84157070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293971/; classtype:trojan-activity;sid:84157071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.95.62.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293969/; classtype:trojan-activity;sid:84157069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.183.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293968/; classtype:trojan-activity;sid:84157068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293967/; classtype:trojan-activity;sid:84157067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.207.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293966/; classtype:trojan-activity;sid:84157066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.72.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293965/; classtype:trojan-activity;sid:84157065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.249.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293964/; classtype:trojan-activity;sid:84157064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.57.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293963/; classtype:trojan-activity;sid:84157063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.80.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293962/; classtype:trojan-activity;sid:84157062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293960/; classtype:trojan-activity;sid:84157060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293961/; classtype:trojan-activity;sid:84157061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.133.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293959/; classtype:trojan-activity;sid:84157059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.52.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293958/; classtype:trojan-activity;sid:84157058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293957/; classtype:trojan-activity;sid:84157057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.188.251.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293956/; classtype:trojan-activity;sid:84157056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.108.157.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293955/; classtype:trojan-activity;sid:84157055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.87.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293954/; classtype:trojan-activity;sid:84157054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.42.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293953/; classtype:trojan-activity;sid:84157053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.72.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293952/; classtype:trojan-activity;sid:84157052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.92.199.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293951/; classtype:trojan-activity;sid:84157051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.62.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293950/; classtype:trojan-activity;sid:84157050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.100.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293949/; classtype:trojan-activity;sid:84157049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.144.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293948/; classtype:trojan-activity;sid:84157048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.226.88.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293947/; classtype:trojan-activity;sid:84157047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.240.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293946/; classtype:trojan-activity;sid:84157046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewprofile"; depth:12; endswith; nocase; http.host; content:"b6a1e.language.sebtomato.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293944/; classtype:trojan-activity;sid:84157044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewprofile"; depth:12; endswith; nocase; http.host; content:"26f0b.language.sebtomato.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293945/; classtype:trojan-activity;sid:84157045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.223.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293943/; classtype:trojan-activity;sid:84157043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.174.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293942/; classtype:trojan-activity;sid:84157042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.82.78.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293941/; classtype:trojan-activity;sid:84157041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293940/; classtype:trojan-activity;sid:84157040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.77.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293939/; classtype:trojan-activity;sid:84157039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.67.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293938/; classtype:trojan-activity;sid:84157038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.198.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293937/; classtype:trojan-activity;sid:84157037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.92.199.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293936/; classtype:trojan-activity;sid:84157036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.226.88.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293935/; classtype:trojan-activity;sid:84157035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.229.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293934/; classtype:trojan-activity;sid:84157034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.215.211.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293933/; classtype:trojan-activity;sid:84157033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.183.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293932/; classtype:trojan-activity;sid:84157032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.125.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293929/; classtype:trojan-activity;sid:84157029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.99.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293930/; classtype:trojan-activity;sid:84157030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.60.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293931/; classtype:trojan-activity;sid:84157031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.20.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293927/; classtype:trojan-activity;sid:84157027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.77.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293928/; classtype:trojan-activity;sid:84157028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.67.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293925/; classtype:trojan-activity;sid:84157025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.142.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293926/; classtype:trojan-activity;sid:84157026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293924/; classtype:trojan-activity;sid:84157024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.54.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293923/; classtype:trojan-activity;sid:84157023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.77.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293922/; classtype:trojan-activity;sid:84157022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.87.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293921/; classtype:trojan-activity;sid:84157021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.22.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293920/; classtype:trojan-activity;sid:84157020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293918/; classtype:trojan-activity;sid:84157018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.253.166.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293919/; classtype:trojan-activity;sid:84157019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.119.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293917/; classtype:trojan-activity;sid:84157017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.54.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293916/; classtype:trojan-activity;sid:84157016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.17.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293915/; classtype:trojan-activity;sid:84157015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293914/; classtype:trojan-activity;sid:84157014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.110.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293913/; classtype:trojan-activity;sid:84157013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.211.236.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293912/; classtype:trojan-activity;sid:84157012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293911/; classtype:trojan-activity;sid:84157011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.16.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293910/; classtype:trojan-activity;sid:84157010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293909/; classtype:trojan-activity;sid:84157009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.255.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293908/; classtype:trojan-activity;sid:84157008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.13.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293907/; classtype:trojan-activity;sid:84157007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.55.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293906/; classtype:trojan-activity;sid:84157006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.52.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293905/; classtype:trojan-activity;sid:84157005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.93.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293904/; classtype:trojan-activity;sid:84157004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.239.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293902/; classtype:trojan-activity;sid:84157002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.50.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293903/; classtype:trojan-activity;sid:84157003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.247.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293901/; classtype:trojan-activity;sid:84157001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.114.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293900/; classtype:trojan-activity;sid:84157000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.48.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293899/; classtype:trojan-activity;sid:84156999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.86.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293898/; classtype:trojan-activity;sid:84156998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.252.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293897/; classtype:trojan-activity;sid:84156997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.96.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293896/; classtype:trojan-activity;sid:84156996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.102.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293895/; classtype:trojan-activity;sid:84156995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slf.msi"; depth:8; endswith; nocase; http.host; content:"gersgaming.s3.us-east-2.amazonaws.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293894/; classtype:trojan-activity;sid:84156994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.34.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293893/; classtype:trojan-activity;sid:84156993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.255.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293892/; classtype:trojan-activity;sid:84156992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.49.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293891/; classtype:trojan-activity;sid:84156991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.155.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293890/; classtype:trojan-activity;sid:84156990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.130.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293889/; classtype:trojan-activity;sid:84156989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.48.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293888/; classtype:trojan-activity;sid:84156988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.254.205.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293887/; classtype:trojan-activity;sid:84156987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.229.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293886/; classtype:trojan-activity;sid:84156986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.243.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293885/; classtype:trojan-activity;sid:84156985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.12.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293884/; classtype:trojan-activity;sid:84156984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293882/; classtype:trojan-activity;sid:84156982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.97.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293883/; classtype:trojan-activity;sid:84156983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.86.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293881/; classtype:trojan-activity;sid:84156981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.34.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293880/; classtype:trojan-activity;sid:84156980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.250.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293879/; classtype:trojan-activity;sid:84156979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.100.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293877/; classtype:trojan-activity;sid:84156977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.206.159.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293878/; classtype:trojan-activity;sid:84156978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.145.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293876/; classtype:trojan-activity;sid:84156976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/supportclientsetup.exe"; depth:29; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293875/; classtype:trojan-activity;sid:84156975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.93.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293874/; classtype:trojan-activity;sid:84156974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"43.254.205.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293873/; classtype:trojan-activity;sid:84156973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.155.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293872/; classtype:trojan-activity;sid:84156972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.49.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293871/; classtype:trojan-activity;sid:84156971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.15.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293870/; classtype:trojan-activity;sid:84156970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.42.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293869/; classtype:trojan-activity;sid:84156969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.240.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293868/; classtype:trojan-activity;sid:84156968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.81.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293866/; classtype:trojan-activity;sid:84156966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.186.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293867/; classtype:trojan-activity;sid:84156967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.119.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293865/; classtype:trojan-activity;sid:84156965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.228.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293864/; classtype:trojan-activity;sid:84156964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.55.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293863/; classtype:trojan-activity;sid:84156963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.195.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293862/; classtype:trojan-activity;sid:84156962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.244.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293861/; classtype:trojan-activity;sid:84156961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.158.50.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293860/; classtype:trojan-activity;sid:84156960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.16.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293859/; classtype:trojan-activity;sid:84156959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.232.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293858/; classtype:trojan-activity;sid:84156958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.178.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293857/; classtype:trojan-activity;sid:84156957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.234.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293856/; classtype:trojan-activity;sid:84156956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.198.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293855/; classtype:trojan-activity;sid:84156955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.182.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293854/; classtype:trojan-activity;sid:84156954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.17.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293852/; classtype:trojan-activity;sid:84156952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.128.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293853/; classtype:trojan-activity;sid:84156953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.186.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293851/; classtype:trojan-activity;sid:84156951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293850/; classtype:trojan-activity;sid:84156950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.59.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293849/; classtype:trojan-activity;sid:84156949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.81.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293848/; classtype:trojan-activity;sid:84156948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.228.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293847/; classtype:trojan-activity;sid:84156947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.142.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293844/; classtype:trojan-activity;sid:84156944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.111.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293845/; classtype:trojan-activity;sid:84156945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.242.82.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293846/; classtype:trojan-activity;sid:84156946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.193.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293842/; classtype:trojan-activity;sid:84156942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.128.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293843/; classtype:trojan-activity;sid:84156943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.86.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293841/; classtype:trojan-activity;sid:84156941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.178.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293840/; classtype:trojan-activity;sid:84156940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293839/; classtype:trojan-activity;sid:84156939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.195.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293838/; classtype:trojan-activity;sid:84156938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293837/; classtype:trojan-activity;sid:84156937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293835/; classtype:trojan-activity;sid:84156935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.17.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293836/; classtype:trojan-activity;sid:84156936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/necr0.py"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293832/; classtype:trojan-activity;sid:84156932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293833/; classtype:trojan-activity;sid:84156933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.sh"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293834/; classtype:trojan-activity;sid:84156934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.146.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293831/; classtype:trojan-activity;sid:84156931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293830/; classtype:trojan-activity;sid:84156930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1"; depth:3; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293826/; classtype:trojan-activity;sid:84156926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293827/; classtype:trojan-activity;sid:84156927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293828/; classtype:trojan-activity;sid:84156928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293829/; classtype:trojan-activity;sid:84156929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293822/; classtype:trojan-activity;sid:84156922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293823/; classtype:trojan-activity;sid:84156923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293824/; classtype:trojan-activity;sid:84156924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splash.sh"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293825/; classtype:trojan-activity;sid:84156925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293812/; classtype:trojan-activity;sid:84156912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293813/; classtype:trojan-activity;sid:84156913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293814/; classtype:trojan-activity;sid:84156914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293815/; classtype:trojan-activity;sid:84156915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293816/; classtype:trojan-activity;sid:84156916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293817/; classtype:trojan-activity;sid:84156917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293818/; classtype:trojan-activity;sid:84156918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293819/; classtype:trojan-activity;sid:84156919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293820/; classtype:trojan-activity;sid:84156920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293821/; classtype:trojan-activity;sid:84156921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm4"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293811/; classtype:trojan-activity;sid:84156911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293807/; classtype:trojan-activity;sid:84156907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.m68k"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293808/; classtype:trojan-activity;sid:84156908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.i686"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293809/; classtype:trojan-activity;sid:84156909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.sparc"; depth:18; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293810/; classtype:trojan-activity;sid:84156910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm5"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293792/; classtype:trojan-activity;sid:84156892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm6"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293793/; classtype:trojan-activity;sid:84156893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.x86"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293794/; classtype:trojan-activity;sid:84156894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.mips"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293795/; classtype:trojan-activity;sid:84156895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293796/; classtype:trojan-activity;sid:84156896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.gponfiber"; depth:21; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293797/; classtype:trojan-activity;sid:84156897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293798/; classtype:trojan-activity;sid:84156898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm6"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293799/; classtype:trojan-activity;sid:84156899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.ppc"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293800/; classtype:trojan-activity;sid:84156900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mpsl"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293801/; classtype:trojan-activity;sid:84156901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293802/; classtype:trojan-activity;sid:84156902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.ppc"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293803/; classtype:trojan-activity;sid:84156903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm7"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293804/; classtype:trojan-activity;sid:84156904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293805/; classtype:trojan-activity;sid:84156905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.i586"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293806/; classtype:trojan-activity;sid:84156906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293777/; classtype:trojan-activity;sid:84156877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293778/; classtype:trojan-activity;sid:84156878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293779/; classtype:trojan-activity;sid:84156879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm6"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293780/; classtype:trojan-activity;sid:84156880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mipsel"; depth:19; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293781/; classtype:trojan-activity;sid:84156881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bot.arm7"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293782/; classtype:trojan-activity;sid:84156882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.x86"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293783/; classtype:trojan-activity;sid:84156883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293784/; classtype:trojan-activity;sid:84156884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm4"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293785/; classtype:trojan-activity;sid:84156885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293786/; classtype:trojan-activity;sid:84156886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm7"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293787/; classtype:trojan-activity;sid:84156887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.m68k"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293788/; classtype:trojan-activity;sid:84156888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293789/; classtype:trojan-activity;sid:84156889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.mips"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293790/; classtype:trojan-activity;sid:84156890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.vigor"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293791/; classtype:trojan-activity;sid:84156891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mips"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293772/; classtype:trojan-activity;sid:84156872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm6"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293773/; classtype:trojan-activity;sid:84156873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.m68k"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293774/; classtype:trojan-activity;sid:84156874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i586"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293775/; classtype:trojan-activity;sid:84156875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm5"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293776/; classtype:trojan-activity;sid:84156876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293769/; classtype:trojan-activity;sid:84156869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293770/; classtype:trojan-activity;sid:84156870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293771/; classtype:trojan-activity;sid:84156871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.ppc"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293767/; classtype:trojan-activity;sid:84156867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293768/; classtype:trojan-activity;sid:84156868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i586"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293763/; classtype:trojan-activity;sid:84156863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293764/; classtype:trojan-activity;sid:84156864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.mipsel"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293765/; classtype:trojan-activity;sid:84156865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm7"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293766/; classtype:trojan-activity;sid:84156866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.i686"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293756/; classtype:trojan-activity;sid:84156856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.sparc"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293757/; classtype:trojan-activity;sid:84156857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293758/; classtype:trojan-activity;sid:84156858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.ppc"; depth:15; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293759/; classtype:trojan-activity;sid:84156859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293760/; classtype:trojan-activity;sid:84156860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293761/; classtype:trojan-activity;sid:84156861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.gponfiber"; depth:19; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293762/; classtype:trojan-activity;sid:84156862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.m68k"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293739/; classtype:trojan-activity;sid:84156839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.i586"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293740/; classtype:trojan-activity;sid:84156840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i686"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293741/; classtype:trojan-activity;sid:84156841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293742/; classtype:trojan-activity;sid:84156842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293743/; classtype:trojan-activity;sid:84156843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293744/; classtype:trojan-activity;sid:84156844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.sparc"; depth:15; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293745/; classtype:trojan-activity;sid:84156845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm5"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293746/; classtype:trojan-activity;sid:84156846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.sparc"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293747/; classtype:trojan-activity;sid:84156847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.x86"; depth:15; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293748/; classtype:trojan-activity;sid:84156848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bot.arm"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293749/; classtype:trojan-activity;sid:84156849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293750/; classtype:trojan-activity;sid:84156850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293751/; classtype:trojan-activity;sid:84156851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.x86"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293752/; classtype:trojan-activity;sid:84156852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.mipsel"; depth:18; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293753/; classtype:trojan-activity;sid:84156853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293754/; classtype:trojan-activity;sid:84156854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm5"; depth:16; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293755/; classtype:trojan-activity;sid:84156855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm7"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293728/; classtype:trojan-activity;sid:84156828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293729/; classtype:trojan-activity;sid:84156829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm4"; depth:17; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293730/; classtype:trojan-activity;sid:84156830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.vigor"; depth:15; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293731/; classtype:trojan-activity;sid:84156831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i686"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293732/; classtype:trojan-activity;sid:84156832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293733/; classtype:trojan-activity;sid:84156833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293734/; classtype:trojan-activity;sid:84156834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mips"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293735/; classtype:trojan-activity;sid:84156835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm4"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293736/; classtype:trojan-activity;sid:84156836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293737/; classtype:trojan-activity;sid:84156837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293738/; classtype:trojan-activity;sid:84156838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293725/; classtype:trojan-activity;sid:84156825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.x86"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293726/; classtype:trojan-activity;sid:84156826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293724/; classtype:trojan-activity;sid:84156824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293721/; classtype:trojan-activity;sid:84156821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.ppc"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293722/; classtype:trojan-activity;sid:84156822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293723/; classtype:trojan-activity;sid:84156823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293712/; classtype:trojan-activity;sid:84156812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm7"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293713/; classtype:trojan-activity;sid:84156813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293714/; classtype:trojan-activity;sid:84156814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.sh4"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293715/; classtype:trojan-activity;sid:84156815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm6"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293716/; classtype:trojan-activity;sid:84156816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.spc"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293717/; classtype:trojan-activity;sid:84156817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293718/; classtype:trojan-activity;sid:84156818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.m68k"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293719/; classtype:trojan-activity;sid:84156819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.spc"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293720/; classtype:trojan-activity;sid:84156820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.62.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293704/; classtype:trojan-activity;sid:84156804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.mips"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293705/; classtype:trojan-activity;sid:84156805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.mpsl"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293706/; classtype:trojan-activity;sid:84156806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.x86"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293707/; classtype:trojan-activity;sid:84156807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293708/; classtype:trojan-activity;sid:84156808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.mips"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293709/; classtype:trojan-activity;sid:84156809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm5"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293710/; classtype:trojan-activity;sid:84156810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293711/; classtype:trojan-activity;sid:84156811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yak.sh"; depth:11; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293702/; classtype:trojan-activity;sid:84156802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/r"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293703/; classtype:trojan-activity;sid:84156803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/d"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293699/; classtype:trojan-activity;sid:84156799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/t"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293700/; classtype:trojan-activity;sid:84156800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/u"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293701/; classtype:trojan-activity;sid:84156801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/e"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293697/; classtype:trojan-activity;sid:84156797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.sh"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293698/; classtype:trojan-activity;sid:84156798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/h"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293695/; classtype:trojan-activity;sid:84156795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/l"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293696/; classtype:trojan-activity;sid:84156796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/v"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293684/; classtype:trojan-activity;sid:84156784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/splash.sh"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293685/; classtype:trojan-activity;sid:84156785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/splash.sh"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293686/; classtype:trojan-activity;sid:84156786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/l"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293687/; classtype:trojan-activity;sid:84156787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/z"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293688/; classtype:trojan-activity;sid:84156788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bins.sh"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293689/; classtype:trojan-activity;sid:84156789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yak.sh"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293690/; classtype:trojan-activity;sid:84156790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/r"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293691/; classtype:trojan-activity;sid:84156791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/wget.sh"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293692/; classtype:trojan-activity;sid:84156792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.sh"; depth:14; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293693/; classtype:trojan-activity;sid:84156793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/u"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293694/; classtype:trojan-activity;sid:84156794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/h"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293682/; classtype:trojan-activity;sid:84156782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/wget"; depth:7; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293683/; classtype:trojan-activity;sid:84156783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/e"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293681/; classtype:trojan-activity;sid:84156781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/v"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293680/; classtype:trojan-activity;sid:84156780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/t"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293674/; classtype:trojan-activity;sid:84156774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/d"; depth:6; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293675/; classtype:trojan-activity;sid:84156775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/wget.sh"; depth:10; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293676/; classtype:trojan-activity;sid:84156776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/z"; depth:4; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293677/; classtype:trojan-activity;sid:84156777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/wget"; depth:9; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293678/; classtype:trojan-activity;sid:84156778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/bins.sh"; depth:12; endswith; nocase; http.host; content:"79.23.237.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293679/; classtype:trojan-activity;sid:84156779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.149.60.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293673/; classtype:trojan-activity;sid:84156773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.143.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293672/; classtype:trojan-activity;sid:84156772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.156.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293671/; classtype:trojan-activity;sid:84156771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.226.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293670/; classtype:trojan-activity;sid:84156770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.106.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293669/; classtype:trojan-activity;sid:84156769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293668/; classtype:trojan-activity;sid:84156768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293667/; classtype:trojan-activity;sid:84156767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.220.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293666/; classtype:trojan-activity;sid:84156766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.252.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293665/; classtype:trojan-activity;sid:84156765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.84.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293664/; classtype:trojan-activity;sid:84156764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293663/; classtype:trojan-activity;sid:84156763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.25.70.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293662/; classtype:trojan-activity;sid:84156762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.143.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293660/; classtype:trojan-activity;sid:84156760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.17.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293661/; classtype:trojan-activity;sid:84156761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.193.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293659/; classtype:trojan-activity;sid:84156759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293658/; classtype:trojan-activity;sid:84156758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.96.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293657/; classtype:trojan-activity;sid:84156757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.164.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293656/; classtype:trojan-activity;sid:84156756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.216.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293654/; classtype:trojan-activity;sid:84156754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.30.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293655/; classtype:trojan-activity;sid:84156755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.84.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293653/; classtype:trojan-activity;sid:84156753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.246.158.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293652/; classtype:trojan-activity;sid:84156752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom.xml"; depth:9; endswith; nocase; http.host; content:"11-14hotelmain.blogspot.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293649/; classtype:trojan-activity;sid:84156749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///////chutmarao.pdf"; depth:20; endswith; nocase; http.host; content:"11-14hotelmain.blogspot.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293650/; classtype:trojan-activity;sid:84156750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/chutiyamahi/edo85g/cdc8c03b4cba519a8be28c4c7a767299024471cb/files/mainhotel11-14.txt"; depth:103; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293651/; classtype:trojan-activity;sid:84156751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipfs/qmsyycjytmyo1dm2dwby6extmodmu1osbwtdmedtlreenc"; depth:52; endswith; nocase; http.host; content:"ipfs.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293648/; classtype:trojan-activity;sid:84156748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293647/; classtype:trojan-activity;sid:84156747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.111.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293646/; classtype:trojan-activity;sid:84156746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293645/; classtype:trojan-activity;sid:84156745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.187.17.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293644/; classtype:trojan-activity;sid:84156744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.136.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293643/; classtype:trojan-activity;sid:84156743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293642/; classtype:trojan-activity;sid:84156742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.230.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293641/; classtype:trojan-activity;sid:84156741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293640/; classtype:trojan-activity;sid:84156740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293639/; classtype:trojan-activity;sid:84156739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.97.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293638/; classtype:trojan-activity;sid:84156738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.227.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293637/; classtype:trojan-activity;sid:84156737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.107.228.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293636/; classtype:trojan-activity;sid:84156736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.97.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293635/; classtype:trojan-activity;sid:84156735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.52.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293634/; classtype:trojan-activity;sid:84156734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.8.109.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293633/; classtype:trojan-activity;sid:84156733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.175.91.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293632/; classtype:trojan-activity;sid:84156732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.97.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293631/; classtype:trojan-activity;sid:84156731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293630/; classtype:trojan-activity;sid:84156730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293629/; classtype:trojan-activity;sid:84156729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.48.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293628/; classtype:trojan-activity;sid:84156728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293627/; classtype:trojan-activity;sid:84156727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.26.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293626/; classtype:trojan-activity;sid:84156726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.0.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293625/; classtype:trojan-activity;sid:84156725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.243.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293624/; classtype:trojan-activity;sid:84156724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.237.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293623/; classtype:trojan-activity;sid:84156723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.148.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293622/; classtype:trojan-activity;sid:84156722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l7vmra"; depth:7; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293621/; classtype:trojan-activity;sid:84156721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l7vmra"; depth:7; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293620/; classtype:trojan-activity;sid:84156720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chelentano.exe"; depth:15; endswith; nocase; http.host; content:"95.163.152.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293619/; classtype:trojan-activity;sid:84156719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"42.242.164.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293618/; classtype:trojan-activity;sid:84156718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.187.17.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293617/; classtype:trojan-activity;sid:84156717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293616/; classtype:trojan-activity;sid:84156716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.101.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293615/; classtype:trojan-activity;sid:84156715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.107.228.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293614/; classtype:trojan-activity;sid:84156714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.48.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293613/; classtype:trojan-activity;sid:84156713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293612/; classtype:trojan-activity;sid:84156712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.137.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293611/; classtype:trojan-activity;sid:84156711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293610/; classtype:trojan-activity;sid:84156710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293609/; classtype:trojan-activity;sid:84156709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293608/; classtype:trojan-activity;sid:84156708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.26.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293606/; classtype:trojan-activity;sid:84156706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293607/; classtype:trojan-activity;sid:84156707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293605/; classtype:trojan-activity;sid:84156705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.214.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293604/; classtype:trojan-activity;sid:84156704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293603/; classtype:trojan-activity;sid:84156703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293602/; classtype:trojan-activity;sid:84156702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.87.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293601/; classtype:trojan-activity;sid:84156701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.43.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293600/; classtype:trojan-activity;sid:84156700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.166.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293599/; classtype:trojan-activity;sid:84156699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.161.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293598/; classtype:trojan-activity;sid:84156698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.81.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293596/; classtype:trojan-activity;sid:84156696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293597/; classtype:trojan-activity;sid:84156697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.59.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293595/; classtype:trojan-activity;sid:84156695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.9.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293594/; classtype:trojan-activity;sid:84156694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293593/; classtype:trojan-activity;sid:84156693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.26.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293592/; classtype:trojan-activity;sid:84156692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.244.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293590/; classtype:trojan-activity;sid:84156690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293591/; classtype:trojan-activity;sid:84156691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293589/; classtype:trojan-activity;sid:84156689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.166.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293588/; classtype:trojan-activity;sid:84156688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293587/; classtype:trojan-activity;sid:84156687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.73.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293586/; classtype:trojan-activity;sid:84156686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.166.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293585/; classtype:trojan-activity;sid:84156685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.70.203.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293584/; classtype:trojan-activity;sid:84156684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.156.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293583/; classtype:trojan-activity;sid:84156683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.245.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293581/; classtype:trojan-activity;sid:84156681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.43.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293582/; classtype:trojan-activity;sid:84156682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.24.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293580/; classtype:trojan-activity;sid:84156680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293579/; classtype:trojan-activity;sid:84156679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.73.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293578/; classtype:trojan-activity;sid:84156678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293577/; classtype:trojan-activity;sid:84156677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb/arm4"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293575/; classtype:trojan-activity;sid:84156675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb/arm5"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293576/; classtype:trojan-activity;sid:84156676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb/arm7"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293573/; classtype:trojan-activity;sid:84156673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb/arm6"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293574/; classtype:trojan-activity;sid:84156674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.244.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293572/; classtype:trojan-activity;sid:84156672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.244.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293571/; classtype:trojan-activity;sid:84156671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.136.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293570/; classtype:trojan-activity;sid:84156670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.226.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293569/; classtype:trojan-activity;sid:84156669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.59.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293568/; classtype:trojan-activity;sid:84156668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.154.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293567/; classtype:trojan-activity;sid:84156667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.230.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293566/; classtype:trojan-activity;sid:84156666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.226.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293565/; classtype:trojan-activity;sid:84156665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293564/; classtype:trojan-activity;sid:84156664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.166.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293563/; classtype:trojan-activity;sid:84156663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293562/; classtype:trojan-activity;sid:84156662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293561/; classtype:trojan-activity;sid:84156661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293560/; classtype:trojan-activity;sid:84156660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.157.144.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293559/; classtype:trojan-activity;sid:84156659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.174.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293556/; classtype:trojan-activity;sid:84156656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.172.0.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293557/; classtype:trojan-activity;sid:84156657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.131.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293558/; classtype:trojan-activity;sid:84156658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293555/; classtype:trojan-activity;sid:84156655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.58.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293554/; classtype:trojan-activity;sid:84156654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.107.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293553/; classtype:trojan-activity;sid:84156653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.25.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293552/; classtype:trojan-activity;sid:84156652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.14.3.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293551/; classtype:trojan-activity;sid:84156651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.73.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293550/; classtype:trojan-activity;sid:84156650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.24.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293549/; classtype:trojan-activity;sid:84156649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.82.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293548/; classtype:trojan-activity;sid:84156648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.36.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293545/; classtype:trojan-activity;sid:84156645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.255.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293546/; classtype:trojan-activity;sid:84156646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.15.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293547/; classtype:trojan-activity;sid:84156647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.70.203.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293544/; classtype:trojan-activity;sid:84156644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.0.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293543/; classtype:trojan-activity;sid:84156643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.144.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293542/; classtype:trojan-activity;sid:84156642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.5.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293541/; classtype:trojan-activity;sid:84156641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.25.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293540/; classtype:trojan-activity;sid:84156640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.253.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293539/; classtype:trojan-activity;sid:84156639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.58.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293538/; classtype:trojan-activity;sid:84156638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293537/; classtype:trojan-activity;sid:84156637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.173.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293536/; classtype:trojan-activity;sid:84156636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.193.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293535/; classtype:trojan-activity;sid:84156635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.15.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293534/; classtype:trojan-activity;sid:84156634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.161.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293533/; classtype:trojan-activity;sid:84156633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.94.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293532/; classtype:trojan-activity;sid:84156632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.131.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293531/; classtype:trojan-activity;sid:84156631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.100.248.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293530/; classtype:trojan-activity;sid:84156630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.202.246.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293529/; classtype:trojan-activity;sid:84156629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.107.25.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293528/; classtype:trojan-activity;sid:84156628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.199.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293526/; classtype:trojan-activity;sid:84156626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.89.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293527/; classtype:trojan-activity;sid:84156627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.33.239.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293525/; classtype:trojan-activity;sid:84156625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293524/; classtype:trojan-activity;sid:84156624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293523/; classtype:trojan-activity;sid:84156623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.253.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293522/; classtype:trojan-activity;sid:84156622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.199.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293521/; classtype:trojan-activity;sid:84156621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.31.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293520/; classtype:trojan-activity;sid:84156620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293518/; classtype:trojan-activity;sid:84156618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.107.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293519/; classtype:trojan-activity;sid:84156619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.255.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293517/; classtype:trojan-activity;sid:84156617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.193.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293516/; classtype:trojan-activity;sid:84156616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.170.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293515/; classtype:trojan-activity;sid:84156615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.94.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293514/; classtype:trojan-activity;sid:84156614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.180.38.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293513/; classtype:trojan-activity;sid:84156613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.58.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293511/; classtype:trojan-activity;sid:84156611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.125.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293512/; classtype:trojan-activity;sid:84156612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.150.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293510/; classtype:trojan-activity;sid:84156610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.52.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293508/; classtype:trojan-activity;sid:84156608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.131.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293509/; classtype:trojan-activity;sid:84156609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.125.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293507/; classtype:trojan-activity;sid:84156607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.161.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293506/; classtype:trojan-activity;sid:84156606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.189.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293505/; classtype:trojan-activity;sid:84156605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.205.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293504/; classtype:trojan-activity;sid:84156604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.190.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293503/; classtype:trojan-activity;sid:84156603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.8.194"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293501/; classtype:trojan-activity;sid:84156601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.44.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293502/; classtype:trojan-activity;sid:84156602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.199.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293500/; classtype:trojan-activity;sid:84156600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.92.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293499/; classtype:trojan-activity;sid:84156599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293496/; classtype:trojan-activity;sid:84156596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.215.219.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293497/; classtype:trojan-activity;sid:84156597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.76.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293498/; classtype:trojan-activity;sid:84156598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.89.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293494/; classtype:trojan-activity;sid:84156594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.176.101.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293495/; classtype:trojan-activity;sid:84156595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.241.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293493/; classtype:trojan-activity;sid:84156593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293492/; classtype:trojan-activity;sid:84156592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.159.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293491/; classtype:trojan-activity;sid:84156591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.216.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293490/; classtype:trojan-activity;sid:84156590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.150.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293489/; classtype:trojan-activity;sid:84156589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293488/; classtype:trojan-activity;sid:84156588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.44.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293487/; classtype:trojan-activity;sid:84156587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.9.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293486/; classtype:trojan-activity;sid:84156586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.126.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293485/; classtype:trojan-activity;sid:84156585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"157.20.228.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293484/; classtype:trojan-activity;sid:84156584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.190.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293483/; classtype:trojan-activity;sid:84156583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.104.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293482/; classtype:trojan-activity;sid:84156582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.39.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293481/; classtype:trojan-activity;sid:84156581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.92.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293480/; classtype:trojan-activity;sid:84156580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293479/; classtype:trojan-activity;sid:84156579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.127.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293478/; classtype:trojan-activity;sid:84156578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.107.25.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293477/; classtype:trojan-activity;sid:84156577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.198.238.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293476/; classtype:trojan-activity;sid:84156576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.17.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293475/; classtype:trojan-activity;sid:84156575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.8.194"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293474/; classtype:trojan-activity;sid:84156574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.216.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293472/; classtype:trojan-activity;sid:84156572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293473/; classtype:trojan-activity;sid:84156573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293470/; classtype:trojan-activity;sid:84156570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.184.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293471/; classtype:trojan-activity;sid:84156571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.71.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293469/; classtype:trojan-activity;sid:84156569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.28.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293468/; classtype:trojan-activity;sid:84156568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.25.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293467/; classtype:trojan-activity;sid:84156567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.230.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293466/; classtype:trojan-activity;sid:84156566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.164.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293465/; classtype:trojan-activity;sid:84156565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293464/; classtype:trojan-activity;sid:84156564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.24.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293463/; classtype:trojan-activity;sid:84156563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.41.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293462/; classtype:trojan-activity;sid:84156562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.21.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293460/; classtype:trojan-activity;sid:84156560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.114.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293461/; classtype:trojan-activity;sid:84156561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.172.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293459/; classtype:trojan-activity;sid:84156559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.26.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293458/; classtype:trojan-activity;sid:84156558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.167.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293457/; classtype:trojan-activity;sid:84156557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.172.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293456/; classtype:trojan-activity;sid:84156556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.173.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293455/; classtype:trojan-activity;sid:84156555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.28.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293454/; classtype:trojan-activity;sid:84156554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.122.255.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293453/; classtype:trojan-activity;sid:84156553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.25.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293451/; classtype:trojan-activity;sid:84156551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.49.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293452/; classtype:trojan-activity;sid:84156552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.87.177.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293449/; classtype:trojan-activity;sid:84156549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293450/; classtype:trojan-activity;sid:84156550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.124.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293448/; classtype:trojan-activity;sid:84156548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.92.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293447/; classtype:trojan-activity;sid:84156547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.17.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293446/; classtype:trojan-activity;sid:84156546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.41.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293445/; classtype:trojan-activity;sid:84156545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.14.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293444/; classtype:trojan-activity;sid:84156544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.16.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293443/; classtype:trojan-activity;sid:84156543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.99.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293442/; classtype:trojan-activity;sid:84156542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.66.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293441/; classtype:trojan-activity;sid:84156541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.114.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293440/; classtype:trojan-activity;sid:84156540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.196.118.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293439/; classtype:trojan-activity;sid:84156539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.82.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293438/; classtype:trojan-activity;sid:84156538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.24.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293437/; classtype:trojan-activity;sid:84156537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.101.37.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293436/; classtype:trojan-activity;sid:84156536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293435/; classtype:trojan-activity;sid:84156535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.15.61"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293434/; classtype:trojan-activity;sid:84156534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.16.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293433/; classtype:trojan-activity;sid:84156533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.102.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293432/; classtype:trojan-activity;sid:84156532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.201.111.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293431/; classtype:trojan-activity;sid:84156531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.71.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293430/; classtype:trojan-activity;sid:84156530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.203.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293429/; classtype:trojan-activity;sid:84156529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.75.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293428/; classtype:trojan-activity;sid:84156528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293427/; classtype:trojan-activity;sid:84156527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.122.255.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293425/; classtype:trojan-activity;sid:84156525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.87.177.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293426/; classtype:trojan-activity;sid:84156526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.87.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293423/; classtype:trojan-activity;sid:84156523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.94.191.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293424/; classtype:trojan-activity;sid:84156524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.92.185.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293422/; classtype:trojan-activity;sid:84156522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.207.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293421/; classtype:trojan-activity;sid:84156521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.196.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293420/; classtype:trojan-activity;sid:84156520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293418/; classtype:trojan-activity;sid:84156518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.153.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293419/; classtype:trojan-activity;sid:84156519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.210.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293417/; classtype:trojan-activity;sid:84156517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.20.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293416/; classtype:trojan-activity;sid:84156516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.51.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293415/; classtype:trojan-activity;sid:84156515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.8.208"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293414/; classtype:trojan-activity;sid:84156514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.99.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293413/; classtype:trojan-activity;sid:84156513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.42.127.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293412/; classtype:trojan-activity;sid:84156512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.228.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293411/; classtype:trojan-activity;sid:84156511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.94.67.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293410/; classtype:trojan-activity;sid:84156510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.102.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293409/; classtype:trojan-activity;sid:84156509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.210.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293408/; classtype:trojan-activity;sid:84156508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.207.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293407/; classtype:trojan-activity;sid:84156507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.227.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293406/; classtype:trojan-activity;sid:84156506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.255.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293405/; classtype:trojan-activity;sid:84156505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.196.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293404/; classtype:trojan-activity;sid:84156504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293402/; classtype:trojan-activity;sid:84156502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.95.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293403/; classtype:trojan-activity;sid:84156503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.20.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293401/; classtype:trojan-activity;sid:84156501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.109.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293400/; classtype:trojan-activity;sid:84156500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.106.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293399/; classtype:trojan-activity;sid:84156499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.51.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293398/; classtype:trojan-activity;sid:84156498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.201.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293397/; classtype:trojan-activity;sid:84156497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.230.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293396/; classtype:trojan-activity;sid:84156496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293395/; classtype:trojan-activity;sid:84156495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.228.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293394/; classtype:trojan-activity;sid:84156494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293393/; classtype:trojan-activity;sid:84156493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.238.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293392/; classtype:trojan-activity;sid:84156492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.47.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293390/; classtype:trojan-activity;sid:84156490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.232.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293391/; classtype:trojan-activity;sid:84156491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.141.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293389/; classtype:trojan-activity;sid:84156489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.32.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293388/; classtype:trojan-activity;sid:84156488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.64.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293387/; classtype:trojan-activity;sid:84156487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.150.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293386/; classtype:trojan-activity;sid:84156486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.184.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293384/; classtype:trojan-activity;sid:84156484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.26.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293385/; classtype:trojan-activity;sid:84156485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.43.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293383/; classtype:trojan-activity;sid:84156483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.62.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293382/; classtype:trojan-activity;sid:84156482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.47.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293381/; classtype:trojan-activity;sid:84156481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.213.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293379/; classtype:trojan-activity;sid:84156479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.125.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293380/; classtype:trojan-activity;sid:84156480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.76.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293378/; classtype:trojan-activity;sid:84156478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293377/; classtype:trojan-activity;sid:84156477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.49.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293375/; classtype:trojan-activity;sid:84156475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.97.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293376/; classtype:trojan-activity;sid:84156476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.7.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293374/; classtype:trojan-activity;sid:84156474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.16.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293373/; classtype:trojan-activity;sid:84156473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.213.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293372/; classtype:trojan-activity;sid:84156472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.78.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293371/; classtype:trojan-activity;sid:84156471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.106.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293370/; classtype:trojan-activity;sid:84156470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293369/; classtype:trojan-activity;sid:84156469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.184.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293368/; classtype:trojan-activity;sid:84156468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.124.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293367/; classtype:trojan-activity;sid:84156467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.30.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293366/; classtype:trojan-activity;sid:84156466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.114.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293365/; classtype:trojan-activity;sid:84156465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.125.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293364/; classtype:trojan-activity;sid:84156464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.121.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293363/; classtype:trojan-activity;sid:84156463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.23.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293361/; classtype:trojan-activity;sid:84156461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.232.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293362/; classtype:trojan-activity;sid:84156462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.26.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293360/; classtype:trojan-activity;sid:84156460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.62.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293358/; classtype:trojan-activity;sid:84156458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.33.218.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293359/; classtype:trojan-activity;sid:84156459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.110.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293357/; classtype:trojan-activity;sid:84156457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.105.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293356/; classtype:trojan-activity;sid:84156456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.86.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293355/; classtype:trojan-activity;sid:84156455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.85.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293353/; classtype:trojan-activity;sid:84156453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.78.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293354/; classtype:trojan-activity;sid:84156454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293352/; classtype:trojan-activity;sid:84156452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.198.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293351/; classtype:trojan-activity;sid:84156451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.8.228"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293350/; classtype:trojan-activity;sid:84156450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293349/; classtype:trojan-activity;sid:84156449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.130.68.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293348/; classtype:trojan-activity;sid:84156448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"96.33.218.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293347/; classtype:trojan-activity;sid:84156447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.235.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293346/; classtype:trojan-activity;sid:84156446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293345/; classtype:trojan-activity;sid:84156445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.18.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293344/; classtype:trojan-activity;sid:84156444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.110.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293343/; classtype:trojan-activity;sid:84156443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.222.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293342/; classtype:trojan-activity;sid:84156442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.125.241.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293341/; classtype:trojan-activity;sid:84156441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.198.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293340/; classtype:trojan-activity;sid:84156440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.138.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293339/; classtype:trojan-activity;sid:84156439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.89.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293338/; classtype:trojan-activity;sid:84156438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.19.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293337/; classtype:trojan-activity;sid:84156437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293336/; classtype:trojan-activity;sid:84156436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293335/; classtype:trojan-activity;sid:84156435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293334/; classtype:trojan-activity;sid:84156434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293333/; classtype:trojan-activity;sid:84156433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.60.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293332/; classtype:trojan-activity;sid:84156432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.8.228"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293331/; classtype:trojan-activity;sid:84156431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293330/; classtype:trojan-activity;sid:84156430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.138.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293329/; classtype:trojan-activity;sid:84156429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293328/; classtype:trojan-activity;sid:84156428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.103.104.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293327/; classtype:trojan-activity;sid:84156427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.116.242.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293325/; classtype:trojan-activity;sid:84156425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.125.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293326/; classtype:trojan-activity;sid:84156426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.64.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293324/; classtype:trojan-activity;sid:84156424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.233.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293323/; classtype:trojan-activity;sid:84156423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.10.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293321/; classtype:trojan-activity;sid:84156421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.86.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293322/; classtype:trojan-activity;sid:84156422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293320/; classtype:trojan-activity;sid:84156420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.124.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293319/; classtype:trojan-activity;sid:84156419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293318/; classtype:trojan-activity;sid:84156418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.83.27"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293317/; classtype:trojan-activity;sid:84156417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.92.209.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293316/; classtype:trojan-activity;sid:84156416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293315/; classtype:trojan-activity;sid:84156415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293314/; classtype:trojan-activity;sid:84156414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.77.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293313/; classtype:trojan-activity;sid:84156413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.60.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293312/; classtype:trojan-activity;sid:84156412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.5.194"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293311/; classtype:trojan-activity;sid:84156411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.138.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293310/; classtype:trojan-activity;sid:84156410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.244.91.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293309/; classtype:trojan-activity;sid:84156409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293308/; classtype:trojan-activity;sid:84156408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.10.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293307/; classtype:trojan-activity;sid:84156407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.233.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293306/; classtype:trojan-activity;sid:84156406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.77.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293305/; classtype:trojan-activity;sid:84156405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.184.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293304/; classtype:trojan-activity;sid:84156404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293303/; classtype:trojan-activity;sid:84156403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.144.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293302/; classtype:trojan-activity;sid:84156402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.217.56.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293301/; classtype:trojan-activity;sid:84156401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.10.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293300/; classtype:trojan-activity;sid:84156400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.93.57.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293298/; classtype:trojan-activity;sid:84156398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.180.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293299/; classtype:trojan-activity;sid:84156399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"213.207.39.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293297/; classtype:trojan-activity;sid:84156397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.93.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293296/; classtype:trojan-activity;sid:84156396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.21.174.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293295/; classtype:trojan-activity;sid:84156395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.25.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293294/; classtype:trojan-activity;sid:84156394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.166.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293293/; classtype:trojan-activity;sid:84156393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.171.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293292/; classtype:trojan-activity;sid:84156392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.139.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293291/; classtype:trojan-activity;sid:84156391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.40.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293290/; classtype:trojan-activity;sid:84156390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.137.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293289/; classtype:trojan-activity;sid:84156389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293287/; classtype:trojan-activity;sid:84156387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.72.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293288/; classtype:trojan-activity;sid:84156388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.139.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293286/; classtype:trojan-activity;sid:84156386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.236.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293284/; classtype:trojan-activity;sid:84156384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.93.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293285/; classtype:trojan-activity;sid:84156385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.15.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293283/; classtype:trojan-activity;sid:84156383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.213.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293282/; classtype:trojan-activity;sid:84156382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.116.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293281/; classtype:trojan-activity;sid:84156381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.137.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293280/; classtype:trojan-activity;sid:84156380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.89.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293279/; classtype:trojan-activity;sid:84156379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.145.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293278/; classtype:trojan-activity;sid:84156378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.188.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293277/; classtype:trojan-activity;sid:84156377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293276/; classtype:trojan-activity;sid:84156376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.49.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293275/; classtype:trojan-activity;sid:84156375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293274/; classtype:trojan-activity;sid:84156374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293272/; classtype:trojan-activity;sid:84156372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.25.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293273/; classtype:trojan-activity;sid:84156373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.236.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293271/; classtype:trojan-activity;sid:84156371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.116.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293270/; classtype:trojan-activity;sid:84156370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293268/; classtype:trojan-activity;sid:84156368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.72.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293269/; classtype:trojan-activity;sid:84156369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.134.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293267/; classtype:trojan-activity;sid:84156367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.209.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293266/; classtype:trojan-activity;sid:84156366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.32.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293264/; classtype:trojan-activity;sid:84156364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.5.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293265/; classtype:trojan-activity;sid:84156365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.255.133.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293263/; classtype:trojan-activity;sid:84156363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.109.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293262/; classtype:trojan-activity;sid:84156362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.240.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293261/; classtype:trojan-activity;sid:84156361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.175.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293260/; classtype:trojan-activity;sid:84156360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.249.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293259/; classtype:trojan-activity;sid:84156359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.188.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293258/; classtype:trojan-activity;sid:84156358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293257/; classtype:trojan-activity;sid:84156357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.5.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293256/; classtype:trojan-activity;sid:84156356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.105.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293255/; classtype:trojan-activity;sid:84156355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.69.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293254/; classtype:trojan-activity;sid:84156354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.3.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293253/; classtype:trojan-activity;sid:84156353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.1.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293252/; classtype:trojan-activity;sid:84156352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293251/; classtype:trojan-activity;sid:84156351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.160.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293250/; classtype:trojan-activity;sid:84156350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.75.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293249/; classtype:trojan-activity;sid:84156349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.32.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293248/; classtype:trojan-activity;sid:84156348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.240.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293247/; classtype:trojan-activity;sid:84156347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293246/; classtype:trojan-activity;sid:84156346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.73.234.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293245/; classtype:trojan-activity;sid:84156345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.69.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293244/; classtype:trojan-activity;sid:84156344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.134.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293243/; classtype:trojan-activity;sid:84156343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.251.20.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293242/; classtype:trojan-activity;sid:84156342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293241/; classtype:trojan-activity;sid:84156341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.147.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293240/; classtype:trojan-activity;sid:84156340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.90.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293239/; classtype:trojan-activity;sid:84156339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.82.134.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293238/; classtype:trojan-activity;sid:84156338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.134.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293237/; classtype:trojan-activity;sid:84156337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293236/; classtype:trojan-activity;sid:84156336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.147.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293235/; classtype:trojan-activity;sid:84156335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.109.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293234/; classtype:trojan-activity;sid:84156334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.237.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293233/; classtype:trojan-activity;sid:84156333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.132.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293232/; classtype:trojan-activity;sid:84156332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.63.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293231/; classtype:trojan-activity;sid:84156331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.224.3.245"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293230/; classtype:trojan-activity;sid:84156330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.114.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293229/; classtype:trojan-activity;sid:84156329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.154.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293228/; classtype:trojan-activity;sid:84156328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.150.68.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293227/; classtype:trojan-activity;sid:84156327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.114.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293226/; classtype:trojan-activity;sid:84156326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.215.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293224/; classtype:trojan-activity;sid:84156324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.119.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293225/; classtype:trojan-activity;sid:84156325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.8.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293222/; classtype:trojan-activity;sid:84156322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.177.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293223/; classtype:trojan-activity;sid:84156323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.138.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293221/; classtype:trojan-activity;sid:84156321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293220/; classtype:trojan-activity;sid:84156320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.26.232.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293219/; classtype:trojan-activity;sid:84156319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.87.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293218/; classtype:trojan-activity;sid:84156318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.109.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293217/; classtype:trojan-activity;sid:84156317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.48.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293216/; classtype:trojan-activity;sid:84156316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.246.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293215/; classtype:trojan-activity;sid:84156315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.62.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293214/; classtype:trojan-activity;sid:84156314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.139.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293213/; classtype:trojan-activity;sid:84156313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293212/; classtype:trojan-activity;sid:84156312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.153.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293211/; classtype:trojan-activity;sid:84156311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.7.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293210/; classtype:trojan-activity;sid:84156310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.201.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293209/; classtype:trojan-activity;sid:84156309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.132.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293208/; classtype:trojan-activity;sid:84156308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.63.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293207/; classtype:trojan-activity;sid:84156307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293206/; classtype:trojan-activity;sid:84156306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.62.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293205/; classtype:trojan-activity;sid:84156305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.224.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293203/; classtype:trojan-activity;sid:84156303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293204/; classtype:trojan-activity;sid:84156304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.153.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293202/; classtype:trojan-activity;sid:84156302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.139.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293201/; classtype:trojan-activity;sid:84156301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.224.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293200/; classtype:trojan-activity;sid:84156300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.209.79.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293199/; classtype:trojan-activity;sid:84156299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.21.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293198/; classtype:trojan-activity;sid:84156298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.176.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293197/; classtype:trojan-activity;sid:84156297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.85.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293196/; classtype:trojan-activity;sid:84156296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293195/; classtype:trojan-activity;sid:84156295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293194/; classtype:trojan-activity;sid:84156294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.21.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293193/; classtype:trojan-activity;sid:84156293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.96.27"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293192/; classtype:trojan-activity;sid:84156292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.41.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293191/; classtype:trojan-activity;sid:84156291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.87.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293190/; classtype:trojan-activity;sid:84156290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.60.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293189/; classtype:trojan-activity;sid:84156289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.10.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293188/; classtype:trojan-activity;sid:84156288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.98.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293187/; classtype:trojan-activity;sid:84156287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293186/; classtype:trojan-activity;sid:84156286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.86.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293185/; classtype:trojan-activity;sid:84156285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.21.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293184/; classtype:trojan-activity;sid:84156284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293183/; classtype:trojan-activity;sid:84156283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293182/; classtype:trojan-activity;sid:84156282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.176.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293181/; classtype:trojan-activity;sid:84156281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.50.241.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293180/; classtype:trojan-activity;sid:84156280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293179/; classtype:trojan-activity;sid:84156279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.180.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293178/; classtype:trojan-activity;sid:84156278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.37.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293177/; classtype:trojan-activity;sid:84156277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.32.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293176/; classtype:trojan-activity;sid:84156276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293175/; classtype:trojan-activity;sid:84156275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.109.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293173/; classtype:trojan-activity;sid:84156273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293174/; classtype:trojan-activity;sid:84156274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.136.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293172/; classtype:trojan-activity;sid:84156272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.87.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293171/; classtype:trojan-activity;sid:84156271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.60.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293170/; classtype:trojan-activity;sid:84156270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.136.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293169/; classtype:trojan-activity;sid:84156269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.219.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293168/; classtype:trojan-activity;sid:84156268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293167/; classtype:trojan-activity;sid:84156267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.229.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293166/; classtype:trojan-activity;sid:84156266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.27.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293165/; classtype:trojan-activity;sid:84156265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.255.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293164/; classtype:trojan-activity;sid:84156264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.180.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293163/; classtype:trojan-activity;sid:84156263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.220.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293162/; classtype:trojan-activity;sid:84156262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.109.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293161/; classtype:trojan-activity;sid:84156261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.181.28.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293160/; classtype:trojan-activity;sid:84156260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.43.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293159/; classtype:trojan-activity;sid:84156259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.40.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293158/; classtype:trojan-activity;sid:84156258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.63.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293157/; classtype:trojan-activity;sid:84156257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.204.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293156/; classtype:trojan-activity;sid:84156256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.216.205.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293155/; classtype:trojan-activity;sid:84156255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293154/; classtype:trojan-activity;sid:84156254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293153/; classtype:trojan-activity;sid:84156253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293152/; classtype:trojan-activity;sid:84156252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293151/; classtype:trojan-activity;sid:84156251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.31.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293150/; classtype:trojan-activity;sid:84156250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.255.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293149/; classtype:trojan-activity;sid:84156249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293148/; classtype:trojan-activity;sid:84156248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293147/; classtype:trojan-activity;sid:84156247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.90.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293146/; classtype:trojan-activity;sid:84156246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.112.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293145/; classtype:trojan-activity;sid:84156245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.152.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293144/; classtype:trojan-activity;sid:84156244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.66.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293143/; classtype:trojan-activity;sid:84156243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.112.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293142/; classtype:trojan-activity;sid:84156242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.60.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293141/; classtype:trojan-activity;sid:84156241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.131.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293140/; classtype:trojan-activity;sid:84156240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293138/; classtype:trojan-activity;sid:84156238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.209.79.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293139/; classtype:trojan-activity;sid:84156239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.29.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293137/; classtype:trojan-activity;sid:84156237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.60.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293136/; classtype:trojan-activity;sid:84156236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.130.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293135/; classtype:trojan-activity;sid:84156235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.33.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293134/; classtype:trojan-activity;sid:84156234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.156.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293133/; classtype:trojan-activity;sid:84156233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.1.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293132/; classtype:trojan-activity;sid:84156232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.18.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293131/; classtype:trojan-activity;sid:84156231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.16.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293130/; classtype:trojan-activity;sid:84156230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.210.191.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293129/; classtype:trojan-activity;sid:84156229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.116.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293128/; classtype:trojan-activity;sid:84156228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293127/; classtype:trojan-activity;sid:84156227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.98.9.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293126/; classtype:trojan-activity;sid:84156226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.64.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293125/; classtype:trojan-activity;sid:84156225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.200.227.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293123/; classtype:trojan-activity;sid:84156223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293124/; classtype:trojan-activity;sid:84156224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.15.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293122/; classtype:trojan-activity;sid:84156222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293121/; classtype:trojan-activity;sid:84156221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.191.154.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293120/; classtype:trojan-activity;sid:84156220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.184.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293118/; classtype:trojan-activity;sid:84156218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.146.37.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293119/; classtype:trojan-activity;sid:84156219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293117/; classtype:trojan-activity;sid:84156217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293116/; classtype:trojan-activity;sid:84156216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.29.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293115/; classtype:trojan-activity;sid:84156215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.130.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293114/; classtype:trojan-activity;sid:84156214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.184.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293113/; classtype:trojan-activity;sid:84156213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.234.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293112/; classtype:trojan-activity;sid:84156212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/go"; depth:3; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293110/; classtype:trojan-activity;sid:84156210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.sh"; depth:5; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293111/; classtype:trojan-activity;sid:84156211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zgp"; depth:4; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293109/; classtype:trojan-activity;sid:84156209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293108/; classtype:trojan-activity;sid:84156208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.56.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293107/; classtype:trojan-activity;sid:84156207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.146.37.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293106/; classtype:trojan-activity;sid:84156206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.182.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293105/; classtype:trojan-activity;sid:84156205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.253.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293104/; classtype:trojan-activity;sid:84156204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.234.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293103/; classtype:trojan-activity;sid:84156203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293102/; classtype:trojan-activity;sid:84156202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293101/; classtype:trojan-activity;sid:84156201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb11"; depth:6; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293099/; classtype:trojan-activity;sid:84156199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb3"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293100/; classtype:trojan-activity;sid:84156200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293089/; classtype:trojan-activity;sid:84156189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb4"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293090/; classtype:trojan-activity;sid:84156190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb10"; depth:6; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293091/; classtype:trojan-activity;sid:84156191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb1"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293092/; classtype:trojan-activity;sid:84156192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb5"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293093/; classtype:trojan-activity;sid:84156193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb9"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293094/; classtype:trojan-activity;sid:84156194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb2"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293095/; classtype:trojan-activity;sid:84156195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb8"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293096/; classtype:trojan-activity;sid:84156196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb6"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293097/; classtype:trojan-activity;sid:84156197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb7"; depth:5; endswith; nocase; http.host; content:"devapi.wenano.app"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293098/; classtype:trojan-activity;sid:84156198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.130.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293088/; classtype:trojan-activity;sid:84156188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293087/; classtype:trojan-activity;sid:84156187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293086/; classtype:trojan-activity;sid:84156186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.31.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293085/; classtype:trojan-activity;sid:84156185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.153.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293084/; classtype:trojan-activity;sid:84156184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.182.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293083/; classtype:trojan-activity;sid:84156183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.244.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293082/; classtype:trojan-activity;sid:84156182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.15.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293081/; classtype:trojan-activity;sid:84156181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.76.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293080/; classtype:trojan-activity;sid:84156180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.191.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293079/; classtype:trojan-activity;sid:84156179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.18.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293078/; classtype:trojan-activity;sid:84156178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.56.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293077/; classtype:trojan-activity;sid:84156177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.227.149.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293076/; classtype:trojan-activity;sid:84156176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.119.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293075/; classtype:trojan-activity;sid:84156175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.24.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293074/; classtype:trojan-activity;sid:84156174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.244.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293073/; classtype:trojan-activity;sid:84156173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.79.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293072/; classtype:trojan-activity;sid:84156172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293071/; classtype:trojan-activity;sid:84156171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.138.178.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293070/; classtype:trojan-activity;sid:84156170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.24.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293069/; classtype:trojan-activity;sid:84156169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.206.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293068/; classtype:trojan-activity;sid:84156168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.79.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293067/; classtype:trojan-activity;sid:84156167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.191.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293066/; classtype:trojan-activity;sid:84156166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293065/; classtype:trojan-activity;sid:84156165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.63.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293064/; classtype:trojan-activity;sid:84156164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.15.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293063/; classtype:trojan-activity;sid:84156163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.206.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293062/; classtype:trojan-activity;sid:84156162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.193.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293061/; classtype:trojan-activity;sid:84156161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293060/; classtype:trojan-activity;sid:84156160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.227.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293059/; classtype:trojan-activity;sid:84156159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293058/; classtype:trojan-activity;sid:84156158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293057/; classtype:trojan-activity;sid:84156157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293055/; classtype:trojan-activity;sid:84156155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293056/; classtype:trojan-activity;sid:84156156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293054/; classtype:trojan-activity;sid:84156154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293051/; classtype:trojan-activity;sid:84156151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293052/; classtype:trojan-activity;sid:84156152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293053/; classtype:trojan-activity;sid:84156153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293050/; classtype:trojan-activity;sid:84156150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293049/; classtype:trojan-activity;sid:84156149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293046/; classtype:trojan-activity;sid:84156146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293047/; classtype:trojan-activity;sid:84156147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.vbs"; depth:8; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293048/; classtype:trojan-activity;sid:84156148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293043/; classtype:trojan-activity;sid:84156143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"fit-retired-athletics-marathon.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293044/; classtype:trojan-activity;sid:84156144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.vbs"; depth:8; endswith; nocase; http.host; content:"previews-belgium-achieved-driving.trycloudflare.com"; depth:51; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293045/; classtype:trojan-activity;sid:84156145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.100.213.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293042/; classtype:trojan-activity;sid:84156142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.63.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293041/; classtype:trojan-activity;sid:84156141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.191.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293040/; classtype:trojan-activity;sid:84156140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.206.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293039/; classtype:trojan-activity;sid:84156139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293038/; classtype:trojan-activity;sid:84156138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.205.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293037/; classtype:trojan-activity;sid:84156137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.200.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293036/; classtype:trojan-activity;sid:84156136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.27.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293035/; classtype:trojan-activity;sid:84156135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.233.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293034/; classtype:trojan-activity;sid:84156134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.182.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293033/; classtype:trojan-activity;sid:84156133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.206.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293032/; classtype:trojan-activity;sid:84156132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.12.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293031/; classtype:trojan-activity;sid:84156131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293030/; classtype:trojan-activity;sid:84156130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.136.97.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293029/; classtype:trojan-activity;sid:84156129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.135.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293028/; classtype:trojan-activity;sid:84156128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.193.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293027/; classtype:trojan-activity;sid:84156127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.247.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293026/; classtype:trojan-activity;sid:84156126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293025/; classtype:trojan-activity;sid:84156125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.80.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293022/; classtype:trojan-activity;sid:84156122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.46.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293023/; classtype:trojan-activity;sid:84156123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labxmtznbcwjnkndg58.bin"; depth:24; endswith; nocase; http.host; content:"mertvinc.com.tr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293024/; classtype:trojan-activity;sid:84156124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egjusgc103.bin"; depth:15; endswith; nocase; http.host; content:"93.123.109.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293021/; classtype:trojan-activity;sid:84156121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.102.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293020/; classtype:trojan-activity;sid:84156120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.14.3.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293019/; classtype:trojan-activity;sid:84156119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.27.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293018/; classtype:trojan-activity;sid:84156118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.5.50.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293017/; classtype:trojan-activity;sid:84156117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.64.128.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293016/; classtype:trojan-activity;sid:84156116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.20.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293015/; classtype:trojan-activity;sid:84156115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.3.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293014/; classtype:trojan-activity;sid:84156114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.182.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293013/; classtype:trojan-activity;sid:84156113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.183.165.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293012/; classtype:trojan-activity;sid:84156112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.40.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293011/; classtype:trojan-activity;sid:84156111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293010/; classtype:trojan-activity;sid:84156110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.155.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293009/; classtype:trojan-activity;sid:84156109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.89.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293008/; classtype:trojan-activity;sid:84156108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.155.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293007/; classtype:trojan-activity;sid:84156107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.36.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293006/; classtype:trojan-activity;sid:84156106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.100.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293005/; classtype:trojan-activity;sid:84156105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293004/; classtype:trojan-activity;sid:84156104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.67.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293003/; classtype:trojan-activity;sid:84156103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.242.82.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293002/; classtype:trojan-activity;sid:84156102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.217.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293001/; classtype:trojan-activity;sid:84156101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.152.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293000/; classtype:trojan-activity;sid:84156100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.3.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292999/; classtype:trojan-activity;sid:84156099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.86.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292997/; classtype:trojan-activity;sid:84156097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.50.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292998/; classtype:trojan-activity;sid:84156098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.88.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292996/; classtype:trojan-activity;sid:84156096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.103.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292995/; classtype:trojan-activity;sid:84156095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.20.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292994/; classtype:trojan-activity;sid:84156094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.105.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292993/; classtype:trojan-activity;sid:84156093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292992/; classtype:trojan-activity;sid:84156092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292991/; classtype:trojan-activity;sid:84156091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.254.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292990/; classtype:trojan-activity;sid:84156090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.14.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292989/; classtype:trojan-activity;sid:84156089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.113.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292988/; classtype:trojan-activity;sid:84156088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.67.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292987/; classtype:trojan-activity;sid:84156087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.81.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292986/; classtype:trojan-activity;sid:84156086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292985/; classtype:trojan-activity;sid:84156085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.173.86.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292983/; classtype:trojan-activity;sid:84156083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.186.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292984/; classtype:trojan-activity;sid:84156084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.152.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292982/; classtype:trojan-activity;sid:84156082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.155.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292981/; classtype:trojan-activity;sid:84156081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292980/; classtype:trojan-activity;sid:84156080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.81.151"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292979/; classtype:trojan-activity;sid:84156079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.113.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292978/; classtype:trojan-activity;sid:84156078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.217.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292977/; classtype:trojan-activity;sid:84156077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.25.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292976/; classtype:trojan-activity;sid:84156076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.157.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292975/; classtype:trojan-activity;sid:84156075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.0.136.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292974/; classtype:trojan-activity;sid:84156074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.14.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292973/; classtype:trojan-activity;sid:84156073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.197.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292972/; classtype:trojan-activity;sid:84156072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.254.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292971/; classtype:trojan-activity;sid:84156071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.188.185.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292970/; classtype:trojan-activity;sid:84156070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.173.86.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292969/; classtype:trojan-activity;sid:84156069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.168.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292968/; classtype:trojan-activity;sid:84156068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.186.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292967/; classtype:trojan-activity;sid:84156067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.232.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292965/; classtype:trojan-activity;sid:84156065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.13.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292966/; classtype:trojan-activity;sid:84156066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.87.120.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292964/; classtype:trojan-activity;sid:84156064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.80.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292963/; classtype:trojan-activity;sid:84156063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.197.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292962/; classtype:trojan-activity;sid:84156062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.81.151"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292960/; classtype:trojan-activity;sid:84156060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292961/; classtype:trojan-activity;sid:84156061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292959/; classtype:trojan-activity;sid:84156059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.168.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292958/; classtype:trojan-activity;sid:84156058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.249.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292957/; classtype:trojan-activity;sid:84156057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.192.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292956/; classtype:trojan-activity;sid:84156056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.107.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292955/; classtype:trojan-activity;sid:84156055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.91.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292954/; classtype:trojan-activity;sid:84156054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.86.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292953/; classtype:trojan-activity;sid:84156053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.244.209.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292952/; classtype:trojan-activity;sid:84156052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.188.185.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292951/; classtype:trojan-activity;sid:84156051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.141.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292950/; classtype:trojan-activity;sid:84156050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.91.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292949/; classtype:trojan-activity;sid:84156049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292941/; classtype:trojan-activity;sid:84156041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292942/; classtype:trojan-activity;sid:84156042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292943/; classtype:trojan-activity;sid:84156043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292944/; classtype:trojan-activity;sid:84156044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292945/; classtype:trojan-activity;sid:84156045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292946/; classtype:trojan-activity;sid:84156046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292947/; classtype:trojan-activity;sid:84156047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.56.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292948/; classtype:trojan-activity;sid:84156048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292932/; classtype:trojan-activity;sid:84156032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292933/; classtype:trojan-activity;sid:84156033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292934/; classtype:trojan-activity;sid:84156034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292935/; classtype:trojan-activity;sid:84156035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292936/; classtype:trojan-activity;sid:84156036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292937/; classtype:trojan-activity;sid:84156037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292938/; classtype:trojan-activity;sid:84156038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292939/; classtype:trojan-activity;sid:84156039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292940/; classtype:trojan-activity;sid:84156040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292931/; classtype:trojan-activity;sid:84156031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.171.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292930/; classtype:trojan-activity;sid:84156030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292929/; classtype:trojan-activity;sid:84156029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mpsl"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292927/; classtype:trojan-activity;sid:84156027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.219.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292928/; classtype:trojan-activity;sid:84156028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292926/; classtype:trojan-activity;sid:84156026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292924/; classtype:trojan-activity;sid:84156024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splash.sh"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292925/; classtype:trojan-activity;sid:84156025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292923/; classtype:trojan-activity;sid:84156023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.sparc"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292920/; classtype:trojan-activity;sid:84156020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.ppc"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292921/; classtype:trojan-activity;sid:84156021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm7"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292922/; classtype:trojan-activity;sid:84156022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.113.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292919/; classtype:trojan-activity;sid:84156019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.126.130.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292918/; classtype:trojan-activity;sid:84156018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm4"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292910/; classtype:trojan-activity;sid:84156010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm5"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292911/; classtype:trojan-activity;sid:84156011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.m68k"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292912/; classtype:trojan-activity;sid:84156012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.x86"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292913/; classtype:trojan-activity;sid:84156013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i686"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292914/; classtype:trojan-activity;sid:84156014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i586"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292915/; classtype:trojan-activity;sid:84156015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm6"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292916/; classtype:trojan-activity;sid:84156016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mips"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292917/; classtype:trojan-activity;sid:84156017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292909/; classtype:trojan-activity;sid:84156009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292908/; classtype:trojan-activity;sid:84156008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/necr0.py"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292907/; classtype:trojan-activity;sid:84156007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292903/; classtype:trojan-activity;sid:84156003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm4"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292904/; classtype:trojan-activity;sid:84156004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292905/; classtype:trojan-activity;sid:84156005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292902/; classtype:trojan-activity;sid:84156002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292899/; classtype:trojan-activity;sid:84155999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292900/; classtype:trojan-activity;sid:84156000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292901/; classtype:trojan-activity;sid:84156001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292897/; classtype:trojan-activity;sid:84155997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292898/; classtype:trojan-activity;sid:84155998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.x86"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292878/; classtype:trojan-activity;sid:84155978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292879/; classtype:trojan-activity;sid:84155979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i586"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292880/; classtype:trojan-activity;sid:84155980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292881/; classtype:trojan-activity;sid:84155981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292882/; classtype:trojan-activity;sid:84155982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.ppc"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292883/; classtype:trojan-activity;sid:84155983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm7"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292884/; classtype:trojan-activity;sid:84155984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm6"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292885/; classtype:trojan-activity;sid:84155985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.sparc"; depth:18; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292886/; classtype:trojan-activity;sid:84155986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.m68k"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292887/; classtype:trojan-activity;sid:84155987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292888/; classtype:trojan-activity;sid:84155988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mips"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292889/; classtype:trojan-activity;sid:84155989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mipsel"; depth:19; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292890/; classtype:trojan-activity;sid:84155990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm5"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292891/; classtype:trojan-activity;sid:84155991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292892/; classtype:trojan-activity;sid:84155992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292893/; classtype:trojan-activity;sid:84155993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292894/; classtype:trojan-activity;sid:84155994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292895/; classtype:trojan-activity;sid:84155995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i686"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292896/; classtype:trojan-activity;sid:84155996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292877/; classtype:trojan-activity;sid:84155977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292874/; classtype:trojan-activity;sid:84155974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.sh"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292875/; classtype:trojan-activity;sid:84155975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292876/; classtype:trojan-activity;sid:84155976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292872/; classtype:trojan-activity;sid:84155972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292873/; classtype:trojan-activity;sid:84155973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292868/; classtype:trojan-activity;sid:84155968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292869/; classtype:trojan-activity;sid:84155969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292870/; classtype:trojan-activity;sid:84155970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1"; depth:3; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292871/; classtype:trojan-activity;sid:84155971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.6.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292866/; classtype:trojan-activity;sid:84155966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.164.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292865/; classtype:trojan-activity;sid:84155965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.141.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292864/; classtype:trojan-activity;sid:84155964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.137.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292863/; classtype:trojan-activity;sid:84155963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/bins.sh"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292862/; classtype:trojan-activity;sid:84155962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.56.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292861/; classtype:trojan-activity;sid:84155961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292857/; classtype:trojan-activity;sid:84155957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/t"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292858/; classtype:trojan-activity;sid:84155958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.mips"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292859/; classtype:trojan-activity;sid:84155959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292860/; classtype:trojan-activity;sid:84155960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/r"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292838/; classtype:trojan-activity;sid:84155938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/d"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292839/; classtype:trojan-activity;sid:84155939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.spc"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292840/; classtype:trojan-activity;sid:84155940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/v"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292841/; classtype:trojan-activity;sid:84155941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292842/; classtype:trojan-activity;sid:84155942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/z"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292843/; classtype:trojan-activity;sid:84155943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/wget"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292844/; classtype:trojan-activity;sid:84155944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292845/; classtype:trojan-activity;sid:84155945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/splash.sh"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292846/; classtype:trojan-activity;sid:84155946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292847/; classtype:trojan-activity;sid:84155947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/h"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292848/; classtype:trojan-activity;sid:84155948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/l"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292849/; classtype:trojan-activity;sid:84155949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292850/; classtype:trojan-activity;sid:84155950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/e"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292851/; classtype:trojan-activity;sid:84155951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/wget.sh"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292852/; classtype:trojan-activity;sid:84155952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.x86"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292853/; classtype:trojan-activity;sid:84155953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/u"; depth:6; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292854/; classtype:trojan-activity;sid:84155954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292855/; classtype:trojan-activity;sid:84155955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292856/; classtype:trojan-activity;sid:84155956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm5"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292822/; classtype:trojan-activity;sid:84155922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.m68k"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292823/; classtype:trojan-activity;sid:84155923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.gponfiber"; depth:21; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292824/; classtype:trojan-activity;sid:84155924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.sparc"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292825/; classtype:trojan-activity;sid:84155925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm4"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292826/; classtype:trojan-activity;sid:84155926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.ppc"; depth:15; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292827/; classtype:trojan-activity;sid:84155927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.x86"; depth:15; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292828/; classtype:trojan-activity;sid:84155928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.mipsel"; depth:18; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292829/; classtype:trojan-activity;sid:84155929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yak.sh"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292830/; classtype:trojan-activity;sid:84155930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm7"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292831/; classtype:trojan-activity;sid:84155931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.i586"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292832/; classtype:trojan-activity;sid:84155932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.i686"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292833/; classtype:trojan-activity;sid:84155933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.mips"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292834/; classtype:trojan-activity;sid:84155934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.sh"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292835/; classtype:trojan-activity;sid:84155935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.vigor"; depth:17; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292836/; classtype:trojan-activity;sid:84155936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/b/yakuza.arm6"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292837/; classtype:trojan-activity;sid:84155937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/t"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292812/; classtype:trojan-activity;sid:84155912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/h"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292813/; classtype:trojan-activity;sid:84155913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/d"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292814/; classtype:trojan-activity;sid:84155914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/v"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292815/; classtype:trojan-activity;sid:84155915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.mips"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292816/; classtype:trojan-activity;sid:84155916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.sh4"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292817/; classtype:trojan-activity;sid:84155917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/l"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292818/; classtype:trojan-activity;sid:84155918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/u"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292819/; classtype:trojan-activity;sid:84155919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/splash.sh"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292820/; classtype:trojan-activity;sid:84155920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/wget"; depth:7; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292821/; classtype:trojan-activity;sid:84155921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/z"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292796/; classtype:trojan-activity;sid:84155896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bins.sh"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292797/; classtype:trojan-activity;sid:84155897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bot.arm7"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292798/; classtype:trojan-activity;sid:84155898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/e"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292799/; classtype:trojan-activity;sid:84155899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.ppc"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292800/; classtype:trojan-activity;sid:84155900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/wget.sh"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292801/; classtype:trojan-activity;sid:84155901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm7"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292802/; classtype:trojan-activity;sid:84155902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/r"; depth:4; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292803/; classtype:trojan-activity;sid:84155903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bot.arm"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292804/; classtype:trojan-activity;sid:84155904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.x86"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292805/; classtype:trojan-activity;sid:84155905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.mpsl"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292806/; classtype:trojan-activity;sid:84155906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292807/; classtype:trojan-activity;sid:84155907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.mipsel"; depth:16; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292808/; classtype:trojan-activity;sid:84155908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.spc"; depth:10; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292809/; classtype:trojan-activity;sid:84155909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm5"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292810/; classtype:trojan-activity;sid:84155910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.arm6"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292811/; classtype:trojan-activity;sid:84155911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/dlr.m68k"; depth:11; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292795/; classtype:trojan-activity;sid:84155895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.vigor"; depth:15; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292793/; classtype:trojan-activity;sid:84155893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.mips"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292794/; classtype:trojan-activity;sid:84155894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm4"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292780/; classtype:trojan-activity;sid:84155880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yak.sh"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292781/; classtype:trojan-activity;sid:84155881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.sparc"; depth:15; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292782/; classtype:trojan-activity;sid:84155882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm5"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292783/; classtype:trojan-activity;sid:84155883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.i586"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292784/; classtype:trojan-activity;sid:84155884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.ppc"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292785/; classtype:trojan-activity;sid:84155885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.x86"; depth:13; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292786/; classtype:trojan-activity;sid:84155886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm6"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292787/; classtype:trojan-activity;sid:84155887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.m68k"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292788/; classtype:trojan-activity;sid:84155888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.gponfiber"; depth:19; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292789/; classtype:trojan-activity;sid:84155889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.sh"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292790/; classtype:trojan-activity;sid:84155890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.i686"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292791/; classtype:trojan-activity;sid:84155891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/yakuza.arm7"; depth:14; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292792/; classtype:trojan-activity;sid:84155892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.171.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292779/; classtype:trojan-activity;sid:84155879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292775/; classtype:trojan-activity;sid:84155875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292776/; classtype:trojan-activity;sid:84155876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292777/; classtype:trojan-activity;sid:84155877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292778/; classtype:trojan-activity;sid:84155878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/siesddaljz665we/download"; depth:27; endswith; nocase; http.host; content:"i0004.clarodrive.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292773/; classtype:trojan-activity;sid:84155873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"95.245.22.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292772/; classtype:trojan-activity;sid:84155872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.159.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292771/; classtype:trojan-activity;sid:84155871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292770/; classtype:trojan-activity;sid:84155870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.253.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292769/; classtype:trojan-activity;sid:84155869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.36.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292768/; classtype:trojan-activity;sid:84155868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.227.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292767/; classtype:trojan-activity;sid:84155867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.147.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292766/; classtype:trojan-activity;sid:84155866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292765/; classtype:trojan-activity;sid:84155865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.117.255.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292764/; classtype:trojan-activity;sid:84155864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.239.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292763/; classtype:trojan-activity;sid:84155863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.165.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292762/; classtype:trojan-activity;sid:84155862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.57.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292761/; classtype:trojan-activity;sid:84155861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292760/; classtype:trojan-activity;sid:84155860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.188.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292759/; classtype:trojan-activity;sid:84155859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292758/; classtype:trojan-activity;sid:84155858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.212.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292757/; classtype:trojan-activity;sid:84155857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.128.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292756/; classtype:trojan-activity;sid:84155856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.89.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292754/; classtype:trojan-activity;sid:84155854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.0.212"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292755/; classtype:trojan-activity;sid:84155855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.88.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292753/; classtype:trojan-activity;sid:84155853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292752/; classtype:trojan-activity;sid:84155852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.165.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292751/; classtype:trojan-activity;sid:84155851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.239.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292750/; classtype:trojan-activity;sid:84155850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.168.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292749/; classtype:trojan-activity;sid:84155849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292748/; classtype:trojan-activity;sid:84155848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.69.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292747/; classtype:trojan-activity;sid:84155847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292746/; classtype:trojan-activity;sid:84155846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.100.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292745/; classtype:trojan-activity;sid:84155845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.251.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292744/; classtype:trojan-activity;sid:84155844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.230.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292742/; classtype:trojan-activity;sid:84155842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.103.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292743/; classtype:trojan-activity;sid:84155843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.181.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292741/; classtype:trojan-activity;sid:84155841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292740/; classtype:trojan-activity;sid:84155840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.1.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292738/; classtype:trojan-activity;sid:84155838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.1.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292739/; classtype:trojan-activity;sid:84155839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292737/; classtype:trojan-activity;sid:84155837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.244.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292736/; classtype:trojan-activity;sid:84155836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292735/; classtype:trojan-activity;sid:84155835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292734/; classtype:trojan-activity;sid:84155834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.82.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292733/; classtype:trojan-activity;sid:84155833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.100.13.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292732/; classtype:trojan-activity;sid:84155832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.198.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292731/; classtype:trojan-activity;sid:84155831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.181.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292730/; classtype:trojan-activity;sid:84155830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.168.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292729/; classtype:trojan-activity;sid:84155829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.188.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292728/; classtype:trojan-activity;sid:84155828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.190.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292727/; classtype:trojan-activity;sid:84155827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.69.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292726/; classtype:trojan-activity;sid:84155826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.181.114.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.91.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292724/; classtype:trojan-activity;sid:84155824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.17.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292722/; classtype:trojan-activity;sid:84155822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292723/; classtype:trojan-activity;sid:84155823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.120.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292721/; classtype:trojan-activity;sid:84155821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.198.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292719/; classtype:trojan-activity;sid:84155819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292720/; classtype:trojan-activity;sid:84155820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.244.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292718/; classtype:trojan-activity;sid:84155818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.160.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292717/; classtype:trojan-activity;sid:84155817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.100.13.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292716/; classtype:trojan-activity;sid:84155816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.170.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292715/; classtype:trojan-activity;sid:84155815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292714/; classtype:trojan-activity;sid:84155814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.88.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292713/; classtype:trojan-activity;sid:84155813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.203.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292712/; classtype:trojan-activity;sid:84155812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/123.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292711/; classtype:trojan-activity;sid:84155811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.45.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292710/; classtype:trojan-activity;sid:84155810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.3.25.180"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292709/; classtype:trojan-activity;sid:84155809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292708/; classtype:trojan-activity;sid:84155808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.119.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292707/; classtype:trojan-activity;sid:84155807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.107.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292706/; classtype:trojan-activity;sid:84155806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.179.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292705/; classtype:trojan-activity;sid:84155805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.21.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292704/; classtype:trojan-activity;sid:84155804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewprofile"; depth:12; endswith; nocase; http.host; content:"f47d5.language.sebtomato.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292703/; classtype:trojan-activity;sid:84155803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.81.159.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292702/; classtype:trojan-activity;sid:84155802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.48.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292701/; classtype:trojan-activity;sid:84155801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.112.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292700/; classtype:trojan-activity;sid:84155800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.229.152.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292699/; classtype:trojan-activity;sid:84155799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.231.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292698/; classtype:trojan-activity;sid:84155798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.63.247.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292697/; classtype:trojan-activity;sid:84155797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292696/; classtype:trojan-activity;sid:84155796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.120.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292695/; classtype:trojan-activity;sid:84155795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292694/; classtype:trojan-activity;sid:84155794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.88.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292693/; classtype:trojan-activity;sid:84155793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.251.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292692/; classtype:trojan-activity;sid:84155792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292691/; classtype:trojan-activity;sid:84155791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.118.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292690/; classtype:trojan-activity;sid:84155790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.236.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292689/; classtype:trojan-activity;sid:84155789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292688/; classtype:trojan-activity;sid:84155788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.81.159.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292687/; classtype:trojan-activity;sid:84155787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.100.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292686/; classtype:trojan-activity;sid:84155786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292685/; classtype:trojan-activity;sid:84155785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.102.29.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292684/; classtype:trojan-activity;sid:84155784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292683/; classtype:trojan-activity;sid:84155783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.245.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292682/; classtype:trojan-activity;sid:84155782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.229.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292681/; classtype:trojan-activity;sid:84155781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.102.29.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292680/; classtype:trojan-activity;sid:84155780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.107.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292679/; classtype:trojan-activity;sid:84155779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.246.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292678/; classtype:trojan-activity;sid:84155778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.201.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292677/; classtype:trojan-activity;sid:84155777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.40.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292676/; classtype:trojan-activity;sid:84155776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.111.155.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292675/; classtype:trojan-activity;sid:84155775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.64.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292674/; classtype:trojan-activity;sid:84155774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.140.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292673/; classtype:trojan-activity;sid:84155773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.214.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292672/; classtype:trojan-activity;sid:84155772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.11.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292671/; classtype:trojan-activity;sid:84155771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.225.221.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292670/; classtype:trojan-activity;sid:84155770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.153.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292669/; classtype:trojan-activity;sid:84155769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.107.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292668/; classtype:trojan-activity;sid:84155768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.140.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292667/; classtype:trojan-activity;sid:84155767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.96.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292666/; classtype:trojan-activity;sid:84155766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.45.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292665/; classtype:trojan-activity;sid:84155765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292664/; classtype:trojan-activity;sid:84155764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.10.199.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292663/; classtype:trojan-activity;sid:84155763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292662/; classtype:trojan-activity;sid:84155762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.153.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292661/; classtype:trojan-activity;sid:84155761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.111.155.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292660/; classtype:trojan-activity;sid:84155760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.225.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292659/; classtype:trojan-activity;sid:84155759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.153.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292658/; classtype:trojan-activity;sid:84155758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.10.199.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292657/; classtype:trojan-activity;sid:84155757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.233.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292656/; classtype:trojan-activity;sid:84155756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.169.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292655/; classtype:trojan-activity;sid:84155755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.8.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292654/; classtype:trojan-activity;sid:84155754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292653/; classtype:trojan-activity;sid:84155753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.46.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292652/; classtype:trojan-activity;sid:84155752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.34.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292651/; classtype:trojan-activity;sid:84155751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.179.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292650/; classtype:trojan-activity;sid:84155750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb5"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292649/; classtype:trojan-activity;sid:84155749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb8"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292645/; classtype:trojan-activity;sid:84155745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb3"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292646/; classtype:trojan-activity;sid:84155746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb2"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292647/; classtype:trojan-activity;sid:84155747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb6"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292648/; classtype:trojan-activity;sid:84155748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb11"; depth:6; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292639/; classtype:trojan-activity;sid:84155739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb10"; depth:6; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292640/; classtype:trojan-activity;sid:84155740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb4"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292641/; classtype:trojan-activity;sid:84155741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb7"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292642/; classtype:trojan-activity;sid:84155742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb1"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292643/; classtype:trojan-activity;sid:84155743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmb9"; depth:5; endswith; nocase; http.host; content:"137.184.54.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292644/; classtype:trojan-activity;sid:84155744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292638/; classtype:trojan-activity;sid:84155738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.97.15"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292637/; classtype:trojan-activity;sid:84155737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.143.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292636/; classtype:trojan-activity;sid:84155736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.58.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292635/; classtype:trojan-activity;sid:84155735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.49.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292634/; classtype:trojan-activity;sid:84155734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.58.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292633/; classtype:trojan-activity;sid:84155733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.219.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292632/; classtype:trojan-activity;sid:84155732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.225.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292631/; classtype:trojan-activity;sid:84155731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.159.71.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292630/; classtype:trojan-activity;sid:84155730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.0.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292629/; classtype:trojan-activity;sid:84155729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.226.177.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292628/; classtype:trojan-activity;sid:84155728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.34.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292626/; classtype:trojan-activity;sid:84155726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.179.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292627/; classtype:trojan-activity;sid:84155727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.46.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292625/; classtype:trojan-activity;sid:84155725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.72.1.7"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292624/; classtype:trojan-activity;sid:84155724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292623/; classtype:trojan-activity;sid:84155723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292622/; classtype:trojan-activity;sid:84155722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292620/; classtype:trojan-activity;sid:84155720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292621/; classtype:trojan-activity;sid:84155721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.204.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292619/; classtype:trojan-activity;sid:84155719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.85.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292618/; classtype:trojan-activity;sid:84155718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.30.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292617/; classtype:trojan-activity;sid:84155717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.160.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292616/; classtype:trojan-activity;sid:84155716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.145.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292615/; classtype:trojan-activity;sid:84155715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292614/; classtype:trojan-activity;sid:84155714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.140.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292612/; classtype:trojan-activity;sid:84155712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.223.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292613/; classtype:trojan-activity;sid:84155713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.66.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292611/; classtype:trojan-activity;sid:84155711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.216.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292610/; classtype:trojan-activity;sid:84155710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.255.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292609/; classtype:trojan-activity;sid:84155709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.226.177.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292608/; classtype:trojan-activity;sid:84155708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292607/; classtype:trojan-activity;sid:84155707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.217.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292606/; classtype:trojan-activity;sid:84155706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.85.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292605/; classtype:trojan-activity;sid:84155705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292604/; classtype:trojan-activity;sid:84155704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.117.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292603/; classtype:trojan-activity;sid:84155703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.235.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292602/; classtype:trojan-activity;sid:84155702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.223.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292601/; classtype:trojan-activity;sid:84155701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.86.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292600/; classtype:trojan-activity;sid:84155700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.92.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292599/; classtype:trojan-activity;sid:84155699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.217.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292598/; classtype:trojan-activity;sid:84155698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.107.92.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292597/; classtype:trojan-activity;sid:84155697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292596/; classtype:trojan-activity;sid:84155696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.30.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292595/; classtype:trojan-activity;sid:84155695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.30.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292594/; classtype:trojan-activity;sid:84155694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292593/; classtype:trojan-activity;sid:84155693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.127.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292592/; classtype:trojan-activity;sid:84155692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.21.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292591/; classtype:trojan-activity;sid:84155691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.70.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292590/; classtype:trojan-activity;sid:84155690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292589/; classtype:trojan-activity;sid:84155689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292588/; classtype:trojan-activity;sid:84155688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292587/; classtype:trojan-activity;sid:84155687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.254.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292586/; classtype:trojan-activity;sid:84155686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.9.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292585/; classtype:trojan-activity;sid:84155685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.72.19.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292584/; classtype:trojan-activity;sid:84155684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.52.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292583/; classtype:trojan-activity;sid:84155683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.204.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292581/; classtype:trojan-activity;sid:84155681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292582/; classtype:trojan-activity;sid:84155682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292580/; classtype:trojan-activity;sid:84155680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292579/; classtype:trojan-activity;sid:84155679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.107.92.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292578/; classtype:trojan-activity;sid:84155678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.94.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292577/; classtype:trojan-activity;sid:84155677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.127.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292576/; classtype:trojan-activity;sid:84155676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.169.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292575/; classtype:trojan-activity;sid:84155675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.72.19.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292574/; classtype:trojan-activity;sid:84155674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292573/; classtype:trojan-activity;sid:84155673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.209.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292572/; classtype:trojan-activity;sid:84155672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.175.137.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292571/; classtype:trojan-activity;sid:84155671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.44.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292566/; classtype:trojan-activity;sid:84155666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.144.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292567/; classtype:trojan-activity;sid:84155667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.9.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292568/; classtype:trojan-activity;sid:84155668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.205.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292569/; classtype:trojan-activity;sid:84155669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.7.209.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292570/; classtype:trojan-activity;sid:84155670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.27.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292565/; classtype:trojan-activity;sid:84155665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292564/; classtype:trojan-activity;sid:84155664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.254.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292563/; classtype:trojan-activity;sid:84155663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292562/; classtype:trojan-activity;sid:84155662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.23.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292561/; classtype:trojan-activity;sid:84155661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.182.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292560/; classtype:trojan-activity;sid:84155660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.193.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292559/; classtype:trojan-activity;sid:84155659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.171.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292558/; classtype:trojan-activity;sid:84155658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.21.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292557/; classtype:trojan-activity;sid:84155657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.175.137.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292556/; classtype:trojan-activity;sid:84155656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292555/; classtype:trojan-activity;sid:84155655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.166.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292554/; classtype:trojan-activity;sid:84155654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.161.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292553/; classtype:trojan-activity;sid:84155653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.202.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292552/; classtype:trojan-activity;sid:84155652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.174.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292550/; classtype:trojan-activity;sid:84155650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292551/; classtype:trojan-activity;sid:84155651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.236.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292549/; classtype:trojan-activity;sid:84155649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.193.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292548/; classtype:trojan-activity;sid:84155648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.127.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292547/; classtype:trojan-activity;sid:84155647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.56.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292546/; classtype:trojan-activity;sid:84155646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.78.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292545/; classtype:trojan-activity;sid:84155645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.66.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292544/; classtype:trojan-activity;sid:84155644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.154.168.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292543/; classtype:trojan-activity;sid:84155643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.253.80.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292542/; classtype:trojan-activity;sid:84155642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/6husaez9i4l17xu7m4vwh/2oficio-192-notificaci-n-electr-nica-cendo-rama-judicial-rad-1531651351651-1321351-00-354165.tar.uue.tar.001|3f|rlkey=71mt6juvshs8jtndvnu4gr0u9|7c|26|7c|st=xy7dtgc0|7c|26|7c|dl=0"; depth:208; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292541/; classtype:trojan-activity;sid:84155641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.38.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292540/; classtype:trojan-activity;sid:84155640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292539/; classtype:trojan-activity;sid:84155639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.236.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292538/; classtype:trojan-activity;sid:84155638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.168.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292537/; classtype:trojan-activity;sid:84155637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.78.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292536/; classtype:trojan-activity;sid:84155636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.62.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292535/; classtype:trojan-activity;sid:84155635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292534/; classtype:trojan-activity;sid:84155634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292533/; classtype:trojan-activity;sid:84155633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.56.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292532/; classtype:trojan-activity;sid:84155632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.23.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292531/; classtype:trojan-activity;sid:84155631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.108.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292530/; classtype:trojan-activity;sid:84155630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.159.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292529/; classtype:trojan-activity;sid:84155629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292528/; classtype:trojan-activity;sid:84155628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.135.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292527/; classtype:trojan-activity;sid:84155627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.139.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292526/; classtype:trojan-activity;sid:84155626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.15.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292525/; classtype:trojan-activity;sid:84155625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292524/; classtype:trojan-activity;sid:84155624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292523/; classtype:trojan-activity;sid:84155623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.150.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292522/; classtype:trojan-activity;sid:84155622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.166.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292521/; classtype:trojan-activity;sid:84155621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292520/; classtype:trojan-activity;sid:84155620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.217.68.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292519/; classtype:trojan-activity;sid:84155619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.246.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292518/; classtype:trojan-activity;sid:84155618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292517/; classtype:trojan-activity;sid:84155617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.15.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292516/; classtype:trojan-activity;sid:84155616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292515/; classtype:trojan-activity;sid:84155615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.193.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292514/; classtype:trojan-activity;sid:84155614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.108.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292513/; classtype:trojan-activity;sid:84155613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.26.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292512/; classtype:trojan-activity;sid:84155612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.193.116.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292511/; classtype:trojan-activity;sid:84155611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.14.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292510/; classtype:trojan-activity;sid:84155610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.223.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292509/; classtype:trojan-activity;sid:84155609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.53.127.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292508/; classtype:trojan-activity;sid:84155608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.191.178.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292506/; classtype:trojan-activity;sid:84155606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.160.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292507/; classtype:trojan-activity;sid:84155607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292505/; classtype:trojan-activity;sid:84155605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.217.68.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292504/; classtype:trojan-activity;sid:84155604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.141.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292503/; classtype:trojan-activity;sid:84155603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.22.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292502/; classtype:trojan-activity;sid:84155602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.249.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292501/; classtype:trojan-activity;sid:84155601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292500/; classtype:trojan-activity;sid:84155600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.198.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292499/; classtype:trojan-activity;sid:84155599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292498/; classtype:trojan-activity;sid:84155598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292497/; classtype:trojan-activity;sid:84155597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292496/; classtype:trojan-activity;sid:84155596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.253.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292495/; classtype:trojan-activity;sid:84155595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.163.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292494/; classtype:trojan-activity;sid:84155594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.118.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292493/; classtype:trojan-activity;sid:84155593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.193.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292492/; classtype:trojan-activity;sid:84155592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.15.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292491/; classtype:trojan-activity;sid:84155591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.126.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292490/; classtype:trojan-activity;sid:84155590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.161.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292489/; classtype:trojan-activity;sid:84155589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.135.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292488/; classtype:trojan-activity;sid:84155588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.12.52"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292487/; classtype:trojan-activity;sid:84155587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.28.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292486/; classtype:trojan-activity;sid:84155586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.153.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292485/; classtype:trojan-activity;sid:84155585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.195.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292484/; classtype:trojan-activity;sid:84155584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.212.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292483/; classtype:trojan-activity;sid:84155583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.22.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292482/; classtype:trojan-activity;sid:84155582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.12.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292481/; classtype:trojan-activity;sid:84155581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.50.59"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292480/; classtype:trojan-activity;sid:84155580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.86.96.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292479/; classtype:trojan-activity;sid:84155579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.85.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292478/; classtype:trojan-activity;sid:84155578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292477/; classtype:trojan-activity;sid:84155577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.192.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292476/; classtype:trojan-activity;sid:84155576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.7.179.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292475/; classtype:trojan-activity;sid:84155575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.248.29.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292474/; classtype:trojan-activity;sid:84155574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.55.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292473/; classtype:trojan-activity;sid:84155573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.212.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292472/; classtype:trojan-activity;sid:84155572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.153.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292471/; classtype:trojan-activity;sid:84155571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.86.96.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292470/; classtype:trojan-activity;sid:84155570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292469/; classtype:trojan-activity;sid:84155569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.152.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292468/; classtype:trojan-activity;sid:84155568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.13.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292467/; classtype:trojan-activity;sid:84155567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.66.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292466/; classtype:trojan-activity;sid:84155566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.192.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292465/; classtype:trojan-activity;sid:84155565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.141.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292464/; classtype:trojan-activity;sid:84155564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.179.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292463/; classtype:trojan-activity;sid:84155563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.43.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292462/; classtype:trojan-activity;sid:84155562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292461/; classtype:trojan-activity;sid:84155561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.238.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292460/; classtype:trojan-activity;sid:84155560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.215.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292459/; classtype:trojan-activity;sid:84155559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.55.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292458/; classtype:trojan-activity;sid:84155558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.69.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292456/; classtype:trojan-activity;sid:84155556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.43.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292457/; classtype:trojan-activity;sid:84155557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.152.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292455/; classtype:trojan-activity;sid:84155555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.26.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292454/; classtype:trojan-activity;sid:84155554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.96.222"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292453/; classtype:trojan-activity;sid:84155553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.150.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292452/; classtype:trojan-activity;sid:84155552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.94.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292450/; classtype:trojan-activity;sid:84155550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.25.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292451/; classtype:trojan-activity;sid:84155551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.40.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292449/; classtype:trojan-activity;sid:84155549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.55.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292448/; classtype:trojan-activity;sid:84155548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.85.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292447/; classtype:trojan-activity;sid:84155547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.13.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292446/; classtype:trojan-activity;sid:84155546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.29.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292445/; classtype:trojan-activity;sid:84155545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.69.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292442/; classtype:trojan-activity;sid:84155542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.33.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292443/; classtype:trojan-activity;sid:84155543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.203.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292444/; classtype:trojan-activity;sid:84155544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.0.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292441/; classtype:trojan-activity;sid:84155541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292440/; classtype:trojan-activity;sid:84155540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.86.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292439/; classtype:trojan-activity;sid:84155539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292438/; classtype:trojan-activity;sid:84155538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.143.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292437/; classtype:trojan-activity;sid:84155537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.56.138.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292436/; classtype:trojan-activity;sid:84155536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/skoblik.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292435/; classtype:trojan-activity;sid:84155535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.172.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292434/; classtype:trojan-activity;sid:84155534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292433/; classtype:trojan-activity;sid:84155533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"45.91.193.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292432/; classtype:trojan-activity;sid:84155532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292431/; classtype:trojan-activity;sid:84155531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.20.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292430/; classtype:trojan-activity;sid:84155530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.130.68.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292429/; classtype:trojan-activity;sid:84155529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.104.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292428/; classtype:trojan-activity;sid:84155528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.29.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292427/; classtype:trojan-activity;sid:84155527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.46.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292425/; classtype:trojan-activity;sid:84155525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292426/; classtype:trojan-activity;sid:84155526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.191.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292424/; classtype:trojan-activity;sid:84155524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.0.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292423/; classtype:trojan-activity;sid:84155523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.246.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292422/; classtype:trojan-activity;sid:84155522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.91.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292421/; classtype:trojan-activity;sid:84155521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.94.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292420/; classtype:trojan-activity;sid:84155520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.1.242"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292419/; classtype:trojan-activity;sid:84155519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.86.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292418/; classtype:trojan-activity;sid:84155518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292417/; classtype:trojan-activity;sid:84155517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.115.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292415/; classtype:trojan-activity;sid:84155515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.60.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292416/; classtype:trojan-activity;sid:84155516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.31.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292414/; classtype:trojan-activity;sid:84155514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.191.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292413/; classtype:trojan-activity;sid:84155513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.75.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292411/; classtype:trojan-activity;sid:84155511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.52.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292412/; classtype:trojan-activity;sid:84155512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.149.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292410/; classtype:trojan-activity;sid:84155510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.138.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292409/; classtype:trojan-activity;sid:84155509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.55.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292408/; classtype:trojan-activity;sid:84155508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.159.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292407/; classtype:trojan-activity;sid:84155507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.86.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292406/; classtype:trojan-activity;sid:84155506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.60.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292405/; classtype:trojan-activity;sid:84155505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.248.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292404/; classtype:trojan-activity;sid:84155504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292403/; classtype:trojan-activity;sid:84155503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.172.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292402/; classtype:trojan-activity;sid:84155502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.24.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292401/; classtype:trojan-activity;sid:84155501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.15.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292400/; classtype:trojan-activity;sid:84155500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292399/; classtype:trojan-activity;sid:84155499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.15.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292397/; classtype:trojan-activity;sid:84155497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.38.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292398/; classtype:trojan-activity;sid:84155498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.19.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292396/; classtype:trojan-activity;sid:84155496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.215.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292395/; classtype:trojan-activity;sid:84155495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.240.66.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292394/; classtype:trojan-activity;sid:84155494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.249.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292393/; classtype:trojan-activity;sid:84155493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.60.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292392/; classtype:trojan-activity;sid:84155492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.17.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292391/; classtype:trojan-activity;sid:84155491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.24.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292390/; classtype:trojan-activity;sid:84155490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292389/; classtype:trojan-activity;sid:84155489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.23.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292388/; classtype:trojan-activity;sid:84155488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.15.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292387/; classtype:trojan-activity;sid:84155487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.185.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292386/; classtype:trojan-activity;sid:84155486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.63.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292385/; classtype:trojan-activity;sid:84155485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.116.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292384/; classtype:trojan-activity;sid:84155484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.38.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292383/; classtype:trojan-activity;sid:84155483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.187.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292382/; classtype:trojan-activity;sid:84155482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.20.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292380/; classtype:trojan-activity;sid:84155480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.85.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292381/; classtype:trojan-activity;sid:84155481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.61.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292379/; classtype:trojan-activity;sid:84155479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.120.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292378/; classtype:trojan-activity;sid:84155478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.240.66.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292377/; classtype:trojan-activity;sid:84155477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.249.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292376/; classtype:trojan-activity;sid:84155476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.52.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292375/; classtype:trojan-activity;sid:84155475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.64.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292374/; classtype:trojan-activity;sid:84155474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292373/; classtype:trojan-activity;sid:84155473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292372/; classtype:trojan-activity;sid:84155472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.125.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292371/; classtype:trojan-activity;sid:84155471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.134.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292370/; classtype:trojan-activity;sid:84155470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.185.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292369/; classtype:trojan-activity;sid:84155469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.234.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292367/; classtype:trojan-activity;sid:84155467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.117.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292368/; classtype:trojan-activity;sid:84155468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.116.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292366/; classtype:trojan-activity;sid:84155466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292365/; classtype:trojan-activity;sid:84155465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292364/; classtype:trojan-activity;sid:84155464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.18.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292363/; classtype:trojan-activity;sid:84155463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.31.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292362/; classtype:trojan-activity;sid:84155462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.15.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292361/; classtype:trojan-activity;sid:84155461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.42.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292360/; classtype:trojan-activity;sid:84155460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292359/; classtype:trojan-activity;sid:84155459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.82.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292358/; classtype:trojan-activity;sid:84155458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.144.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292357/; classtype:trojan-activity;sid:84155457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292356/; classtype:trojan-activity;sid:84155456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292355/; classtype:trojan-activity;sid:84155455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292354/; classtype:trojan-activity;sid:84155454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.198.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292353/; classtype:trojan-activity;sid:84155453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.69.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292352/; classtype:trojan-activity;sid:84155452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292351/; classtype:trojan-activity;sid:84155451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292350/; classtype:trojan-activity;sid:84155450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.117.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292349/; classtype:trojan-activity;sid:84155449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292348/; classtype:trojan-activity;sid:84155448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.202.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292347/; classtype:trojan-activity;sid:84155447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.220.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292346/; classtype:trojan-activity;sid:84155446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.249.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292345/; classtype:trojan-activity;sid:84155445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.20.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292344/; classtype:trojan-activity;sid:84155444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.18.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292343/; classtype:trojan-activity;sid:84155443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.186.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292342/; classtype:trojan-activity;sid:84155442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292341/; classtype:trojan-activity;sid:84155441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292340/; classtype:trojan-activity;sid:84155440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.177.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292339/; classtype:trojan-activity;sid:84155439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.92.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292337/; classtype:trojan-activity;sid:84155437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.44.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292338/; classtype:trojan-activity;sid:84155438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.177.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292336/; classtype:trojan-activity;sid:84155436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292335/; classtype:trojan-activity;sid:84155435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.135.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292334/; classtype:trojan-activity;sid:84155434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.101.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292333/; classtype:trojan-activity;sid:84155433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.135.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292332/; classtype:trojan-activity;sid:84155432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292331/; classtype:trojan-activity;sid:84155431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.92.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292330/; classtype:trojan-activity;sid:84155430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292329/; classtype:trojan-activity;sid:84155429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.50.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292328/; classtype:trojan-activity;sid:84155428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.139.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292327/; classtype:trojan-activity;sid:84155427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.23.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292326/; classtype:trojan-activity;sid:84155426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.176.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292325/; classtype:trojan-activity;sid:84155425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.186.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292324/; classtype:trojan-activity;sid:84155424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292323/; classtype:trojan-activity;sid:84155423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.44.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292322/; classtype:trojan-activity;sid:84155422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.80.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292321/; classtype:trojan-activity;sid:84155421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.83.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292320/; classtype:trojan-activity;sid:84155420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.123.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292319/; classtype:trojan-activity;sid:84155419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.28.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292318/; classtype:trojan-activity;sid:84155418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.238.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292317/; classtype:trojan-activity;sid:84155417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.40.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292316/; classtype:trojan-activity;sid:84155416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.139.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292315/; classtype:trojan-activity;sid:84155415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.140.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292314/; classtype:trojan-activity;sid:84155414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.33.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292313/; classtype:trojan-activity;sid:84155413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292312/; classtype:trojan-activity;sid:84155412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292311/; classtype:trojan-activity;sid:84155411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.86.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292309/; classtype:trojan-activity;sid:84155409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.82.50.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292310/; classtype:trojan-activity;sid:84155410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292308/; classtype:trojan-activity;sid:84155408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.80.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292307/; classtype:trojan-activity;sid:84155407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.120.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292306/; classtype:trojan-activity;sid:84155406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.123.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292305/; classtype:trojan-activity;sid:84155405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.12.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292304/; classtype:trojan-activity;sid:84155404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292302/; classtype:trojan-activity;sid:84155402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.177.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292303/; classtype:trojan-activity;sid:84155403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292301/; classtype:trojan-activity;sid:84155401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.21.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292300/; classtype:trojan-activity;sid:84155400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292299/; classtype:trojan-activity;sid:84155399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292298/; classtype:trojan-activity;sid:84155398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.118.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292297/; classtype:trojan-activity;sid:84155397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.14.124.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292296/; classtype:trojan-activity;sid:84155396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.200.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292295/; classtype:trojan-activity;sid:84155395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292294/; classtype:trojan-activity;sid:84155394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.40.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292293/; classtype:trojan-activity;sid:84155393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.33.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292292/; classtype:trojan-activity;sid:84155392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.109.159.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292291/; classtype:trojan-activity;sid:84155391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292290/; classtype:trojan-activity;sid:84155390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.10.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292289/; classtype:trojan-activity;sid:84155389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.125.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292288/; classtype:trojan-activity;sid:84155388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.158.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292287/; classtype:trojan-activity;sid:84155387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292286/; classtype:trojan-activity;sid:84155386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292285/; classtype:trojan-activity;sid:84155385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.223.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292284/; classtype:trojan-activity;sid:84155384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.149.139.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292283/; classtype:trojan-activity;sid:84155383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292282/; classtype:trojan-activity;sid:84155382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/reg/update.json"; depth:20; endswith; nocase; http.host; content:"cdn-defac18.artcollective-snapclick.com"; depth:39; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292281/; classtype:trojan-activity;sid:84155381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.221.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292280/; classtype:trojan-activity;sid:84155380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naailq1"; depth:8; endswith; nocase; http.host; content:"pub.foodie-safari.shop"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292279/; classtype:trojan-activity;sid:84155379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292278/; classtype:trojan-activity;sid:84155378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.244.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292277/; classtype:trojan-activity;sid:84155377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292276/; classtype:trojan-activity;sid:84155376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/cdn1/instruction_18112.pdf.lnk"; depth:41; endswith; nocase; http.host; content:"download.cdn-serveri6731-ns.shop"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292275/; classtype:trojan-activity;sid:84155375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.14.124.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292274/; classtype:trojan-activity;sid:84155374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.36.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292271/; classtype:trojan-activity;sid:84155371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.52.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292272/; classtype:trojan-activity;sid:84155372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"157.20.228.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292273/; classtype:trojan-activity;sid:84155373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.15.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292270/; classtype:trojan-activity;sid:84155370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.84.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292269/; classtype:trojan-activity;sid:84155369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292268/; classtype:trojan-activity;sid:84155368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.240.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292267/; classtype:trojan-activity;sid:84155367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.115.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292266/; classtype:trojan-activity;sid:84155366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292265/; classtype:trojan-activity;sid:84155365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.11.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292264/; classtype:trojan-activity;sid:84155364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ass.vbs"; depth:8; endswith; nocase; http.host; content:"postposted-dat-realistic-email.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292262/; classtype:trojan-activity;sid:84155362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nman.bat"; depth:9; endswith; nocase; http.host; content:"postposted-dat-realistic-email.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292263/; classtype:trojan-activity;sid:84155363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"miracle-receives-lightbox-brighton.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292261/; classtype:trojan-activity;sid:84155361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/dkm-067291.pdf.lnk"; depth:22; endswith; nocase; http.host; content:"postposted-dat-realistic-email.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292260/; classtype:trojan-activity;sid:84155360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.223.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292259/; classtype:trojan-activity;sid:84155359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.64.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292258/; classtype:trojan-activity;sid:84155358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292257/; classtype:trojan-activity;sid:84155357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.19.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292256/; classtype:trojan-activity;sid:84155356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.43.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292255/; classtype:trojan-activity;sid:84155355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.54.88.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292253/; classtype:trojan-activity;sid:84155353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.224.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292254/; classtype:trojan-activity;sid:84155354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.36.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292252/; classtype:trojan-activity;sid:84155352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.170.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292251/; classtype:trojan-activity;sid:84155351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.89.118.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292250/; classtype:trojan-activity;sid:84155350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.221.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292248/; classtype:trojan-activity;sid:84155348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.23.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292249/; classtype:trojan-activity;sid:84155349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.184.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292247/; classtype:trojan-activity;sid:84155347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steelames/video.scr"; depth:20; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292241/; classtype:trojan-activity;sid:84155341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steelames/av.lnk"; depth:17; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292242/; classtype:trojan-activity;sid:84155342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steelames/photo.lnk"; depth:20; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292243/; classtype:trojan-activity;sid:84155343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steelames/av.scr"; depth:17; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292244/; classtype:trojan-activity;sid:84155344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steelames/photo.scr"; depth:20; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292245/; classtype:trojan-activity;sid:84155345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steelames/video.lnk"; depth:20; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292246/; classtype:trojan-activity;sid:84155346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.52.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292240/; classtype:trojan-activity;sid:84155340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.229.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292239/; classtype:trojan-activity;sid:84155339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292237/; classtype:trojan-activity;sid:84155337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6linuxtf"; depth:12; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292238/; classtype:trojan-activity;sid:84155338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292230/; classtype:trojan-activity;sid:84155330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292231/; classtype:trojan-activity;sid:84155331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292232/; classtype:trojan-activity;sid:84155332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292233/; classtype:trojan-activity;sid:84155333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_spc"; depth:9; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292234/; classtype:trojan-activity;sid:84155334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linuxtf"; depth:8; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292235/; classtype:trojan-activity;sid:84155335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4linuxtf"; depth:12; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292236/; classtype:trojan-activity;sid:84155336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipslinuxtf"; depth:12; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292222/; classtype:trojan-activity;sid:84155322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292223/; classtype:trojan-activity;sid:84155323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292224/; classtype:trojan-activity;sid:84155324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292225/; classtype:trojan-activity;sid:84155325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292226/; classtype:trojan-activity;sid:84155326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292227/; classtype:trojan-activity;sid:84155327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292228/; classtype:trojan-activity;sid:84155328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.sh"; depth:5; endswith; nocase; http.host; content:"178.215.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292229/; classtype:trojan-activity;sid:84155329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.220.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292221/; classtype:trojan-activity;sid:84155321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.153.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292220/; classtype:trojan-activity;sid:84155320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.254.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292219/; classtype:trojan-activity;sid:84155319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.109.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292218/; classtype:trojan-activity;sid:84155318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.165.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292217/; classtype:trojan-activity;sid:84155317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.127.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292216/; classtype:trojan-activity;sid:84155316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292215/; classtype:trojan-activity;sid:84155315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.240.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292214/; classtype:trojan-activity;sid:84155314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.226.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292213/; classtype:trojan-activity;sid:84155313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.txt"; depth:6; endswith; nocase; http.host; content:"klkl9.b-cdn.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292212/; classtype:trojan-activity;sid:84155312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accessoryliberty.zip"; depth:21; endswith; nocase; http.host; content:"klkl9.b-cdn.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292211/; classtype:trojan-activity;sid:84155311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.35.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292210/; classtype:trojan-activity;sid:84155310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.149.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292209/; classtype:trojan-activity;sid:84155309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.122.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292208/; classtype:trojan-activity;sid:84155308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.209.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292207/; classtype:trojan-activity;sid:84155307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.101.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292206/; classtype:trojan-activity;sid:84155306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.20.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292205/; classtype:trojan-activity;sid:84155305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.62.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292204/; classtype:trojan-activity;sid:84155304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.ppc"; depth:15; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292202/; classtype:trojan-activity;sid:84155302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm"; depth:15; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292203/; classtype:trojan-activity;sid:84155303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292201/; classtype:trojan-activity;sid:84155301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.x86"; depth:15; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292198/; classtype:trojan-activity;sid:84155298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mips"; depth:16; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292199/; classtype:trojan-activity;sid:84155299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mpsl"; depth:16; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292200/; classtype:trojan-activity;sid:84155300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.m68k"; depth:16; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292183/; classtype:trojan-activity;sid:84155283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm5"; depth:16; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292184/; classtype:trojan-activity;sid:84155284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.spc"; depth:15; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292185/; classtype:trojan-activity;sid:84155285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mpsl"; depth:16; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292186/; classtype:trojan-activity;sid:84155286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.ppc"; depth:15; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292187/; classtype:trojan-activity;sid:84155287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.x86"; depth:15; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292188/; classtype:trojan-activity;sid:84155288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm6"; depth:16; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292189/; classtype:trojan-activity;sid:84155289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.spc"; depth:15; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292190/; classtype:trojan-activity;sid:84155290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm"; depth:15; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292191/; classtype:trojan-activity;sid:84155291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.sh4"; depth:15; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292192/; classtype:trojan-activity;sid:84155292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.sh4"; depth:15; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292193/; classtype:trojan-activity;sid:84155293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mips"; depth:16; endswith; nocase; http.host; content:"160.22.160.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292194/; classtype:trojan-activity;sid:84155294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm5"; depth:16; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292195/; classtype:trojan-activity;sid:84155295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.m68k"; depth:16; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292196/; classtype:trojan-activity;sid:84155296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm6"; depth:16; endswith; nocase; http.host; content:"srothienhoa.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292197/; classtype:trojan-activity;sid:84155297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.122.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292182/; classtype:trojan-activity;sid:84155282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.165.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292181/; classtype:trojan-activity;sid:84155281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292180/; classtype:trojan-activity;sid:84155280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.167.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292179/; classtype:trojan-activity;sid:84155279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.149.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292178/; classtype:trojan-activity;sid:84155278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.154.11.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292177/; classtype:trojan-activity;sid:84155277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.153.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292176/; classtype:trojan-activity;sid:84155276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.196.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292175/; classtype:trojan-activity;sid:84155275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292174/; classtype:trojan-activity;sid:84155274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.130.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292173/; classtype:trojan-activity;sid:84155273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.25.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292172/; classtype:trojan-activity;sid:84155272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.154.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292171/; classtype:trojan-activity;sid:84155271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.84.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292170/; classtype:trojan-activity;sid:84155270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.58.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292169/; classtype:trojan-activity;sid:84155269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.209.213.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292168/; classtype:trojan-activity;sid:84155268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.215.214.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292167/; classtype:trojan-activity;sid:84155267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.100.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292166/; classtype:trojan-activity;sid:84155266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.207.39.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292165/; classtype:trojan-activity;sid:84155265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.20.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292164/; classtype:trojan-activity;sid:84155264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.118.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292163/; classtype:trojan-activity;sid:84155263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.119.193.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292162/; classtype:trojan-activity;sid:84155262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.90.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292161/; classtype:trojan-activity;sid:84155261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.163.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292160/; classtype:trojan-activity;sid:84155260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.157.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292159/; classtype:trojan-activity;sid:84155259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/jodanbc.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292158/; classtype:trojan-activity;sid:84155258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.28.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292157/; classtype:trojan-activity;sid:84155257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.35.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292156/; classtype:trojan-activity;sid:84155256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"74.83.55.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292155/; classtype:trojan-activity;sid:84155255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.104"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292154/; classtype:trojan-activity;sid:84155254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.154.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292152/; classtype:trojan-activity;sid:84155252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.24.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292153/; classtype:trojan-activity;sid:84155253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kodreng225.cmd"; depth:15; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292149/; classtype:trojan-activity;sid:84155249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jagtfalkenes.vbs"; depth:17; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292150/; classtype:trojan-activity;sid:84155250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomhjernet.wsf"; depth:15; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292151/; classtype:trojan-activity;sid:84155251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.84.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292148/; classtype:trojan-activity;sid:84155248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm6"; depth:16; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292144/; classtype:trojan-activity;sid:84155244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.ppc"; depth:15; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292145/; classtype:trojan-activity;sid:84155245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.sh4"; depth:15; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292146/; classtype:trojan-activity;sid:84155246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm7"; depth:16; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292147/; classtype:trojan-activity;sid:84155247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm6"; depth:16; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292131/; classtype:trojan-activity;sid:84155231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arc"; depth:15; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292132/; classtype:trojan-activity;sid:84155232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mpsl"; depth:16; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292133/; classtype:trojan-activity;sid:84155233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm"; depth:15; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292134/; classtype:trojan-activity;sid:84155234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.ppc"; depth:15; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292135/; classtype:trojan-activity;sid:84155235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.m68k"; depth:16; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292136/; classtype:trojan-activity;sid:84155236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86"; depth:15; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292137/; classtype:trojan-activity;sid:84155237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86_64"; depth:18; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292138/; classtype:trojan-activity;sid:84155238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm5"; depth:16; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292139/; classtype:trojan-activity;sid:84155239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arc"; depth:15; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292140/; classtype:trojan-activity;sid:84155240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292141/; classtype:trojan-activity;sid:84155241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86_64"; depth:18; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292142/; classtype:trojan-activity;sid:84155242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.i686"; depth:16; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292143/; classtype:trojan-activity;sid:84155243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm"; depth:15; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292129/; classtype:trojan-activity;sid:84155229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm5"; depth:16; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292130/; classtype:trojan-activity;sid:84155230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.i686"; depth:16; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292127/; classtype:trojan-activity;sid:84155227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mips"; depth:16; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292128/; classtype:trojan-activity;sid:84155228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292122/; classtype:trojan-activity;sid:84155222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mips"; depth:16; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292123/; classtype:trojan-activity;sid:84155223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.sh4"; depth:15; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292124/; classtype:trojan-activity;sid:84155224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.spc"; depth:15; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292125/; classtype:trojan-activity;sid:84155225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mpsl"; depth:16; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292126/; classtype:trojan-activity;sid:84155226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.spc"; depth:15; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292118/; classtype:trojan-activity;sid:84155218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm7"; depth:16; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292119/; classtype:trojan-activity;sid:84155219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86"; depth:15; endswith; nocase; http.host; content:"server-64-235-45-196.da.direct"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292120/; classtype:trojan-activity;sid:84155220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.m68k"; depth:16; endswith; nocase; http.host; content:"64.235.45.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292121/; classtype:trojan-activity;sid:84155221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.3.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292116/; classtype:trojan-activity;sid:84155216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.58.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292117/; classtype:trojan-activity;sid:84155217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"74.83.55.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292115/; classtype:trojan-activity;sid:84155215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.209.213.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292114/; classtype:trojan-activity;sid:84155214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.209.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292113/; classtype:trojan-activity;sid:84155213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.229.151.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292112/; classtype:trojan-activity;sid:84155212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.98.26.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292111/; classtype:trojan-activity;sid:84155211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.233.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292110/; classtype:trojan-activity;sid:84155210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.157.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292109/; classtype:trojan-activity;sid:84155209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"crickout.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292108/; classtype:trojan-activity;sid:84155208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.232.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292107/; classtype:trojan-activity;sid:84155207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.71.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292106/; classtype:trojan-activity;sid:84155206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.30.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292105/; classtype:trojan-activity;sid:84155205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.162.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292104/; classtype:trojan-activity;sid:84155204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/nicko.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292103/; classtype:trojan-activity;sid:84155203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292102/; classtype:trojan-activity;sid:84155202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.45.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292101/; classtype:trojan-activity;sid:84155201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.119.193.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292100/; classtype:trojan-activity;sid:84155200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292099/; classtype:trojan-activity;sid:84155199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292098/; classtype:trojan-activity;sid:84155198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.68.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292097/; classtype:trojan-activity;sid:84155197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.5.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292096/; classtype:trojan-activity;sid:84155196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.188.66.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292095/; classtype:trojan-activity;sid:84155195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.255.202.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292094/; classtype:trojan-activity;sid:84155194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.123.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292093/; classtype:trojan-activity;sid:84155193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.232.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292092/; classtype:trojan-activity;sid:84155192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.232.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292090/; classtype:trojan-activity;sid:84155190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292091/; classtype:trojan-activity;sid:84155191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.208.222.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292089/; classtype:trojan-activity;sid:84155189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.10.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292087/; classtype:trojan-activity;sid:84155187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.99.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292088/; classtype:trojan-activity;sid:84155188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.179.5.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292086/; classtype:trojan-activity;sid:84155186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.62.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292085/; classtype:trojan-activity;sid:84155185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.71.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292084/; classtype:trojan-activity;sid:84155184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.68.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292083/; classtype:trojan-activity;sid:84155183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292082/; classtype:trojan-activity;sid:84155182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.116.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292081/; classtype:trojan-activity;sid:84155181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.175.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292080/; classtype:trojan-activity;sid:84155180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.50.241.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292079/; classtype:trojan-activity;sid:84155179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.123.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292078/; classtype:trojan-activity;sid:84155178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292077/; classtype:trojan-activity;sid:84155177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.3.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292076/; classtype:trojan-activity;sid:84155176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.103.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292075/; classtype:trojan-activity;sid:84155175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.61.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292074/; classtype:trojan-activity;sid:84155174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.188.66.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292073/; classtype:trojan-activity;sid:84155173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292072/; classtype:trojan-activity;sid:84155172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292070/; classtype:trojan-activity;sid:84155170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.5.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292071/; classtype:trojan-activity;sid:84155171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.46.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292069/; classtype:trojan-activity;sid:84155169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.116.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292068/; classtype:trojan-activity;sid:84155168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.255.202.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292067/; classtype:trojan-activity;sid:84155167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.127.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292066/; classtype:trojan-activity;sid:84155166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292065/; classtype:trojan-activity;sid:84155165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.255.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292064/; classtype:trojan-activity;sid:84155164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.254.72.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292063/; classtype:trojan-activity;sid:84155163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.59.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292062/; classtype:trojan-activity;sid:84155162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.68.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292061/; classtype:trojan-activity;sid:84155161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.76.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292060/; classtype:trojan-activity;sid:84155160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.72.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292059/; classtype:trojan-activity;sid:84155159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292058/; classtype:trojan-activity;sid:84155158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292057/; classtype:trojan-activity;sid:84155157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292056/; classtype:trojan-activity;sid:84155156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.43.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292055/; classtype:trojan-activity;sid:84155155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292054/; classtype:trojan-activity;sid:84155154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292053/; classtype:trojan-activity;sid:84155153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.83.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292052/; classtype:trojan-activity;sid:84155152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.3.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292051/; classtype:trojan-activity;sid:84155151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.114.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292050/; classtype:trojan-activity;sid:84155150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.230.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292049/; classtype:trojan-activity;sid:84155149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.114.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292048/; classtype:trojan-activity;sid:84155148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.103.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292046/; classtype:trojan-activity;sid:84155146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"46.158.100.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292047/; classtype:trojan-activity;sid:84155147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.178.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292045/; classtype:trojan-activity;sid:84155145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292044/; classtype:trojan-activity;sid:84155144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.232.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292043/; classtype:trojan-activity;sid:84155143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.178.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292042/; classtype:trojan-activity;sid:84155142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.25.188.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292041/; classtype:trojan-activity;sid:84155141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.208.48.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292040/; classtype:trojan-activity;sid:84155140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292039/; classtype:trojan-activity;sid:84155139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292038/; classtype:trojan-activity;sid:84155138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.26.81.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292037/; classtype:trojan-activity;sid:84155137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292036/; classtype:trojan-activity;sid:84155136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.178.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292035/; classtype:trojan-activity;sid:84155135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292034/; classtype:trojan-activity;sid:84155134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.103.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292033/; classtype:trojan-activity;sid:84155133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.0.79.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292031/; classtype:trojan-activity;sid:84155131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.178.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292032/; classtype:trojan-activity;sid:84155132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.232.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292030/; classtype:trojan-activity;sid:84155130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.233.148.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292029/; classtype:trojan-activity;sid:84155129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292028/; classtype:trojan-activity;sid:84155128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.25.188.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292027/; classtype:trojan-activity;sid:84155127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.185.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292026/; classtype:trojan-activity;sid:84155126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.71.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292025/; classtype:trojan-activity;sid:84155125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292024/; classtype:trojan-activity;sid:84155124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.113.124.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292023/; classtype:trojan-activity;sid:84155123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.243.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292022/; classtype:trojan-activity;sid:84155122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.57.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292020/; classtype:trojan-activity;sid:84155120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.202.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292021/; classtype:trojan-activity;sid:84155121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.9.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292019/; classtype:trojan-activity;sid:84155119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292018/; classtype:trojan-activity;sid:84155118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.201.0.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292017/; classtype:trojan-activity;sid:84155117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.96.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292016/; classtype:trojan-activity;sid:84155116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.140.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292015/; classtype:trojan-activity;sid:84155115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; depth:59; endswith; nocase; http.host; content:"mininews.kpzip.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downdll/opengl32.dll40watson-sanchez4040830.exe"; depth:48; endswith; nocase; http.host; content:"www.bkzj.wang"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292013/; classtype:trojan-activity;sid:84155113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows_update/windows_update.dll"; depth:34; endswith; nocase; http.host; content:"20.0.145.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292012/; classtype:trojan-activity;sid:84155112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.113.124.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292011/; classtype:trojan-activity;sid:84155111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.16.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292010/; classtype:trojan-activity;sid:84155110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.240.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292009/; classtype:trojan-activity;sid:84155109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.141.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292008/; classtype:trojan-activity;sid:84155108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.114.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292007/; classtype:trojan-activity;sid:84155107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.146.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292006/; classtype:trojan-activity;sid:84155106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.67.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292005/; classtype:trojan-activity;sid:84155105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.119.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292004/; classtype:trojan-activity;sid:84155104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.62.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292003/; classtype:trojan-activity;sid:84155103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.131.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292002/; classtype:trojan-activity;sid:84155102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292001/; classtype:trojan-activity;sid:84155101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.9.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292000/; classtype:trojan-activity;sid:84155100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.71.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291999/; classtype:trojan-activity;sid:84155099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.165.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291998/; classtype:trojan-activity;sid:84155098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.22.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291997/; classtype:trojan-activity;sid:84155097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.140.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291996/; classtype:trojan-activity;sid:84155096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.243.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291995/; classtype:trojan-activity;sid:84155095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.96.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291994/; classtype:trojan-activity;sid:84155094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.237.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291993/; classtype:trojan-activity;sid:84155093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.140.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291992/; classtype:trojan-activity;sid:84155092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.24.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291991/; classtype:trojan-activity;sid:84155091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291990/; classtype:trojan-activity;sid:84155090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.230.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291989/; classtype:trojan-activity;sid:84155089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.146.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291988/; classtype:trojan-activity;sid:84155088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291987/; classtype:trojan-activity;sid:84155087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.157.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291986/; classtype:trojan-activity;sid:84155086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.137.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291985/; classtype:trojan-activity;sid:84155085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.157.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291984/; classtype:trojan-activity;sid:84155084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.167.33.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291982/; classtype:trojan-activity;sid:84155082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.82.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291983/; classtype:trojan-activity;sid:84155083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.11.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291981/; classtype:trojan-activity;sid:84155081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.21.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291980/; classtype:trojan-activity;sid:84155080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291979/; classtype:trojan-activity;sid:84155079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.218.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291978/; classtype:trojan-activity;sid:84155078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.253.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291977/; classtype:trojan-activity;sid:84155077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.172.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291975/; classtype:trojan-activity;sid:84155075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.34.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291976/; classtype:trojan-activity;sid:84155076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.24.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291973/; classtype:trojan-activity;sid:84155073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.143.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291974/; classtype:trojan-activity;sid:84155074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.169.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291972/; classtype:trojan-activity;sid:84155072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.215.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291971/; classtype:trojan-activity;sid:84155071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.71.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291970/; classtype:trojan-activity;sid:84155070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.245.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291969/; classtype:trojan-activity;sid:84155069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.190.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291968/; classtype:trojan-activity;sid:84155068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.198.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291966/; classtype:trojan-activity;sid:84155066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.115.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291967/; classtype:trojan-activity;sid:84155067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.43.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291965/; classtype:trojan-activity;sid:84155065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.82.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291964/; classtype:trojan-activity;sid:84155064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.16.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291963/; classtype:trojan-activity;sid:84155063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.90.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291962/; classtype:trojan-activity;sid:84155062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.227.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291961/; classtype:trojan-activity;sid:84155061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.143.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291960/; classtype:trojan-activity;sid:84155060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.223.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291959/; classtype:trojan-activity;sid:84155059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.71.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291958/; classtype:trojan-activity;sid:84155058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.74.13.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291957/; classtype:trojan-activity;sid:84155057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.24.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291956/; classtype:trojan-activity;sid:84155056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291955/; classtype:trojan-activity;sid:84155055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.32.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291954/; classtype:trojan-activity;sid:84155054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291953/; classtype:trojan-activity;sid:84155053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291952/; classtype:trojan-activity;sid:84155052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.158.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291951/; classtype:trojan-activity;sid:84155051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.227.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291950/; classtype:trojan-activity;sid:84155050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.223.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291949/; classtype:trojan-activity;sid:84155049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291948/; classtype:trojan-activity;sid:84155048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.116.122.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291947/; classtype:trojan-activity;sid:84155047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.33.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291946/; classtype:trojan-activity;sid:84155046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.196.51.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291945/; classtype:trojan-activity;sid:84155045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291944/; classtype:trojan-activity;sid:84155044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.167.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291943/; classtype:trojan-activity;sid:84155043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291942/; classtype:trojan-activity;sid:84155042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291941/; classtype:trojan-activity;sid:84155041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.185.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291940/; classtype:trojan-activity;sid:84155040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.172.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291939/; classtype:trojan-activity;sid:84155039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.82.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291938/; classtype:trojan-activity;sid:84155038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.127.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291937/; classtype:trojan-activity;sid:84155037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.245.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291936/; classtype:trojan-activity;sid:84155036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.226.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291935/; classtype:trojan-activity;sid:84155035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.117.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291934/; classtype:trojan-activity;sid:84155034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.252.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291933/; classtype:trojan-activity;sid:84155033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.53.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291932/; classtype:trojan-activity;sid:84155032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.185.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291931/; classtype:trojan-activity;sid:84155031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.74.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291930/; classtype:trojan-activity;sid:84155030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.13.155"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291929/; classtype:trojan-activity;sid:84155029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.246.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291928/; classtype:trojan-activity;sid:84155028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.205.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291927/; classtype:trojan-activity;sid:84155027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.127.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291926/; classtype:trojan-activity;sid:84155026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.8.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291925/; classtype:trojan-activity;sid:84155025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.231.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291924/; classtype:trojan-activity;sid:84155024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.14.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291923/; classtype:trojan-activity;sid:84155023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.191.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291922/; classtype:trojan-activity;sid:84155022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.226.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291921/; classtype:trojan-activity;sid:84155021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291919/; classtype:trojan-activity;sid:84155019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.79.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291920/; classtype:trojan-activity;sid:84155020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gho%e9%95%9c%e5%83%8f%e5%ae%89%e8%a3%85%e5%99%a8.exe"; depth:53; endswith; nocase; http.host; content:"171.213.44.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291918/; classtype:trojan-activity;sid:84155018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.100.213.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291916/; classtype:trojan-activity;sid:84155016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.111.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291917/; classtype:trojan-activity;sid:84155017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.151.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291915/; classtype:trojan-activity;sid:84155015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.95.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291914/; classtype:trojan-activity;sid:84155014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.94.68.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291913/; classtype:trojan-activity;sid:84155013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.246.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291912/; classtype:trojan-activity;sid:84155012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.200.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291911/; classtype:trojan-activity;sid:84155011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3911_wz.exe"; depth:12; endswith; nocase; http.host; content:"wz.3911.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33/seemybestthingswhichcallyoubabygirlwhichgiveuhotchicks.tif"; depth:62; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291908/; classtype:trojan-activity;sid:84155008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32/seemybestthingswithentirelifetimethingstodomybest.tif"; depth:57; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291909/; classtype:trojan-activity;sid:84155009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33/nu/bestgirlfriendwhowintheheartwithentirelifegivenubestthigns.hta"; depth:69; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291906/; classtype:trojan-activity;sid:84155006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32/nc/kissmegoodthingwhichgivemebestthignswithgirluaremy.hta"; depth:61; endswith; nocase; http.host; content:"192.3.243.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291907/; classtype:trojan-activity;sid:84155007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.127.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291905/; classtype:trojan-activity;sid:84155005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291904/; classtype:trojan-activity;sid:84155004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.120.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291903/; classtype:trojan-activity;sid:84155003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.185.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291902/; classtype:trojan-activity;sid:84155002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.183.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291901/; classtype:trojan-activity;sid:84155001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.51.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291900/; classtype:trojan-activity;sid:84155000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.111.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291899/; classtype:trojan-activity;sid:84154999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.79.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291898/; classtype:trojan-activity;sid:84154998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.95.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291897/; classtype:trojan-activity;sid:84154997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.105.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291896/; classtype:trojan-activity;sid:84154996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.200.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291895/; classtype:trojan-activity;sid:84154995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.230.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291894/; classtype:trojan-activity;sid:84154994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.236.182.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291891/; classtype:trojan-activity;sid:84154991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291892/; classtype:trojan-activity;sid:84154992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.222.206.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291893/; classtype:trojan-activity;sid:84154993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.242.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291890/; classtype:trojan-activity;sid:84154990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291889/; classtype:trojan-activity;sid:84154989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291888/; classtype:trojan-activity;sid:84154988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.51.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291887/; classtype:trojan-activity;sid:84154987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toxis_gaduka_build.exe"; depth:23; endswith; nocase; http.host; content:"5.252.153.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291886/; classtype:trojan-activity;sid:84154986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.111.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291885/; classtype:trojan-activity;sid:84154985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.4.4.141"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291884/; classtype:trojan-activity;sid:84154984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291882/; classtype:trojan-activity;sid:84154982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.176.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291883/; classtype:trojan-activity;sid:84154983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prism"; depth:6; endswith; nocase; http.host; content:"121.36.224.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291881/; classtype:trojan-activity;sid:84154981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup_tunnel.sh"; depth:16; endswith; nocase; http.host; content:"121.36.224.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291880/; classtype:trojan-activity;sid:84154980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merchantservices"; depth:17; endswith; nocase; http.host; content:"tqne.events.socalpocis.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291879/; classtype:trojan-activity;sid:84154979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.217.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291877/; classtype:trojan-activity;sid:84154977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291878/; classtype:trojan-activity;sid:84154978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.3.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291876/; classtype:trojan-activity;sid:84154976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.242.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291875/; classtype:trojan-activity;sid:84154975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.173.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291874/; classtype:trojan-activity;sid:84154974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jupsculd221.bin"; depth:16; endswith; nocase; http.host; content:"104.168.32.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291872/; classtype:trojan-activity;sid:84154972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/penahbirpprgoktv203.bin"; depth:24; endswith; nocase; http.host; content:"93.123.109.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291873/; classtype:trojan-activity;sid:84154973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.5.194"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291871/; classtype:trojan-activity;sid:84154971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.50.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291870/; classtype:trojan-activity;sid:84154970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/stories/guides/guide2018.exe"; depth:36; endswith; nocase; http.host; content:"dcwblida.dz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.239.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291868/; classtype:trojan-activity;sid:84154968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.226.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291867/; classtype:trojan-activity;sid:84154967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291866/; classtype:trojan-activity;sid:84154966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.77.68.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291864/; classtype:trojan-activity;sid:84154964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.59.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291865/; classtype:trojan-activity;sid:84154965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.236.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291862/; classtype:trojan-activity;sid:84154962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.225.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291863/; classtype:trojan-activity;sid:84154963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.54.160.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291861/; classtype:trojan-activity;sid:84154961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.89.154"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291860/; classtype:trojan-activity;sid:84154960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291859/; classtype:trojan-activity;sid:84154959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"68.115.131.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291857/; classtype:trojan-activity;sid:84154957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.100.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291858/; classtype:trojan-activity;sid:84154958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.164.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291856/; classtype:trojan-activity;sid:84154956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.99.26"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291855/; classtype:trojan-activity;sid:84154955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm5"; depth:6; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291853/; classtype:trojan-activity;sid:84154953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor/earm"; depth:14; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291854/; classtype:trojan-activity;sid:84154954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.254.60.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291852/; classtype:trojan-activity;sid:84154952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/empsl"; depth:6; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291851/; classtype:trojan-activity;sid:84154951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm"; depth:5; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291850/; classtype:trojan-activity;sid:84154950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor/earm6"; depth:15; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291847/; classtype:trojan-activity;sid:84154947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emips"; depth:6; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291848/; classtype:trojan-activity;sid:84154948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor/ex86"; depth:14; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291849/; classtype:trojan-activity;sid:84154949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor/earm7"; depth:15; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291840/; classtype:trojan-activity;sid:84154940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor/earm5"; depth:15; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291841/; classtype:trojan-activity;sid:84154941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm6"; depth:6; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291842/; classtype:trojan-activity;sid:84154942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm7"; depth:6; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291843/; classtype:trojan-activity;sid:84154943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex86"; depth:5; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291844/; classtype:trojan-activity;sid:84154944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor/emips"; depth:15; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291845/; classtype:trojan-activity;sid:84154945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backdoor/empsl"; depth:15; endswith; nocase; http.host; content:"43.133.65.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291846/; classtype:trojan-activity;sid:84154946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"194.54.160.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291839/; classtype:trojan-activity;sid:84154939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.226.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291838/; classtype:trojan-activity;sid:84154938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.93.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291837/; classtype:trojan-activity;sid:84154937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.242.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291836/; classtype:trojan-activity;sid:84154936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291835/; classtype:trojan-activity;sid:84154935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.27.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291834/; classtype:trojan-activity;sid:84154934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.236.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291833/; classtype:trojan-activity;sid:84154933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.64.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291831/; classtype:trojan-activity;sid:84154931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.134.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291832/; classtype:trojan-activity;sid:84154932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.47.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291830/; classtype:trojan-activity;sid:84154930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.67.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291829/; classtype:trojan-activity;sid:84154929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.75.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291828/; classtype:trojan-activity;sid:84154928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.75.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291827/; classtype:trojan-activity;sid:84154927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.147.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291826/; classtype:trojan-activity;sid:84154926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.100.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291825/; classtype:trojan-activity;sid:84154925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.47.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291824/; classtype:trojan-activity;sid:84154924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.204.67.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291823/; classtype:trojan-activity;sid:84154923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.248.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291822/; classtype:trojan-activity;sid:84154922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291821/; classtype:trojan-activity;sid:84154921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.75.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291820/; classtype:trojan-activity;sid:84154920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.180.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291819/; classtype:trojan-activity;sid:84154919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.67.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291818/; classtype:trojan-activity;sid:84154918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.117.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291817/; classtype:trojan-activity;sid:84154917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.111.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291816/; classtype:trojan-activity;sid:84154916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.63.247.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291814/; classtype:trojan-activity;sid:84154914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291815/; classtype:trojan-activity;sid:84154915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291813/; classtype:trojan-activity;sid:84154913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.75.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291812/; classtype:trojan-activity;sid:84154912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.46.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291811/; classtype:trojan-activity;sid:84154911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291810/; classtype:trojan-activity;sid:84154910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291809/; classtype:trojan-activity;sid:84154909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"paytest.infinitegalaxy.cn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291808/; classtype:trojan-activity;sid:84154908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"paytest.infinitegalaxy.cn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291806/; classtype:trojan-activity;sid:84154906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"paytest.infinitegalaxy.cn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291807/; classtype:trojan-activity;sid:84154907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"paytest.infinitegalaxy.cn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291805/; classtype:trojan-activity;sid:84154905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"paytest.infinitegalaxy.cn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291803/; classtype:trojan-activity;sid:84154903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"paytest.infinitegalaxy.cn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291804/; classtype:trojan-activity;sid:84154904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.218.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291802/; classtype:trojan-activity;sid:84154902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.216.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291801/; classtype:trojan-activity;sid:84154901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.147.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291800/; classtype:trojan-activity;sid:84154900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data-package/7pdxjnkp/download"; depth:31; endswith; nocase; http.host; content:"filetransfer.io"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291799/; classtype:trojan-activity;sid:84154899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data-package/7pdxjnkp/download"; depth:31; endswith; nocase; http.host; content:"filetransfer.io"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291798/; classtype:trojan-activity;sid:84154898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.121.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291797/; classtype:trojan-activity;sid:84154897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.180.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291796/; classtype:trojan-activity;sid:84154896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.98.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291795/; classtype:trojan-activity;sid:84154895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.6.194"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291794/; classtype:trojan-activity;sid:84154894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.29.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291793/; classtype:trojan-activity;sid:84154893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.47.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291792/; classtype:trojan-activity;sid:84154892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.125.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291791/; classtype:trojan-activity;sid:84154891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.158.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291790/; classtype:trojan-activity;sid:84154890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.135.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291789/; classtype:trojan-activity;sid:84154889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fhpnud.pdf"; depth:11; endswith; nocase; http.host; content:"nexoproducciones.cl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291788/; classtype:trojan-activity;sid:84154888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291787/; classtype:trojan-activity;sid:84154887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ieiqeih-1iodbpcgjseuqkj3sftykaxm"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291786/; classtype:trojan-activity;sid:84154886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/5bwo9mq29wnl5r2a4k3wy/1archivo-nro-18-notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=ieu4fms412fp1o338yg57hz3r|7c|26|7c|st=ivpan68v|7c|26|7c|dl=0"; depth:203; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291782/; classtype:trojan-activity;sid:84154882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/8nh6qq43s1qzgsjlhwq7f/archivo-nro-18-notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=d7rytyfpyngxf5lw63u4b3ysh|7c|26|7c|st=bbolzkoo|7c|26|7c|dl=0"; depth:202; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291783/; classtype:trojan-activity;sid:84154883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/dczxh5ejh61dxxjo0wzox/4notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=5ph1a4hphb7yz4teyaawc0vxl|7c|26|7c|st=hmgpb1j2|7c|26|7c|dl=0"; depth:188; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291784/; classtype:trojan-activity;sid:84154884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sample_photo.js"; depth:16; endswith; nocase; http.host; content:"ikincielesyaciankara.com.tr"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291785/; classtype:trojan-activity;sid:84154885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.87.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291781/; classtype:trojan-activity;sid:84154881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.206.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291780/; classtype:trojan-activity;sid:84154880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291779/; classtype:trojan-activity;sid:84154879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.29.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291778/; classtype:trojan-activity;sid:84154878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291777/; classtype:trojan-activity;sid:84154877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.74.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291776/; classtype:trojan-activity;sid:84154876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.158.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291775/; classtype:trojan-activity;sid:84154875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291774/; classtype:trojan-activity;sid:84154874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.193.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291773/; classtype:trojan-activity;sid:84154873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.37.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291772/; classtype:trojan-activity;sid:84154872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.214.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291771/; classtype:trojan-activity;sid:84154871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.89.90.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291770/; classtype:trojan-activity;sid:84154870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.138.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291769/; classtype:trojan-activity;sid:84154869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.60.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291768/; classtype:trojan-activity;sid:84154868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.114.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291767/; classtype:trojan-activity;sid:84154867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.120.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291766/; classtype:trojan-activity;sid:84154866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.52.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291765/; classtype:trojan-activity;sid:84154865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291764/; classtype:trojan-activity;sid:84154864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.106.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291763/; classtype:trojan-activity;sid:84154863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.146.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291762/; classtype:trojan-activity;sid:84154862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291761/; classtype:trojan-activity;sid:84154861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.134.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291760/; classtype:trojan-activity;sid:84154860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.66.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291759/; classtype:trojan-activity;sid:84154859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.69.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291758/; classtype:trojan-activity;sid:84154858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.247.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291755/; classtype:trojan-activity;sid:84154855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.111.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291756/; classtype:trojan-activity;sid:84154856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.184.253.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291757/; classtype:trojan-activity;sid:84154857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.28.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291754/; classtype:trojan-activity;sid:84154854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.134.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291753/; classtype:trojan-activity;sid:84154853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.2.14.146"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291752/; classtype:trojan-activity;sid:84154852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291751/; classtype:trojan-activity;sid:84154851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.57.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291750/; classtype:trojan-activity;sid:84154850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.1.238"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291749/; classtype:trojan-activity;sid:84154849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.246.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291748/; classtype:trojan-activity;sid:84154848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.191.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291746/; classtype:trojan-activity;sid:84154846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.162.16.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291747/; classtype:trojan-activity;sid:84154847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291745/; classtype:trojan-activity;sid:84154845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.28.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291743/; classtype:trojan-activity;sid:84154843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.57.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291744/; classtype:trojan-activity;sid:84154844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.70.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291742/; classtype:trojan-activity;sid:84154842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.104.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291741/; classtype:trojan-activity;sid:84154841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.212.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291740/; classtype:trojan-activity;sid:84154840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.106.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291739/; classtype:trojan-activity;sid:84154839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291738/; classtype:trojan-activity;sid:84154838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.6.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291736/; classtype:trojan-activity;sid:84154836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.248.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291737/; classtype:trojan-activity;sid:84154837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291735/; classtype:trojan-activity;sid:84154835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291734/; classtype:trojan-activity;sid:84154834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.51.193.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291733/; classtype:trojan-activity;sid:84154833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"67.2.14.146"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291732/; classtype:trojan-activity;sid:84154832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.31.179.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291731/; classtype:trojan-activity;sid:84154831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.70.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291729/; classtype:trojan-activity;sid:84154829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.227.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291730/; classtype:trojan-activity;sid:84154830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.148.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291728/; classtype:trojan-activity;sid:84154828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.212.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291727/; classtype:trojan-activity;sid:84154827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291726/; classtype:trojan-activity;sid:84154826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.104.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291725/; classtype:trojan-activity;sid:84154825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.227.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291724/; classtype:trojan-activity;sid:84154824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.6.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291723/; classtype:trojan-activity;sid:84154823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.35.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291722/; classtype:trojan-activity;sid:84154822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.80.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291721/; classtype:trojan-activity;sid:84154821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.146.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291720/; classtype:trojan-activity;sid:84154820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.4.2.45"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291719/; classtype:trojan-activity;sid:84154819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.31.179.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291718/; classtype:trojan-activity;sid:84154818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.221.46.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291717/; classtype:trojan-activity;sid:84154817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.72.210.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291714/; classtype:trojan-activity;sid:84154814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.190.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291715/; classtype:trojan-activity;sid:84154815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.36.180.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291716/; classtype:trojan-activity;sid:84154816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.116.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291713/; classtype:trojan-activity;sid:84154813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.144.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291712/; classtype:trojan-activity;sid:84154812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.245.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291711/; classtype:trojan-activity;sid:84154811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.166.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291710/; classtype:trojan-activity;sid:84154810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.60.176.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291709/; classtype:trojan-activity;sid:84154809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.79.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291708/; classtype:trojan-activity;sid:84154808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.8.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291707/; classtype:trojan-activity;sid:84154807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.36.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291706/; classtype:trojan-activity;sid:84154806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.138.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291705/; classtype:trojan-activity;sid:84154805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.13.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291704/; classtype:trojan-activity;sid:84154804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.176.107.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291703/; classtype:trojan-activity;sid:84154803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291702/; classtype:trojan-activity;sid:84154802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.116.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291701/; classtype:trojan-activity;sid:84154801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.105.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291700/; classtype:trojan-activity;sid:84154800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.5.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291699/; classtype:trojan-activity;sid:84154799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.13.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291698/; classtype:trojan-activity;sid:84154798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291697/; classtype:trojan-activity;sid:84154797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.166.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291696/; classtype:trojan-activity;sid:84154796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.144.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291695/; classtype:trojan-activity;sid:84154795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.95.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291694/; classtype:trojan-activity;sid:84154794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.233.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291693/; classtype:trojan-activity;sid:84154793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291692/; classtype:trojan-activity;sid:84154792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.43.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291691/; classtype:trojan-activity;sid:84154791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.176.107.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291690/; classtype:trojan-activity;sid:84154790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.47.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291689/; classtype:trojan-activity;sid:84154789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.47.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291688/; classtype:trojan-activity;sid:84154788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.254.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291687/; classtype:trojan-activity;sid:84154787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.181.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291686/; classtype:trojan-activity;sid:84154786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.95.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291685/; classtype:trojan-activity;sid:84154785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.1.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291684/; classtype:trojan-activity;sid:84154784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.113.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291683/; classtype:trojan-activity;sid:84154783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.50.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291682/; classtype:trojan-activity;sid:84154782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.224.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291681/; classtype:trojan-activity;sid:84154781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.180.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291680/; classtype:trojan-activity;sid:84154780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.255.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291679/; classtype:trojan-activity;sid:84154779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.204.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291678/; classtype:trojan-activity;sid:84154778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291677/; classtype:trojan-activity;sid:84154777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.35.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291676/; classtype:trojan-activity;sid:84154776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291674/; classtype:trojan-activity;sid:84154774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.149.153.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291675/; classtype:trojan-activity;sid:84154775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.97.201.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291672/; classtype:trojan-activity;sid:84154772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291673/; classtype:trojan-activity;sid:84154773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.80.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291671/; classtype:trojan-activity;sid:84154771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.80.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291670/; classtype:trojan-activity;sid:84154770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.141.245.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291669/; classtype:trojan-activity;sid:84154769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skoblik.exe"; depth:12; endswith; nocase; http.host; content:"altraonline.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291668/; classtype:trojan-activity;sid:84154768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.113.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291667/; classtype:trojan-activity;sid:84154767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.56.138.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291666/; classtype:trojan-activity;sid:84154766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.177.200.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291665/; classtype:trojan-activity;sid:84154765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.1.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291664/; classtype:trojan-activity;sid:84154764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.62.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291663/; classtype:trojan-activity;sid:84154763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.241.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291662/; classtype:trojan-activity;sid:84154762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.0.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291661/; classtype:trojan-activity;sid:84154761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.115.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291659/; classtype:trojan-activity;sid:84154759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.82.227.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291660/; classtype:trojan-activity;sid:84154760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.226.177.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291658/; classtype:trojan-activity;sid:84154758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.18.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291657/; classtype:trojan-activity;sid:84154757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291656/; classtype:trojan-activity;sid:84154756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.180.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291655/; classtype:trojan-activity;sid:84154755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.100.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291654/; classtype:trojan-activity;sid:84154754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.53.98.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291653/; classtype:trojan-activity;sid:84154753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.55.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291652/; classtype:trojan-activity;sid:84154752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.39.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291651/; classtype:trojan-activity;sid:84154751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.198.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291650/; classtype:trojan-activity;sid:84154750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.119.109.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291649/; classtype:trojan-activity;sid:84154749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.177.200.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291648/; classtype:trojan-activity;sid:84154748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.153.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291647/; classtype:trojan-activity;sid:84154747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.130.127.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291646/; classtype:trojan-activity;sid:84154746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.18.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291645/; classtype:trojan-activity;sid:84154745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.233.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291644/; classtype:trojan-activity;sid:84154744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291643/; classtype:trojan-activity;sid:84154743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.1.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291642/; classtype:trojan-activity;sid:84154742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.96.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291641/; classtype:trojan-activity;sid:84154741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.51.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291640/; classtype:trojan-activity;sid:84154740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.101.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291639/; classtype:trojan-activity;sid:84154739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.103.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291638/; classtype:trojan-activity;sid:84154738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.53.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291637/; classtype:trojan-activity;sid:84154737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.218.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291636/; classtype:trojan-activity;sid:84154736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.238.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291635/; classtype:trojan-activity;sid:84154735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.53.98.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291634/; classtype:trojan-activity;sid:84154734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.100.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291633/; classtype:trojan-activity;sid:84154733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291632/; classtype:trojan-activity;sid:84154732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.153.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291631/; classtype:trojan-activity;sid:84154731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.215.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291630/; classtype:trojan-activity;sid:84154730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.48.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291628/; classtype:trojan-activity;sid:84154728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.110.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291629/; classtype:trojan-activity;sid:84154729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291627/; classtype:trojan-activity;sid:84154727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.139.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291626/; classtype:trojan-activity;sid:84154726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.213.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291625/; classtype:trojan-activity;sid:84154725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.43.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291624/; classtype:trojan-activity;sid:84154724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.227.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291623/; classtype:trojan-activity;sid:84154723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.95.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291622/; classtype:trojan-activity;sid:84154722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.103.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291621/; classtype:trojan-activity;sid:84154721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.119.109.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291620/; classtype:trojan-activity;sid:84154720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.56.138.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291619/; classtype:trojan-activity;sid:84154719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.215.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291618/; classtype:trojan-activity;sid:84154718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.233.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291617/; classtype:trojan-activity;sid:84154717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.9.40.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291616/; classtype:trojan-activity;sid:84154716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.150.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291615/; classtype:trojan-activity;sid:84154715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291614/; classtype:trojan-activity;sid:84154714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291613/; classtype:trojan-activity;sid:84154713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291612/; classtype:trojan-activity;sid:84154712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.178.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291610/; classtype:trojan-activity;sid:84154710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.48.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291611/; classtype:trojan-activity;sid:84154711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291609/; classtype:trojan-activity;sid:84154709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.238.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291608/; classtype:trojan-activity;sid:84154708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.175.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291607/; classtype:trojan-activity;sid:84154707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.236.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291606/; classtype:trojan-activity;sid:84154706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.53.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291605/; classtype:trojan-activity;sid:84154705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.218.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291604/; classtype:trojan-activity;sid:84154704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291602/; classtype:trojan-activity;sid:84154702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291603/; classtype:trojan-activity;sid:84154703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.139.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291600/; classtype:trojan-activity;sid:84154700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.11.57.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291601/; classtype:trojan-activity;sid:84154701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291599/; classtype:trojan-activity;sid:84154699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.249.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291598/; classtype:trojan-activity;sid:84154698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.174.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291597/; classtype:trojan-activity;sid:84154697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.193.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291596/; classtype:trojan-activity;sid:84154696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.242.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291595/; classtype:trojan-activity;sid:84154695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291594/; classtype:trojan-activity;sid:84154694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.178.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291593/; classtype:trojan-activity;sid:84154693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.85.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291592/; classtype:trojan-activity;sid:84154692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.175.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291591/; classtype:trojan-activity;sid:84154691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.217.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291590/; classtype:trojan-activity;sid:84154690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.221.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291589/; classtype:trojan-activity;sid:84154689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.125.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291588/; classtype:trojan-activity;sid:84154688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291587/; classtype:trojan-activity;sid:84154687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.229.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291586/; classtype:trojan-activity;sid:84154686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.187.17.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291585/; classtype:trojan-activity;sid:84154685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.193.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291584/; classtype:trojan-activity;sid:84154684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.65.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291583/; classtype:trojan-activity;sid:84154683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.174.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291582/; classtype:trojan-activity;sid:84154682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291581/; classtype:trojan-activity;sid:84154681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.251.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291580/; classtype:trojan-activity;sid:84154680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291579/; classtype:trojan-activity;sid:84154679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.38.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291578/; classtype:trojan-activity;sid:84154678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.125.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291577/; classtype:trojan-activity;sid:84154677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.6.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291576/; classtype:trojan-activity;sid:84154676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.216.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291575/; classtype:trojan-activity;sid:84154675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.22.86.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291574/; classtype:trojan-activity;sid:84154674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.172.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291573/; classtype:trojan-activity;sid:84154673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.238.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291571/; classtype:trojan-activity;sid:84154671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.229.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291572/; classtype:trojan-activity;sid:84154672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.141.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291570/; classtype:trojan-activity;sid:84154670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.4.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291569/; classtype:trojan-activity;sid:84154669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.42.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291568/; classtype:trojan-activity;sid:84154668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.48.200.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291567/; classtype:trojan-activity;sid:84154667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.46.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291566/; classtype:trojan-activity;sid:84154666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.72.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291565/; classtype:trojan-activity;sid:84154665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.81.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291563/; classtype:trojan-activity;sid:84154663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.43.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291564/; classtype:trojan-activity;sid:84154664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.87.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291562/; classtype:trojan-activity;sid:84154662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.17.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291561/; classtype:trojan-activity;sid:84154661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.87.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291560/; classtype:trojan-activity;sid:84154660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.49.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291559/; classtype:trojan-activity;sid:84154659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.4.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291558/; classtype:trojan-activity;sid:84154658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.141.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291557/; classtype:trojan-activity;sid:84154657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.132.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291556/; classtype:trojan-activity;sid:84154656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291555/; classtype:trojan-activity;sid:84154655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.11.57.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291554/; classtype:trojan-activity;sid:84154654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.10.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291553/; classtype:trojan-activity;sid:84154653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.18.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291552/; classtype:trojan-activity;sid:84154652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.190.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291551/; classtype:trojan-activity;sid:84154651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.28.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291550/; classtype:trojan-activity;sid:84154650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.100.18.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291548/; classtype:trojan-activity;sid:84154648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.153.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291549/; classtype:trojan-activity;sid:84154649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.133.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291547/; classtype:trojan-activity;sid:84154647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.144.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291546/; classtype:trojan-activity;sid:84154646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.38.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291545/; classtype:trojan-activity;sid:84154645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.43.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291544/; classtype:trojan-activity;sid:84154644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.44.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291543/; classtype:trojan-activity;sid:84154643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291542/; classtype:trojan-activity;sid:84154642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.49.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291541/; classtype:trojan-activity;sid:84154641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.132.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291540/; classtype:trojan-activity;sid:84154640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.207.39.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291539/; classtype:trojan-activity;sid:84154639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.42.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291538/; classtype:trojan-activity;sid:84154638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.39.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291537/; classtype:trojan-activity;sid:84154637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291536/; classtype:trojan-activity;sid:84154636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.34.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291535/; classtype:trojan-activity;sid:84154635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.230.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291534/; classtype:trojan-activity;sid:84154634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.155.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291533/; classtype:trojan-activity;sid:84154633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.144.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291532/; classtype:trojan-activity;sid:84154632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.24.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291530/; classtype:trojan-activity;sid:84154630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.34.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291531/; classtype:trojan-activity;sid:84154631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.23.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291529/; classtype:trojan-activity;sid:84154629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.87.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291528/; classtype:trojan-activity;sid:84154628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.6.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291527/; classtype:trojan-activity;sid:84154627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.192.39.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291526/; classtype:trojan-activity;sid:84154626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.126.138.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291525/; classtype:trojan-activity;sid:84154625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.59.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291523/; classtype:trojan-activity;sid:84154623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.44.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291524/; classtype:trojan-activity;sid:84154624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.178.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291522/; classtype:trojan-activity;sid:84154622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.94.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291521/; classtype:trojan-activity;sid:84154621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291520/; classtype:trojan-activity;sid:84154620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291519/; classtype:trojan-activity;sid:84154619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.13.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291518/; classtype:trojan-activity;sid:84154618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.107.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291515/; classtype:trojan-activity;sid:84154615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.214.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291516/; classtype:trojan-activity;sid:84154616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.220.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291517/; classtype:trojan-activity;sid:84154617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291514/; classtype:trojan-activity;sid:84154614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291513/; classtype:trojan-activity;sid:84154613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.36.44.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291512/; classtype:trojan-activity;sid:84154612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.201.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291511/; classtype:trojan-activity;sid:84154611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.23.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291510/; classtype:trojan-activity;sid:84154610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.196.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291509/; classtype:trojan-activity;sid:84154609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.235.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291508/; classtype:trojan-activity;sid:84154608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.230.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291507/; classtype:trojan-activity;sid:84154607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.39.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291506/; classtype:trojan-activity;sid:84154606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.24.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291505/; classtype:trojan-activity;sid:84154605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.87.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291504/; classtype:trojan-activity;sid:84154604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rrrrooosaa-1318a.appspot.com/o/roda%20privated%2fcitacion%20rama%20judicial-pdf.bz2|3f|alt=media|7c|26|7c|token=e36192b2-6ec9-4a55-8271-07b1f3aded68"; depth:154; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291501/; classtype:trojan-activity;sid:84154601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/ig05j620cx7w0yshskdqk/2notificaci-n-electr-ncia-judicial-esm-agradecemos-confirmar-recibido-15.tar.uue.tar.001|3f|rlkey=1ornxe06529961j3gqyfcgfyk|7c|26|7c|st=gnkl8xiw|7c|26|7c|dl=0"; depth:188; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291502/; classtype:trojan-activity;sid:84154602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/ulzkomtc2b3byukh0i31u/notificaci-n-electr-nica-rama-judicial-de-poder-p-blico-agradecemos-confirmar-recibido.tar.uue.tar.001|3f|rlkey=6cke6338ze78lomgilwp94y2e|7c|26|7c|st=p84dq964|7c|26|7c|dl=0"; depth:202; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291503/; classtype:trojan-activity;sid:84154603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/1f2f8dcd-4562-4d52-94e1-b5460d55c3ec/download"; depth:55; endswith; nocase; http.host; content:"files.offshore.cat"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291500/; classtype:trojan-activity;sid:84154600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.sh"; depth:8; endswith; nocase; http.host; content:"185.196.8.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291498/; classtype:trojan-activity;sid:84154598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yodfepqh8rrmnanmw_wvqyik9qsts9aj"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291499/; classtype:trojan-activity;sid:84154599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.177.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291497/; classtype:trojan-activity;sid:84154597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.80.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291496/; classtype:trojan-activity;sid:84154596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.155.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291495/; classtype:trojan-activity;sid:84154595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.13.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291494/; classtype:trojan-activity;sid:84154594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291493/; classtype:trojan-activity;sid:84154593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.105.194.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291492/; classtype:trojan-activity;sid:84154592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.132.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291491/; classtype:trojan-activity;sid:84154591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.85.238.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291490/; classtype:trojan-activity;sid:84154590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.140.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291489/; classtype:trojan-activity;sid:84154589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.179.4.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291488/; classtype:trojan-activity;sid:84154588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291487/; classtype:trojan-activity;sid:84154587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.0.79.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291486/; classtype:trojan-activity;sid:84154586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291485/; classtype:trojan-activity;sid:84154585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291484/; classtype:trojan-activity;sid:84154584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.57.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291483/; classtype:trojan-activity;sid:84154583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291482/; classtype:trojan-activity;sid:84154582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291480/; classtype:trojan-activity;sid:84154580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.59.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291481/; classtype:trojan-activity;sid:84154581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.26.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291479/; classtype:trojan-activity;sid:84154579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.8.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291478/; classtype:trojan-activity;sid:84154578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.95.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291477/; classtype:trojan-activity;sid:84154577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.250.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291476/; classtype:trojan-activity;sid:84154576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.178.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291475/; classtype:trojan-activity;sid:84154575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.155.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291473/; classtype:trojan-activity;sid:84154573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.56.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291474/; classtype:trojan-activity;sid:84154574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.39.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291472/; classtype:trojan-activity;sid:84154572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.20.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291471/; classtype:trojan-activity;sid:84154571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.121.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291470/; classtype:trojan-activity;sid:84154570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.57.179.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291468/; classtype:trojan-activity;sid:84154568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.97.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291469/; classtype:trojan-activity;sid:84154569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.135.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291467/; classtype:trojan-activity;sid:84154567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.80.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291466/; classtype:trojan-activity;sid:84154566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.113.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291465/; classtype:trojan-activity;sid:84154565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291464/; classtype:trojan-activity;sid:84154564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.136.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291463/; classtype:trojan-activity;sid:84154563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.56.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291462/; classtype:trojan-activity;sid:84154562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.253.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291461/; classtype:trojan-activity;sid:84154561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291460/; classtype:trojan-activity;sid:84154560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291458/; classtype:trojan-activity;sid:84154558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.195.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291459/; classtype:trojan-activity;sid:84154559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.176.80.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291456/; classtype:trojan-activity;sid:84154556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.168.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291457/; classtype:trojan-activity;sid:84154557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.163.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291455/; classtype:trojan-activity;sid:84154555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.109.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291454/; classtype:trojan-activity;sid:84154554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.244.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291453/; classtype:trojan-activity;sid:84154553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.15.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291451/; classtype:trojan-activity;sid:84154551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291452/; classtype:trojan-activity;sid:84154552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.200.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291450/; classtype:trojan-activity;sid:84154550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.174.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291449/; classtype:trojan-activity;sid:84154549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.248.29.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291448/; classtype:trojan-activity;sid:84154548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.230.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291447/; classtype:trojan-activity;sid:84154547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m3mastika/dockerfile/raw/refs/heads/main/xmrig"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291446/; classtype:trojan-activity;sid:84154546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.30.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291445/; classtype:trojan-activity;sid:84154545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thebig/stories.exe"; depth:19; endswith; nocase; http.host; content:"176.113.115.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291444/; classtype:trojan-activity;sid:84154544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.182.163.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291443/; classtype:trojan-activity;sid:84154543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.16.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291442/; classtype:trojan-activity;sid:84154542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.251.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291440/; classtype:trojan-activity;sid:84154540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291441/; classtype:trojan-activity;sid:84154541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.95.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291439/; classtype:trojan-activity;sid:84154539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.196.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291437/; classtype:trojan-activity;sid:84154537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.114.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291438/; classtype:trojan-activity;sid:84154538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291436/; classtype:trojan-activity;sid:84154536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.194.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291435/; classtype:trojan-activity;sid:84154535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.239.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291434/; classtype:trojan-activity;sid:84154534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.15.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291433/; classtype:trojan-activity;sid:84154533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.138.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291432/; classtype:trojan-activity;sid:84154532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.65.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291429/; classtype:trojan-activity;sid:84154529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.230.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291430/; classtype:trojan-activity;sid:84154530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.5.194"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291431/; classtype:trojan-activity;sid:84154531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.32.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291428/; classtype:trojan-activity;sid:84154528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291427/; classtype:trojan-activity;sid:84154527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.9.100.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291425/; classtype:trojan-activity;sid:84154525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.53.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291426/; classtype:trojan-activity;sid:84154526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.4.86.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291424/; classtype:trojan-activity;sid:84154524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.25.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291421/; classtype:trojan-activity;sid:84154521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291422/; classtype:trojan-activity;sid:84154522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291423/; classtype:trojan-activity;sid:84154523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.182.163.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291420/; classtype:trojan-activity;sid:84154520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.141.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291419/; classtype:trojan-activity;sid:84154519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291418/; classtype:trojan-activity;sid:84154518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.26.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291417/; classtype:trojan-activity;sid:84154517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291416/; classtype:trojan-activity;sid:84154516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.140.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291415/; classtype:trojan-activity;sid:84154515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.253.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291414/; classtype:trojan-activity;sid:84154514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.239.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291413/; classtype:trojan-activity;sid:84154513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.251.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291412/; classtype:trojan-activity;sid:84154512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.184.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291411/; classtype:trojan-activity;sid:84154511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.90.3.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291409/; classtype:trojan-activity;sid:84154509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291410/; classtype:trojan-activity;sid:84154510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.215.0.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291408/; classtype:trojan-activity;sid:84154508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.194.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291407/; classtype:trojan-activity;sid:84154507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.165.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291406/; classtype:trojan-activity;sid:84154506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291405/; classtype:trojan-activity;sid:84154505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.30.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291404/; classtype:trojan-activity;sid:84154504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291403/; classtype:trojan-activity;sid:84154503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.63.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291402/; classtype:trojan-activity;sid:84154502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.245.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291401/; classtype:trojan-activity;sid:84154501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.95.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291400/; classtype:trojan-activity;sid:84154500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.32.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291399/; classtype:trojan-activity;sid:84154499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.65.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291398/; classtype:trojan-activity;sid:84154498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.26.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291397/; classtype:trojan-activity;sid:84154497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.138.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291396/; classtype:trojan-activity;sid:84154496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.6.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291395/; classtype:trojan-activity;sid:84154495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bcf9zlfw0c7jnocdv2fyw3vza2vt9g8wcy"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291393/; classtype:trojan-activity;sid:84154493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/j3xqi6aixrpgdpe2i0l0xm2gfdfwmlgt61"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291394/; classtype:trojan-activity;sid:84154494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nhbisdjr87nm9vwnihw7lgclq0kapum309"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291380/; classtype:trojan-activity;sid:84154480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/izugwyie7hqq6eh2vmwjv2prbcolowytmk"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291381/; classtype:trojan-activity;sid:84154481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/aeihwiwzxaxbdfidxqegvd3y3nmujuexlj"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291382/; classtype:trojan-activity;sid:84154482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cpyrmlwdb8jamkjfzpneizlpme9lg8hsay"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291383/; classtype:trojan-activity;sid:84154483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ok6pmk0sm1iaqjuhx0j3fsoiz6rvm4hqhp"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291384/; classtype:trojan-activity;sid:84154484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/shxv2xaiwh4vupcuctvojadfixsmqrnmwa"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291385/; classtype:trojan-activity;sid:84154485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/2fzfgtgxopwziwpnf9kulkb5vxsewvmlw1"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291386/; classtype:trojan-activity;sid:84154486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/j5dx2mqsxmkzg06bocsxaq9hagwo6iohgs"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291387/; classtype:trojan-activity;sid:84154487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fyaodlfeic75t03xhqkvzrtxs76xgddov4"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291388/; classtype:trojan-activity;sid:84154488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/noh6gfpdweg0ryaypykkogwawpt17scxqy"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291389/; classtype:trojan-activity;sid:84154489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hjacox0jdy6jlwyurghzxpuklqmfel7nnd"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291390/; classtype:trojan-activity;sid:84154490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k86m"; depth:10; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291391/; classtype:trojan-activity;sid:84154491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vlanx3jqi5shlxw9idsvwmfdb1xagkpm5o"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291392/; classtype:trojan-activity;sid:84154492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.169.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291379/; classtype:trojan-activity;sid:84154479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.103.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291377/; classtype:trojan-activity;sid:84154477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.238.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291378/; classtype:trojan-activity;sid:84154478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.223.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291376/; classtype:trojan-activity;sid:84154476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291375/; classtype:trojan-activity;sid:84154475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/shxv2xaiwh4vupcuctvojadfixsmqrnmwa"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291373/; classtype:trojan-activity;sid:84154473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nhbisdjr87nm9vwnihw7lgclq0kapum309"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291374/; classtype:trojan-activity;sid:84154474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291372/; classtype:trojan-activity;sid:84154472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hjacox0jdy6jlwyurghzxpuklqmfel7nnd"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291371/; classtype:trojan-activity;sid:84154471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/aeihwiwzxaxbdfidxqegvd3y3nmujuexlj"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291363/; classtype:trojan-activity;sid:84154463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cpyrmlwdb8jamkjfzpneizlpme9lg8hsay"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291364/; classtype:trojan-activity;sid:84154464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/j3xqi6aixrpgdpe2i0l0xm2gfdfwmlgt61"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291365/; classtype:trojan-activity;sid:84154465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bcf9zlfw0c7jnocdv2fyw3vza2vt9g8wcy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291366/; classtype:trojan-activity;sid:84154466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/izugwyie7hqq6eh2vmwjv2prbcolowytmk"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291367/; classtype:trojan-activity;sid:84154467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ok6pmk0sm1iaqjuhx0j3fsoiz6rvm4hqhp"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291368/; classtype:trojan-activity;sid:84154468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fyaodlfeic75t03xhqkvzrtxs76xgddov4"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291369/; classtype:trojan-activity;sid:84154469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vlanx3jqi5shlxw9idsvwmfdb1xagkpm5o"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291370/; classtype:trojan-activity;sid:84154470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.234.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291359/; classtype:trojan-activity;sid:84154459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/noh6gfpdweg0ryaypykkogwawpt17scxqy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291360/; classtype:trojan-activity;sid:84154460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/2fzfgtgxopwziwpnf9kulkb5vxsewvmlw1"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291361/; classtype:trojan-activity;sid:84154461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/j5dx2mqsxmkzg06bocsxaq9hagwo6iohgs"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291362/; classtype:trojan-activity;sid:84154462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.204.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291357/; classtype:trojan-activity;sid:84154457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.215.0.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291356/; classtype:trojan-activity;sid:84154456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.35.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291354/; classtype:trojan-activity;sid:84154454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.159.34.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291355/; classtype:trojan-activity;sid:84154455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.86.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291353/; classtype:trojan-activity;sid:84154453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.178.141.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291352/; classtype:trojan-activity;sid:84154452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.90.3.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291351/; classtype:trojan-activity;sid:84154451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.196.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291350/; classtype:trojan-activity;sid:84154450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.245.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291349/; classtype:trojan-activity;sid:84154449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.55.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291347/; classtype:trojan-activity;sid:84154447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.10.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291348/; classtype:trojan-activity;sid:84154448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.92.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291346/; classtype:trojan-activity;sid:84154446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291345/; classtype:trojan-activity;sid:84154445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.228.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291344/; classtype:trojan-activity;sid:84154444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.223.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291343/; classtype:trojan-activity;sid:84154443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.248.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291342/; classtype:trojan-activity;sid:84154442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.244.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291341/; classtype:trojan-activity;sid:84154441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.103.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291340/; classtype:trojan-activity;sid:84154440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291339/; classtype:trojan-activity;sid:84154439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.159.34.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291338/; classtype:trojan-activity;sid:84154438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.105.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291337/; classtype:trojan-activity;sid:84154437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.22.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291336/; classtype:trojan-activity;sid:84154436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.91.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291335/; classtype:trojan-activity;sid:84154435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.175.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291334/; classtype:trojan-activity;sid:84154434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmpsl"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291333/; classtype:trojan-activity;sid:84154433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.178.141.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291332/; classtype:trojan-activity;sid:84154432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291328/; classtype:trojan-activity;sid:84154428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcc"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291329/; classtype:trojan-activity;sid:84154429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291330/; classtype:trojan-activity;sid:84154430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mag"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291331/; classtype:trojan-activity;sid:84154431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291311/; classtype:trojan-activity;sid:84154411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dv.sh"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291312/; classtype:trojan-activity;sid:84154412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291313/; classtype:trojan-activity;sid:84154413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyb"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291314/; classtype:trojan-activity;sid:84154414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpk"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291315/; classtype:trojan-activity;sid:84154415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291316/; classtype:trojan-activity;sid:84154416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291317/; classtype:trojan-activity;sid:84154417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291318/; classtype:trojan-activity;sid:84154418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291319/; classtype:trojan-activity;sid:84154419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/se.sh"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291320/; classtype:trojan-activity;sid:84154420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291321/; classtype:trojan-activity;sid:84154421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291322/; classtype:trojan-activity;sid:84154422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291323/; classtype:trojan-activity;sid:84154423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5"; depth:3; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291324/; classtype:trojan-activity;sid:84154424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291325/; classtype:trojan-activity;sid:84154425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291326/; classtype:trojan-activity;sid:84154426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boa"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291327/; classtype:trojan-activity;sid:84154427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.125.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291310/; classtype:trojan-activity;sid:84154410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.10.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291309/; classtype:trojan-activity;sid:84154409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.88.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291308/; classtype:trojan-activity;sid:84154408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.105.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291307/; classtype:trojan-activity;sid:84154407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291306/; classtype:trojan-activity;sid:84154406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.84.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291305/; classtype:trojan-activity;sid:84154405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.55.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291304/; classtype:trojan-activity;sid:84154404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.249.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291303/; classtype:trojan-activity;sid:84154403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.50.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291302/; classtype:trojan-activity;sid:84154402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.195.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291301/; classtype:trojan-activity;sid:84154401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.53.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291300/; classtype:trojan-activity;sid:84154400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.34.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291299/; classtype:trojan-activity;sid:84154399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.228.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291298/; classtype:trojan-activity;sid:84154398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.92.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291297/; classtype:trojan-activity;sid:84154397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.142.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291296/; classtype:trojan-activity;sid:84154396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.28.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291295/; classtype:trojan-activity;sid:84154395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.189.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291294/; classtype:trojan-activity;sid:84154394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.ppc"; depth:9; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291291/; classtype:trojan-activity;sid:84154391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.m68k"; depth:10; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291292/; classtype:trojan-activity;sid:84154392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm7"; depth:10; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291293/; classtype:trojan-activity;sid:84154393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.x86"; depth:9; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291283/; classtype:trojan-activity;sid:84154383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm6"; depth:10; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291284/; classtype:trojan-activity;sid:84154384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips"; depth:10; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291285/; classtype:trojan-activity;sid:84154385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.sh4"; depth:9; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291286/; classtype:trojan-activity;sid:84154386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.spc"; depth:9; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291287/; classtype:trojan-activity;sid:84154387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm"; depth:9; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291288/; classtype:trojan-activity;sid:84154388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm5"; depth:10; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291289/; classtype:trojan-activity;sid:84154389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mpsl"; depth:10; endswith; nocase; http.host; content:"mijpostontvangen.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291290/; classtype:trojan-activity;sid:84154390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291282/; classtype:trojan-activity;sid:84154382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.84.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291281/; classtype:trojan-activity;sid:84154381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291280/; classtype:trojan-activity;sid:84154380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.95.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291279/; classtype:trojan-activity;sid:84154379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.28.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291278/; classtype:trojan-activity;sid:84154378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291271/; classtype:trojan-activity;sid:84154371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291272/; classtype:trojan-activity;sid:84154372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291273/; classtype:trojan-activity;sid:84154373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291274/; classtype:trojan-activity;sid:84154374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291275/; classtype:trojan-activity;sid:84154375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291276/; classtype:trojan-activity;sid:84154376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291277/; classtype:trojan-activity;sid:84154377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291264/; classtype:trojan-activity;sid:84154364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291265/; classtype:trojan-activity;sid:84154365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291266/; classtype:trojan-activity;sid:84154366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291267/; classtype:trojan-activity;sid:84154367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291268/; classtype:trojan-activity;sid:84154368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291269/; classtype:trojan-activity;sid:84154369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291270/; classtype:trojan-activity;sid:84154370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291263/; classtype:trojan-activity;sid:84154363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291261/; classtype:trojan-activity;sid:84154361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291262/; classtype:trojan-activity;sid:84154362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.178.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291260/; classtype:trojan-activity;sid:84154360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291259/; classtype:trojan-activity;sid:84154359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291258/; classtype:trojan-activity;sid:84154358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291254/; classtype:trojan-activity;sid:84154354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291255/; classtype:trojan-activity;sid:84154355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291256/; classtype:trojan-activity;sid:84154356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291257/; classtype:trojan-activity;sid:84154357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291253/; classtype:trojan-activity;sid:84154353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291252/; classtype:trojan-activity;sid:84154352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291248/; classtype:trojan-activity;sid:84154348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291249/; classtype:trojan-activity;sid:84154349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291250/; classtype:trojan-activity;sid:84154350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291251/; classtype:trojan-activity;sid:84154351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291240/; classtype:trojan-activity;sid:84154340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291241/; classtype:trojan-activity;sid:84154341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291242/; classtype:trojan-activity;sid:84154342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291243/; classtype:trojan-activity;sid:84154343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291244/; classtype:trojan-activity;sid:84154344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291245/; classtype:trojan-activity;sid:84154345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291246/; classtype:trojan-activity;sid:84154346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291247/; classtype:trojan-activity;sid:84154347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.185.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291228/; classtype:trojan-activity;sid:84154328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.88.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291227/; classtype:trojan-activity;sid:84154327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291226/; classtype:trojan-activity;sid:84154326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.178.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291225/; classtype:trojan-activity;sid:84154325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291223/; classtype:trojan-activity;sid:84154323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291224/; classtype:trojan-activity;sid:84154324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.200.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291222/; classtype:trojan-activity;sid:84154322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291221/; classtype:trojan-activity;sid:84154321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291208/; classtype:trojan-activity;sid:84154308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291209/; classtype:trojan-activity;sid:84154309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291210/; classtype:trojan-activity;sid:84154310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291211/; classtype:trojan-activity;sid:84154311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291212/; classtype:trojan-activity;sid:84154312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291213/; classtype:trojan-activity;sid:84154313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291214/; classtype:trojan-activity;sid:84154314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291215/; classtype:trojan-activity;sid:84154315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291216/; classtype:trojan-activity;sid:84154316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291217/; classtype:trojan-activity;sid:84154317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeros6x.sh"; depth:11; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291218/; classtype:trojan-activity;sid:84154318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291219/; classtype:trojan-activity;sid:84154319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291220/; classtype:trojan-activity;sid:84154320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.98.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291207/; classtype:trojan-activity;sid:84154307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.1.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291205/; classtype:trojan-activity;sid:84154305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.187.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291206/; classtype:trojan-activity;sid:84154306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.244.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291204/; classtype:trojan-activity;sid:84154304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.247.88.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291203/; classtype:trojan-activity;sid:84154303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.180.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291202/; classtype:trojan-activity;sid:84154302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.200.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291201/; classtype:trojan-activity;sid:84154301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.239.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291200/; classtype:trojan-activity;sid:84154300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.218.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291199/; classtype:trojan-activity;sid:84154299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291197/; classtype:trojan-activity;sid:84154297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.189.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291198/; classtype:trojan-activity;sid:84154298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.34.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291196/; classtype:trojan-activity;sid:84154296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.22.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291195/; classtype:trojan-activity;sid:84154295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.209.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291194/; classtype:trojan-activity;sid:84154294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.7.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291193/; classtype:trojan-activity;sid:84154293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291192/; classtype:trojan-activity;sid:84154292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291191/; classtype:trojan-activity;sid:84154291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.17.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291189/; classtype:trojan-activity;sid:84154289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"157.20.228.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291190/; classtype:trojan-activity;sid:84154290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.90.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291188/; classtype:trojan-activity;sid:84154288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.247.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291187/; classtype:trojan-activity;sid:84154287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.200.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291186/; classtype:trojan-activity;sid:84154286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.58.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291185/; classtype:trojan-activity;sid:84154285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.81.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291184/; classtype:trojan-activity;sid:84154284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.180.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291183/; classtype:trojan-activity;sid:84154283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.62.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291182/; classtype:trojan-activity;sid:84154282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.141.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291181/; classtype:trojan-activity;sid:84154281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.254.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291180/; classtype:trojan-activity;sid:84154280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.88.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291178/; classtype:trojan-activity;sid:84154278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.83.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291179/; classtype:trojan-activity;sid:84154279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291177/; classtype:trojan-activity;sid:84154277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.239.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291176/; classtype:trojan-activity;sid:84154276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.61.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291175/; classtype:trojan-activity;sid:84154275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.208.156.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291174/; classtype:trojan-activity;sid:84154274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.114.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291173/; classtype:trojan-activity;sid:84154273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.190.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291172/; classtype:trojan-activity;sid:84154272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.19.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291171/; classtype:trojan-activity;sid:84154271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291170/; classtype:trojan-activity;sid:84154270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.156.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291169/; classtype:trojan-activity;sid:84154269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.113.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291168/; classtype:trojan-activity;sid:84154268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.233.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291167/; classtype:trojan-activity;sid:84154267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.173.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291166/; classtype:trojan-activity;sid:84154266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291165/; classtype:trojan-activity;sid:84154265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.104.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291164/; classtype:trojan-activity;sid:84154264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.203.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291163/; classtype:trojan-activity;sid:84154263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.0.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291162/; classtype:trojan-activity;sid:84154262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.58.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291161/; classtype:trojan-activity;sid:84154261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.207.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291160/; classtype:trojan-activity;sid:84154260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.6.91.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291159/; classtype:trojan-activity;sid:84154259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.143.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291158/; classtype:trojan-activity;sid:84154258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.27.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291157/; classtype:trojan-activity;sid:84154257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.228.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291156/; classtype:trojan-activity;sid:84154256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.81.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291155/; classtype:trojan-activity;sid:84154255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.254.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291154/; classtype:trojan-activity;sid:84154254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.88.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291153/; classtype:trojan-activity;sid:84154253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.14.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291151/; classtype:trojan-activity;sid:84154251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.208.156.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291152/; classtype:trojan-activity;sid:84154252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.151.72.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291150/; classtype:trojan-activity;sid:84154250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.156.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291149/; classtype:trojan-activity;sid:84154249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.213.185.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291148/; classtype:trojan-activity;sid:84154248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.111.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291147/; classtype:trojan-activity;sid:84154247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.221.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291145/; classtype:trojan-activity;sid:84154245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.27.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291146/; classtype:trojan-activity;sid:84154246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.13.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291144/; classtype:trojan-activity;sid:84154244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.217.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291143/; classtype:trojan-activity;sid:84154243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.169.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291142/; classtype:trojan-activity;sid:84154242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.184.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291141/; classtype:trojan-activity;sid:84154241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.0.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291140/; classtype:trojan-activity;sid:84154240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291139/; classtype:trojan-activity;sid:84154239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291138/; classtype:trojan-activity;sid:84154238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.13.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291137/; classtype:trojan-activity;sid:84154237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.226.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291135/; classtype:trojan-activity;sid:84154235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.92.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291136/; classtype:trojan-activity;sid:84154236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.27.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291134/; classtype:trojan-activity;sid:84154234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.111.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291133/; classtype:trojan-activity;sid:84154233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.238.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291132/; classtype:trojan-activity;sid:84154232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.195.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291131/; classtype:trojan-activity;sid:84154231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.183.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291130/; classtype:trojan-activity;sid:84154230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291129/; classtype:trojan-activity;sid:84154229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.221.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291128/; classtype:trojan-activity;sid:84154228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.245.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291127/; classtype:trojan-activity;sid:84154227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.41.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291126/; classtype:trojan-activity;sid:84154226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.22.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291125/; classtype:trojan-activity;sid:84154225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.213.185.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291124/; classtype:trojan-activity;sid:84154224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.69.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291123/; classtype:trojan-activity;sid:84154223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291122/; classtype:trojan-activity;sid:84154222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291121/; classtype:trojan-activity;sid:84154221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291120/; classtype:trojan-activity;sid:84154220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291118/; classtype:trojan-activity;sid:84154218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291119/; classtype:trojan-activity;sid:84154219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291106/; classtype:trojan-activity;sid:84154206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86_64"; depth:12; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291107/; classtype:trojan-activity;sid:84154207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm"; depth:9; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291108/; classtype:trojan-activity;sid:84154208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291109/; classtype:trojan-activity;sid:84154209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291110/; classtype:trojan-activity;sid:84154210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm6"; depth:10; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291111/; classtype:trojan-activity;sid:84154211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291112/; classtype:trojan-activity;sid:84154212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291113/; classtype:trojan-activity;sid:84154213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291114/; classtype:trojan-activity;sid:84154214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mips"; depth:10; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291115/; classtype:trojan-activity;sid:84154215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291116/; classtype:trojan-activity;sid:84154216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.sh4"; depth:9; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291117/; classtype:trojan-activity;sid:84154217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291095/; classtype:trojan-activity;sid:84154195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291096/; classtype:trojan-activity;sid:84154196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291097/; classtype:trojan-activity;sid:84154197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291098/; classtype:trojan-activity;sid:84154198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291099/; classtype:trojan-activity;sid:84154199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291100/; classtype:trojan-activity;sid:84154200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291101/; classtype:trojan-activity;sid:84154201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291102/; classtype:trojan-activity;sid:84154202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291103/; classtype:trojan-activity;sid:84154203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm5"; depth:10; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291104/; classtype:trojan-activity;sid:84154204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291105/; classtype:trojan-activity;sid:84154205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291082/; classtype:trojan-activity;sid:84154182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291083/; classtype:trojan-activity;sid:84154183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291084/; classtype:trojan-activity;sid:84154184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291085/; classtype:trojan-activity;sid:84154185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291086/; classtype:trojan-activity;sid:84154186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291087/; classtype:trojan-activity;sid:84154187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291088/; classtype:trojan-activity;sid:84154188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291089/; classtype:trojan-activity;sid:84154189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291090/; classtype:trojan-activity;sid:84154190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291091/; classtype:trojan-activity;sid:84154191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291092/; classtype:trojan-activity;sid:84154192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm6"; depth:10; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291093/; classtype:trojan-activity;sid:84154193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291094/; classtype:trojan-activity;sid:84154194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iarm5"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291075/; classtype:trojan-activity;sid:84154175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/impsl"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291076/; classtype:trojan-activity;sid:84154176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm7"; depth:10; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291077/; classtype:trojan-activity;sid:84154177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291078/; classtype:trojan-activity;sid:84154178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.x86"; depth:9; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291079/; classtype:trojan-activity;sid:84154179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips"; depth:10; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291080/; classtype:trojan-activity;sid:84154180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291081/; classtype:trojan-activity;sid:84154181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cf8qewhwdk8fcd3gsogb3qng5zqf9iae69"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291071/; classtype:trojan-activity;sid:84154171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291072/; classtype:trojan-activity;sid:84154172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iarm6"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291073/; classtype:trojan-activity;sid:84154173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lt0vogridzxygkqztcjvnbsckhuod3zxth"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291074/; classtype:trojan-activity;sid:84154174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291067/; classtype:trojan-activity;sid:84154167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291068/; classtype:trojan-activity;sid:84154168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ffrvz09r2licqdxjaso1kmtkk8devvyaux"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291069/; classtype:trojan-activity;sid:84154169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291070/; classtype:trojan-activity;sid:84154170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291064/; classtype:trojan-activity;sid:84154164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qpbdlm6aamw4xz12eod4n6qhmuh5nkgq8s"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291065/; classtype:trojan-activity;sid:84154165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291066/; classtype:trojan-activity;sid:84154166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291063/; classtype:trojan-activity;sid:84154163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291061/; classtype:trojan-activity;sid:84154161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291062/; classtype:trojan-activity;sid:84154162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291058/; classtype:trojan-activity;sid:84154158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291059/; classtype:trojan-activity;sid:84154159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3d1uqc3dgvwjwjawnbq0z1plguvwmmlvi8"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291060/; classtype:trojan-activity;sid:84154160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.ppc"; depth:9; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291050/; classtype:trojan-activity;sid:84154150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dm82owjr2l0updpkn2bnmqe8vaqrcrhkae"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291051/; classtype:trojan-activity;sid:84154151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291052/; classtype:trojan-activity;sid:84154152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kf9nmxio9gac5yg9mcyk86dlind2zzfr7e"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291053/; classtype:trojan-activity;sid:84154153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iaqe2zigerudcesq4jacnz68whqc87w68u"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291054/; classtype:trojan-activity;sid:84154154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.spc"; depth:9; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291055/; classtype:trojan-activity;sid:84154155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lblwwho8u8skjn2upkoklllrr4zf1uvc4k"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291056/; classtype:trojan-activity;sid:84154156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291057/; classtype:trojan-activity;sid:84154157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291040/; classtype:trojan-activity;sid:84154140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291041/; classtype:trojan-activity;sid:84154141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kqcf2qqd1h20ydcuuvmrfpz4rcrlkqcura"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291042/; classtype:trojan-activity;sid:84154142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291043/; classtype:trojan-activity;sid:84154143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291044/; classtype:trojan-activity;sid:84154144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mpsl"; depth:10; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291045/; classtype:trojan-activity;sid:84154145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.m68k"; depth:10; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291046/; classtype:trojan-activity;sid:84154146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm5"; depth:10; endswith; nocase; http.host; content:"159.100.17.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291047/; classtype:trojan-activity;sid:84154147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291048/; classtype:trojan-activity;sid:84154148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291049/; classtype:trojan-activity;sid:84154149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iarm4"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291017/; classtype:trojan-activity;sid:84154117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86"; depth:9; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291018/; classtype:trojan-activity;sid:84154118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291019/; classtype:trojan-activity;sid:84154119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291020/; classtype:trojan-activity;sid:84154120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291021/; classtype:trojan-activity;sid:84154121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291022/; classtype:trojan-activity;sid:84154122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291023/; classtype:trojan-activity;sid:84154123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291024/; classtype:trojan-activity;sid:84154124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291025/; classtype:trojan-activity;sid:84154125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291026/; classtype:trojan-activity;sid:84154126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.ppc"; depth:9; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291027/; classtype:trojan-activity;sid:84154127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291028/; classtype:trojan-activity;sid:84154128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291029/; classtype:trojan-activity;sid:84154129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291030/; classtype:trojan-activity;sid:84154130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291031/; classtype:trojan-activity;sid:84154131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.sh4"; depth:9; endswith; nocase; http.host; content:"154.216.16.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291032/; classtype:trojan-activity;sid:84154132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291033/; classtype:trojan-activity;sid:84154133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291034/; classtype:trojan-activity;sid:84154134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291035/; classtype:trojan-activity;sid:84154135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291036/; classtype:trojan-activity;sid:84154136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291037/; classtype:trojan-activity;sid:84154137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291038/; classtype:trojan-activity;sid:84154138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.125.66.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291039/; classtype:trojan-activity;sid:84154139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ix86_64"; depth:8; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291015/; classtype:trojan-activity;sid:84154115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imips"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291016/; classtype:trojan-activity;sid:84154116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/8plvnyqmlpnyak9kttpf8qmjbyokfiahkb"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291014/; classtype:trojan-activity;sid:84154114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291013/; classtype:trojan-activity;sid:84154113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"193.111.248.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291012/; classtype:trojan-activity;sid:84154112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/8frkb3xkdjhtachkesnr5fb4df8kbhwshy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291011/; classtype:trojan-activity;sid:84154111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xqyn5bk5myooq62wwzw5ka5dqaemarlllq"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291010/; classtype:trojan-activity;sid:84154110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fsa0simcewmpcaoir9ks9optg5xktlmu6e"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291009/; classtype:trojan-activity;sid:84154109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.226.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291008/; classtype:trojan-activity;sid:84154108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.233.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291007/; classtype:trojan-activity;sid:84154107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.41.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291006/; classtype:trojan-activity;sid:84154106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.13.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291005/; classtype:trojan-activity;sid:84154105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.244.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291004/; classtype:trojan-activity;sid:84154104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.242.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291003/; classtype:trojan-activity;sid:84154103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291002/; classtype:trojan-activity;sid:84154102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"190.109.228.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291001/; classtype:trojan-activity;sid:84154101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.223.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291000/; classtype:trojan-activity;sid:84154100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.245.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290999/; classtype:trojan-activity;sid:84154099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.184.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290998/; classtype:trojan-activity;sid:84154098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.248.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290997/; classtype:trojan-activity;sid:84154097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.42.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290996/; classtype:trojan-activity;sid:84154096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290995/; classtype:trojan-activity;sid:84154095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.204.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290994/; classtype:trojan-activity;sid:84154094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"ppzdn.events.socalpocis.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290993/; classtype:trojan-activity;sid:84154093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.148.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290992/; classtype:trojan-activity;sid:84154092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.224.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290991/; classtype:trojan-activity;sid:84154091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.178.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290990/; classtype:trojan-activity;sid:84154090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.29.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290989/; classtype:trojan-activity;sid:84154089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.241.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290988/; classtype:trojan-activity;sid:84154088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.25.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290987/; classtype:trojan-activity;sid:84154087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290986/; classtype:trojan-activity;sid:84154086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290985/; classtype:trojan-activity;sid:84154085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.241.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290984/; classtype:trojan-activity;sid:84154084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.253.170.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290983/; classtype:trojan-activity;sid:84154083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.240.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290982/; classtype:trojan-activity;sid:84154082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.224.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290981/; classtype:trojan-activity;sid:84154081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.144.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290980/; classtype:trojan-activity;sid:84154080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290979/; classtype:trojan-activity;sid:84154079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.165.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290978/; classtype:trojan-activity;sid:84154078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.10.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290977/; classtype:trojan-activity;sid:84154077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.177.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290976/; classtype:trojan-activity;sid:84154076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.241.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290975/; classtype:trojan-activity;sid:84154075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.177.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290974/; classtype:trojan-activity;sid:84154074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.163.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290973/; classtype:trojan-activity;sid:84154073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome.exe"; depth:11; endswith; nocase; http.host; content:"leadbase.cloud"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290972/; classtype:trojan-activity;sid:84154072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.93.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290971/; classtype:trojan-activity;sid:84154071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.209.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290970/; classtype:trojan-activity;sid:84154070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290969/; classtype:trojan-activity;sid:84154069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.226.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290968/; classtype:trojan-activity;sid:84154068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.53.219"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290967/; classtype:trojan-activity;sid:84154067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.135.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290965/; classtype:trojan-activity;sid:84154065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.188.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290966/; classtype:trojan-activity;sid:84154066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.201.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290964/; classtype:trojan-activity;sid:84154064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.81.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290963/; classtype:trojan-activity;sid:84154063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290962/; classtype:trojan-activity;sid:84154062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.165.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290961/; classtype:trojan-activity;sid:84154061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.102.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290959/; classtype:trojan-activity;sid:84154059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.144.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290960/; classtype:trojan-activity;sid:84154060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.29.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290958/; classtype:trojan-activity;sid:84154058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.178.12.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290957/; classtype:trojan-activity;sid:84154057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290954/; classtype:trojan-activity;sid:84154054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.42.127.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290955/; classtype:trojan-activity;sid:84154055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.42.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290956/; classtype:trojan-activity;sid:84154056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.163.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290953/; classtype:trojan-activity;sid:84154053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.226.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290952/; classtype:trojan-activity;sid:84154052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.166.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290951/; classtype:trojan-activity;sid:84154051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.247.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290950/; classtype:trojan-activity;sid:84154050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.53.219"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290949/; classtype:trojan-activity;sid:84154049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.201.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290948/; classtype:trojan-activity;sid:84154048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.202.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290947/; classtype:trojan-activity;sid:84154047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.185.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290946/; classtype:trojan-activity;sid:84154046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290945/; classtype:trojan-activity;sid:84154045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290943/; classtype:trojan-activity;sid:84154043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.163.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290944/; classtype:trojan-activity;sid:84154044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.102.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290942/; classtype:trojan-activity;sid:84154042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.197.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290941/; classtype:trojan-activity;sid:84154041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.185.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290940/; classtype:trojan-activity;sid:84154040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.72.210.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3290939/; classtype:trojan-activity;sid:84154039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.207.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290938/; classtype:trojan-activity;sid:84154038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.29.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290937/; classtype:trojan-activity;sid:84154037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.81.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290936/; classtype:trojan-activity;sid:84154036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.224.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290934/; classtype:trojan-activity;sid:84154034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.214.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290935/; classtype:trojan-activity;sid:84154035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.100.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290933/; classtype:trojan-activity;sid:84154033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.100.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290932/; classtype:trojan-activity;sid:84154032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.202.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290930/; classtype:trojan-activity;sid:84154030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.174.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290931/; classtype:trojan-activity;sid:84154031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290929/; classtype:trojan-activity;sid:84154029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290928/; classtype:trojan-activity;sid:84154028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.218.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290927/; classtype:trojan-activity;sid:84154027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.185.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290926/; classtype:trojan-activity;sid:84154026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.214.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290925/; classtype:trojan-activity;sid:84154025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.207.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290923/; classtype:trojan-activity;sid:84154023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.197.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290924/; classtype:trojan-activity;sid:84154024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290922/; classtype:trojan-activity;sid:84154022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.8.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290921/; classtype:trojan-activity;sid:84154021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.24.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290920/; classtype:trojan-activity;sid:84154020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.176.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290918/; classtype:trojan-activity;sid:84154018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.88.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290919/; classtype:trojan-activity;sid:84154019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.4.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290917/; classtype:trojan-activity;sid:84154017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.81.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290916/; classtype:trojan-activity;sid:84154016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.176.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290915/; classtype:trojan-activity;sid:84154015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.8.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290914/; classtype:trojan-activity;sid:84154014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.224.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290913/; classtype:trojan-activity;sid:84154013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.26.81.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290912/; classtype:trojan-activity;sid:84154012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.24.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290911/; classtype:trojan-activity;sid:84154011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.100.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290910/; classtype:trojan-activity;sid:84154010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.250.127.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290909/; classtype:trojan-activity;sid:84154009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.183.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290908/; classtype:trojan-activity;sid:84154008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.118.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290907/; classtype:trojan-activity;sid:84154007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.218.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290906/; classtype:trojan-activity;sid:84154006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.229.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290905/; classtype:trojan-activity;sid:84154005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.67.84.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290904/; classtype:trojan-activity;sid:84154004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.88.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290903/; classtype:trojan-activity;sid:84154003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.75.180.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290902/; classtype:trojan-activity;sid:84154002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.88.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290900/; classtype:trojan-activity;sid:84154000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.75.180.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290901/; classtype:trojan-activity;sid:84154001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290899/; classtype:trojan-activity;sid:84153999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.4.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290898/; classtype:trojan-activity;sid:84153998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.10.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290897/; classtype:trojan-activity;sid:84153997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.45.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290896/; classtype:trojan-activity;sid:84153996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.154.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290895/; classtype:trojan-activity;sid:84153995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.118.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290894/; classtype:trojan-activity;sid:84153994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.102.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290893/; classtype:trojan-activity;sid:84153993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.236.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290892/; classtype:trojan-activity;sid:84153992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290891/; classtype:trojan-activity;sid:84153991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.122.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290890/; classtype:trojan-activity;sid:84153990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290889/; classtype:trojan-activity;sid:84153989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.118.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290888/; classtype:trojan-activity;sid:84153988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290887/; classtype:trojan-activity;sid:84153987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290886/; classtype:trojan-activity;sid:84153986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.248.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290884/; classtype:trojan-activity;sid:84153984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.10.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290885/; classtype:trojan-activity;sid:84153985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.88.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290883/; classtype:trojan-activity;sid:84153983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.224.28.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290882/; classtype:trojan-activity;sid:84153982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.237.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290881/; classtype:trojan-activity;sid:84153981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.237.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290880/; classtype:trojan-activity;sid:84153980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.118.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290879/; classtype:trojan-activity;sid:84153979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.201.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290878/; classtype:trojan-activity;sid:84153978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290877/; classtype:trojan-activity;sid:84153977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.40.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290876/; classtype:trojan-activity;sid:84153976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.121.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290874/; classtype:trojan-activity;sid:84153974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290875/; classtype:trojan-activity;sid:84153975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.248.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290873/; classtype:trojan-activity;sid:84153973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.86.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290872/; classtype:trojan-activity;sid:84153972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.122.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290871/; classtype:trojan-activity;sid:84153971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.122.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290870/; classtype:trojan-activity;sid:84153970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.121.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290869/; classtype:trojan-activity;sid:84153969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.4.224.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290868/; classtype:trojan-activity;sid:84153968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.220.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290867/; classtype:trojan-activity;sid:84153967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290866/; classtype:trojan-activity;sid:84153966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290865/; classtype:trojan-activity;sid:84153965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bitur/kambik.txt"; depth:17; endswith; nocase; http.host; content:"mubjahuke.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290864/; classtype:trojan-activity;sid:84153964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.85.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290863/; classtype:trojan-activity;sid:84153963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.253.148.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290862/; classtype:trojan-activity;sid:84153962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290861/; classtype:trojan-activity;sid:84153961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.114.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290860/; classtype:trojan-activity;sid:84153960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.4.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290859/; classtype:trojan-activity;sid:84153959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.158.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290858/; classtype:trojan-activity;sid:84153958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.204.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290857/; classtype:trojan-activity;sid:84153957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.239.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290856/; classtype:trojan-activity;sid:84153956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.97.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290854/; classtype:trojan-activity;sid:84153954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.28.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290855/; classtype:trojan-activity;sid:84153955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.15.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290853/; classtype:trojan-activity;sid:84153953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/uz/0912545164/wharf"; depth:24; endswith; nocase; http.host; content:"cdn-defac18.studyzone-investmentguru.com"; depth:40; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290852/; classtype:trojan-activity;sid:84153952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.251.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290851/; classtype:trojan-activity;sid:84153951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.78.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290849/; classtype:trojan-activity;sid:84153949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.76.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290850/; classtype:trojan-activity;sid:84153950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/cdn3/agreement%20for%20youtube%20cooperation.pdf.lnk"; depth:63; endswith; nocase; http.host; content:"download.document-sharing.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290848/; classtype:trojan-activity;sid:84153948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.245.4.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290847/; classtype:trojan-activity;sid:84153947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290846/; classtype:trojan-activity;sid:84153946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290845/; classtype:trojan-activity;sid:84153945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.186.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290844/; classtype:trojan-activity;sid:84153944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm"; depth:12; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290840/; classtype:trojan-activity;sid:84153940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290841/; classtype:trojan-activity;sid:84153941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290842/; classtype:trojan-activity;sid:84153942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290843/; classtype:trojan-activity;sid:84153943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hik.sh"; depth:7; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290839/; classtype:trojan-activity;sid:84153939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.x86"; depth:12; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290822/; classtype:trojan-activity;sid:84153922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mips"; depth:13; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290823/; classtype:trojan-activity;sid:84153923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290824/; classtype:trojan-activity;sid:84153924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290825/; classtype:trojan-activity;sid:84153925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.spc"; depth:12; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290826/; classtype:trojan-activity;sid:84153926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290827/; classtype:trojan-activity;sid:84153927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290828/; classtype:trojan-activity;sid:84153928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290829/; classtype:trojan-activity;sid:84153929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290830/; classtype:trojan-activity;sid:84153930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290831/; classtype:trojan-activity;sid:84153931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290832/; classtype:trojan-activity;sid:84153932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290833/; classtype:trojan-activity;sid:84153933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290834/; classtype:trojan-activity;sid:84153934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290835/; classtype:trojan-activity;sid:84153935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.154.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290836/; classtype:trojan-activity;sid:84153936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290837/; classtype:trojan-activity;sid:84153937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290838/; classtype:trojan-activity;sid:84153938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hik.sh"; depth:7; endswith; nocase; http.host; content:"154.216.18.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290821/; classtype:trojan-activity;sid:84153921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290820/; classtype:trojan-activity;sid:84153920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.40.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290819/; classtype:trojan-activity;sid:84153919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.85.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290818/; classtype:trojan-activity;sid:84153918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.76.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290816/; classtype:trojan-activity;sid:84153916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.57.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290817/; classtype:trojan-activity;sid:84153917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290815/; classtype:trojan-activity;sid:84153915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.134.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290814/; classtype:trojan-activity;sid:84153914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.127.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290813/; classtype:trojan-activity;sid:84153913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.197.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290812/; classtype:trojan-activity;sid:84153912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.158.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290811/; classtype:trojan-activity;sid:84153911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290809/; classtype:trojan-activity;sid:84153909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290810/; classtype:trojan-activity;sid:84153910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.237.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290808/; classtype:trojan-activity;sid:84153908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290807/; classtype:trojan-activity;sid:84153907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290781/; classtype:trojan-activity;sid:84153881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290782/; classtype:trojan-activity;sid:84153882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm6"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290783/; classtype:trojan-activity;sid:84153883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290784/; classtype:trojan-activity;sid:84153884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290785/; classtype:trojan-activity;sid:84153885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290786/; classtype:trojan-activity;sid:84153886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.sh"; depth:6; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290787/; classtype:trojan-activity;sid:84153887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1"; depth:3; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290788/; classtype:trojan-activity;sid:84153888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290789/; classtype:trojan-activity;sid:84153889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290790/; classtype:trojan-activity;sid:84153890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290791/; classtype:trojan-activity;sid:84153891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290792/; classtype:trojan-activity;sid:84153892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290793/; classtype:trojan-activity;sid:84153893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm4"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290794/; classtype:trojan-activity;sid:84153894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290795/; classtype:trojan-activity;sid:84153895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290796/; classtype:trojan-activity;sid:84153896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290797/; classtype:trojan-activity;sid:84153897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290798/; classtype:trojan-activity;sid:84153898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290799/; classtype:trojan-activity;sid:84153899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290800/; classtype:trojan-activity;sid:84153900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290801/; classtype:trojan-activity;sid:84153901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290802/; classtype:trojan-activity;sid:84153902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290803/; classtype:trojan-activity;sid:84153903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290804/; classtype:trojan-activity;sid:84153904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290805/; classtype:trojan-activity;sid:84153905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splash.sh"; depth:10; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290806/; classtype:trojan-activity;sid:84153906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/necr0.py"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290780/; classtype:trojan-activity;sid:84153880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mips"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290779/; classtype:trojan-activity;sid:84153879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290770/; classtype:trojan-activity;sid:84153870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290771/; classtype:trojan-activity;sid:84153871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm6"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290772/; classtype:trojan-activity;sid:84153872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290773/; classtype:trojan-activity;sid:84153873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290774/; classtype:trojan-activity;sid:84153874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mips"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290775/; classtype:trojan-activity;sid:84153875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290776/; classtype:trojan-activity;sid:84153876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290777/; classtype:trojan-activity;sid:84153877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i686"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290778/; classtype:trojan-activity;sid:84153878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.sparc"; depth:14; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290767/; classtype:trojan-activity;sid:84153867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.ppc"; depth:16; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290768/; classtype:trojan-activity;sid:84153868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh"; depth:10; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290769/; classtype:trojan-activity;sid:84153869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290749/; classtype:trojan-activity;sid:84153849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm4"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290750/; classtype:trojan-activity;sid:84153850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mpsl"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290751/; classtype:trojan-activity;sid:84153851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mipsel"; depth:19; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290752/; classtype:trojan-activity;sid:84153852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm5"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290753/; classtype:trojan-activity;sid:84153853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i686"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290754/; classtype:trojan-activity;sid:84153854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290755/; classtype:trojan-activity;sid:84153855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290756/; classtype:trojan-activity;sid:84153856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290757/; classtype:trojan-activity;sid:84153857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290758/; classtype:trojan-activity;sid:84153858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290759/; classtype:trojan-activity;sid:84153859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.m68k"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290760/; classtype:trojan-activity;sid:84153860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i586"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290761/; classtype:trojan-activity;sid:84153861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290762/; classtype:trojan-activity;sid:84153862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm7"; depth:13; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290763/; classtype:trojan-activity;sid:84153863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm7"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290764/; classtype:trojan-activity;sid:84153864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i586"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290765/; classtype:trojan-activity;sid:84153865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm5"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290766/; classtype:trojan-activity;sid:84153866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.m68k"; depth:17; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290739/; classtype:trojan-activity;sid:84153839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290740/; classtype:trojan-activity;sid:84153840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290741/; classtype:trojan-activity;sid:84153841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290742/; classtype:trojan-activity;sid:84153842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290743/; classtype:trojan-activity;sid:84153843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.ppc"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290744/; classtype:trojan-activity;sid:84153844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290745/; classtype:trojan-activity;sid:84153845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290746/; classtype:trojan-activity;sid:84153846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290747/; classtype:trojan-activity;sid:84153847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290748/; classtype:trojan-activity;sid:84153848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290730/; classtype:trojan-activity;sid:84153830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290731/; classtype:trojan-activity;sid:84153831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.x86"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290732/; classtype:trojan-activity;sid:84153832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290733/; classtype:trojan-activity;sid:84153833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.sparc"; depth:18; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290734/; classtype:trojan-activity;sid:84153834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290735/; classtype:trojan-activity;sid:84153835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290736/; classtype:trojan-activity;sid:84153836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290737/; classtype:trojan-activity;sid:84153837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.x86"; depth:16; endswith; nocase; http.host; content:"device-aa45f06d-6bfa-4090-83ce-e0bc28df1f5e.remotewd.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290738/; classtype:trojan-activity;sid:84153838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.245.4.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290729/; classtype:trojan-activity;sid:84153829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.177.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290728/; classtype:trojan-activity;sid:84153828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.97.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290727/; classtype:trojan-activity;sid:84153827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"xke.range.cccinvolve.org"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290726/; classtype:trojan-activity;sid:84153826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.6.95"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290725/; classtype:trojan-activity;sid:84153825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.34.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290724/; classtype:trojan-activity;sid:84153824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.216.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290722/; classtype:trojan-activity;sid:84153822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.201.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290723/; classtype:trojan-activity;sid:84153823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.153.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290721/; classtype:trojan-activity;sid:84153821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.7.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290720/; classtype:trojan-activity;sid:84153820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/nfpffrc.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290719/; classtype:trojan-activity;sid:84153819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/heikmof.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290714/; classtype:trojan-activity;sid:84153814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/skkmrjk.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290715/; classtype:trojan-activity;sid:84153815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/jgmdraa.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290716/; classtype:trojan-activity;sid:84153816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/oagnkam.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290717/; classtype:trojan-activity;sid:84153817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/epsgfak.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290718/; classtype:trojan-activity;sid:84153818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/oeejpmo.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290713/; classtype:trojan-activity;sid:84153813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.154.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290712/; classtype:trojan-activity;sid:84153812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.237.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290711/; classtype:trojan-activity;sid:84153811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.127.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290710/; classtype:trojan-activity;sid:84153810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.90.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290709/; classtype:trojan-activity;sid:84153809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.236.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290708/; classtype:trojan-activity;sid:84153808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.177.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290707/; classtype:trojan-activity;sid:84153807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290705/; classtype:trojan-activity;sid:84153805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.230.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290706/; classtype:trojan-activity;sid:84153806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.118.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290704/; classtype:trojan-activity;sid:84153804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.57.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290703/; classtype:trojan-activity;sid:84153803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.6.95"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290702/; classtype:trojan-activity;sid:84153802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.48.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290701/; classtype:trojan-activity;sid:84153801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.54.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290700/; classtype:trojan-activity;sid:84153800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.34.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290698/; classtype:trojan-activity;sid:84153798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290699/; classtype:trojan-activity;sid:84153799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.216.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290697/; classtype:trojan-activity;sid:84153797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"ngt-techs.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290696/; classtype:trojan-activity;sid:84153796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.95.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290695/; classtype:trojan-activity;sid:84153795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290694/; classtype:trojan-activity;sid:84153794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.249.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290693/; classtype:trojan-activity;sid:84153793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290692/; classtype:trojan-activity;sid:84153792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.119.193.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290691/; classtype:trojan-activity;sid:84153791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.211.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290690/; classtype:trojan-activity;sid:84153790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.177.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290689/; classtype:trojan-activity;sid:84153789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.25.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290688/; classtype:trojan-activity;sid:84153788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.6.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290687/; classtype:trojan-activity;sid:84153787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.194.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290686/; classtype:trojan-activity;sid:84153786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.249.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290685/; classtype:trojan-activity;sid:84153785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290684/; classtype:trojan-activity;sid:84153784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.82.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290682/; classtype:trojan-activity;sid:84153782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.201.137.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290683/; classtype:trojan-activity;sid:84153783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.2.178"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290681/; classtype:trojan-activity;sid:84153781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.86.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290680/; classtype:trojan-activity;sid:84153780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.48.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290679/; classtype:trojan-activity;sid:84153779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.76.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290678/; classtype:trojan-activity;sid:84153778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.86.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290677/; classtype:trojan-activity;sid:84153777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.167.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290676/; classtype:trojan-activity;sid:84153776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.95.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290675/; classtype:trojan-activity;sid:84153775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290674/; classtype:trojan-activity;sid:84153774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.92.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290673/; classtype:trojan-activity;sid:84153773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290672/; classtype:trojan-activity;sid:84153772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.6.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290671/; classtype:trojan-activity;sid:84153771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.211.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290670/; classtype:trojan-activity;sid:84153770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.167.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290669/; classtype:trojan-activity;sid:84153769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290668/; classtype:trojan-activity;sid:84153768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.149.153.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290667/; classtype:trojan-activity;sid:84153767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290666/; classtype:trojan-activity;sid:84153766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290665/; classtype:trojan-activity;sid:84153765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290664/; classtype:trojan-activity;sid:84153764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.194.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290663/; classtype:trojan-activity;sid:84153763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.229.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290662/; classtype:trojan-activity;sid:84153762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.139.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290661/; classtype:trojan-activity;sid:84153761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.3.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290660/; classtype:trojan-activity;sid:84153760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290659/; classtype:trojan-activity;sid:84153759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.117.122.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290658/; classtype:trojan-activity;sid:84153758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.242.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290657/; classtype:trojan-activity;sid:84153757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.253.80.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290656/; classtype:trojan-activity;sid:84153756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.90.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290655/; classtype:trojan-activity;sid:84153755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290654/; classtype:trojan-activity;sid:84153754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.120.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290653/; classtype:trojan-activity;sid:84153753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.49.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290651/; classtype:trojan-activity;sid:84153751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.14.39"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290652/; classtype:trojan-activity;sid:84153752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.108.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290650/; classtype:trojan-activity;sid:84153750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.242.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290649/; classtype:trojan-activity;sid:84153749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.120.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290648/; classtype:trojan-activity;sid:84153748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.244.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290647/; classtype:trojan-activity;sid:84153747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.46.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290646/; classtype:trojan-activity;sid:84153746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.155.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290645/; classtype:trojan-activity;sid:84153745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.129.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290644/; classtype:trojan-activity;sid:84153744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290643/; classtype:trojan-activity;sid:84153743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.226.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290642/; classtype:trojan-activity;sid:84153742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.90.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290641/; classtype:trojan-activity;sid:84153741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.4.100.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290640/; classtype:trojan-activity;sid:84153740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.29.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290639/; classtype:trojan-activity;sid:84153739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.246.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290638/; classtype:trojan-activity;sid:84153738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.216.97.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290637/; classtype:trojan-activity;sid:84153737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.162.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290636/; classtype:trojan-activity;sid:84153736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.143.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290635/; classtype:trojan-activity;sid:84153735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.104.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290634/; classtype:trojan-activity;sid:84153734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.149.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290633/; classtype:trojan-activity;sid:84153733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.129.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290632/; classtype:trojan-activity;sid:84153732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.220.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290631/; classtype:trojan-activity;sid:84153731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.219.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290629/; classtype:trojan-activity;sid:84153729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.43.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290630/; classtype:trojan-activity;sid:84153730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.203.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290628/; classtype:trojan-activity;sid:84153728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.155.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290627/; classtype:trojan-activity;sid:84153727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.218.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290626/; classtype:trojan-activity;sid:84153726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.216.97.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290625/; classtype:trojan-activity;sid:84153725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.246.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290623/; classtype:trojan-activity;sid:84153723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.105.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290624/; classtype:trojan-activity;sid:84153724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.94.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290622/; classtype:trojan-activity;sid:84153722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.43.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290621/; classtype:trojan-activity;sid:84153721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.209.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290619/; classtype:trojan-activity;sid:84153719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.125.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290620/; classtype:trojan-activity;sid:84153720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290618/; classtype:trojan-activity;sid:84153718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.193.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290617/; classtype:trojan-activity;sid:84153717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.11.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290616/; classtype:trojan-activity;sid:84153716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.193.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290615/; classtype:trojan-activity;sid:84153715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.218.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290614/; classtype:trojan-activity;sid:84153714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.19.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290613/; classtype:trojan-activity;sid:84153713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.28.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290612/; classtype:trojan-activity;sid:84153712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290611/; classtype:trojan-activity;sid:84153711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290610/; classtype:trojan-activity;sid:84153710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.159.154.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290609/; classtype:trojan-activity;sid:84153709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.142.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290608/; classtype:trojan-activity;sid:84153708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.219.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290606/; classtype:trojan-activity;sid:84153706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.105.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290607/; classtype:trojan-activity;sid:84153707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.53.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290605/; classtype:trojan-activity;sid:84153705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.254.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290604/; classtype:trojan-activity;sid:84153704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290603/; classtype:trojan-activity;sid:84153703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.241.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290602/; classtype:trojan-activity;sid:84153702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.11.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290601/; classtype:trojan-activity;sid:84153701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.23.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290600/; classtype:trojan-activity;sid:84153700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.127.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290599/; classtype:trojan-activity;sid:84153699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.27.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290598/; classtype:trojan-activity;sid:84153698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.149.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290597/; classtype:trojan-activity;sid:84153697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.20.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290596/; classtype:trojan-activity;sid:84153696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.40.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290595/; classtype:trojan-activity;sid:84153695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.47.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290594/; classtype:trojan-activity;sid:84153694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.225.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290593/; classtype:trojan-activity;sid:84153693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.149.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290592/; classtype:trojan-activity;sid:84153692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.162.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290591/; classtype:trojan-activity;sid:84153691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.227.185.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290590/; classtype:trojan-activity;sid:84153690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290589/; classtype:trojan-activity;sid:84153689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.241.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290588/; classtype:trojan-activity;sid:84153688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290587/; classtype:trojan-activity;sid:84153687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.79.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290586/; classtype:trojan-activity;sid:84153686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.243.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290585/; classtype:trojan-activity;sid:84153685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290584/; classtype:trojan-activity;sid:84153684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.84.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290583/; classtype:trojan-activity;sid:84153683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.167.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290582/; classtype:trojan-activity;sid:84153682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.17.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290581/; classtype:trojan-activity;sid:84153681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.20.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290580/; classtype:trojan-activity;sid:84153680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.7.58.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290579/; classtype:trojan-activity;sid:84153679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.40.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290577/; classtype:trojan-activity;sid:84153677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.127.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290578/; classtype:trojan-activity;sid:84153678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.47.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290576/; classtype:trojan-activity;sid:84153676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.7.58.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290575/; classtype:trojan-activity;sid:84153675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290574/; classtype:trojan-activity;sid:84153674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.44.144.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290573/; classtype:trojan-activity;sid:84153673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.59.85.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290572/; classtype:trojan-activity;sid:84153672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.167.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290571/; classtype:trojan-activity;sid:84153671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.150.232.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290570/; classtype:trojan-activity;sid:84153670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.164.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290569/; classtype:trojan-activity;sid:84153669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.84.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290568/; classtype:trojan-activity;sid:84153668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.188.251.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290567/; classtype:trojan-activity;sid:84153667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.1.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290566/; classtype:trojan-activity;sid:84153666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.22.141"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290565/; classtype:trojan-activity;sid:84153665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.82.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290564/; classtype:trojan-activity;sid:84153664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.150.232.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290563/; classtype:trojan-activity;sid:84153663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290561/; classtype:trojan-activity;sid:84153661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.216.118.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290562/; classtype:trojan-activity;sid:84153662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.60.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290560/; classtype:trojan-activity;sid:84153660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.188.251.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290559/; classtype:trojan-activity;sid:84153659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290558/; classtype:trojan-activity;sid:84153658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.234.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290557/; classtype:trojan-activity;sid:84153657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.246.159.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290556/; classtype:trojan-activity;sid:84153656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.103.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290555/; classtype:trojan-activity;sid:84153655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.22.141"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290554/; classtype:trojan-activity;sid:84153654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290553/; classtype:trojan-activity;sid:84153653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.10.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290552/; classtype:trojan-activity;sid:84153652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.63.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290551/; classtype:trojan-activity;sid:84153651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.194.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290550/; classtype:trojan-activity;sid:84153650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.21.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290549/; classtype:trojan-activity;sid:84153649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.246.159.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290548/; classtype:trojan-activity;sid:84153648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.254.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290547/; classtype:trojan-activity;sid:84153647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.194.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290546/; classtype:trojan-activity;sid:84153646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.240.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290545/; classtype:trojan-activity;sid:84153645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.17.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290544/; classtype:trojan-activity;sid:84153644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.229.107.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290543/; classtype:trojan-activity;sid:84153643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.117.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290542/; classtype:trojan-activity;sid:84153642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.96.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290541/; classtype:trojan-activity;sid:84153641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.66.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290540/; classtype:trojan-activity;sid:84153640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.255.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290539/; classtype:trojan-activity;sid:84153639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.36.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290538/; classtype:trojan-activity;sid:84153638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.92.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290537/; classtype:trojan-activity;sid:84153637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.20.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290536/; classtype:trojan-activity;sid:84153636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.21.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290535/; classtype:trojan-activity;sid:84153635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.252.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290534/; classtype:trojan-activity;sid:84153634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.122.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290533/; classtype:trojan-activity;sid:84153633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290532/; classtype:trojan-activity;sid:84153632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.59.102.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290530/; classtype:trojan-activity;sid:84153630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.66.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290531/; classtype:trojan-activity;sid:84153631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.94.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290529/; classtype:trojan-activity;sid:84153629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.116.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290528/; classtype:trojan-activity;sid:84153628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.73.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290527/; classtype:trojan-activity;sid:84153627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.117.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290526/; classtype:trojan-activity;sid:84153626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290525/; classtype:trojan-activity;sid:84153625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.197.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290524/; classtype:trojan-activity;sid:84153624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.255.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290523/; classtype:trojan-activity;sid:84153623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.59.7.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290521/; classtype:trojan-activity;sid:84153621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.167.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290522/; classtype:trojan-activity;sid:84153622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290520/; classtype:trojan-activity;sid:84153620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.43.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290519/; classtype:trojan-activity;sid:84153619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290518/; classtype:trojan-activity;sid:84153618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290517/; classtype:trojan-activity;sid:84153617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.59.7.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290516/; classtype:trojan-activity;sid:84153616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.27.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290515/; classtype:trojan-activity;sid:84153615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.228.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290514/; classtype:trojan-activity;sid:84153614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.126.75.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290513/; classtype:trojan-activity;sid:84153613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.129.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290512/; classtype:trojan-activity;sid:84153612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.194.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290511/; classtype:trojan-activity;sid:84153611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.73.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290510/; classtype:trojan-activity;sid:84153610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.116.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290508/; classtype:trojan-activity;sid:84153608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.53.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290509/; classtype:trojan-activity;sid:84153609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.116.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290507/; classtype:trojan-activity;sid:84153607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.101.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290506/; classtype:trojan-activity;sid:84153606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.198.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290505/; classtype:trojan-activity;sid:84153605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.93.132.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290504/; classtype:trojan-activity;sid:84153604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290503/; classtype:trojan-activity;sid:84153603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.138.176.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290502/; classtype:trojan-activity;sid:84153602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.129.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290501/; classtype:trojan-activity;sid:84153601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.9.26"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290500/; classtype:trojan-activity;sid:84153600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290499/; classtype:trojan-activity;sid:84153599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.73.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290498/; classtype:trojan-activity;sid:84153598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290497/; classtype:trojan-activity;sid:84153597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.197.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290496/; classtype:trojan-activity;sid:84153596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.154.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290495/; classtype:trojan-activity;sid:84153595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.93.132.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290494/; classtype:trojan-activity;sid:84153594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.212.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290493/; classtype:trojan-activity;sid:84153593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.191.178.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290492/; classtype:trojan-activity;sid:84153592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.253.133.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290491/; classtype:trojan-activity;sid:84153591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.66.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290490/; classtype:trojan-activity;sid:84153590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwbizsrvs.exe"; depth:14; endswith; nocase; http.host; content:"27.102.130.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290489/; classtype:trojan-activity;sid:84153589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"27.102.130.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290488/; classtype:trojan-activity;sid:84153588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwbizsrvs.exe"; depth:14; endswith; nocase; http.host; content:"27.102.130.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290485/; classtype:trojan-activity;sid:84153585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf443.exe"; depth:11; endswith; nocase; http.host; content:"27.102.130.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290486/; classtype:trojan-activity;sid:84153586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"27.102.130.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290487/; classtype:trojan-activity;sid:84153587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"27.102.130.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290482/; classtype:trojan-activity;sid:84153582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"27.102.130.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290483/; classtype:trojan-activity;sid:84153583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf443.exe"; depth:11; endswith; nocase; http.host; content:"27.102.130.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290484/; classtype:trojan-activity;sid:84153584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.73.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290481/; classtype:trojan-activity;sid:84153581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwbizsrvs.exe"; depth:14; endswith; nocase; http.host; content:"27.102.130.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290480/; classtype:trojan-activity;sid:84153580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.9.26"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290479/; classtype:trojan-activity;sid:84153579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.197.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290478/; classtype:trojan-activity;sid:84153578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf443.exe"; depth:11; endswith; nocase; http.host; content:"27.102.130.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290477/; classtype:trojan-activity;sid:84153577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"27.102.130.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290475/; classtype:trojan-activity;sid:84153575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"27.102.130.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290476/; classtype:trojan-activity;sid:84153576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290474/; classtype:trojan-activity;sid:84153574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.25.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290473/; classtype:trojan-activity;sid:84153573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.125.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290472/; classtype:trojan-activity;sid:84153572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.137.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290471/; classtype:trojan-activity;sid:84153571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.66.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290470/; classtype:trojan-activity;sid:84153570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.191.178.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290469/; classtype:trojan-activity;sid:84153569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.212.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290468/; classtype:trojan-activity;sid:84153568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"qdofg.strategies.mvpstrat.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290467/; classtype:trojan-activity;sid:84153567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcp0.txt"; depth:9; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290464/; classtype:trojan-activity;sid:84153564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b8.txt"; depth:7; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290465/; classtype:trojan-activity;sid:84153565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.92.103.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290466/; classtype:trojan-activity;sid:84153566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t5.dll"; depth:7; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290460/; classtype:trojan-activity;sid:84153560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7code.bin"; depth:10; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290461/; classtype:trojan-activity;sid:84153561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t4.dll"; depth:7; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290462/; classtype:trojan-activity;sid:84153562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90.exe"; depth:7; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290463/; classtype:trojan-activity;sid:84153563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7.txt"; depth:7; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290456/; classtype:trojan-activity;sid:84153556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellcode.txt"; depth:14; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290457/; classtype:trojan-activity;sid:84153557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77.ps1"; depth:7; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290458/; classtype:trojan-activity;sid:84153558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.vba"; depth:7; endswith; nocase; http.host; content:"134.195.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290459/; classtype:trojan-activity;sid:84153559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.133.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290455/; classtype:trojan-activity;sid:84153555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.32.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290452/; classtype:trojan-activity;sid:84153552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.248.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290453/; classtype:trojan-activity;sid:84153553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.47.188.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290454/; classtype:trojan-activity;sid:84153554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.195.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290451/; classtype:trojan-activity;sid:84153551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.108.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290450/; classtype:trojan-activity;sid:84153550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.174.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290449/; classtype:trojan-activity;sid:84153549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290448/; classtype:trojan-activity;sid:84153548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.86.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290447/; classtype:trojan-activity;sid:84153547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.113.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290446/; classtype:trojan-activity;sid:84153546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.59.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290445/; classtype:trojan-activity;sid:84153545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cve-2021-34527.ps1"; depth:19; endswith; nocase; http.host; content:"38.242.215.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290444/; classtype:trojan-activity;sid:84153544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290443/; classtype:trojan-activity;sid:84153543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.131.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290442/; classtype:trojan-activity;sid:84153542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290441/; classtype:trojan-activity;sid:84153541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.175.25.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290440/; classtype:trojan-activity;sid:84153540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.17.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290438/; classtype:trojan-activity;sid:84153538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.32.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290439/; classtype:trojan-activity;sid:84153539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.195.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290436/; classtype:trojan-activity;sid:84153536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.199.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290437/; classtype:trojan-activity;sid:84153537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wis/clicktime/v1/query|3f|url=https%3a%2f%2fdocs.google.com%2fuc%3fexport%3ddownload%26id%3d1qehwy7iyzbzplalfb_6h10ctyxnqoxq0|7c|26|7c|umid=ab3ff601-35de-4838-99ff-ae76dd48dbbb|7c|26|7c|auth=927c0b1ab45858384aa0e7e4a36abbaf860b921f-63af8e92ed5a20811e6d37a2d0f1f66c3ec1aa1b"; depth:273; endswith; nocase; http.host; content:"ddec1-0-en-ctp.trendmicro.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290435/; classtype:trojan-activity;sid:84153535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=116iab6nyzzjxxjh-dcnvszy3lfwxsdan|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290434/; classtype:trojan-activity;sid:84153534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.7.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290433/; classtype:trojan-activity;sid:84153533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.62.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290432/; classtype:trojan-activity;sid:84153532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.99.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290431/; classtype:trojan-activity;sid:84153531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.146.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290430/; classtype:trojan-activity;sid:84153530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.95.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290429/; classtype:trojan-activity;sid:84153529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.65.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290428/; classtype:trojan-activity;sid:84153528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.248.37.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290426/; classtype:trojan-activity;sid:84153526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290425/; classtype:trojan-activity;sid:84153525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.7.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290424/; classtype:trojan-activity;sid:84153524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.40.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290423/; classtype:trojan-activity;sid:84153523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.36.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290422/; classtype:trojan-activity;sid:84153522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.242.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290421/; classtype:trojan-activity;sid:84153521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akrien.exe"; depth:11; endswith; nocase; http.host; content:"akrien.wtf"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290420/; classtype:trojan-activity;sid:84153520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.175.25.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290419/; classtype:trojan-activity;sid:84153519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.131.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290418/; classtype:trojan-activity;sid:84153518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshell.service"; depth:15; endswith; nocase; http.host; content:"45.148.10.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290417/; classtype:trojan-activity;sid:84153517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.199.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290416/; classtype:trojan-activity;sid:84153516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.11.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290414/; classtype:trojan-activity;sid:84153514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.32.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290415/; classtype:trojan-activity;sid:84153515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.17.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290413/; classtype:trojan-activity;sid:84153513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.1.170"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290412/; classtype:trojan-activity;sid:84153512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.62.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290411/; classtype:trojan-activity;sid:84153511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.146.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290410/; classtype:trojan-activity;sid:84153510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.7.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290409/; classtype:trojan-activity;sid:84153509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.203.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290408/; classtype:trojan-activity;sid:84153508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.5.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290407/; classtype:trojan-activity;sid:84153507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.137.49.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290406/; classtype:trojan-activity;sid:84153506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm4"; depth:17; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290405/; classtype:trojan-activity;sid:84153505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.x86"; depth:16; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290404/; classtype:trojan-activity;sid:84153504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290403/; classtype:trojan-activity;sid:84153503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.199.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290402/; classtype:trojan-activity;sid:84153502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.91.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290400/; classtype:trojan-activity;sid:84153500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.81.151.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290401/; classtype:trojan-activity;sid:84153501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.211.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290399/; classtype:trojan-activity;sid:84153499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.242.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290398/; classtype:trojan-activity;sid:84153498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290397/; classtype:trojan-activity;sid:84153497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carm"; depth:5; endswith; nocase; http.host; content:"2.59.134.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290395/; classtype:trojan-activity;sid:84153495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshell.service"; depth:15; endswith; nocase; http.host; content:"2.59.134.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290396/; classtype:trojan-activity;sid:84153496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot"; depth:4; endswith; nocase; http.host; content:"89.116.51.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290394/; classtype:trojan-activity;sid:84153494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carm"; depth:5; endswith; nocase; http.host; content:"hyper-gpt.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290392/; classtype:trojan-activity;sid:84153492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carm"; depth:5; endswith; nocase; http.host; content:"getgrass-earn.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290393/; classtype:trojan-activity;sid:84153493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carm"; depth:5; endswith; nocase; http.host; content:"45.148.10.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290391/; classtype:trojan-activity;sid:84153491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.246.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290390/; classtype:trojan-activity;sid:84153490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.11.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290389/; classtype:trojan-activity;sid:84153489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.25.188.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290388/; classtype:trojan-activity;sid:84153488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.203.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290387/; classtype:trojan-activity;sid:84153487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290385/; classtype:trojan-activity;sid:84153485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290386/; classtype:trojan-activity;sid:84153486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.137.49.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290384/; classtype:trojan-activity;sid:84153484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290382/; classtype:trojan-activity;sid:84153482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290383/; classtype:trojan-activity;sid:84153483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290380/; classtype:trojan-activity;sid:84153480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290381/; classtype:trojan-activity;sid:84153481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290376/; classtype:trojan-activity;sid:84153476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290377/; classtype:trojan-activity;sid:84153477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290378/; classtype:trojan-activity;sid:84153478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290379/; classtype:trojan-activity;sid:84153479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290374/; classtype:trojan-activity;sid:84153474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290375/; classtype:trojan-activity;sid:84153475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290367/; classtype:trojan-activity;sid:84153467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290368/; classtype:trojan-activity;sid:84153468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290369/; classtype:trojan-activity;sid:84153469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290370/; classtype:trojan-activity;sid:84153470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290371/; classtype:trojan-activity;sid:84153471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290372/; classtype:trojan-activity;sid:84153472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290373/; classtype:trojan-activity;sid:84153473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1"; depth:3; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290364/; classtype:trojan-activity;sid:84153464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mips"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290365/; classtype:trojan-activity;sid:84153465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290366/; classtype:trojan-activity;sid:84153466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm4"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290342/; classtype:trojan-activity;sid:84153442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm5"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290343/; classtype:trojan-activity;sid:84153443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290344/; classtype:trojan-activity;sid:84153444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290345/; classtype:trojan-activity;sid:84153445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290346/; classtype:trojan-activity;sid:84153446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.ppc"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290347/; classtype:trojan-activity;sid:84153447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.sparc"; depth:14; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290348/; classtype:trojan-activity;sid:84153448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.x86"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290349/; classtype:trojan-activity;sid:84153449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290350/; classtype:trojan-activity;sid:84153450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290351/; classtype:trojan-activity;sid:84153451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290352/; classtype:trojan-activity;sid:84153452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290353/; classtype:trojan-activity;sid:84153453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290354/; classtype:trojan-activity;sid:84153454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i586"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290355/; classtype:trojan-activity;sid:84153455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290356/; classtype:trojan-activity;sid:84153456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290357/; classtype:trojan-activity;sid:84153457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290358/; classtype:trojan-activity;sid:84153458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splash.sh"; depth:10; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290359/; classtype:trojan-activity;sid:84153459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290360/; classtype:trojan-activity;sid:84153460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290361/; classtype:trojan-activity;sid:84153461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290362/; classtype:trojan-activity;sid:84153462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290363/; classtype:trojan-activity;sid:84153463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290341/; classtype:trojan-activity;sid:84153441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/necr0.py"; depth:9; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290339/; classtype:trojan-activity;sid:84153439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290340/; classtype:trojan-activity;sid:84153440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i686"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290335/; classtype:trojan-activity;sid:84153435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290336/; classtype:trojan-activity;sid:84153436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290337/; classtype:trojan-activity;sid:84153437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.sh"; depth:6; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290338/; classtype:trojan-activity;sid:84153438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290332/; classtype:trojan-activity;sid:84153432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290333/; classtype:trojan-activity;sid:84153433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mpsl"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290334/; classtype:trojan-activity;sid:84153434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm7"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290322/; classtype:trojan-activity;sid:84153422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290323/; classtype:trojan-activity;sid:84153423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm6"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290324/; classtype:trojan-activity;sid:84153424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290325/; classtype:trojan-activity;sid:84153425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290326/; classtype:trojan-activity;sid:84153426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290327/; classtype:trojan-activity;sid:84153427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290328/; classtype:trojan-activity;sid:84153428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290329/; classtype:trojan-activity;sid:84153429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290330/; classtype:trojan-activity;sid:84153430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.m68k"; depth:13; endswith; nocase; http.host; content:"87.19.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290331/; classtype:trojan-activity;sid:84153431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290321/; classtype:trojan-activity;sid:84153421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290320/; classtype:trojan-activity;sid:84153420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.75.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290319/; classtype:trojan-activity;sid:84153419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290318/; classtype:trojan-activity;sid:84153418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.71.208.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290317/; classtype:trojan-activity;sid:84153417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.55.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290316/; classtype:trojan-activity;sid:84153416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.83.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290315/; classtype:trojan-activity;sid:84153415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.134.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290314/; classtype:trojan-activity;sid:84153414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.72.71.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290313/; classtype:trojan-activity;sid:84153413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.121.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290312/; classtype:trojan-activity;sid:84153412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.53.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290311/; classtype:trojan-activity;sid:84153411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290310/; classtype:trojan-activity;sid:84153410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spim"; depth:10; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290309/; classtype:trojan-activity;sid:84153409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lespim"; depth:12; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290308/; classtype:trojan-activity;sid:84153408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spim"; depth:5; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290304/; classtype:trojan-activity;sid:84153404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/686i"; depth:10; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290305/; classtype:trojan-activity;sid:84153405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/masjesuscan"; depth:12; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290306/; classtype:trojan-activity;sid:84153406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/686i"; depth:5; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290307/; classtype:trojan-activity;sid:84153407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/otjngv1bp2t2wygktp6vpwgka80sfs8iab"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290287/; classtype:trojan-activity;sid:84153387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k86m"; depth:5; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290288/; classtype:trojan-activity;sid:84153388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lespim"; depth:7; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290289/; classtype:trojan-activity;sid:84153389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1atryf00opos9ilx4gxp7crcu1fygawrdz"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290290/; classtype:trojan-activity;sid:84153390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ddgoxpitynd4zmwu3lxpnqreztuiytcthc"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290291/; classtype:trojan-activity;sid:84153391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h1rx3qni5wrcb994mm4hal7tdgsjtnrdcz"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290292/; classtype:trojan-activity;sid:84153392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dgdryulfpjpmxvnvgqvoo59ky4rsmvzqvg"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290293/; classtype:trojan-activity;sid:84153393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/uvkqx1yyb6q8fvvudsfvahpzadi3c3uejf"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290294/; classtype:trojan-activity;sid:84153394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/2d0ypsg4sficeykxifkga1v1xb9xjhhkil"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290295/; classtype:trojan-activity;sid:84153395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbosmsy6tfy6cywrdeyadpiksb116avldd"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290296/; classtype:trojan-activity;sid:84153396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1qjxptkhjphpaniquw6g8atwk5wd8oub2d"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290297/; classtype:trojan-activity;sid:84153397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1kcogxsnblfs7xeornkhpct5i59q8yusqq"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290298/; classtype:trojan-activity;sid:84153398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/86ao51ixhifqdzyerzz86os2arylsdogre"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290299/; classtype:trojan-activity;sid:84153399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ojkgplrgvbp2g2c4v1rmk4watufzctl04v"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290300/; classtype:trojan-activity;sid:84153400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qkh15hpxbaufrckz6ogyl4v3b4gbhhvpdx"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290301/; classtype:trojan-activity;sid:84153401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k68m"; depth:10; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290302/; classtype:trojan-activity;sid:84153402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wxx9gcsv3pprl49zzyahfjceyrla72x9bj"; depth:40; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290303/; classtype:trojan-activity;sid:84153403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.71.208.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290286/; classtype:trojan-activity;sid:84153386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.66.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290285/; classtype:trojan-activity;sid:84153385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.165.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290284/; classtype:trojan-activity;sid:84153384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.131.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290283/; classtype:trojan-activity;sid:84153383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.157.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290282/; classtype:trojan-activity;sid:84153382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.246.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290281/; classtype:trojan-activity;sid:84153381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.93.32.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290280/; classtype:trojan-activity;sid:84153380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.90.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290279/; classtype:trojan-activity;sid:84153379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.100.213.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290278/; classtype:trojan-activity;sid:84153378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.111.117.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290277/; classtype:trojan-activity;sid:84153377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.82.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290276/; classtype:trojan-activity;sid:84153376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.139.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290275/; classtype:trojan-activity;sid:84153375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.52.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290273/; classtype:trojan-activity;sid:84153373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.185.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290274/; classtype:trojan-activity;sid:84153374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.3.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290272/; classtype:trojan-activity;sid:84153372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.226.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290271/; classtype:trojan-activity;sid:84153371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290270/; classtype:trojan-activity;sid:84153370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.3.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290269/; classtype:trojan-activity;sid:84153369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.172.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290268/; classtype:trojan-activity;sid:84153368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290267/; classtype:trojan-activity;sid:84153367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290266/; classtype:trojan-activity;sid:84153366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290264/; classtype:trojan-activity;sid:84153364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290265/; classtype:trojan-activity;sid:84153365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290255/; classtype:trojan-activity;sid:84153355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290256/; classtype:trojan-activity;sid:84153356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290257/; classtype:trojan-activity;sid:84153357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290258/; classtype:trojan-activity;sid:84153358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290259/; classtype:trojan-activity;sid:84153359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290260/; classtype:trojan-activity;sid:84153360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.142.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290261/; classtype:trojan-activity;sid:84153361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290262/; classtype:trojan-activity;sid:84153362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"bot.suqi.bf"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290263/; classtype:trojan-activity;sid:84153363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290254/; classtype:trojan-activity;sid:84153354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.185.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290253/; classtype:trojan-activity;sid:84153353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.108.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290252/; classtype:trojan-activity;sid:84153352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.66.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290251/; classtype:trojan-activity;sid:84153351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.12.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290250/; classtype:trojan-activity;sid:84153350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.169.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290249/; classtype:trojan-activity;sid:84153349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290248/; classtype:trojan-activity;sid:84153348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290246/; classtype:trojan-activity;sid:84153346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro2.jpg"; depth:9; endswith; nocase; http.host; content:"91.121.142.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290247/; classtype:trojan-activity;sid:84153347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.199.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290245/; classtype:trojan-activity;sid:84153345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.79.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290244/; classtype:trojan-activity;sid:84153344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro2.jpg"; depth:9; endswith; nocase; http.host; content:"113.98.201.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.172.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290242/; classtype:trojan-activity;sid:84153342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.96.51"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290241/; classtype:trojan-activity;sid:84153341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.168.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290240/; classtype:trojan-activity;sid:84153340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshell.service"; depth:15; endswith; nocase; http.host; content:"176.96.136.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290237/; classtype:trojan-activity;sid:84153337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/java"; depth:5; endswith; nocase; http.host; content:"154.216.19.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290238/; classtype:trojan-activity;sid:84153338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/min.sh"; depth:7; endswith; nocase; http.host; content:"91.121.142.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290239/; classtype:trojan-activity;sid:84153339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/3sh"; depth:6; endswith; nocase; http.host; content:"61.215.136.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290234/; classtype:trojan-activity;sid:84153334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"87.120.125.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290235/; classtype:trojan-activity;sid:84153335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carm"; depth:5; endswith; nocase; http.host; content:"176.96.136.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290236/; classtype:trojan-activity;sid:84153336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/2sh"; depth:6; endswith; nocase; http.host; content:"61.215.136.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290232/; classtype:trojan-activity;sid:84153332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290233/; classtype:trojan-activity;sid:84153333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/min.sh"; depth:7; endswith; nocase; http.host; content:"114.29.237.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290231/; classtype:trojan-activity;sid:84153331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.108.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290230/; classtype:trojan-activity;sid:84153330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bambo/fijibo.txt"; depth:17; endswith; nocase; http.host; content:"bugijepakx1c.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290229/; classtype:trojan-activity;sid:84153329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/burgi.zip"; depth:10; endswith; nocase; http.host; content:"cloud-salchechon.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290228/; classtype:trojan-activity;sid:84153328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.199.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290227/; classtype:trojan-activity;sid:84153327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.8.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290226/; classtype:trojan-activity;sid:84153326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.228.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290225/; classtype:trojan-activity;sid:84153325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290224/; classtype:trojan-activity;sid:84153324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.228.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290223/; classtype:trojan-activity;sid:84153323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.46.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290222/; classtype:trojan-activity;sid:84153322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.123.238.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290221/; classtype:trojan-activity;sid:84153321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.226.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290220/; classtype:trojan-activity;sid:84153320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.165.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290218/; classtype:trojan-activity;sid:84153318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/burgi.zip"; depth:10; endswith; nocase; http.host; content:"njprfirm.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290219/; classtype:trojan-activity;sid:84153319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.176.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290216/; classtype:trojan-activity;sid:84153316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.170.37.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290217/; classtype:trojan-activity;sid:84153317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.79.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290214/; classtype:trojan-activity;sid:84153314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290215/; classtype:trojan-activity;sid:84153315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290213/; classtype:trojan-activity;sid:84153313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alertswiss_bind_sign.apk"; depth:25; endswith; nocase; http.host; content:"www.mspa-constabulary.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290212/; classtype:trojan-activity;sid:84153312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290211/; classtype:trojan-activity;sid:84153311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290210/; classtype:trojan-activity;sid:84153310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.93.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290209/; classtype:trojan-activity;sid:84153309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/ethz4ras5vj7pyq9udz83/laudobombeirospdf.msi|3f|rlkey=aw3azigq5haqd3e4fyck1nyob|7c|26|7c|st=l7sauzxm|7c|26|7c|dl=1"; depth:121; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290208/; classtype:trojan-activity;sid:84153308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.153.91.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290206/; classtype:trojan-activity;sid:84153306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.86.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290207/; classtype:trojan-activity;sid:84153307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.193.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290205/; classtype:trojan-activity;sid:84153305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.242.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290204/; classtype:trojan-activity;sid:84153304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290202/; classtype:trojan-activity;sid:84153302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290203/; classtype:trojan-activity;sid:84153303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.60.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290201/; classtype:trojan-activity;sid:84153301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290200/; classtype:trojan-activity;sid:84153300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290194/; classtype:trojan-activity;sid:84153294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290195/; classtype:trojan-activity;sid:84153295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290196/; classtype:trojan-activity;sid:84153296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290197/; classtype:trojan-activity;sid:84153297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290198/; classtype:trojan-activity;sid:84153298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290199/; classtype:trojan-activity;sid:84153299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290183/; classtype:trojan-activity;sid:84153283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290184/; classtype:trojan-activity;sid:84153284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290185/; classtype:trojan-activity;sid:84153285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290186/; classtype:trojan-activity;sid:84153286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290187/; classtype:trojan-activity;sid:84153287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290188/; classtype:trojan-activity;sid:84153288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290189/; classtype:trojan-activity;sid:84153289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290190/; classtype:trojan-activity;sid:84153290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"sg-singapore.allsafevpn.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290191/; classtype:trojan-activity;sid:84153291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290192/; classtype:trojan-activity;sid:84153292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"15.235.149.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290193/; classtype:trojan-activity;sid:84153293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290182/; classtype:trojan-activity;sid:84153282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290181/; classtype:trojan-activity;sid:84153281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/direct/bea84ef0-a7bf-421f-960c-ed3d3c21dfa7/pawyvstri.exe"; depth:67; endswith; nocase; http.host; content:"store6.gofile.io"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290180/; classtype:trojan-activity;sid:84153280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.139.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290179/; classtype:trojan-activity;sid:84153279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290178/; classtype:trojan-activity;sid:84153278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.216.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290177/; classtype:trojan-activity;sid:84153277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.238.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290176/; classtype:trojan-activity;sid:84153276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.158.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290175/; classtype:trojan-activity;sid:84153275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290174/; classtype:trojan-activity;sid:84153274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.8.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290173/; classtype:trojan-activity;sid:84153273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290172/; classtype:trojan-activity;sid:84153272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.55.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290171/; classtype:trojan-activity;sid:84153271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.88.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290170/; classtype:trojan-activity;sid:84153270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/totallysafe1.ps1"; depth:17; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290163/; classtype:trojan-activity;sid:84153263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stage1.ps1"; depth:11; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290164/; classtype:trojan-activity;sid:84153264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/off.ps1"; depth:8; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290165/; classtype:trojan-activity;sid:84153265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/totallysafe2.ps1"; depth:17; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290166/; classtype:trojan-activity;sid:84153266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/totallysafe.msi"; depth:16; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290167/; classtype:trojan-activity;sid:84153267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crypt.sh"; depth:9; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290168/; classtype:trojan-activity;sid:84153268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/totallysafe.ps1"; depth:16; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290169/; classtype:trojan-activity;sid:84153269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.246.69.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290162/; classtype:trojan-activity;sid:84153262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.241.48.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290161/; classtype:trojan-activity;sid:84153261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.10.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290160/; classtype:trojan-activity;sid:84153260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290159/; classtype:trojan-activity;sid:84153259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.221.47.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290158/; classtype:trojan-activity;sid:84153258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.178.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290157/; classtype:trojan-activity;sid:84153257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.139.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290156/; classtype:trojan-activity;sid:84153256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.103.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290155/; classtype:trojan-activity;sid:84153255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290154/; classtype:trojan-activity;sid:84153254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.216.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290153/; classtype:trojan-activity;sid:84153253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.125.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290152/; classtype:trojan-activity;sid:84153252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"38.242.241.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290151/; classtype:trojan-activity;sid:84153251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.246.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290150/; classtype:trojan-activity;sid:84153250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.127.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290148/; classtype:trojan-activity;sid:84153248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.112.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290147/; classtype:trojan-activity;sid:84153247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.243.133.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290145/; classtype:trojan-activity;sid:84153245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290146/; classtype:trojan-activity;sid:84153246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"125.33.229.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290142/; classtype:trojan-activity;sid:84153242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.220.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290141/; classtype:trojan-activity;sid:84153241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"125.33.231.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290140/; classtype:trojan-activity;sid:84153240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"221.222.173.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290139/; classtype:trojan-activity;sid:84153239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.171.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290138/; classtype:trojan-activity;sid:84153238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"vmi2145130.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290124/; classtype:trojan-activity;sid:84153224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.204.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290125/; classtype:trojan-activity;sid:84153225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"183.30.202.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290126/; classtype:trojan-activity;sid:84153226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290127/; classtype:trojan-activity;sid:84153227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"183.30.204.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290128/; classtype:trojan-activity;sid:84153228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"221.222.173.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290129/; classtype:trojan-activity;sid:84153229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"123.115.131.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290130/; classtype:trojan-activity;sid:84153230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"59.58.200.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290131/; classtype:trojan-activity;sid:84153231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.41.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290132/; classtype:trojan-activity;sid:84153232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290133/; classtype:trojan-activity;sid:84153233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"125.33.229.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290134/; classtype:trojan-activity;sid:84153234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290135/; classtype:trojan-activity;sid:84153235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"59.58.200.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290136/; classtype:trojan-activity;sid:84153236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"125.33.231.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290137/; classtype:trojan-activity;sid:84153237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"vmi2145130.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290122/; classtype:trojan-activity;sid:84153222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"38.242.241.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290123/; classtype:trojan-activity;sid:84153223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.202.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290107/; classtype:trojan-activity;sid:84153207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"59.58.200.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290108/; classtype:trojan-activity;sid:84153208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.204.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290109/; classtype:trojan-activity;sid:84153209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"119.178.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290110/; classtype:trojan-activity;sid:84153210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.204.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290111/; classtype:trojan-activity;sid:84153211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"vps-d21ef853.vps.ovh.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290112/; classtype:trojan-activity;sid:84153212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"221.222.173.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290113/; classtype:trojan-activity;sid:84153213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"vps-d21ef853.vps.ovh.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290114/; classtype:trojan-activity;sid:84153214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"121.206.52.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290115/; classtype:trojan-activity;sid:84153215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"125.33.229.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290116/; classtype:trojan-activity;sid:84153216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.53.98.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290117/; classtype:trojan-activity;sid:84153217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"123.115.131.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290118/; classtype:trojan-activity;sid:84153218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"123.115.131.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290119/; classtype:trojan-activity;sid:84153219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"125.33.231.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290120/; classtype:trojan-activity;sid:84153220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.202.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290121/; classtype:trojan-activity;sid:84153221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"38.242.241.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290094/; classtype:trojan-activity;sid:84153194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"vps-d21ef853.vps.ovh.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290095/; classtype:trojan-activity;sid:84153195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"183.30.204.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290096/; classtype:trojan-activity;sid:84153196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.88.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290097/; classtype:trojan-activity;sid:84153197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.68.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290098/; classtype:trojan-activity;sid:84153198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.182.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290099/; classtype:trojan-activity;sid:84153199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.204.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290100/; classtype:trojan-activity;sid:84153200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"119.178.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290101/; classtype:trojan-activity;sid:84153201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"vmi2145130.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290102/; classtype:trojan-activity;sid:84153202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.68.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290103/; classtype:trojan-activity;sid:84153203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.229.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290104/; classtype:trojan-activity;sid:84153204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"121.206.52.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290105/; classtype:trojan-activity;sid:84153205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"121.206.52.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290106/; classtype:trojan-activity;sid:84153206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"119.178.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290093/; classtype:trojan-activity;sid:84153193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"51.75.142.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290091/; classtype:trojan-activity;sid:84153191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"51.75.142.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290092/; classtype:trojan-activity;sid:84153192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"123.115.131.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290090/; classtype:trojan-activity;sid:84153190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"125.33.231.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290089/; classtype:trojan-activity;sid:84153189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"125.33.229.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290088/; classtype:trojan-activity;sid:84153188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"125.33.231.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290087/; classtype:trojan-activity;sid:84153187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"123.115.131.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290086/; classtype:trojan-activity;sid:84153186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"125.33.231.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290085/; classtype:trojan-activity;sid:84153185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"221.222.173.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290084/; classtype:trojan-activity;sid:84153184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"125.33.229.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290083/; classtype:trojan-activity;sid:84153183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"125.33.229.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290082/; classtype:trojan-activity;sid:84153182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"221.222.173.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290081/; classtype:trojan-activity;sid:84153181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"221.222.173.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290080/; classtype:trojan-activity;sid:84153180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"123.115.131.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290079/; classtype:trojan-activity;sid:84153179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"183.30.202.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290077/; classtype:trojan-activity;sid:84153177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"183.30.202.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290078/; classtype:trojan-activity;sid:84153178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"183.30.202.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290076/; classtype:trojan-activity;sid:84153176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"183.30.202.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290075/; classtype:trojan-activity;sid:84153175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"59.58.200.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290073/; classtype:trojan-activity;sid:84153173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"38.242.241.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290074/; classtype:trojan-activity;sid:84153174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"vps-d21ef853.vps.ovh.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290069/; classtype:trojan-activity;sid:84153169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"119.178.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290070/; classtype:trojan-activity;sid:84153170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"vps-d21ef853.vps.ovh.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290071/; classtype:trojan-activity;sid:84153171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"119.178.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290072/; classtype:trojan-activity;sid:84153172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"51.75.142.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290068/; classtype:trojan-activity;sid:84153168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"183.30.204.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290066/; classtype:trojan-activity;sid:84153166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"vmi2145130.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290067/; classtype:trojan-activity;sid:84153167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"183.30.204.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290063/; classtype:trojan-activity;sid:84153163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"121.206.52.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290064/; classtype:trojan-activity;sid:84153164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"121.206.52.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290065/; classtype:trojan-activity;sid:84153165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"38.242.241.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290062/; classtype:trojan-activity;sid:84153162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"183.30.204.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290061/; classtype:trojan-activity;sid:84153161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"121.206.52.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290060/; classtype:trojan-activity;sid:84153160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"183.30.204.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290058/; classtype:trojan-activity;sid:84153158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"51.75.142.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290059/; classtype:trojan-activity;sid:84153159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"183.30.204.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290055/; classtype:trojan-activity;sid:84153155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"vps-d21ef853.vps.ovh.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290056/; classtype:trojan-activity;sid:84153156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"183.30.204.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290057/; classtype:trojan-activity;sid:84153157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"vmi2145130.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290051/; classtype:trojan-activity;sid:84153151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"119.178.190.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290052/; classtype:trojan-activity;sid:84153152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"59.58.200.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290053/; classtype:trojan-activity;sid:84153153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"59.58.200.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290054/; classtype:trojan-activity;sid:84153154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"51.75.142.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290050/; classtype:trojan-activity;sid:84153150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"vmi2145130.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290049/; classtype:trojan-activity;sid:84153149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"38.242.241.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290048/; classtype:trojan-activity;sid:84153148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.215.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290047/; classtype:trojan-activity;sid:84153147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.21.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290046/; classtype:trojan-activity;sid:84153146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.100.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290045/; classtype:trojan-activity;sid:84153145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.41.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290044/; classtype:trojan-activity;sid:84153144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.164.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290043/; classtype:trojan-activity;sid:84153143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.10.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290042/; classtype:trojan-activity;sid:84153142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.249.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290041/; classtype:trojan-activity;sid:84153141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.88.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290040/; classtype:trojan-activity;sid:84153140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.163.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290039/; classtype:trojan-activity;sid:84153139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.182.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290038/; classtype:trojan-activity;sid:84153138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.68.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290037/; classtype:trojan-activity;sid:84153137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.27.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290030/; classtype:trojan-activity;sid:84153130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290029/; classtype:trojan-activity;sid:84153129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.163.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290028/; classtype:trojan-activity;sid:84153128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.90.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290027/; classtype:trojan-activity;sid:84153127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old/iwir64"; depth:11; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290026/; classtype:trojan-activity;sid:84153126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.245.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290024/; classtype:trojan-activity;sid:84153124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.187.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290025/; classtype:trojan-activity;sid:84153125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.89.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290023/; classtype:trojan-activity;sid:84153123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.229.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290022/; classtype:trojan-activity;sid:84153122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.229.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290020/; classtype:trojan-activity;sid:84153120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290021/; classtype:trojan-activity;sid:84153121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.238.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290018/; classtype:trojan-activity;sid:84153118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.255.182.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290019/; classtype:trojan-activity;sid:84153119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.36.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290017/; classtype:trojan-activity;sid:84153117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.16.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290015/; classtype:trojan-activity;sid:84153115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.88.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290016/; classtype:trojan-activity;sid:84153116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.215.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290014/; classtype:trojan-activity;sid:84153114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.249.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290013/; classtype:trojan-activity;sid:84153113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"187.86.183.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290012/; classtype:trojan-activity;sid:84153112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.19.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290011/; classtype:trojan-activity;sid:84153111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.120.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290010/; classtype:trojan-activity;sid:84153110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.146.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290009/; classtype:trojan-activity;sid:84153109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.252.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290008/; classtype:trojan-activity;sid:84153108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.66.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290006/; classtype:trojan-activity;sid:84153106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.81.151.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290007/; classtype:trojan-activity;sid:84153107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290005/; classtype:trojan-activity;sid:84153105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.2.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290004/; classtype:trojan-activity;sid:84153104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.89.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290003/; classtype:trojan-activity;sid:84153103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.120.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290002/; classtype:trojan-activity;sid:84153102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.36.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290001/; classtype:trojan-activity;sid:84153101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.187.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290000/; classtype:trojan-activity;sid:84153100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obfuscated25.ps1"; depth:17; endswith; nocase; http.host; content:"151.81.124.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289999/; classtype:trojan-activity;sid:84153099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.36.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289991/; classtype:trojan-activity;sid:84153091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.86.183.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289990/; classtype:trojan-activity;sid:84153090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.232.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289989/; classtype:trojan-activity;sid:84153089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.5.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289988/; classtype:trojan-activity;sid:84153088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.226.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289986/; classtype:trojan-activity;sid:84153086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.10.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289987/; classtype:trojan-activity;sid:84153087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.232.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289985/; classtype:trojan-activity;sid:84153085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.106.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289984/; classtype:trojan-activity;sid:84153084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.202.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289983/; classtype:trojan-activity;sid:84153083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289982/; classtype:trojan-activity;sid:84153082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svvgtbyunyfyhvrtctyujkdsgggvthbyb.txt"; depth:38; endswith; nocase; http.host; content:"104.243.37.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289981/; classtype:trojan-activity;sid:84153081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt001010100100101000100010111010010101000101.txt"; depth:49; endswith; nocase; http.host; content:"104.243.37.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289980/; classtype:trojan-activity;sid:84153080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ergrbcgvwefeycdfr.jpg"; depth:22; endswith; nocase; http.host; content:"104.243.37.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289979/; classtype:trojan-activity;sid:84153079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g5bbapvsvpgnwnvhfgsf.jpg"; depth:25; endswith; nocase; http.host; content:"104.243.37.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289978/; classtype:trojan-activity;sid:84153078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.8.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289977/; classtype:trojan-activity;sid:84153077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.30.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289976/; classtype:trojan-activity;sid:84153076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.94.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289975/; classtype:trojan-activity;sid:84153075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.161.75.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289974/; classtype:trojan-activity;sid:84153074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.131.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289973/; classtype:trojan-activity;sid:84153073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.37.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289972/; classtype:trojan-activity;sid:84153072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.95.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289971/; classtype:trojan-activity;sid:84153071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.215.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289970/; classtype:trojan-activity;sid:84153070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.245.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289969/; classtype:trojan-activity;sid:84153069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.224.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289968/; classtype:trojan-activity;sid:84153068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.93.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289967/; classtype:trojan-activity;sid:84153067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.105.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289966/; classtype:trojan-activity;sid:84153066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.72.71.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289965/; classtype:trojan-activity;sid:84153065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.119.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289964/; classtype:trojan-activity;sid:84153064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.30.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289963/; classtype:trojan-activity;sid:84153063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.12.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289962/; classtype:trojan-activity;sid:84153062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.8.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289961/; classtype:trojan-activity;sid:84153061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.94.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289960/; classtype:trojan-activity;sid:84153060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.118.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289959/; classtype:trojan-activity;sid:84153059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.160.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289958/; classtype:trojan-activity;sid:84153058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.11.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289957/; classtype:trojan-activity;sid:84153057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.116.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289956/; classtype:trojan-activity;sid:84153056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289954/; classtype:trojan-activity;sid:84153054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.15.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289955/; classtype:trojan-activity;sid:84153055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.203.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289952/; classtype:trojan-activity;sid:84153052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.209.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289953/; classtype:trojan-activity;sid:84153053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.138.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289951/; classtype:trojan-activity;sid:84153051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gc9rl/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289950/; classtype:trojan-activity;sid:84153050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.20.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289948/; classtype:trojan-activity;sid:84153048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/xxdquuorm1vd3an.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289949/; classtype:trojan-activity;sid:84153049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.152.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289947/; classtype:trojan-activity;sid:84153047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.128.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289946/; classtype:trojan-activity;sid:84153046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.93.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289945/; classtype:trojan-activity;sid:84153045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.249.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289944/; classtype:trojan-activity;sid:84153044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.228.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289943/; classtype:trojan-activity;sid:84153043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.123.238.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289942/; classtype:trojan-activity;sid:84153042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.225.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289941/; classtype:trojan-activity;sid:84153041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.250.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289940/; classtype:trojan-activity;sid:84153040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.165.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289938/; classtype:trojan-activity;sid:84153038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.117.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289939/; classtype:trojan-activity;sid:84153039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.75.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289937/; classtype:trojan-activity;sid:84153037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.118.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289936/; classtype:trojan-activity;sid:84153036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.217.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289935/; classtype:trojan-activity;sid:84153035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289932/; classtype:trojan-activity;sid:84153032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spoof.exe"; depth:10; endswith; nocase; http.host; content:"193.233.112.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289933/; classtype:trojan-activity;sid:84153033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/injector.exe"; depth:13; endswith; nocase; http.host; content:"193.233.112.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289934/; classtype:trojan-activity;sid:84153034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infopage/tbh75.exe"; depth:19; endswith; nocase; http.host; content:"147.45.44.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289931/; classtype:trojan-activity;sid:84153031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.203.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289929/; classtype:trojan-activity;sid:84153029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.229.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289930/; classtype:trojan-activity;sid:84153030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.182.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289928/; classtype:trojan-activity;sid:84153028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.200.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289927/; classtype:trojan-activity;sid:84153027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.165.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289926/; classtype:trojan-activity;sid:84153026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.209.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289925/; classtype:trojan-activity;sid:84153025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.29.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289923/; classtype:trojan-activity;sid:84153023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgzyyfcbupqbjoakn230.bin"; depth:25; endswith; nocase; http.host; content:"104.168.32.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289924/; classtype:trojan-activity;sid:84153024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmxdjzpgdtjvvtskbp182.bin"; depth:26; endswith; nocase; http.host; content:"93.123.109.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289921/; classtype:trojan-activity;sid:84153021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqffltju37.bin"; depth:15; endswith; nocase; http.host; content:"93.123.109.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289922/; classtype:trojan-activity;sid:84153022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.152.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289920/; classtype:trojan-activity;sid:84153020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.229.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289919/; classtype:trojan-activity;sid:84153019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.75.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289918/; classtype:trojan-activity;sid:84153018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.223.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289917/; classtype:trojan-activity;sid:84153017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.143.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289916/; classtype:trojan-activity;sid:84153016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.20.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289914/; classtype:trojan-activity;sid:84153014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.183.165.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289915/; classtype:trojan-activity;sid:84153015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289913/; classtype:trojan-activity;sid:84153013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289911/; classtype:trojan-activity;sid:84153011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.205.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289912/; classtype:trojan-activity;sid:84153012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.190.229.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289909/; classtype:trojan-activity;sid:84153009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289910/; classtype:trojan-activity;sid:84153010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289908/; classtype:trojan-activity;sid:84153008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.50.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289907/; classtype:trojan-activity;sid:84153007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.76.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289906/; classtype:trojan-activity;sid:84153006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.253.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289905/; classtype:trojan-activity;sid:84153005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.200.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289904/; classtype:trojan-activity;sid:84153004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/op.exe"; depth:10; endswith; nocase; http.host; content:"cdn.download.pdfforge.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289903/; classtype:trojan-activity;sid:84153003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.exe"; depth:6; endswith; nocase; http.host; content:"124.71.194.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289902/; classtype:trojan-activity;sid:84153002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8bed3cs/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"193.106.191.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289901/; classtype:trojan-activity;sid:84153001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1qehwy7iyzbzplalfb_6h10ctyxnqoxq0"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289897/; classtype:trojan-activity;sid:84152997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uf-tznozeokhrztjvfoxmsfd1xiha_pk"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289898/; classtype:trojan-activity;sid:84152998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=16wv9mnfwgo7cxzipnwtatuc7uifjxjyk|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289899/; classtype:trojan-activity;sid:84152999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.9.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289900/; classtype:trojan-activity;sid:84153000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=16xisquley2kqy-0gjdmpw9g6mkdfelsv"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289894/; classtype:trojan-activity;sid:84152994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1eomyykn5uhcvtt3rus5vqjin7web-e1q"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289895/; classtype:trojan-activity;sid:84152995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wc6il7hv9_f2kycpkcltgk89oqzy6nl4"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289896/; classtype:trojan-activity;sid:84152996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.103.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289893/; classtype:trojan-activity;sid:84152993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.56.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289892/; classtype:trojan-activity;sid:84152992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.229.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289891/; classtype:trojan-activity;sid:84152991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289890/; classtype:trojan-activity;sid:84152990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289889/; classtype:trojan-activity;sid:84152989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.148.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289888/; classtype:trojan-activity;sid:84152988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.4.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289887/; classtype:trojan-activity;sid:84152987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.228.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289886/; classtype:trojan-activity;sid:84152986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.80.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289885/; classtype:trojan-activity;sid:84152985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.69.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289884/; classtype:trojan-activity;sid:84152984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.89.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289882/; classtype:trojan-activity;sid:84152982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.86.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289883/; classtype:trojan-activity;sid:84152983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.88.154.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289881/; classtype:trojan-activity;sid:84152981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.160.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289880/; classtype:trojan-activity;sid:84152980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289879/; classtype:trojan-activity;sid:84152979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.14.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289878/; classtype:trojan-activity;sid:84152978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.183.165.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289877/; classtype:trojan-activity;sid:84152977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.80.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289876/; classtype:trojan-activity;sid:84152976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.41.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289874/; classtype:trojan-activity;sid:84152974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.50.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289873/; classtype:trojan-activity;sid:84152973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289872/; classtype:trojan-activity;sid:84152972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.223.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289871/; classtype:trojan-activity;sid:84152971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289870/; classtype:trojan-activity;sid:84152970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.64.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289869/; classtype:trojan-activity;sid:84152969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289868/; classtype:trojan-activity;sid:84152968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289867/; classtype:trojan-activity;sid:84152967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289866/; classtype:trojan-activity;sid:84152966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.198.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289865/; classtype:trojan-activity;sid:84152965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289864/; classtype:trojan-activity;sid:84152964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.250.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289863/; classtype:trojan-activity;sid:84152963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.39.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289861/; classtype:trojan-activity;sid:84152961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.18.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289862/; classtype:trojan-activity;sid:84152962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.102.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289860/; classtype:trojan-activity;sid:84152960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.18.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289859/; classtype:trojan-activity;sid:84152959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.240.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289858/; classtype:trojan-activity;sid:84152958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289857/; classtype:trojan-activity;sid:84152957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.14.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289856/; classtype:trojan-activity;sid:84152956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.251.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289855/; classtype:trojan-activity;sid:84152955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.219.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289853/; classtype:trojan-activity;sid:84152953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.211.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289854/; classtype:trojan-activity;sid:84152954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.20.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289852/; classtype:trojan-activity;sid:84152952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.218.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289851/; classtype:trojan-activity;sid:84152951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"90.150.75.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289850/; classtype:trojan-activity;sid:84152950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.23.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289849/; classtype:trojan-activity;sid:84152949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.109.223.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289847/; classtype:trojan-activity;sid:84152947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.9.101"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289848/; classtype:trojan-activity;sid:84152948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.205.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289846/; classtype:trojan-activity;sid:84152946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.198.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289845/; classtype:trojan-activity;sid:84152945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.245.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289844/; classtype:trojan-activity;sid:84152944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.217.95.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289843/; classtype:trojan-activity;sid:84152943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289842/; classtype:trojan-activity;sid:84152942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.34.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289841/; classtype:trojan-activity;sid:84152941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.75.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289840/; classtype:trojan-activity;sid:84152940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.218.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289839/; classtype:trojan-activity;sid:84152939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289838/; classtype:trojan-activity;sid:84152938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.20.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289837/; classtype:trojan-activity;sid:84152937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.117.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289836/; classtype:trojan-activity;sid:84152936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.250.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289835/; classtype:trojan-activity;sid:84152935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.67.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289834/; classtype:trojan-activity;sid:84152934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.42.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289833/; classtype:trojan-activity;sid:84152933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.175.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289832/; classtype:trojan-activity;sid:84152932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.85.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289830/; classtype:trojan-activity;sid:84152930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.34.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289831/; classtype:trojan-activity;sid:84152931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.64.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289829/; classtype:trojan-activity;sid:84152929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.18.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289828/; classtype:trojan-activity;sid:84152928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.139.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289827/; classtype:trojan-activity;sid:84152927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.245.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289826/; classtype:trojan-activity;sid:84152926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.208.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289825/; classtype:trojan-activity;sid:84152925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289824/; classtype:trojan-activity;sid:84152924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.122.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289823/; classtype:trojan-activity;sid:84152923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.100.174.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289822/; classtype:trojan-activity;sid:84152922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289821/; classtype:trojan-activity;sid:84152921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289820/; classtype:trojan-activity;sid:84152920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.58.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289818/; classtype:trojan-activity;sid:84152918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.254.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289819/; classtype:trojan-activity;sid:84152919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.230.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289817/; classtype:trojan-activity;sid:84152917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.23.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289815/; classtype:trojan-activity;sid:84152915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.77.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289816/; classtype:trojan-activity;sid:84152916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.189.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289814/; classtype:trojan-activity;sid:84152914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.159.71.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289813/; classtype:trojan-activity;sid:84152913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.67.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289812/; classtype:trojan-activity;sid:84152912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.187.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289811/; classtype:trojan-activity;sid:84152911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.246.69.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289810/; classtype:trojan-activity;sid:84152910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.61.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289809/; classtype:trojan-activity;sid:84152909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.75.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289808/; classtype:trojan-activity;sid:84152908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.229.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289806/; classtype:trojan-activity;sid:84152906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.186.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289807/; classtype:trojan-activity;sid:84152907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.1.242"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289805/; classtype:trojan-activity;sid:84152905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.236.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289804/; classtype:trojan-activity;sid:84152904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.23.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289803/; classtype:trojan-activity;sid:84152903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.30.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289802/; classtype:trojan-activity;sid:84152902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.66.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289801/; classtype:trojan-activity;sid:84152901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289800/; classtype:trojan-activity;sid:84152900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.122.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289799/; classtype:trojan-activity;sid:84152899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.230.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289798/; classtype:trojan-activity;sid:84152898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.87.59"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289797/; classtype:trojan-activity;sid:84152897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.49.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289796/; classtype:trojan-activity;sid:84152896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289795/; classtype:trojan-activity;sid:84152895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289793/; classtype:trojan-activity;sid:84152893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.148.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289794/; classtype:trojan-activity;sid:84152894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.224.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289792/; classtype:trojan-activity;sid:84152892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289791/; classtype:trojan-activity;sid:84152891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289790/; classtype:trojan-activity;sid:84152890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.158.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289789/; classtype:trojan-activity;sid:84152889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.189.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289788/; classtype:trojan-activity;sid:84152888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.8.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289787/; classtype:trojan-activity;sid:84152887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.219.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289786/; classtype:trojan-activity;sid:84152886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.159.71.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289785/; classtype:trojan-activity;sid:84152885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.99.147"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289784/; classtype:trojan-activity;sid:84152884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.236.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289783/; classtype:trojan-activity;sid:84152883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.77.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289782/; classtype:trojan-activity;sid:84152882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.122.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289781/; classtype:trojan-activity;sid:84152881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.154.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289780/; classtype:trojan-activity;sid:84152880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.109.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289779/; classtype:trojan-activity;sid:84152879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.126.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289778/; classtype:trojan-activity;sid:84152878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.149.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289777/; classtype:trojan-activity;sid:84152877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.186.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289775/; classtype:trojan-activity;sid:84152875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.235.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289776/; classtype:trojan-activity;sid:84152876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/babababa.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289774/; classtype:trojan-activity;sid:84152874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abcd/09.jpg"; depth:12; endswith; nocase; http.host; content:"quit.do.am"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289773/; classtype:trojan-activity;sid:84152873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/lum250.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289772/; classtype:trojan-activity;sid:84152872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.141.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289771/; classtype:trojan-activity;sid:84152871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289770/; classtype:trojan-activity;sid:84152870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.66.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289769/; classtype:trojan-activity;sid:84152869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289768/; classtype:trojan-activity;sid:84152868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.237.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289767/; classtype:trojan-activity;sid:84152867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289765/; classtype:trojan-activity;sid:84152865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.158.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289766/; classtype:trojan-activity;sid:84152866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.8.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289764/; classtype:trojan-activity;sid:84152864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.41.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289763/; classtype:trojan-activity;sid:84152863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289762/; classtype:trojan-activity;sid:84152862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.77.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289761/; classtype:trojan-activity;sid:84152861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289760/; classtype:trojan-activity;sid:84152860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.229.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289759/; classtype:trojan-activity;sid:84152859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkbfi86"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289756/; classtype:trojan-activity;sid:84152856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.3.55.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289757/; classtype:trojan-activity;sid:84152857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.81.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289758/; classtype:trojan-activity;sid:84152858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.13.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289755/; classtype:trojan-activity;sid:84152855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.215.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289754/; classtype:trojan-activity;sid:84152854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.218.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289753/; classtype:trojan-activity;sid:84152853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289752/; classtype:trojan-activity;sid:84152852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.34.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289751/; classtype:trojan-activity;sid:84152851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.177.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289748/; classtype:trojan-activity;sid:84152848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.71.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289749/; classtype:trojan-activity;sid:84152849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.88.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289750/; classtype:trojan-activity;sid:84152850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.15.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289744/; classtype:trojan-activity;sid:84152844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.82.227.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289745/; classtype:trojan-activity;sid:84152845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.226.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289746/; classtype:trojan-activity;sid:84152846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.122.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289747/; classtype:trojan-activity;sid:84152847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.14.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289742/; classtype:trojan-activity;sid:84152842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.9.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289743/; classtype:trojan-activity;sid:84152843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.13.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289741/; classtype:trojan-activity;sid:84152841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.197.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289740/; classtype:trojan-activity;sid:84152840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.94.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289739/; classtype:trojan-activity;sid:84152839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289738/; classtype:trojan-activity;sid:84152838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.13.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289737/; classtype:trojan-activity;sid:84152837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.236.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289736/; classtype:trojan-activity;sid:84152836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.41.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289735/; classtype:trojan-activity;sid:84152835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.251.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289734/; classtype:trojan-activity;sid:84152834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.62.3.144"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289732/; classtype:trojan-activity;sid:84152832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.93.44.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289733/; classtype:trojan-activity;sid:84152833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.210.224.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289731/; classtype:trojan-activity;sid:84152831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.99.147"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289730/; classtype:trojan-activity;sid:84152830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289729/; classtype:trojan-activity;sid:84152829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.3.55.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289728/; classtype:trojan-activity;sid:84152828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289725/; classtype:trojan-activity;sid:84152825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.150.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289726/; classtype:trojan-activity;sid:84152826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.32.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289727/; classtype:trojan-activity;sid:84152827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.112.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289724/; classtype:trojan-activity;sid:84152824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.34.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289723/; classtype:trojan-activity;sid:84152823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.227.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289722/; classtype:trojan-activity;sid:84152822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289721/; classtype:trojan-activity;sid:84152821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.83.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289720/; classtype:trojan-activity;sid:84152820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.15.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289719/; classtype:trojan-activity;sid:84152819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289718/; classtype:trojan-activity;sid:84152818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289717/; classtype:trojan-activity;sid:84152817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.39.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289716/; classtype:trojan-activity;sid:84152816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.2.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289715/; classtype:trojan-activity;sid:84152815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.0.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289714/; classtype:trojan-activity;sid:84152814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.79.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289713/; classtype:trojan-activity;sid:84152813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.173.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289712/; classtype:trojan-activity;sid:84152812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.3.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289711/; classtype:trojan-activity;sid:84152811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.230.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289710/; classtype:trojan-activity;sid:84152810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.9.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289709/; classtype:trojan-activity;sid:84152809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.185.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289707/; classtype:trojan-activity;sid:84152807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.215.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289708/; classtype:trojan-activity;sid:84152808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.126.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289706/; classtype:trojan-activity;sid:84152806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.84.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289705/; classtype:trojan-activity;sid:84152805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.32.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289704/; classtype:trojan-activity;sid:84152804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.251.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289703/; classtype:trojan-activity;sid:84152803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.37.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289702/; classtype:trojan-activity;sid:84152802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.0.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289701/; classtype:trojan-activity;sid:84152801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.249.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289699/; classtype:trojan-activity;sid:84152799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.159.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289700/; classtype:trojan-activity;sid:84152800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.235.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289698/; classtype:trojan-activity;sid:84152798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.77.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289697/; classtype:trojan-activity;sid:84152797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.215.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289696/; classtype:trojan-activity;sid:84152796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.150.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289695/; classtype:trojan-activity;sid:84152795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.200.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289694/; classtype:trojan-activity;sid:84152794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289693/; classtype:trojan-activity;sid:84152793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289692/; classtype:trojan-activity;sid:84152792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.245.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289691/; classtype:trojan-activity;sid:84152791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.75.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289690/; classtype:trojan-activity;sid:84152790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.121.3.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289689/; classtype:trojan-activity;sid:84152789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.39.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289686/; classtype:trojan-activity;sid:84152786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.235.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289687/; classtype:trojan-activity;sid:84152787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.122.112.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289688/; classtype:trojan-activity;sid:84152788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.212.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289685/; classtype:trojan-activity;sid:84152785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.185.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289683/; classtype:trojan-activity;sid:84152783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.40.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289684/; classtype:trojan-activity;sid:84152784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.173.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289682/; classtype:trojan-activity;sid:84152782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.159.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289681/; classtype:trojan-activity;sid:84152781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.215.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289680/; classtype:trojan-activity;sid:84152780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.228.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289679/; classtype:trojan-activity;sid:84152779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.84.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289678/; classtype:trojan-activity;sid:84152778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.37.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289677/; classtype:trojan-activity;sid:84152777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.98.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289676/; classtype:trojan-activity;sid:84152776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"dwqjh.cloudid.teacherhamish.com"; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289675/; classtype:trojan-activity;sid:84152775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.233.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289672/; classtype:trojan-activity;sid:84152772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.111.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289673/; classtype:trojan-activity;sid:84152773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289674/; classtype:trojan-activity;sid:84152774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.94.218.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289671/; classtype:trojan-activity;sid:84152771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289670/; classtype:trojan-activity;sid:84152770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.215.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289669/; classtype:trojan-activity;sid:84152769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.122.112.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289668/; classtype:trojan-activity;sid:84152768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.239.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289667/; classtype:trojan-activity;sid:84152767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289666/; classtype:trojan-activity;sid:84152766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.154.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289665/; classtype:trojan-activity;sid:84152765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.131.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289663/; classtype:trojan-activity;sid:84152763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.142.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289664/; classtype:trojan-activity;sid:84152764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.160.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289662/; classtype:trojan-activity;sid:84152762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.193.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289661/; classtype:trojan-activity;sid:84152761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.216.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289660/; classtype:trojan-activity;sid:84152760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.100.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289659/; classtype:trojan-activity;sid:84152759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.160.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289658/; classtype:trojan-activity;sid:84152758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.86.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289657/; classtype:trojan-activity;sid:84152757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.160.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289656/; classtype:trojan-activity;sid:84152756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.137.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289655/; classtype:trojan-activity;sid:84152755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.50.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289654/; classtype:trojan-activity;sid:84152754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.10.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289653/; classtype:trojan-activity;sid:84152753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.182.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289652/; classtype:trojan-activity;sid:84152752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.21.174.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289651/; classtype:trojan-activity;sid:84152751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.155.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289650/; classtype:trojan-activity;sid:84152750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.170.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289649/; classtype:trojan-activity;sid:84152749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.92.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289648/; classtype:trojan-activity;sid:84152748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.113.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289646/; classtype:trojan-activity;sid:84152746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.219.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289647/; classtype:trojan-activity;sid:84152747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.52.140.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289645/; classtype:trojan-activity;sid:84152745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.155.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289644/; classtype:trojan-activity;sid:84152744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.154.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289643/; classtype:trojan-activity;sid:84152743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.193.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289642/; classtype:trojan-activity;sid:84152742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.44.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289641/; classtype:trojan-activity;sid:84152741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.31.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289640/; classtype:trojan-activity;sid:84152740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.210.190.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289639/; classtype:trojan-activity;sid:84152739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.76.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289638/; classtype:trojan-activity;sid:84152738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.236.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289636/; classtype:trojan-activity;sid:84152736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.119.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289637/; classtype:trojan-activity;sid:84152737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.161.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289635/; classtype:trojan-activity;sid:84152735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.155.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289634/; classtype:trojan-activity;sid:84152734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.9.125"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289633/; classtype:trojan-activity;sid:84152733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.50.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289632/; classtype:trojan-activity;sid:84152732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.167.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289631/; classtype:trojan-activity;sid:84152731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.119.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289630/; classtype:trojan-activity;sid:84152730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.16.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289628/; classtype:trojan-activity;sid:84152728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.137.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289629/; classtype:trojan-activity;sid:84152729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.182.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289627/; classtype:trojan-activity;sid:84152727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.155.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289626/; classtype:trojan-activity;sid:84152726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.3.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289625/; classtype:trojan-activity;sid:84152725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.100.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289624/; classtype:trojan-activity;sid:84152724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.113.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289623/; classtype:trojan-activity;sid:84152723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.58.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289622/; classtype:trojan-activity;sid:84152722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.52.140.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289621/; classtype:trojan-activity;sid:84152721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.44.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289620/; classtype:trojan-activity;sid:84152720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289618/; classtype:trojan-activity;sid:84152718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.107.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289619/; classtype:trojan-activity;sid:84152719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.32.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289617/; classtype:trojan-activity;sid:84152717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.198.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289616/; classtype:trojan-activity;sid:84152716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289615/; classtype:trojan-activity;sid:84152715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.180.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289614/; classtype:trojan-activity;sid:84152714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.16.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289613/; classtype:trojan-activity;sid:84152713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.206.18.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289612/; classtype:trojan-activity;sid:84152712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.ps1"; depth:6; endswith; nocase; http.host; content:"fish.hackbiji.cc"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289611/; classtype:trojan-activity;sid:84152711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.210.190.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289610/; classtype:trojan-activity;sid:84152710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.31.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289609/; classtype:trojan-activity;sid:84152709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.174.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289608/; classtype:trojan-activity;sid:84152708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.64.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289607/; classtype:trojan-activity;sid:84152707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.167.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289606/; classtype:trojan-activity;sid:84152706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.206.18.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289605/; classtype:trojan-activity;sid:84152705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289604/; classtype:trojan-activity;sid:84152704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.1.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289603/; classtype:trojan-activity;sid:84152703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289602/; classtype:trojan-activity;sid:84152702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.176.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289601/; classtype:trojan-activity;sid:84152701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9eeb21db68649b6f/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"154.216.20.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289600/; classtype:trojan-activity;sid:84152700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4f21fd58a5ca1e4b/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.235.128.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289599/; classtype:trojan-activity;sid:84152699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9eeb21db68649b6f/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"154.216.20.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289597/; classtype:trojan-activity;sid:84152697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9eeb21db68649b6f/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"154.216.20.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289598/; classtype:trojan-activity;sid:84152698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4700d1fcc2917f37/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"193.138.195.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289595/; classtype:trojan-activity;sid:84152695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4700d1fcc2917f37/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"193.138.195.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289596/; classtype:trojan-activity;sid:84152696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.89.90.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289594/; classtype:trojan-activity;sid:84152694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.3.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289592/; classtype:trojan-activity;sid:84152692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.225.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289593/; classtype:trojan-activity;sid:84152693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.91.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289591/; classtype:trojan-activity;sid:84152691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.198.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289590/; classtype:trojan-activity;sid:84152690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.117.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289589/; classtype:trojan-activity;sid:84152689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/lma.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289588/; classtype:trojan-activity;sid:84152688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/ad/dll.txt"; depth:32; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289584/; classtype:trojan-activity;sid:84152684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/ab/f3dll.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289585/; classtype:trojan-activity;sid:84152685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/ac/f3dll.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289586/; classtype:trojan-activity;sid:84152686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/envs/ds5.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289587/; classtype:trojan-activity;sid:84152687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/ar/f3dll.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289583/; classtype:trojan-activity;sid:84152683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289582/; classtype:trojan-activity;sid:84152682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.107.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289581/; classtype:trojan-activity;sid:84152681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.114.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289580/; classtype:trojan-activity;sid:84152680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.58.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289579/; classtype:trojan-activity;sid:84152679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.180.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289578/; classtype:trojan-activity;sid:84152678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.128.155.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289577/; classtype:trojan-activity;sid:84152677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.5.12"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289576/; classtype:trojan-activity;sid:84152676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.197.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289575/; classtype:trojan-activity;sid:84152675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.175.153.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289574/; classtype:trojan-activity;sid:84152674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.225.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289573/; classtype:trojan-activity;sid:84152673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beefy.exe"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289571/; classtype:trojan-activity;sid:84152671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solandra.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289572/; classtype:trojan-activity;sid:84152672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.247.208.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289570/; classtype:trojan-activity;sid:84152670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289569/; classtype:trojan-activity;sid:84152669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.16.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289568/; classtype:trojan-activity;sid:84152668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.8.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289567/; classtype:trojan-activity;sid:84152667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.105.194.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289566/; classtype:trojan-activity;sid:84152666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.51.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289565/; classtype:trojan-activity;sid:84152665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.68.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289564/; classtype:trojan-activity;sid:84152664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.27.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289563/; classtype:trojan-activity;sid:84152663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.200.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289562/; classtype:trojan-activity;sid:84152662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.37.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289561/; classtype:trojan-activity;sid:84152661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.6.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289560/; classtype:trojan-activity;sid:84152660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289559/; classtype:trojan-activity;sid:84152659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.91.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289558/; classtype:trojan-activity;sid:84152658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.197.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289557/; classtype:trojan-activity;sid:84152657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.218.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289556/; classtype:trojan-activity;sid:84152656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289555/; classtype:trojan-activity;sid:84152655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.167.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289554/; classtype:trojan-activity;sid:84152654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.222.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289553/; classtype:trojan-activity;sid:84152653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.173.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289552/; classtype:trojan-activity;sid:84152652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.66.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289551/; classtype:trojan-activity;sid:84152651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.35.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289550/; classtype:trojan-activity;sid:84152650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.128.155.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289548/; classtype:trojan-activity;sid:84152648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.240.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289549/; classtype:trojan-activity;sid:84152649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289547/; classtype:trojan-activity;sid:84152647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.247.208.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289546/; classtype:trojan-activity;sid:84152646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289545/; classtype:trojan-activity;sid:84152645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289544/; classtype:trojan-activity;sid:84152644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.21.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289543/; classtype:trojan-activity;sid:84152643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.215.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289542/; classtype:trojan-activity;sid:84152642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.27.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289541/; classtype:trojan-activity;sid:84152641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/fjmraai.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289538/; classtype:trojan-activity;sid:84152638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/pfmrnfd.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289539/; classtype:trojan-activity;sid:84152639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/rmkrihk.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289540/; classtype:trojan-activity;sid:84152640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/ifdjbdg.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289536/; classtype:trojan-activity;sid:84152636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/ndkpcdi.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289537/; classtype:trojan-activity;sid:84152637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/akdijfa.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289534/; classtype:trojan-activity;sid:84152634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/jidbadp.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289535/; classtype:trojan-activity;sid:84152635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.6.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289533/; classtype:trojan-activity;sid:84152633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.27.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289532/; classtype:trojan-activity;sid:84152632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.204.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289531/; classtype:trojan-activity;sid:84152631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm"; depth:15; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289530/; classtype:trojan-activity;sid:84152630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289529/; classtype:trojan-activity;sid:84152629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm6"; depth:16; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289527/; classtype:trojan-activity;sid:84152627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm5"; depth:16; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289528/; classtype:trojan-activity;sid:84152628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.ppc"; depth:15; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289514/; classtype:trojan-activity;sid:84152614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arc"; depth:15; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289515/; classtype:trojan-activity;sid:84152615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm7"; depth:16; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289516/; classtype:trojan-activity;sid:84152616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.m68k"; depth:16; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289517/; classtype:trojan-activity;sid:84152617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mips"; depth:16; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289518/; classtype:trojan-activity;sid:84152618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.sh4"; depth:15; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289519/; classtype:trojan-activity;sid:84152619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm6"; depth:16; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289520/; classtype:trojan-activity;sid:84152620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86"; depth:15; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289521/; classtype:trojan-activity;sid:84152621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.i686"; depth:16; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289522/; classtype:trojan-activity;sid:84152622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86_64"; depth:18; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289523/; classtype:trojan-activity;sid:84152623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm5"; depth:16; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289524/; classtype:trojan-activity;sid:84152624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mpsl"; depth:16; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289525/; classtype:trojan-activity;sid:84152625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289526/; classtype:trojan-activity;sid:84152626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.spc"; depth:15; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289512/; classtype:trojan-activity;sid:84152612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm"; depth:15; endswith; nocase; http.host; content:"panel.noxichosts.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289513/; classtype:trojan-activity;sid:84152613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.i686"; depth:16; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289510/; classtype:trojan-activity;sid:84152610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.m68k"; depth:16; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289511/; classtype:trojan-activity;sid:84152611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289509/; classtype:trojan-activity;sid:84152609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arc"; depth:15; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289506/; classtype:trojan-activity;sid:84152606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86"; depth:15; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289507/; classtype:trojan-activity;sid:84152607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289508/; classtype:trojan-activity;sid:84152608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.236.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289505/; classtype:trojan-activity;sid:84152605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arc"; depth:15; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289504/; classtype:trojan-activity;sid:84152604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.spc"; depth:15; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289502/; classtype:trojan-activity;sid:84152602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.ppc"; depth:15; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289503/; classtype:trojan-activity;sid:84152603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm6"; depth:16; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289484/; classtype:trojan-activity;sid:84152584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86_64"; depth:18; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289485/; classtype:trojan-activity;sid:84152585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.sh4"; depth:15; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289486/; classtype:trojan-activity;sid:84152586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mips"; depth:16; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289487/; classtype:trojan-activity;sid:84152587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm7"; depth:16; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289488/; classtype:trojan-activity;sid:84152588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.sh4"; depth:15; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289489/; classtype:trojan-activity;sid:84152589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.ppc"; depth:15; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289490/; classtype:trojan-activity;sid:84152590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm7"; depth:16; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289491/; classtype:trojan-activity;sid:84152591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm"; depth:15; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289492/; classtype:trojan-activity;sid:84152592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mpsl"; depth:16; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289493/; classtype:trojan-activity;sid:84152593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86"; depth:15; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289494/; classtype:trojan-activity;sid:84152594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.x86_64"; depth:18; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289495/; classtype:trojan-activity;sid:84152595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.arm5"; depth:16; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289496/; classtype:trojan-activity;sid:84152596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mpsl"; depth:16; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289497/; classtype:trojan-activity;sid:84152597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.mips"; depth:16; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289498/; classtype:trojan-activity;sid:84152598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.m68k"; depth:16; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289499/; classtype:trojan-activity;sid:84152599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.i686"; depth:16; endswith; nocase; http.host; content:"node.noxichosts.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289500/; classtype:trojan-activity;sid:84152600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nice/satan.spc"; depth:15; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289501/; classtype:trojan-activity;sid:84152601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.186.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289483/; classtype:trojan-activity;sid:84152583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.154.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289482/; classtype:trojan-activity;sid:84152582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.35.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289481/; classtype:trojan-activity;sid:84152581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.12.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289480/; classtype:trojan-activity;sid:84152580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.66.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289479/; classtype:trojan-activity;sid:84152579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.4.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289478/; classtype:trojan-activity;sid:84152578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper"; depth:8; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289477/; classtype:trojan-activity;sid:84152577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289476/; classtype:trojan-activity;sid:84152576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.14.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289475/; classtype:trojan-activity;sid:84152575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289474/; classtype:trojan-activity;sid:84152574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.59.7.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289473/; classtype:trojan-activity;sid:84152573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.253.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289472/; classtype:trojan-activity;sid:84152572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.30.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289471/; classtype:trojan-activity;sid:84152571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.204.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289470/; classtype:trojan-activity;sid:84152570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.250.231.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289468/; classtype:trojan-activity;sid:84152568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.57.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289469/; classtype:trojan-activity;sid:84152569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.12.77.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289467/; classtype:trojan-activity;sid:84152567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.255.216.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"47.35.24.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289465/; classtype:trojan-activity;sid:84152565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.65.59.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289460/; classtype:trojan-activity;sid:84152560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289461/; classtype:trojan-activity;sid:84152561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.2.177.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289462/; classtype:trojan-activity;sid:84152562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.97.36.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289463/; classtype:trojan-activity;sid:84152563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.28.177.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289464/; classtype:trojan-activity;sid:84152564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.202.101.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289456/; classtype:trojan-activity;sid:84152556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.20.63.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289457/; classtype:trojan-activity;sid:84152557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.39.20.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289458/; classtype:trojan-activity;sid:84152558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.6.103.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289459/; classtype:trojan-activity;sid:84152559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.201.176.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289454/; classtype:trojan-activity;sid:84152554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.57.117.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289455/; classtype:trojan-activity;sid:84152555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.27.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289453/; classtype:trojan-activity;sid:84152553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289452/; classtype:trojan-activity;sid:84152552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.spc"; depth:11; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289451/; classtype:trojan-activity;sid:84152551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mpsl"; depth:12; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289446/; classtype:trojan-activity;sid:84152546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm"; depth:11; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289447/; classtype:trojan-activity;sid:84152547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm6"; depth:12; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289448/; classtype:trojan-activity;sid:84152548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.sh4"; depth:11; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289449/; classtype:trojan-activity;sid:84152549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.m68k"; depth:12; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289450/; classtype:trojan-activity;sid:84152550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mips"; depth:12; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289442/; classtype:trojan-activity;sid:84152542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm5"; depth:12; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289443/; classtype:trojan-activity;sid:84152543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289444/; classtype:trojan-activity;sid:84152544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm7"; depth:12; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289445/; classtype:trojan-activity;sid:84152545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.195.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289441/; classtype:trojan-activity;sid:84152541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.85.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289440/; classtype:trojan-activity;sid:84152540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.34.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289439/; classtype:trojan-activity;sid:84152539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.103.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289438/; classtype:trojan-activity;sid:84152538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.4.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289437/; classtype:trojan-activity;sid:84152537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.167.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289435/; classtype:trojan-activity;sid:84152535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.186.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289436/; classtype:trojan-activity;sid:84152536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289434/; classtype:trojan-activity;sid:84152534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289433/; classtype:trojan-activity;sid:84152533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289432/; classtype:trojan-activity;sid:84152532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.26.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289431/; classtype:trojan-activity;sid:84152531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.28.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289430/; classtype:trojan-activity;sid:84152530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.238.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289429/; classtype:trojan-activity;sid:84152529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.186.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289428/; classtype:trojan-activity;sid:84152528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.253.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289427/; classtype:trojan-activity;sid:84152527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.115.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289426/; classtype:trojan-activity;sid:84152526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.193.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289425/; classtype:trojan-activity;sid:84152525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.107.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289424/; classtype:trojan-activity;sid:84152524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.34.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289423/; classtype:trojan-activity;sid:84152523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289422/; classtype:trojan-activity;sid:84152522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.8.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289421/; classtype:trojan-activity;sid:84152521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289420/; classtype:trojan-activity;sid:84152520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289419/; classtype:trojan-activity;sid:84152519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.153.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289418/; classtype:trojan-activity;sid:84152518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289417/; classtype:trojan-activity;sid:84152517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.121.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289416/; classtype:trojan-activity;sid:84152516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.28.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289415/; classtype:trojan-activity;sid:84152515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.85.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289414/; classtype:trojan-activity;sid:84152514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289413/; classtype:trojan-activity;sid:84152513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.229.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289412/; classtype:trojan-activity;sid:84152512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.26.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289411/; classtype:trojan-activity;sid:84152511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.195.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289410/; classtype:trojan-activity;sid:84152510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.18.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289409/; classtype:trojan-activity;sid:84152509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.186.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289408/; classtype:trojan-activity;sid:84152508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.63.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289407/; classtype:trojan-activity;sid:84152507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.127.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289406/; classtype:trojan-activity;sid:84152506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.30.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289404/; classtype:trojan-activity;sid:84152504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.153.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289405/; classtype:trojan-activity;sid:84152505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289403/; classtype:trojan-activity;sid:84152503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.0.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289402/; classtype:trojan-activity;sid:84152502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"197.200.168.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289401/; classtype:trojan-activity;sid:84152501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.239.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289400/; classtype:trojan-activity;sid:84152500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.56.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289398/; classtype:trojan-activity;sid:84152498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.76.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289399/; classtype:trojan-activity;sid:84152499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.8.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289397/; classtype:trojan-activity;sid:84152497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.135.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289396/; classtype:trojan-activity;sid:84152496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.83.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289395/; classtype:trojan-activity;sid:84152495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.0.168.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289394/; classtype:trojan-activity;sid:84152494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.30.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289393/; classtype:trojan-activity;sid:84152493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.238.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289392/; classtype:trojan-activity;sid:84152492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.211.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289391/; classtype:trojan-activity;sid:84152491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.31.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289390/; classtype:trojan-activity;sid:84152490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.84.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289389/; classtype:trojan-activity;sid:84152489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.134.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289388/; classtype:trojan-activity;sid:84152488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.18.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289387/; classtype:trojan-activity;sid:84152487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.115.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289386/; classtype:trojan-activity;sid:84152486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.202.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289385/; classtype:trojan-activity;sid:84152485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289384/; classtype:trojan-activity;sid:84152484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.97.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289383/; classtype:trojan-activity;sid:84152483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289382/; classtype:trojan-activity;sid:84152482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.86.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289381/; classtype:trojan-activity;sid:84152481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.59.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289380/; classtype:trojan-activity;sid:84152480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289379/; classtype:trojan-activity;sid:84152479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.137.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289378/; classtype:trojan-activity;sid:84152478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289377/; classtype:trojan-activity;sid:84152477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.206.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289376/; classtype:trojan-activity;sid:84152476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.232.241.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289375/; classtype:trojan-activity;sid:84152475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.68.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289374/; classtype:trojan-activity;sid:84152474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.227.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289373/; classtype:trojan-activity;sid:84152473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.168.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289372/; classtype:trojan-activity;sid:84152472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.83.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289371/; classtype:trojan-activity;sid:84152471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.50.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289370/; classtype:trojan-activity;sid:84152470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.203.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289369/; classtype:trojan-activity;sid:84152469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.203.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289368/; classtype:trojan-activity;sid:84152468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.38.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289367/; classtype:trojan-activity;sid:84152467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.115.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289366/; classtype:trojan-activity;sid:84152466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289365/; classtype:trojan-activity;sid:84152465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.84.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289362/; classtype:trojan-activity;sid:84152462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289363/; classtype:trojan-activity;sid:84152463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.29.131.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289364/; classtype:trojan-activity;sid:84152464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.12.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289361/; classtype:trojan-activity;sid:84152461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.0.168.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289360/; classtype:trojan-activity;sid:84152460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.27.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289359/; classtype:trojan-activity;sid:84152459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.237.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289358/; classtype:trojan-activity;sid:84152458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.97.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289357/; classtype:trojan-activity;sid:84152457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.218.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289356/; classtype:trojan-activity;sid:84152456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.168.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289355/; classtype:trojan-activity;sid:84152455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.137.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289354/; classtype:trojan-activity;sid:84152454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.95.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289353/; classtype:trojan-activity;sid:84152453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.127.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289352/; classtype:trojan-activity;sid:84152452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.7.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289351/; classtype:trojan-activity;sid:84152451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.44.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289350/; classtype:trojan-activity;sid:84152450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.115.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289349/; classtype:trojan-activity;sid:84152449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.20.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289348/; classtype:trojan-activity;sid:84152448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.24.25.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289347/; classtype:trojan-activity;sid:84152447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.68.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289346/; classtype:trojan-activity;sid:84152446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.115.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289345/; classtype:trojan-activity;sid:84152445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.128.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289344/; classtype:trojan-activity;sid:84152444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.123.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289343/; classtype:trojan-activity;sid:84152443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.254.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289341/; classtype:trojan-activity;sid:84152441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.169.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289342/; classtype:trojan-activity;sid:84152442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.240.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289340/; classtype:trojan-activity;sid:84152440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.20.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289339/; classtype:trojan-activity;sid:84152439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289338/; classtype:trojan-activity;sid:84152438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.144.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289337/; classtype:trojan-activity;sid:84152437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.193.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289335/; classtype:trojan-activity;sid:84152435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.12.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289336/; classtype:trojan-activity;sid:84152436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.44.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289334/; classtype:trojan-activity;sid:84152434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289333/; classtype:trojan-activity;sid:84152433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.55.166"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289332/; classtype:trojan-activity;sid:84152432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289331/; classtype:trojan-activity;sid:84152431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.45.56.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289330/; classtype:trojan-activity;sid:84152430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.186.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289329/; classtype:trojan-activity;sid:84152429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.55.166"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289328/; classtype:trojan-activity;sid:84152428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.241.176.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289327/; classtype:trojan-activity;sid:84152427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.90.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289326/; classtype:trojan-activity;sid:84152426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.243.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289325/; classtype:trojan-activity;sid:84152425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.6.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289324/; classtype:trojan-activity;sid:84152424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.227.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289323/; classtype:trojan-activity;sid:84152423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.113.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289322/; classtype:trojan-activity;sid:84152422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289321/; classtype:trojan-activity;sid:84152421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289320/; classtype:trojan-activity;sid:84152420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.186.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289319/; classtype:trojan-activity;sid:84152419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.189.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289318/; classtype:trojan-activity;sid:84152418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.6.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289317/; classtype:trojan-activity;sid:84152417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.144.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289316/; classtype:trojan-activity;sid:84152416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.89.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289315/; classtype:trojan-activity;sid:84152415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.123.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289314/; classtype:trojan-activity;sid:84152414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.100.197.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289313/; classtype:trojan-activity;sid:84152413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.252.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289312/; classtype:trojan-activity;sid:84152412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.167.175.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289311/; classtype:trojan-activity;sid:84152411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.225.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289310/; classtype:trojan-activity;sid:84152410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.89.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289309/; classtype:trojan-activity;sid:84152409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289308/; classtype:trojan-activity;sid:84152408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.179.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289307/; classtype:trojan-activity;sid:84152407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.237.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289305/; classtype:trojan-activity;sid:84152405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.224.82.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289306/; classtype:trojan-activity;sid:84152406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.243.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289304/; classtype:trojan-activity;sid:84152404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.65.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289303/; classtype:trojan-activity;sid:84152403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.74.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289302/; classtype:trojan-activity;sid:84152402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.242.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289301/; classtype:trojan-activity;sid:84152401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289300/; classtype:trojan-activity;sid:84152400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.90.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289299/; classtype:trojan-activity;sid:84152399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.119.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289297/; classtype:trojan-activity;sid:84152397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.229.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289298/; classtype:trojan-activity;sid:84152398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.121.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289296/; classtype:trojan-activity;sid:84152396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.82.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289295/; classtype:trojan-activity;sid:84152395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.29.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289292/; classtype:trojan-activity;sid:84152392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.219.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289293/; classtype:trojan-activity;sid:84152393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.100.197.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289294/; classtype:trojan-activity;sid:84152394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.64.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289291/; classtype:trojan-activity;sid:84152391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.99.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289289/; classtype:trojan-activity;sid:84152389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289290/; classtype:trojan-activity;sid:84152390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.150.7.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289288/; classtype:trojan-activity;sid:84152388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.75.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289287/; classtype:trojan-activity;sid:84152387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.167.175.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289286/; classtype:trojan-activity;sid:84152386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289285/; classtype:trojan-activity;sid:84152385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.95.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289284/; classtype:trojan-activity;sid:84152384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.150.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289283/; classtype:trojan-activity;sid:84152383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.179.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289282/; classtype:trojan-activity;sid:84152382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.187.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289281/; classtype:trojan-activity;sid:84152381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.119.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289280/; classtype:trojan-activity;sid:84152380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.150.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289279/; classtype:trojan-activity;sid:84152379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.153.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289278/; classtype:trojan-activity;sid:84152378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.229.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289277/; classtype:trojan-activity;sid:84152377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.53.6.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289276/; classtype:trojan-activity;sid:84152376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289275/; classtype:trojan-activity;sid:84152375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.95.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289274/; classtype:trojan-activity;sid:84152374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.188.142.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289273/; classtype:trojan-activity;sid:84152373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.29.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289272/; classtype:trojan-activity;sid:84152372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289271/; classtype:trojan-activity;sid:84152371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.94.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289270/; classtype:trojan-activity;sid:84152370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289269/; classtype:trojan-activity;sid:84152369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.144.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289268/; classtype:trojan-activity;sid:84152368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.75.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289267/; classtype:trojan-activity;sid:84152367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.153.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289266/; classtype:trojan-activity;sid:84152366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289265/; classtype:trojan-activity;sid:84152365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289264/; classtype:trojan-activity;sid:84152364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.249.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289263/; classtype:trojan-activity;sid:84152363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.222.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289262/; classtype:trojan-activity;sid:84152362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.162.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289261/; classtype:trojan-activity;sid:84152361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.187.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289260/; classtype:trojan-activity;sid:84152360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.54.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289259/; classtype:trojan-activity;sid:84152359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.142.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289257/; classtype:trojan-activity;sid:84152357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.86.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289258/; classtype:trojan-activity;sid:84152358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.202.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289256/; classtype:trojan-activity;sid:84152356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.210.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289255/; classtype:trojan-activity;sid:84152355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.214.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289254/; classtype:trojan-activity;sid:84152354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.144.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289252/; classtype:trojan-activity;sid:84152352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.55.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289253/; classtype:trojan-activity;sid:84152353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.180.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289251/; classtype:trojan-activity;sid:84152351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.153.91.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289250/; classtype:trojan-activity;sid:84152350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.92.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289249/; classtype:trojan-activity;sid:84152349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.86.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289248/; classtype:trojan-activity;sid:84152348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.21.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289246/; classtype:trojan-activity;sid:84152346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289247/; classtype:trojan-activity;sid:84152347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289245/; classtype:trojan-activity;sid:84152345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289244/; classtype:trojan-activity;sid:84152344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.235.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289243/; classtype:trojan-activity;sid:84152343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.210.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289240/; classtype:trojan-activity;sid:84152340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.86.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289241/; classtype:trojan-activity;sid:84152341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.31.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289242/; classtype:trojan-activity;sid:84152342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.19.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289239/; classtype:trojan-activity;sid:84152339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.92.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289238/; classtype:trojan-activity;sid:84152338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.202.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289237/; classtype:trojan-activity;sid:84152337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.214.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289236/; classtype:trojan-activity;sid:84152336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.215.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289235/; classtype:trojan-activity;sid:84152335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/mk.exe"; depth:11; endswith; nocase; http.host; content:"87.120.125.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289234/; classtype:trojan-activity;sid:84152334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.210.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289232/; classtype:trojan-activity;sid:84152332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.210.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289233/; classtype:trojan-activity;sid:84152333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.66.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289231/; classtype:trojan-activity;sid:84152331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.247.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289230/; classtype:trojan-activity;sid:84152330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289229/; classtype:trojan-activity;sid:84152329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.7.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289228/; classtype:trojan-activity;sid:84152328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.246.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289227/; classtype:trojan-activity;sid:84152327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.251.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289226/; classtype:trojan-activity;sid:84152326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289225/; classtype:trojan-activity;sid:84152325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.23.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289224/; classtype:trojan-activity;sid:84152324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.43.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289223/; classtype:trojan-activity;sid:84152323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.227.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289222/; classtype:trojan-activity;sid:84152322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289221/; classtype:trojan-activity;sid:84152321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.75.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289220/; classtype:trojan-activity;sid:84152320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.31.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289219/; classtype:trojan-activity;sid:84152319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"208.26.92.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289218/; classtype:trojan-activity;sid:84152318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.12.75"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289217/; classtype:trojan-activity;sid:84152317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.210.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289216/; classtype:trojan-activity;sid:84152316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.19.223.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289215/; classtype:trojan-activity;sid:84152315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.250.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289214/; classtype:trojan-activity;sid:84152314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.39.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289213/; classtype:trojan-activity;sid:84152313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.193.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289212/; classtype:trojan-activity;sid:84152312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.12.94.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289211/; classtype:trojan-activity;sid:84152311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.35.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289210/; classtype:trojan-activity;sid:84152310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.210.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289209/; classtype:trojan-activity;sid:84152309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.170.37.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289208/; classtype:trojan-activity;sid:84152308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.76.180.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289207/; classtype:trojan-activity;sid:84152307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.243.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289206/; classtype:trojan-activity;sid:84152306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.37.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289205/; classtype:trojan-activity;sid:84152305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.86.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289204/; classtype:trojan-activity;sid:84152304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.11.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289203/; classtype:trojan-activity;sid:84152303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289202/; classtype:trojan-activity;sid:84152302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.148.110.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289201/; classtype:trojan-activity;sid:84152301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.162.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289200/; classtype:trojan-activity;sid:84152300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.35.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289199/; classtype:trojan-activity;sid:84152299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.71.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289198/; classtype:trojan-activity;sid:84152298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.2.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289196/; classtype:trojan-activity;sid:84152296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289197/; classtype:trojan-activity;sid:84152297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.223.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289195/; classtype:trojan-activity;sid:84152295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.12.75"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289194/; classtype:trojan-activity;sid:84152294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.186.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289193/; classtype:trojan-activity;sid:84152293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.71.201.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289191/; classtype:trojan-activity;sid:84152291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.123.238.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289192/; classtype:trojan-activity;sid:84152292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.198.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289190/; classtype:trojan-activity;sid:84152290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.223.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289189/; classtype:trojan-activity;sid:84152289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.76.180.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289188/; classtype:trojan-activity;sid:84152288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.75.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289187/; classtype:trojan-activity;sid:84152287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.117.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289186/; classtype:trojan-activity;sid:84152286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.37.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289185/; classtype:trojan-activity;sid:84152285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.253.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289184/; classtype:trojan-activity;sid:84152284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.71.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289183/; classtype:trojan-activity;sid:84152283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.98.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289182/; classtype:trojan-activity;sid:84152282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.221.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289181/; classtype:trojan-activity;sid:84152281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.57.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289179/; classtype:trojan-activity;sid:84152279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.55.166"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289180/; classtype:trojan-activity;sid:84152280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.186.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289178/; classtype:trojan-activity;sid:84152278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.48.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289177/; classtype:trojan-activity;sid:84152277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.98.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289176/; classtype:trojan-activity;sid:84152276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289175/; classtype:trojan-activity;sid:84152275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.229.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289174/; classtype:trojan-activity;sid:84152274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.20.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289173/; classtype:trojan-activity;sid:84152273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.118.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289172/; classtype:trojan-activity;sid:84152272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.51.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289171/; classtype:trojan-activity;sid:84152271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.94.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289170/; classtype:trojan-activity;sid:84152270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289169/; classtype:trojan-activity;sid:84152269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.1.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289168/; classtype:trojan-activity;sid:84152268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289167/; classtype:trojan-activity;sid:84152267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.60.238.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289166/; classtype:trojan-activity;sid:84152266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.51.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289165/; classtype:trojan-activity;sid:84152265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289164/; classtype:trojan-activity;sid:84152264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.85.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289163/; classtype:trojan-activity;sid:84152263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.208.212.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289162/; classtype:trojan-activity;sid:84152262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.191.81.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289161/; classtype:trojan-activity;sid:84152261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.122.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289160/; classtype:trojan-activity;sid:84152260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.1.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289159/; classtype:trojan-activity;sid:84152259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.23.153.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289158/; classtype:trojan-activity;sid:84152258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.235.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289157/; classtype:trojan-activity;sid:84152257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.14.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289156/; classtype:trojan-activity;sid:84152256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.39.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289155/; classtype:trojan-activity;sid:84152255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.51.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289154/; classtype:trojan-activity;sid:84152254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289153/; classtype:trojan-activity;sid:84152253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.112.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289152/; classtype:trojan-activity;sid:84152252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.190.229.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289151/; classtype:trojan-activity;sid:84152251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.122.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289150/; classtype:trojan-activity;sid:84152250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.236.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289149/; classtype:trojan-activity;sid:84152249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.5.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289148/; classtype:trojan-activity;sid:84152248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.30.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289147/; classtype:trojan-activity;sid:84152247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.118.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289146/; classtype:trojan-activity;sid:84152246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.240.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289145/; classtype:trojan-activity;sid:84152245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.14.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289144/; classtype:trojan-activity;sid:84152244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.23.153.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289143/; classtype:trojan-activity;sid:84152243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.51.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289142/; classtype:trojan-activity;sid:84152242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289141/; classtype:trojan-activity;sid:84152241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.30.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289140/; classtype:trojan-activity;sid:84152240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.250.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289139/; classtype:trojan-activity;sid:84152239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289138/; classtype:trojan-activity;sid:84152238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289137/; classtype:trojan-activity;sid:84152237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.24.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289135/; classtype:trojan-activity;sid:84152235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.56.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289136/; classtype:trojan-activity;sid:84152236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.64.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289134/; classtype:trojan-activity;sid:84152234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.82.114.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289133/; classtype:trojan-activity;sid:84152233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.190.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289132/; classtype:trojan-activity;sid:84152232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.36.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289131/; classtype:trojan-activity;sid:84152231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.71.3.91"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289130/; classtype:trojan-activity;sid:84152230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.21.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289129/; classtype:trojan-activity;sid:84152229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289128/; classtype:trojan-activity;sid:84152228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.253.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289127/; classtype:trojan-activity;sid:84152227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.43.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289126/; classtype:trojan-activity;sid:84152226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289125/; classtype:trojan-activity;sid:84152225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.13.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289124/; classtype:trojan-activity;sid:84152224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.131.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289123/; classtype:trojan-activity;sid:84152223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.82.114.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289122/; classtype:trojan-activity;sid:84152222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289120/; classtype:trojan-activity;sid:84152220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.247.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289121/; classtype:trojan-activity;sid:84152221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as"; depth:3; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289119/; classtype:trojan-activity;sid:84152219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289114/; classtype:trojan-activity;sid:84152214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289115/; classtype:trojan-activity;sid:84152215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol.sh"; depth:7; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289116/; classtype:trojan-activity;sid:84152216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289117/; classtype:trojan-activity;sid:84152217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp2.sh"; depth:9; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289118/; classtype:trojan-activity;sid:84152218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.74.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289113/; classtype:trojan-activity;sid:84152213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289112/; classtype:trojan-activity;sid:84152212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex86"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289111/; classtype:trojan-activity;sid:84152211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/ex86"; depth:7; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289108/; classtype:trojan-activity;sid:84152208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earc"; depth:7; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289109/; classtype:trojan-activity;sid:84152209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earc"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289110/; classtype:trojan-activity;sid:84152210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.64.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289107/; classtype:trojan-activity;sid:84152207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.x86"; depth:11; endswith; nocase; http.host; content:"194.87.54.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289106/; classtype:trojan-activity;sid:84152206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.212.131.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289104/; classtype:trojan-activity;sid:84152204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venonbase.txt"; depth:14; endswith; nocase; http.host; content:"141.11.128.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289105/; classtype:trojan-activity;sid:84152205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.txt"; depth:8; endswith; nocase; http.host; content:"141.11.128.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289103/; classtype:trojan-activity;sid:84152203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.36.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289102/; classtype:trojan-activity;sid:84152202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.45.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289100/; classtype:trojan-activity;sid:84152200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.29.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289101/; classtype:trojan-activity;sid:84152201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.71.3.91"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289099/; classtype:trojan-activity;sid:84152199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.43.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289098/; classtype:trojan-activity;sid:84152198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.116.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289097/; classtype:trojan-activity;sid:84152197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.41.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289096/; classtype:trojan-activity;sid:84152196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.10.130"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289095/; classtype:trojan-activity;sid:84152195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.129.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289094/; classtype:trojan-activity;sid:84152194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.217.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289093/; classtype:trojan-activity;sid:84152193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289092/; classtype:trojan-activity;sid:84152192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.36.187.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289091/; classtype:trojan-activity;sid:84152191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.46.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289090/; classtype:trojan-activity;sid:84152190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.240.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289089/; classtype:trojan-activity;sid:84152189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.92.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289088/; classtype:trojan-activity;sid:84152188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.45.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289087/; classtype:trojan-activity;sid:84152187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.120.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289086/; classtype:trojan-activity;sid:84152186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.152.18.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289085/; classtype:trojan-activity;sid:84152185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.238.95.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289084/; classtype:trojan-activity;sid:84152184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289077/; classtype:trojan-activity;sid:84152177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wag"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289078/; classtype:trojan-activity;sid:84152178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289079/; classtype:trojan-activity;sid:84152179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wg.sh"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289080/; classtype:trojan-activity;sid:84152180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289081/; classtype:trojan-activity;sid:84152181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmr"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289082/; classtype:trojan-activity;sid:84152182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmao"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289083/; classtype:trojan-activity;sid:84152183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w"; depth:2; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289069/; classtype:trojan-activity;sid:84152169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdt"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289070/; classtype:trojan-activity;sid:84152170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289071/; classtype:trojan-activity;sid:84152171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.sh"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289072/; classtype:trojan-activity;sid:84152172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass.sh"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289073/; classtype:trojan-activity;sid:84152173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289074/; classtype:trojan-activity;sid:84152174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.sh"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289075/; classtype:trojan-activity;sid:84152175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289076/; classtype:trojan-activity;sid:84152176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.167.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289068/; classtype:trojan-activity;sid:84152168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289067/; classtype:trojan-activity;sid:84152167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.203.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289066/; classtype:trojan-activity;sid:84152166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.42.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289065/; classtype:trojan-activity;sid:84152165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.60.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289064/; classtype:trojan-activity;sid:84152164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.96.51"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289062/; classtype:trojan-activity;sid:84152162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289063/; classtype:trojan-activity;sid:84152163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.43.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289061/; classtype:trojan-activity;sid:84152161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.46.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289060/; classtype:trojan-activity;sid:84152160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.81.247.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289059/; classtype:trojan-activity;sid:84152159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289058/; classtype:trojan-activity;sid:84152158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.39.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289057/; classtype:trojan-activity;sid:84152157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289056/; classtype:trojan-activity;sid:84152156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289053/; classtype:trojan-activity;sid:84152153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289054/; classtype:trojan-activity;sid:84152154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boatnet.mpsl"; depth:13; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289055/; classtype:trojan-activity;sid:84152155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289043/; classtype:trojan-activity;sid:84152143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289044/; classtype:trojan-activity;sid:84152144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm6"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289045/; classtype:trojan-activity;sid:84152145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289046/; classtype:trojan-activity;sid:84152146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289047/; classtype:trojan-activity;sid:84152147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmips"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289048/; classtype:trojan-activity;sid:84152148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm4"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289049/; classtype:trojan-activity;sid:84152149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm5"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289050/; classtype:trojan-activity;sid:84152150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.209.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289051/; classtype:trojan-activity;sid:84152151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289052/; classtype:trojan-activity;sid:84152152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289041/; classtype:trojan-activity;sid:84152141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.220.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289040/; classtype:trojan-activity;sid:84152140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.21.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289039/; classtype:trojan-activity;sid:84152139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.99.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289038/; classtype:trojan-activity;sid:84152138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289037/; classtype:trojan-activity;sid:84152137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/mok.exe"; depth:12; endswith; nocase; http.host; content:"87.120.125.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289036/; classtype:trojan-activity;sid:84152136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.203.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289035/; classtype:trojan-activity;sid:84152135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.41.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289034/; classtype:trojan-activity;sid:84152134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.244.215.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289033/; classtype:trojan-activity;sid:84152133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.32.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289032/; classtype:trojan-activity;sid:84152132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289031/; classtype:trojan-activity;sid:84152131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.96.51"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289030/; classtype:trojan-activity;sid:84152130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289029/; classtype:trojan-activity;sid:84152129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.8.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289028/; classtype:trojan-activity;sid:84152128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.239.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289027/; classtype:trojan-activity;sid:84152127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.21.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289026/; classtype:trojan-activity;sid:84152126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.42.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289025/; classtype:trojan-activity;sid:84152125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.209.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289024/; classtype:trojan-activity;sid:84152124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.175.25.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289023/; classtype:trojan-activity;sid:84152123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.11.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289022/; classtype:trojan-activity;sid:84152122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.201.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289021/; classtype:trojan-activity;sid:84152121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289020/; classtype:trojan-activity;sid:84152120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.140.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289019/; classtype:trojan-activity;sid:84152119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.8.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289018/; classtype:trojan-activity;sid:84152118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.40.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289017/; classtype:trojan-activity;sid:84152117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289016/; classtype:trojan-activity;sid:84152116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.175.25.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289015/; classtype:trojan-activity;sid:84152115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289014/; classtype:trojan-activity;sid:84152114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.35.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289012/; classtype:trojan-activity;sid:84152112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.22.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289013/; classtype:trojan-activity;sid:84152113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.120.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289011/; classtype:trojan-activity;sid:84152111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.140.163.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289010/; classtype:trojan-activity;sid:84152110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.50.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289009/; classtype:trojan-activity;sid:84152109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.93.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289008/; classtype:trojan-activity;sid:84152108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289006/; classtype:trojan-activity;sid:84152106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289007/; classtype:trojan-activity;sid:84152107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.35.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289005/; classtype:trojan-activity;sid:84152105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/crypted2.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289003/; classtype:trojan-activity;sid:84152103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clip/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289004/; classtype:trojan-activity;sid:84152104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289002/; classtype:trojan-activity;sid:84152102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.151.133.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289001/; classtype:trojan-activity;sid:84152101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.150.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289000/; classtype:trojan-activity;sid:84152100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.72.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288999/; classtype:trojan-activity;sid:84152099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288998/; classtype:trojan-activity;sid:84152098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.22.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288997/; classtype:trojan-activity;sid:84152097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.179.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288996/; classtype:trojan-activity;sid:84152096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.227.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288995/; classtype:trojan-activity;sid:84152095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288994/; classtype:trojan-activity;sid:84152094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.184.157.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288993/; classtype:trojan-activity;sid:84152093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.94.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288992/; classtype:trojan-activity;sid:84152092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.137.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288991/; classtype:trojan-activity;sid:84152091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288990/; classtype:trojan-activity;sid:84152090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.116.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288989/; classtype:trojan-activity;sid:84152089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.34.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288987/; classtype:trojan-activity;sid:84152087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.77.23.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288988/; classtype:trojan-activity;sid:84152088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.67.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288986/; classtype:trojan-activity;sid:84152086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288985/; classtype:trojan-activity;sid:84152085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.61.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288984/; classtype:trojan-activity;sid:84152084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.163.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288983/; classtype:trojan-activity;sid:84152083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.74.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288982/; classtype:trojan-activity;sid:84152082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.19.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288981/; classtype:trojan-activity;sid:84152081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.93.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288980/; classtype:trojan-activity;sid:84152080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.163.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288979/; classtype:trojan-activity;sid:84152079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288978/; classtype:trojan-activity;sid:84152078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.184.157.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288977/; classtype:trojan-activity;sid:84152077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.144.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288976/; classtype:trojan-activity;sid:84152076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"206.0.181.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288975/; classtype:trojan-activity;sid:84152075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.234.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288973/; classtype:trojan-activity;sid:84152073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.136.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288974/; classtype:trojan-activity;sid:84152074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288972/; classtype:trojan-activity;sid:84152072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.88.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288971/; classtype:trojan-activity;sid:84152071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.19.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288970/; classtype:trojan-activity;sid:84152070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.54.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288969/; classtype:trojan-activity;sid:84152069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.210.249.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288968/; classtype:trojan-activity;sid:84152068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.65.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288967/; classtype:trojan-activity;sid:84152067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.71.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288966/; classtype:trojan-activity;sid:84152066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.97.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288965/; classtype:trojan-activity;sid:84152065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.245.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288964/; classtype:trojan-activity;sid:84152064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.229.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288963/; classtype:trojan-activity;sid:84152063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.32.248.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288962/; classtype:trojan-activity;sid:84152062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288960/; classtype:trojan-activity;sid:84152060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288961/; classtype:trojan-activity;sid:84152061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.136.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288959/; classtype:trojan-activity;sid:84152059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isis.sh"; depth:8; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288958/; classtype:trojan-activity;sid:84152058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288957/; classtype:trojan-activity;sid:84152057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288955/; classtype:trojan-activity;sid:84152055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.isis"; depth:12; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288956/; classtype:trojan-activity;sid:84152056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.isis"; depth:12; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288953/; classtype:trojan-activity;sid:84152053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288954/; classtype:trojan-activity;sid:84152054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.isis"; depth:12; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288948/; classtype:trojan-activity;sid:84152048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288949/; classtype:trojan-activity;sid:84152049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.isis"; depth:12; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288950/; classtype:trojan-activity;sid:84152050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288951/; classtype:trojan-activity;sid:84152051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.isis"; depth:13; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288952/; classtype:trojan-activity;sid:84152052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.86.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288947/; classtype:trojan-activity;sid:84152047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.88.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288946/; classtype:trojan-activity;sid:84152046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.142.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288944/; classtype:trojan-activity;sid:84152044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288945/; classtype:trojan-activity;sid:84152045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.245.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288943/; classtype:trojan-activity;sid:84152043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288942/; classtype:trojan-activity;sid:84152042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.18.228"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288941/; classtype:trojan-activity;sid:84152041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.32.248.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288940/; classtype:trojan-activity;sid:84152040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.186.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288939/; classtype:trojan-activity;sid:84152039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288938/; classtype:trojan-activity;sid:84152038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.7.154"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288937/; classtype:trojan-activity;sid:84152037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.15.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288936/; classtype:trojan-activity;sid:84152036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.96.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288935/; classtype:trojan-activity;sid:84152035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.92.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288934/; classtype:trojan-activity;sid:84152034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.247.88.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288933/; classtype:trojan-activity;sid:84152033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.142.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288932/; classtype:trojan-activity;sid:84152032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.86.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288931/; classtype:trojan-activity;sid:84152031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.75.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288930/; classtype:trojan-activity;sid:84152030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.210.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288927/; classtype:trojan-activity;sid:84152027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.213.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288928/; classtype:trojan-activity;sid:84152028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.228.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288929/; classtype:trojan-activity;sid:84152029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.163.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288926/; classtype:trojan-activity;sid:84152026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288925/; classtype:trojan-activity;sid:84152025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.228.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288924/; classtype:trojan-activity;sid:84152024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.160.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288923/; classtype:trojan-activity;sid:84152023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.21.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288922/; classtype:trojan-activity;sid:84152022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.158.194.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288918/; classtype:trojan-activity;sid:84152018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.180.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288919/; classtype:trojan-activity;sid:84152019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.151.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288920/; classtype:trojan-activity;sid:84152020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.95.96.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288921/; classtype:trojan-activity;sid:84152021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.118.75.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.111.22.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288916/; classtype:trojan-activity;sid:84152016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.222.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288917/; classtype:trojan-activity;sid:84152017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.248.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288914/; classtype:trojan-activity;sid:84152014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.132.106.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288912/; classtype:trojan-activity;sid:84152012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.215.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288913/; classtype:trojan-activity;sid:84152013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.113.56.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288911/; classtype:trojan-activity;sid:84152011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.184.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288910/; classtype:trojan-activity;sid:84152010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.238.95.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288908/; classtype:trojan-activity;sid:84152008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.179.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288909/; classtype:trojan-activity;sid:84152009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.175.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288907/; classtype:trojan-activity;sid:84152007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.247.88.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288906/; classtype:trojan-activity;sid:84152006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.95.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288904/; classtype:trojan-activity;sid:84152004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.235.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288905/; classtype:trojan-activity;sid:84152005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.7.154"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288903/; classtype:trojan-activity;sid:84152003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288902/; classtype:trojan-activity;sid:84152002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.120.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288901/; classtype:trojan-activity;sid:84152001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.235.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288900/; classtype:trojan-activity;sid:84152000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.213.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288899/; classtype:trojan-activity;sid:84151999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.115.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288898/; classtype:trojan-activity;sid:84151998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.15.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288897/; classtype:trojan-activity;sid:84151997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.100.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288896/; classtype:trojan-activity;sid:84151996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.115.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288895/; classtype:trojan-activity;sid:84151995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.163.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288894/; classtype:trojan-activity;sid:84151994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.131.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288893/; classtype:trojan-activity;sid:84151993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.9.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288892/; classtype:trojan-activity;sid:84151992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288891/; classtype:trojan-activity;sid:84151991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.92.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288890/; classtype:trojan-activity;sid:84151990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.115.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288888/; classtype:trojan-activity;sid:84151988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.245.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288889/; classtype:trojan-activity;sid:84151989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.77.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288887/; classtype:trojan-activity;sid:84151987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.115.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288886/; classtype:trojan-activity;sid:84151986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.69.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288885/; classtype:trojan-activity;sid:84151985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288884/; classtype:trojan-activity;sid:84151984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288882/; classtype:trojan-activity;sid:84151982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.121.3.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288883/; classtype:trojan-activity;sid:84151983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288881/; classtype:trojan-activity;sid:84151981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.95.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288880/; classtype:trojan-activity;sid:84151980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.120.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288879/; classtype:trojan-activity;sid:84151979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.181.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288878/; classtype:trojan-activity;sid:84151978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.4.4.141"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288877/; classtype:trojan-activity;sid:84151977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.170.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288875/; classtype:trojan-activity;sid:84151975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.121.3.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288876/; classtype:trojan-activity;sid:84151976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.112.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288874/; classtype:trojan-activity;sid:84151974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.183.103.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288873/; classtype:trojan-activity;sid:84151973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288872/; classtype:trojan-activity;sid:84151972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"mkotl.strategies.mvpstrat.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288871/; classtype:trojan-activity;sid:84151971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.111.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288870/; classtype:trojan-activity;sid:84151970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.213.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288868/; classtype:trojan-activity;sid:84151968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288869/; classtype:trojan-activity;sid:84151969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.9.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288867/; classtype:trojan-activity;sid:84151967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.26.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288866/; classtype:trojan-activity;sid:84151966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288865/; classtype:trojan-activity;sid:84151965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.39.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288864/; classtype:trojan-activity;sid:84151964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.115.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288863/; classtype:trojan-activity;sid:84151963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.169.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288862/; classtype:trojan-activity;sid:84151962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.90.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288861/; classtype:trojan-activity;sid:84151961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.177.166.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288860/; classtype:trojan-activity;sid:84151960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.9.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288859/; classtype:trojan-activity;sid:84151959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.230.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288858/; classtype:trojan-activity;sid:84151958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.220.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288856/; classtype:trojan-activity;sid:84151956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.90.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288857/; classtype:trojan-activity;sid:84151957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.20.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288855/; classtype:trojan-activity;sid:84151955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.175.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288854/; classtype:trojan-activity;sid:84151954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.65.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288853/; classtype:trojan-activity;sid:84151953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.79.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288852/; classtype:trojan-activity;sid:84151952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.244.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288851/; classtype:trojan-activity;sid:84151951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.238.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288850/; classtype:trojan-activity;sid:84151950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.71.201.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288849/; classtype:trojan-activity;sid:84151949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.192.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288848/; classtype:trojan-activity;sid:84151948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.30.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288847/; classtype:trojan-activity;sid:84151947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.121.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288846/; classtype:trojan-activity;sid:84151946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.177.166.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288845/; classtype:trojan-activity;sid:84151945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288844/; classtype:trojan-activity;sid:84151944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.230.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288843/; classtype:trojan-activity;sid:84151943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.32.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288842/; classtype:trojan-activity;sid:84151942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288841/; classtype:trojan-activity;sid:84151941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.199.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288840/; classtype:trojan-activity;sid:84151940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.47.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288839/; classtype:trojan-activity;sid:84151939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.207.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288838/; classtype:trojan-activity;sid:84151938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.238.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288836/; classtype:trojan-activity;sid:84151936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.79.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288837/; classtype:trojan-activity;sid:84151937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.90.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288835/; classtype:trojan-activity;sid:84151935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288834/; classtype:trojan-activity;sid:84151934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.226.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288833/; classtype:trojan-activity;sid:84151933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.114.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288832/; classtype:trojan-activity;sid:84151932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.250.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288831/; classtype:trojan-activity;sid:84151931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.215.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288830/; classtype:trojan-activity;sid:84151930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.20.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288829/; classtype:trojan-activity;sid:84151929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.192.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288828/; classtype:trojan-activity;sid:84151928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.85.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288827/; classtype:trojan-activity;sid:84151927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288826/; classtype:trojan-activity;sid:84151926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.199.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288825/; classtype:trojan-activity;sid:84151925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.79.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288824/; classtype:trojan-activity;sid:84151924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.12.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288823/; classtype:trojan-activity;sid:84151923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.232.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288822/; classtype:trojan-activity;sid:84151922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.33.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288821/; classtype:trojan-activity;sid:84151921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.73.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288820/; classtype:trojan-activity;sid:84151920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.192.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288819/; classtype:trojan-activity;sid:84151919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.32.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288818/; classtype:trojan-activity;sid:84151918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.238.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288817/; classtype:trojan-activity;sid:84151917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.79.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288816/; classtype:trojan-activity;sid:84151916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288815/; classtype:trojan-activity;sid:84151915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.20.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288814/; classtype:trojan-activity;sid:84151914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288813/; classtype:trojan-activity;sid:84151913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.153.47.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288812/; classtype:trojan-activity;sid:84151912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.190.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288811/; classtype:trojan-activity;sid:84151911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.236.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288810/; classtype:trojan-activity;sid:84151910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.223.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288809/; classtype:trojan-activity;sid:84151909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.24.189.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288808/; classtype:trojan-activity;sid:84151908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.215.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288807/; classtype:trojan-activity;sid:84151907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.231.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288806/; classtype:trojan-activity;sid:84151906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.192.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288805/; classtype:trojan-activity;sid:84151905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.80.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288804/; classtype:trojan-activity;sid:84151904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.85.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288803/; classtype:trojan-activity;sid:84151903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.127.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288802/; classtype:trojan-activity;sid:84151902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.149.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288801/; classtype:trojan-activity;sid:84151901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.250.40.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288800/; classtype:trojan-activity;sid:84151900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.70.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288799/; classtype:trojan-activity;sid:84151899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.243.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288798/; classtype:trojan-activity;sid:84151898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.203.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288797/; classtype:trojan-activity;sid:84151897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.238.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288796/; classtype:trojan-activity;sid:84151896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288795/; classtype:trojan-activity;sid:84151895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.100.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288794/; classtype:trojan-activity;sid:84151894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.96.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288793/; classtype:trojan-activity;sid:84151893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.185.200.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288792/; classtype:trojan-activity;sid:84151892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.73.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288791/; classtype:trojan-activity;sid:84151891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288789/; classtype:trojan-activity;sid:84151889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.80.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288790/; classtype:trojan-activity;sid:84151890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.212.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288788/; classtype:trojan-activity;sid:84151888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.129.18.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288787/; classtype:trojan-activity;sid:84151887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.203.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288786/; classtype:trojan-activity;sid:84151886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288785/; classtype:trojan-activity;sid:84151885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.149.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288784/; classtype:trojan-activity;sid:84151884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288783/; classtype:trojan-activity;sid:84151883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.20.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288782/; classtype:trojan-activity;sid:84151882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.2.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288780/; classtype:trojan-activity;sid:84151880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.22.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288781/; classtype:trojan-activity;sid:84151881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/snc/seemebestthingswhichevermadebybestthingsgodown.hta"; depth:58; endswith; nocase; http.host; content:"192.3.220.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288779/; classtype:trojan-activity;sid:84151879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuesdaymadamwebxmpdw-constraints.vbs"; depth:37; endswith; nocase; http.host; content:"104.168.7.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288778/; classtype:trojan-activity;sid:84151878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/seemybestgirlthinkingsheisahotchickbutfuvk.tif"; depth:50; endswith; nocase; http.host; content:"192.3.220.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288777/; classtype:trojan-activity;sid:84151877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.207.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288776/; classtype:trojan-activity;sid:84151876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.250.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288775/; classtype:trojan-activity;sid:84151875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.100.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288774/; classtype:trojan-activity;sid:84151874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288773/; classtype:trojan-activity;sid:84151873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288772/; classtype:trojan-activity;sid:84151872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288771/; classtype:trojan-activity;sid:84151871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.12.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288770/; classtype:trojan-activity;sid:84151870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.54.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288769/; classtype:trojan-activity;sid:84151869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.119.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288768/; classtype:trojan-activity;sid:84151868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.95.140"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288767/; classtype:trojan-activity;sid:84151867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.114.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288766/; classtype:trojan-activity;sid:84151866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.169.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288765/; classtype:trojan-activity;sid:84151865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.129.18.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288764/; classtype:trojan-activity;sid:84151864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.56.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288763/; classtype:trojan-activity;sid:84151863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288762/; classtype:trojan-activity;sid:84151862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.245.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288761/; classtype:trojan-activity;sid:84151861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.238.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288760/; classtype:trojan-activity;sid:84151860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288759/; classtype:trojan-activity;sid:84151859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.19.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288758/; classtype:trojan-activity;sid:84151858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.232.241.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288757/; classtype:trojan-activity;sid:84151857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.81.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288756/; classtype:trojan-activity;sid:84151856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.47.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288755/; classtype:trojan-activity;sid:84151855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.70.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288754/; classtype:trojan-activity;sid:84151854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288753/; classtype:trojan-activity;sid:84151853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.227.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288752/; classtype:trojan-activity;sid:84151852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/blhbzrtqblg6o1k.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288750/; classtype:trojan-activity;sid:84151850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/blhbzrtqblg6o1k.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288751/; classtype:trojan-activity;sid:84151851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.250.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288749/; classtype:trojan-activity;sid:84151849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.112.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288748/; classtype:trojan-activity;sid:84151848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; depth:38; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288747/; classtype:trojan-activity;sid:84151847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; depth:37; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288744/; classtype:trojan-activity;sid:84151844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; depth:38; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288745/; classtype:trojan-activity;sid:84151845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; depth:38; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288746/; classtype:trojan-activity;sid:84151846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; depth:37; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288740/; classtype:trojan-activity;sid:84151840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; depth:38; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288741/; classtype:trojan-activity;sid:84151841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; depth:37; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288742/; classtype:trojan-activity;sid:84151842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; depth:38; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288743/; classtype:trojan-activity;sid:84151843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; depth:40; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288736/; classtype:trojan-activity;sid:84151836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; depth:38; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288737/; classtype:trojan-activity;sid:84151837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; depth:38; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288738/; classtype:trojan-activity;sid:84151838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; depth:37; endswith; nocase; http.host; content:"45.137.70.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288739/; classtype:trojan-activity;sid:84151839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.181.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288735/; classtype:trojan-activity;sid:84151835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.192.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288733/; classtype:trojan-activity;sid:84151833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.120.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288734/; classtype:trojan-activity;sid:84151834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.20.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288731/; classtype:trojan-activity;sid:84151831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/ws/seethebestthingswithgreatthingsbestthingswithgreatentry.hta"; depth:69; endswith; nocase; http.host; content:"107.173.4.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288732/; classtype:trojan-activity;sid:84151832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/331/ubn/mitradesignworkgoodforeveryoneforgiftedmbestthings.hta"; depth:63; endswith; nocase; http.host; content:"198.23.212.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288730/; classtype:trojan-activity;sid:84151830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55/nb/seemybesttimeforgivenmebestthingswithentiretimeforgivenmegreat.hta"; depth:73; endswith; nocase; http.host; content:"198.46.178.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288729/; classtype:trojan-activity;sid:84151829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/nc/mo/seemybestpartaroundtheworldtogetmethingsfornewone.hta"; depth:66; endswith; nocase; http.host; content:"198.46.178.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288728/; classtype:trojan-activity;sid:84151828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jbetxjeprs66.bin"; depth:17; endswith; nocase; http.host; content:"204.44.127.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288727/; classtype:trojan-activity;sid:84151827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.46.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288726/; classtype:trojan-activity;sid:84151826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"24.152.20.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288725/; classtype:trojan-activity;sid:84151825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tofnvkztslcapjhemddpvquy54.bin"; depth:31; endswith; nocase; http.host; content:"212.162.149.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288723/; classtype:trojan-activity;sid:84151823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gsnekddnoq28.bin"; depth:17; endswith; nocase; http.host; content:"212.162.149.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288724/; classtype:trojan-activity;sid:84151824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.38.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288722/; classtype:trojan-activity;sid:84151822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ygmdnaa137.bin"; depth:15; endswith; nocase; http.host; content:"173.249.193.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288720/; classtype:trojan-activity;sid:84151820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.234.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288721/; classtype:trojan-activity;sid:84151821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288719/; classtype:trojan-activity;sid:84151819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxyqebpwjlhygxzay158.bin"; depth:25; endswith; nocase; http.host; content:"93.123.109.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288718/; classtype:trojan-activity;sid:84151818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.62.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288717/; classtype:trojan-activity;sid:84151817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.34.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288716/; classtype:trojan-activity;sid:84151816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.19.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288715/; classtype:trojan-activity;sid:84151815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.30.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288714/; classtype:trojan-activity;sid:84151814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.238.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288713/; classtype:trojan-activity;sid:84151813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.245.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288712/; classtype:trojan-activity;sid:84151812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.2.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288711/; classtype:trojan-activity;sid:84151811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.137.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288710/; classtype:trojan-activity;sid:84151810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.119.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288709/; classtype:trojan-activity;sid:84151809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288708/; classtype:trojan-activity;sid:84151808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.25.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288707/; classtype:trojan-activity;sid:84151807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.218.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288705/; classtype:trojan-activity;sid:84151805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.112.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288706/; classtype:trojan-activity;sid:84151806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288704/; classtype:trojan-activity;sid:84151804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.119.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288702/; classtype:trojan-activity;sid:84151802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288703/; classtype:trojan-activity;sid:84151803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.192.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288701/; classtype:trojan-activity;sid:84151801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.181.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288700/; classtype:trojan-activity;sid:84151800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.10.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288699/; classtype:trojan-activity;sid:84151799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.127.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288698/; classtype:trojan-activity;sid:84151798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.228.136.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288697/; classtype:trojan-activity;sid:84151797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.2.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288695/; classtype:trojan-activity;sid:84151795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.234.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288696/; classtype:trojan-activity;sid:84151796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.137.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288694/; classtype:trojan-activity;sid:84151794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/555/newofficialprogramcauseofnewupdate.exe"; depth:43; endswith; nocase; http.host; content:"188.34.188.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288693/; classtype:trojan-activity;sid:84151793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ga/m/6.dll"; depth:11; endswith; nocase; http.host; content:"superior-coin.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288692/; classtype:trojan-activity;sid:84151792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13cecbdad86667b0.php"; depth:21; endswith; nocase; http.host; content:"193.233.74.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288690/; classtype:trojan-activity;sid:84151790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.77.185.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288691/; classtype:trojan-activity;sid:84151791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/5cvboz7ll7ozeu5nye41v/demanda-no-2024-125421208.uue|3f|rlkey=q3v5vrfxcuzk79v7a8njjcjuu|7c|26|7c|st=p3cn4auq|7c|26|7c|dl=1"; depth:129; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288689/; classtype:trojan-activity;sid:84151789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.64.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288688/; classtype:trojan-activity;sid:84151788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.21.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288687/; classtype:trojan-activity;sid:84151787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.192.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288686/; classtype:trojan-activity;sid:84151786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.158.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288685/; classtype:trojan-activity;sid:84151785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.58.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288684/; classtype:trojan-activity;sid:84151784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.114.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288683/; classtype:trojan-activity;sid:84151783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.8.78"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288681/; classtype:trojan-activity;sid:84151781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288682/; classtype:trojan-activity;sid:84151782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.247.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288680/; classtype:trojan-activity;sid:84151780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.158.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288679/; classtype:trojan-activity;sid:84151779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.176.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288678/; classtype:trojan-activity;sid:84151778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.175.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288677/; classtype:trojan-activity;sid:84151777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288675/; classtype:trojan-activity;sid:84151775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.112.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288676/; classtype:trojan-activity;sid:84151776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.226.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288673/; classtype:trojan-activity;sid:84151773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.15.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288674/; classtype:trojan-activity;sid:84151774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.24.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288672/; classtype:trojan-activity;sid:84151772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.21.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288671/; classtype:trojan-activity;sid:84151771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.176.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288670/; classtype:trojan-activity;sid:84151770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288669/; classtype:trojan-activity;sid:84151769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.87.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288668/; classtype:trojan-activity;sid:84151768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288667/; classtype:trojan-activity;sid:84151767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.58.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288666/; classtype:trojan-activity;sid:84151766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.226.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288665/; classtype:trojan-activity;sid:84151765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.241.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288664/; classtype:trojan-activity;sid:84151764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.245.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288663/; classtype:trojan-activity;sid:84151763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.115.119.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288662/; classtype:trojan-activity;sid:84151762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.139.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288660/; classtype:trojan-activity;sid:84151760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.53.98.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288661/; classtype:trojan-activity;sid:84151761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288659/; classtype:trojan-activity;sid:84151759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.64.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288658/; classtype:trojan-activity;sid:84151758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.22.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288657/; classtype:trojan-activity;sid:84151757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.114.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288656/; classtype:trojan-activity;sid:84151756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.0.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288654/; classtype:trojan-activity;sid:84151754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.30.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288655/; classtype:trojan-activity;sid:84151755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.169.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288653/; classtype:trojan-activity;sid:84151753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.87.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288652/; classtype:trojan-activity;sid:84151752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.108.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288651/; classtype:trojan-activity;sid:84151751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.133.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288650/; classtype:trojan-activity;sid:84151750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.99.199.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288649/; classtype:trojan-activity;sid:84151749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.47.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288646/; classtype:trojan-activity;sid:84151746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.42.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288647/; classtype:trojan-activity;sid:84151747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.6.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288648/; classtype:trojan-activity;sid:84151748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288645/; classtype:trojan-activity;sid:84151745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.117.191.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288644/; classtype:trojan-activity;sid:84151744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.52.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288643/; classtype:trojan-activity;sid:84151743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.22.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288642/; classtype:trojan-activity;sid:84151742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288641/; classtype:trojan-activity;sid:84151741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.34.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288640/; classtype:trojan-activity;sid:84151740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.194.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288639/; classtype:trojan-activity;sid:84151739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.91.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288638/; classtype:trojan-activity;sid:84151738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.30.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288637/; classtype:trojan-activity;sid:84151737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288636/; classtype:trojan-activity;sid:84151736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.222.254.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288635/; classtype:trojan-activity;sid:84151735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.169.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288634/; classtype:trojan-activity;sid:84151734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.164.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288633/; classtype:trojan-activity;sid:84151733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.158.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288632/; classtype:trojan-activity;sid:84151732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.139.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288631/; classtype:trojan-activity;sid:84151731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.6.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288630/; classtype:trojan-activity;sid:84151730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.176.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288629/; classtype:trojan-activity;sid:84151729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.25.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288627/; classtype:trojan-activity;sid:84151727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.189.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288628/; classtype:trojan-activity;sid:84151728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.47.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288626/; classtype:trojan-activity;sid:84151726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.133.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288625/; classtype:trojan-activity;sid:84151725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.56.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288624/; classtype:trojan-activity;sid:84151724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.218.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288623/; classtype:trojan-activity;sid:84151723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"ixkix.events.socalpocis.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288622/; classtype:trojan-activity;sid:84151722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.110.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288620/; classtype:trojan-activity;sid:84151720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.34.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288621/; classtype:trojan-activity;sid:84151721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.25.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288619/; classtype:trojan-activity;sid:84151719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.132.133.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288618/; classtype:trojan-activity;sid:84151718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.122.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288617/; classtype:trojan-activity;sid:84151717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.7.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288616/; classtype:trojan-activity;sid:84151716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.242.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288615/; classtype:trojan-activity;sid:84151715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.39.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288614/; classtype:trojan-activity;sid:84151714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.185.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288613/; classtype:trojan-activity;sid:84151713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.90.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288612/; classtype:trojan-activity;sid:84151712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.25.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288611/; classtype:trojan-activity;sid:84151711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.21.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288610/; classtype:trojan-activity;sid:84151710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.10.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288609/; classtype:trojan-activity;sid:84151709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.223.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288608/; classtype:trojan-activity;sid:84151708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.22.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288607/; classtype:trojan-activity;sid:84151707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288606/; classtype:trojan-activity;sid:84151706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.158.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288605/; classtype:trojan-activity;sid:84151705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.42.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288604/; classtype:trojan-activity;sid:84151704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.132.133.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288603/; classtype:trojan-activity;sid:84151703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.129.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288602/; classtype:trojan-activity;sid:84151702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.100.248.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288601/; classtype:trojan-activity;sid:84151701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.117.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288599/; classtype:trojan-activity;sid:84151699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288600/; classtype:trojan-activity;sid:84151700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.242.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288598/; classtype:trojan-activity;sid:84151698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.122.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288596/; classtype:trojan-activity;sid:84151696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.140.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288597/; classtype:trojan-activity;sid:84151697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.135.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288595/; classtype:trojan-activity;sid:84151695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.32.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288594/; classtype:trojan-activity;sid:84151694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.55.181.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288593/; classtype:trojan-activity;sid:84151693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.11.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288591/; classtype:trojan-activity;sid:84151691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.245.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288592/; classtype:trojan-activity;sid:84151692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.89.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288590/; classtype:trojan-activity;sid:84151690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.204.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288589/; classtype:trojan-activity;sid:84151689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.86.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288588/; classtype:trojan-activity;sid:84151688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288587/; classtype:trojan-activity;sid:84151687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.217.95.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288586/; classtype:trojan-activity;sid:84151686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.7.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288585/; classtype:trojan-activity;sid:84151685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.47.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288584/; classtype:trojan-activity;sid:84151684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.228.170.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288583/; classtype:trojan-activity;sid:84151683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.200.227.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288582/; classtype:trojan-activity;sid:84151682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.245.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288581/; classtype:trojan-activity;sid:84151681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288580/; classtype:trojan-activity;sid:84151680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288579/; classtype:trojan-activity;sid:84151679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.101.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288578/; classtype:trojan-activity;sid:84151678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.22.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288577/; classtype:trojan-activity;sid:84151677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.245.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288576/; classtype:trojan-activity;sid:84151676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.158.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288575/; classtype:trojan-activity;sid:84151675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.10.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288574/; classtype:trojan-activity;sid:84151674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.55.181.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288573/; classtype:trojan-activity;sid:84151673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.86.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288572/; classtype:trojan-activity;sid:84151672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288571/; classtype:trojan-activity;sid:84151671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.250.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288570/; classtype:trojan-activity;sid:84151670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.89.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288569/; classtype:trojan-activity;sid:84151669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.85.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288568/; classtype:trojan-activity;sid:84151668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.65.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288567/; classtype:trojan-activity;sid:84151667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.21.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288566/; classtype:trojan-activity;sid:84151666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.39.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288565/; classtype:trojan-activity;sid:84151665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.249.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288564/; classtype:trojan-activity;sid:84151664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.7.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288563/; classtype:trojan-activity;sid:84151663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288562/; classtype:trojan-activity;sid:84151662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.83.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288561/; classtype:trojan-activity;sid:84151661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.144.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288560/; classtype:trojan-activity;sid:84151660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.40.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288559/; classtype:trojan-activity;sid:84151659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288558/; classtype:trojan-activity;sid:84151658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.11.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288557/; classtype:trojan-activity;sid:84151657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.101.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288556/; classtype:trojan-activity;sid:84151656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.3.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288555/; classtype:trojan-activity;sid:84151655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.19.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288554/; classtype:trojan-activity;sid:84151654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.245.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288553/; classtype:trojan-activity;sid:84151653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.203.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288552/; classtype:trojan-activity;sid:84151652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.5.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288551/; classtype:trojan-activity;sid:84151651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288550/; classtype:trojan-activity;sid:84151650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.72.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288549/; classtype:trojan-activity;sid:84151649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.215.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288548/; classtype:trojan-activity;sid:84151648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.102.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288547/; classtype:trojan-activity;sid:84151647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.27.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288546/; classtype:trojan-activity;sid:84151646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.83.101"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288545/; classtype:trojan-activity;sid:84151645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288544/; classtype:trojan-activity;sid:84151644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"156.146.27.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288543/; classtype:trojan-activity;sid:84151643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.43.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288541/; classtype:trojan-activity;sid:84151641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.147.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288542/; classtype:trojan-activity;sid:84151642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.186.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288540/; classtype:trojan-activity;sid:84151640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.204.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288539/; classtype:trojan-activity;sid:84151639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.154.11.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288538/; classtype:trojan-activity;sid:84151638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.83.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288537/; classtype:trojan-activity;sid:84151637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288536/; classtype:trojan-activity;sid:84151636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.4.4.141"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288535/; classtype:trojan-activity;sid:84151635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.5.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288534/; classtype:trojan-activity;sid:84151634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.59.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288533/; classtype:trojan-activity;sid:84151633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288532/; classtype:trojan-activity;sid:84151632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.254.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288531/; classtype:trojan-activity;sid:84151631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.157.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288530/; classtype:trojan-activity;sid:84151630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.234.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288529/; classtype:trojan-activity;sid:84151629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.95.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288528/; classtype:trojan-activity;sid:84151628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288527/; classtype:trojan-activity;sid:84151627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.103.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288525/; classtype:trojan-activity;sid:84151625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.1.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288526/; classtype:trojan-activity;sid:84151626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.191.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288524/; classtype:trojan-activity;sid:84151624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288523/; classtype:trojan-activity;sid:84151623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.245.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288522/; classtype:trojan-activity;sid:84151622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"76.77.23.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288521/; classtype:trojan-activity;sid:84151621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.253.19.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288520/; classtype:trojan-activity;sid:84151620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.49.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288519/; classtype:trojan-activity;sid:84151619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.59.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288518/; classtype:trojan-activity;sid:84151618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.4.4.141"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288517/; classtype:trojan-activity;sid:84151617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.103.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288516/; classtype:trojan-activity;sid:84151616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.40.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288515/; classtype:trojan-activity;sid:84151615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.232.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288514/; classtype:trojan-activity;sid:84151614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.245.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288513/; classtype:trojan-activity;sid:84151613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.76.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288512/; classtype:trojan-activity;sid:84151612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.25.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288511/; classtype:trojan-activity;sid:84151611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.84.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288510/; classtype:trojan-activity;sid:84151610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288508/; classtype:trojan-activity;sid:84151608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.42.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288509/; classtype:trojan-activity;sid:84151609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.191.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288507/; classtype:trojan-activity;sid:84151607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.236.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288506/; classtype:trojan-activity;sid:84151606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.135.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288505/; classtype:trojan-activity;sid:84151605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.19.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288504/; classtype:trojan-activity;sid:84151604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.135.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288503/; classtype:trojan-activity;sid:84151603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.245.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288502/; classtype:trojan-activity;sid:84151602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.58.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288501/; classtype:trojan-activity;sid:84151601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.10.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288500/; classtype:trojan-activity;sid:84151600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.232.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288499/; classtype:trojan-activity;sid:84151599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.29.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288498/; classtype:trojan-activity;sid:84151598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.94.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288497/; classtype:trojan-activity;sid:84151597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.84.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288496/; classtype:trojan-activity;sid:84151596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288494/; classtype:trojan-activity;sid:84151594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.19.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288495/; classtype:trojan-activity;sid:84151595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.39.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288493/; classtype:trojan-activity;sid:84151593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.92.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288492/; classtype:trojan-activity;sid:84151592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288491/; classtype:trojan-activity;sid:84151591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288490/; classtype:trojan-activity;sid:84151590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.76.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288489/; classtype:trojan-activity;sid:84151589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.42.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288488/; classtype:trojan-activity;sid:84151588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288487/; classtype:trojan-activity;sid:84151587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.239.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288486/; classtype:trojan-activity;sid:84151586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.236.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288485/; classtype:trojan-activity;sid:84151585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.241.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288484/; classtype:trojan-activity;sid:84151584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.110.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288483/; classtype:trojan-activity;sid:84151583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.102.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288482/; classtype:trojan-activity;sid:84151582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.23.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288481/; classtype:trojan-activity;sid:84151581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.106.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288480/; classtype:trojan-activity;sid:84151580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.180.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288478/; classtype:trojan-activity;sid:84151578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.253.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288479/; classtype:trojan-activity;sid:84151579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.162.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288477/; classtype:trojan-activity;sid:84151577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.133.185.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288476/; classtype:trojan-activity;sid:84151576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.10.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288475/; classtype:trojan-activity;sid:84151575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288474/; classtype:trojan-activity;sid:84151574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.231.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288473/; classtype:trojan-activity;sid:84151573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.105.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288472/; classtype:trojan-activity;sid:84151572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.39.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288471/; classtype:trojan-activity;sid:84151571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.182.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288470/; classtype:trojan-activity;sid:84151570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.92.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288469/; classtype:trojan-activity;sid:84151569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288468/; classtype:trojan-activity;sid:84151568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.1.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288467/; classtype:trojan-activity;sid:84151567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.29.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288466/; classtype:trojan-activity;sid:84151566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.239.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288465/; classtype:trojan-activity;sid:84151565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.142.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288463/; classtype:trojan-activity;sid:84151563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288464/; classtype:trojan-activity;sid:84151564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288462/; classtype:trojan-activity;sid:84151562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.58.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288461/; classtype:trojan-activity;sid:84151561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288460/; classtype:trojan-activity;sid:84151560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.110.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288459/; classtype:trojan-activity;sid:84151559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.134.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288458/; classtype:trojan-activity;sid:84151558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.98.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288457/; classtype:trojan-activity;sid:84151557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.180.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288456/; classtype:trojan-activity;sid:84151556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288455/; classtype:trojan-activity;sid:84151555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288454/; classtype:trojan-activity;sid:84151554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288453/; classtype:trojan-activity;sid:84151553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.105.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288452/; classtype:trojan-activity;sid:84151552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.34.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288451/; classtype:trojan-activity;sid:84151551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.2.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288450/; classtype:trojan-activity;sid:84151550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.137.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288449/; classtype:trojan-activity;sid:84151549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.142.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288448/; classtype:trojan-activity;sid:84151548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.33.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288447/; classtype:trojan-activity;sid:84151547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.133.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288446/; classtype:trojan-activity;sid:84151546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.110.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288445/; classtype:trojan-activity;sid:84151545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.134.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288444/; classtype:trojan-activity;sid:84151544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288443/; classtype:trojan-activity;sid:84151543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"varu.events.socalpocis.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288442/; classtype:trojan-activity;sid:84151542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"tzc.events.socalpocis.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288441/; classtype:trojan-activity;sid:84151541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"buki.events.socalpocis.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288438/; classtype:trojan-activity;sid:84151538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"zessk.events.socalpocis.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288439/; classtype:trojan-activity;sid:84151539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"gtj.events.socalpocis.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288440/; classtype:trojan-activity;sid:84151540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"avc.events.socalpocis.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288437/; classtype:trojan-activity;sid:84151537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.12.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288436/; classtype:trojan-activity;sid:84151536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.137.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288435/; classtype:trojan-activity;sid:84151535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.209.67.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288434/; classtype:trojan-activity;sid:84151534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.15.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288433/; classtype:trojan-activity;sid:84151533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.42.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288432/; classtype:trojan-activity;sid:84151532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.34.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288431/; classtype:trojan-activity;sid:84151531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.1.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288430/; classtype:trojan-activity;sid:84151530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.100.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288428/; classtype:trojan-activity;sid:84151528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.91.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288429/; classtype:trojan-activity;sid:84151529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.54.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288427/; classtype:trojan-activity;sid:84151527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.201.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288426/; classtype:trojan-activity;sid:84151526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.236.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288425/; classtype:trojan-activity;sid:84151525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288424/; classtype:trojan-activity;sid:84151524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288423/; classtype:trojan-activity;sid:84151523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.155.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288422/; classtype:trojan-activity;sid:84151522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.16.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288421/; classtype:trojan-activity;sid:84151521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288420/; classtype:trojan-activity;sid:84151520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288419/; classtype:trojan-activity;sid:84151519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.41.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288418/; classtype:trojan-activity;sid:84151518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288416/; classtype:trojan-activity;sid:84151516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/wphs8"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288417/; classtype:trojan-activity;sid:84151517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.127.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288415/; classtype:trojan-activity;sid:84151515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.15.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288414/; classtype:trojan-activity;sid:84151514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.201.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288413/; classtype:trojan-activity;sid:84151513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.91.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288412/; classtype:trojan-activity;sid:84151512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.139.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288411/; classtype:trojan-activity;sid:84151511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x861.bin"; depth:9; endswith; nocase; http.host; content:"45.115.237.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288409/; classtype:trojan-activity;sid:84151509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.136.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288410/; classtype:trojan-activity;sid:84151510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.118.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288408/; classtype:trojan-activity;sid:84151508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x861.exe"; depth:9; endswith; nocase; http.host; content:"45.115.237.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288407/; classtype:trojan-activity;sid:84151507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x64.exe"; depth:14; endswith; nocase; http.host; content:"148.113.192.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288406/; classtype:trojan-activity;sid:84151506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288405/; classtype:trojan-activity;sid:84151505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.34.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288404/; classtype:trojan-activity;sid:84151504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.21.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288403/; classtype:trojan-activity;sid:84151503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288402/; classtype:trojan-activity;sid:84151502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288401/; classtype:trojan-activity;sid:84151501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288400/; classtype:trojan-activity;sid:84151500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.20.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288399/; classtype:trojan-activity;sid:84151499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.68.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288398/; classtype:trojan-activity;sid:84151498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/fix.php"; depth:13; endswith; nocase; http.host; content:"junocis.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288397/; classtype:trojan-activity;sid:84151497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"culinarycanvasgrilling.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288396/; classtype:trojan-activity;sid:84151496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.222.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288395/; classtype:trojan-activity;sid:84151495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.90.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288394/; classtype:trojan-activity;sid:84151494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.118.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288393/; classtype:trojan-activity;sid:84151493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.127.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288392/; classtype:trojan-activity;sid:84151492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.143.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288391/; classtype:trojan-activity;sid:84151491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.212.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288390/; classtype:trojan-activity;sid:84151490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.54.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288389/; classtype:trojan-activity;sid:84151489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"fencingfriends.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288388/; classtype:trojan-activity;sid:84151488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.107.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288387/; classtype:trojan-activity;sid:84151487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.128.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288386/; classtype:trojan-activity;sid:84151486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.192.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288385/; classtype:trojan-activity;sid:84151485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/mfragks.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288383/; classtype:trojan-activity;sid:84151483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/srsdcio.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288384/; classtype:trojan-activity;sid:84151484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/kbkmpcr.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288380/; classtype:trojan-activity;sid:84151480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/bgjjhar.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288381/; classtype:trojan-activity;sid:84151481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/nargbri.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288382/; classtype:trojan-activity;sid:84151482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/difkhkm.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288371/; classtype:trojan-activity;sid:84151471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/dknkrdi.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288372/; classtype:trojan-activity;sid:84151472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/gdisfab.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288373/; classtype:trojan-activity;sid:84151473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/enoagkn.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288374/; classtype:trojan-activity;sid:84151474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/ihdpsek.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288375/; classtype:trojan-activity;sid:84151475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/ajipmik.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288376/; classtype:trojan-activity;sid:84151476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/bffgjkn.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288377/; classtype:trojan-activity;sid:84151477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/hmspgif.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288378/; classtype:trojan-activity;sid:84151478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/idmekdr.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288379/; classtype:trojan-activity;sid:84151479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/roaksdh.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288370/; classtype:trojan-activity;sid:84151470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/dmfgfmf.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288365/; classtype:trojan-activity;sid:84151465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/dfifsij.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288366/; classtype:trojan-activity;sid:84151466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/dmpindp.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288367/; classtype:trojan-activity;sid:84151467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/akjisfd.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288368/; classtype:trojan-activity;sid:84151468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqwfqwght/qwrqwrhnb/downloads/dkkfggc.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288369/; classtype:trojan-activity;sid:84151469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288364/; classtype:trojan-activity;sid:84151464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288358/; classtype:trojan-activity;sid:84151458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gmips"; depth:11; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288359/; classtype:trojan-activity;sid:84151459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/garm"; depth:10; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288360/; classtype:trojan-activity;sid:84151460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288361/; classtype:trojan-activity;sid:84151461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288362/; classtype:trojan-activity;sid:84151462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gx86"; depth:10; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288363/; classtype:trojan-activity;sid:84151463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/garm6"; depth:11; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288357/; classtype:trojan-activity;sid:84151457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.28.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288356/; classtype:trojan-activity;sid:84151456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288355/; classtype:trojan-activity;sid:84151455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288351/; classtype:trojan-activity;sid:84151451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288352/; classtype:trojan-activity;sid:84151452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/garm5"; depth:11; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288353/; classtype:trojan-activity;sid:84151453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sea.sh"; depth:7; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288354/; classtype:trojan-activity;sid:84151454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288349/; classtype:trojan-activity;sid:84151449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288350/; classtype:trojan-activity;sid:84151450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.23.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288344/; classtype:trojan-activity;sid:84151444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gmpsl"; depth:11; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288345/; classtype:trojan-activity;sid:84151445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/garm7"; depth:11; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288346/; classtype:trojan-activity;sid:84151446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288347/; classtype:trojan-activity;sid:84151447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"154.213.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288348/; classtype:trojan-activity;sid:84151448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm5"; depth:18; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288343/; classtype:trojan-activity;sid:84151443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.120.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288342/; classtype:trojan-activity;sid:84151442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.mips"; depth:18; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288340/; classtype:trojan-activity;sid:84151440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.54.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288341/; classtype:trojan-activity;sid:84151441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.spc"; depth:17; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288339/; classtype:trojan-activity;sid:84151439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.ppc"; depth:17; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288338/; classtype:trojan-activity;sid:84151438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288328/; classtype:trojan-activity;sid:84151428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.x86"; depth:17; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288329/; classtype:trojan-activity;sid:84151429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.m68k"; depth:18; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288330/; classtype:trojan-activity;sid:84151430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm"; depth:17; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288331/; classtype:trojan-activity;sid:84151431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm6"; depth:18; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288332/; classtype:trojan-activity;sid:84151432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.mpsl"; depth:18; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288333/; classtype:trojan-activity;sid:84151433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288334/; classtype:trojan-activity;sid:84151434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm7"; depth:18; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288335/; classtype:trojan-activity;sid:84151435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.sh4"; depth:17; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288336/; classtype:trojan-activity;sid:84151436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"151.80.169.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288337/; classtype:trojan-activity;sid:84151437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.217.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288327/; classtype:trojan-activity;sid:84151427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.222.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288326/; classtype:trojan-activity;sid:84151426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.155.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288325/; classtype:trojan-activity;sid:84151425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288324/; classtype:trojan-activity;sid:84151424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288323/; classtype:trojan-activity;sid:84151423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288321/; classtype:trojan-activity;sid:84151421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288322/; classtype:trojan-activity;sid:84151422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.212.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288320/; classtype:trojan-activity;sid:84151420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.185.201.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288319/; classtype:trojan-activity;sid:84151419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.154.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288318/; classtype:trojan-activity;sid:84151418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.112.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288317/; classtype:trojan-activity;sid:84151417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.86.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288316/; classtype:trojan-activity;sid:84151416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.128.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288315/; classtype:trojan-activity;sid:84151415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.127.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288314/; classtype:trojan-activity;sid:84151414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.99.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288313/; classtype:trojan-activity;sid:84151413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.172.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288312/; classtype:trojan-activity;sid:84151412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.88.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288311/; classtype:trojan-activity;sid:84151411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.23.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288310/; classtype:trojan-activity;sid:84151410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.131.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288309/; classtype:trojan-activity;sid:84151409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.10.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288308/; classtype:trojan-activity;sid:84151408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.196.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288307/; classtype:trojan-activity;sid:84151407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.108.116.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288306/; classtype:trojan-activity;sid:84151406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.58.80.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288305/; classtype:trojan-activity;sid:84151405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.74.222.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288304/; classtype:trojan-activity;sid:84151404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"209.42.55.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288299/; classtype:trojan-activity;sid:84151399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.109.234.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288300/; classtype:trojan-activity;sid:84151400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.186.69.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288301/; classtype:trojan-activity;sid:84151401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.51.122.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288302/; classtype:trojan-activity;sid:84151402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.64.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288303/; classtype:trojan-activity;sid:84151403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.8.38.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288298/; classtype:trojan-activity;sid:84151398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.183.9.88"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288297/; classtype:trojan-activity;sid:84151397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.240.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288296/; classtype:trojan-activity;sid:84151396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.99.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288295/; classtype:trojan-activity;sid:84151395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.131.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288294/; classtype:trojan-activity;sid:84151394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288293/; classtype:trojan-activity;sid:84151393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.88.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288292/; classtype:trojan-activity;sid:84151392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.85.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288291/; classtype:trojan-activity;sid:84151391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.236.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288290/; classtype:trojan-activity;sid:84151390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.155.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288288/; classtype:trojan-activity;sid:84151388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.87.120.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288289/; classtype:trojan-activity;sid:84151389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288287/; classtype:trojan-activity;sid:84151387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.237.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288286/; classtype:trojan-activity;sid:84151386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288285/; classtype:trojan-activity;sid:84151385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288284/; classtype:trojan-activity;sid:84151384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.37.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288283/; classtype:trojan-activity;sid:84151383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288282/; classtype:trojan-activity;sid:84151382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.35.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288281/; classtype:trojan-activity;sid:84151381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.179.15.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288280/; classtype:trojan-activity;sid:84151380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.39.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288279/; classtype:trojan-activity;sid:84151379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.37.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288278/; classtype:trojan-activity;sid:84151378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.183.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288277/; classtype:trojan-activity;sid:84151377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.240.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288276/; classtype:trojan-activity;sid:84151376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.233.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288275/; classtype:trojan-activity;sid:84151375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.28.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288274/; classtype:trojan-activity;sid:84151374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.127.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288273/; classtype:trojan-activity;sid:84151373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.155.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288272/; classtype:trojan-activity;sid:84151372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.52.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288271/; classtype:trojan-activity;sid:84151371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.55.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288270/; classtype:trojan-activity;sid:84151370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.56.146.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288269/; classtype:trojan-activity;sid:84151369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.236.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288268/; classtype:trojan-activity;sid:84151368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.110.13.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288267/; classtype:trojan-activity;sid:84151367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.209.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288266/; classtype:trojan-activity;sid:84151366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.232.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288265/; classtype:trojan-activity;sid:84151365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.154.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288264/; classtype:trojan-activity;sid:84151364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.183.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288263/; classtype:trojan-activity;sid:84151363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.52.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288262/; classtype:trojan-activity;sid:84151362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.114.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288260/; classtype:trojan-activity;sid:84151360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.2.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288261/; classtype:trojan-activity;sid:84151361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.28.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288259/; classtype:trojan-activity;sid:84151359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288258/; classtype:trojan-activity;sid:84151358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288257/; classtype:trojan-activity;sid:84151357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.93.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288255/; classtype:trojan-activity;sid:84151355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.175.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288256/; classtype:trojan-activity;sid:84151356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.105.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288254/; classtype:trojan-activity;sid:84151354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"76.11.135.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288253/; classtype:trojan-activity;sid:84151353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.55.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288252/; classtype:trojan-activity;sid:84151352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.209.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288251/; classtype:trojan-activity;sid:84151351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.115.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288250/; classtype:trojan-activity;sid:84151350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.114.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288249/; classtype:trojan-activity;sid:84151349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.32.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288248/; classtype:trojan-activity;sid:84151348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.8.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288247/; classtype:trojan-activity;sid:84151347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.210.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288246/; classtype:trojan-activity;sid:84151346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.75.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288245/; classtype:trojan-activity;sid:84151345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288244/; classtype:trojan-activity;sid:84151344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.169.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288243/; classtype:trojan-activity;sid:84151343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.119.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288241/; classtype:trojan-activity;sid:84151341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.121.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288242/; classtype:trojan-activity;sid:84151342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.181.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288240/; classtype:trojan-activity;sid:84151340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.115.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288238/; classtype:trojan-activity;sid:84151338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.114.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288239/; classtype:trojan-activity;sid:84151339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.41.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288237/; classtype:trojan-activity;sid:84151337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.68.57.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288236/; classtype:trojan-activity;sid:84151336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.71.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288235/; classtype:trojan-activity;sid:84151335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.10.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288234/; classtype:trojan-activity;sid:84151334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.167.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288233/; classtype:trojan-activity;sid:84151333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.93.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288232/; classtype:trojan-activity;sid:84151332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.31.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288231/; classtype:trojan-activity;sid:84151331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.68.57.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288230/; classtype:trojan-activity;sid:84151330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.115.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288229/; classtype:trojan-activity;sid:84151329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.177.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288228/; classtype:trojan-activity;sid:84151328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.207.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288227/; classtype:trojan-activity;sid:84151327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.47"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288226/; classtype:trojan-activity;sid:84151326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.42.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288225/; classtype:trojan-activity;sid:84151325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288224/; classtype:trojan-activity;sid:84151324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.57.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288223/; classtype:trojan-activity;sid:84151323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.114.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288222/; classtype:trojan-activity;sid:84151322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.32.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288221/; classtype:trojan-activity;sid:84151321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.112.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288220/; classtype:trojan-activity;sid:84151320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.181.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288219/; classtype:trojan-activity;sid:84151319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.115.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288217/; classtype:trojan-activity;sid:84151317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.237.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288218/; classtype:trojan-activity;sid:84151318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.118.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288216/; classtype:trojan-activity;sid:84151316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288215/; classtype:trojan-activity;sid:84151315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.193.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288214/; classtype:trojan-activity;sid:84151314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.150.232.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288213/; classtype:trojan-activity;sid:84151313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.89.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288212/; classtype:trojan-activity;sid:84151312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.116.145.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288211/; classtype:trojan-activity;sid:84151311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.42.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288210/; classtype:trojan-activity;sid:84151310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.71.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288209/; classtype:trojan-activity;sid:84151309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.76.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288207/; classtype:trojan-activity;sid:84151307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.227.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288208/; classtype:trojan-activity;sid:84151308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288206/; classtype:trojan-activity;sid:84151306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288205/; classtype:trojan-activity;sid:84151305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.35.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288204/; classtype:trojan-activity;sid:84151304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288203/; classtype:trojan-activity;sid:84151303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.39.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288202/; classtype:trojan-activity;sid:84151302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.236.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288201/; classtype:trojan-activity;sid:84151301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.142.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288200/; classtype:trojan-activity;sid:84151300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"156.146.26.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288199/; classtype:trojan-activity;sid:84151299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.128.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288198/; classtype:trojan-activity;sid:84151298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.224.82.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288197/; classtype:trojan-activity;sid:84151297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.181.170.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288196/; classtype:trojan-activity;sid:84151296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.45.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288195/; classtype:trojan-activity;sid:84151295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.164.51.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288194/; classtype:trojan-activity;sid:84151294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.155.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288193/; classtype:trojan-activity;sid:84151293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.26.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288192/; classtype:trojan-activity;sid:84151292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.193.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288191/; classtype:trojan-activity;sid:84151291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.227.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288190/; classtype:trojan-activity;sid:84151290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.236.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288188/; classtype:trojan-activity;sid:84151288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.7.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288189/; classtype:trojan-activity;sid:84151289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288186/; classtype:trojan-activity;sid:84151286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.75.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288187/; classtype:trojan-activity;sid:84151287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.58.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288185/; classtype:trojan-activity;sid:84151285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288184/; classtype:trojan-activity;sid:84151284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.217.36.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288183/; classtype:trojan-activity;sid:84151283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.76.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288182/; classtype:trojan-activity;sid:84151282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.210.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288181/; classtype:trojan-activity;sid:84151281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.71.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288180/; classtype:trojan-activity;sid:84151280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.100.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288179/; classtype:trojan-activity;sid:84151279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.124.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288178/; classtype:trojan-activity;sid:84151278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.84.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288177/; classtype:trojan-activity;sid:84151277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.211.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288176/; classtype:trojan-activity;sid:84151276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288175/; classtype:trojan-activity;sid:84151275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.107.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288174/; classtype:trojan-activity;sid:84151274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.218.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288173/; classtype:trojan-activity;sid:84151273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.72.177.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288172/; classtype:trojan-activity;sid:84151272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.181.170.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288171/; classtype:trojan-activity;sid:84151271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.81.40"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288170/; classtype:trojan-activity;sid:84151270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.30.4"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288169/; classtype:trojan-activity;sid:84151269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.45.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288168/; classtype:trojan-activity;sid:84151268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.236.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288167/; classtype:trojan-activity;sid:84151267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288166/; classtype:trojan-activity;sid:84151266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.124.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288165/; classtype:trojan-activity;sid:84151265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.210.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288164/; classtype:trojan-activity;sid:84151264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.7.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288163/; classtype:trojan-activity;sid:84151263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.2.48"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288162/; classtype:trojan-activity;sid:84151262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.69.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288161/; classtype:trojan-activity;sid:84151261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.2.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288160/; classtype:trojan-activity;sid:84151260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.128.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288159/; classtype:trojan-activity;sid:84151259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.90.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288158/; classtype:trojan-activity;sid:84151258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.2.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288157/; classtype:trojan-activity;sid:84151257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.176.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288156/; classtype:trojan-activity;sid:84151256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.251.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288154/; classtype:trojan-activity;sid:84151254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.84.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288155/; classtype:trojan-activity;sid:84151255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.248.37.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288153/; classtype:trojan-activity;sid:84151253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.13.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288152/; classtype:trojan-activity;sid:84151252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.30.4"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288151/; classtype:trojan-activity;sid:84151251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288150/; classtype:trojan-activity;sid:84151250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.196.169.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288149/; classtype:trojan-activity;sid:84151249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.46.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288148/; classtype:trojan-activity;sid:84151248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.191.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288147/; classtype:trojan-activity;sid:84151247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.17.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288146/; classtype:trojan-activity;sid:84151246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.22.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288145/; classtype:trojan-activity;sid:84151245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.98.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288144/; classtype:trojan-activity;sid:84151244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.204.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288143/; classtype:trojan-activity;sid:84151243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.100.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288142/; classtype:trojan-activity;sid:84151242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.2.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288141/; classtype:trojan-activity;sid:84151241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.176.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288140/; classtype:trojan-activity;sid:84151240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.63.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288139/; classtype:trojan-activity;sid:84151239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.248.37.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288138/; classtype:trojan-activity;sid:84151238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"sukw.range.cccinvolve.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288137/; classtype:trojan-activity;sid:84151237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288136/; classtype:trojan-activity;sid:84151236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288134/; classtype:trojan-activity;sid:84151234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.196.169.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288135/; classtype:trojan-activity;sid:84151235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.202.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288133/; classtype:trojan-activity;sid:84151233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.204.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288132/; classtype:trojan-activity;sid:84151232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.214.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288131/; classtype:trojan-activity;sid:84151231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288130/; classtype:trojan-activity;sid:84151230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288129/; classtype:trojan-activity;sid:84151229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288123/; classtype:trojan-activity;sid:84151223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288124/; classtype:trojan-activity;sid:84151224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288125/; classtype:trojan-activity;sid:84151225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288126/; classtype:trojan-activity;sid:84151226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288127/; classtype:trojan-activity;sid:84151227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288128/; classtype:trojan-activity;sid:84151228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288119/; classtype:trojan-activity;sid:84151219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288120/; classtype:trojan-activity;sid:84151220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"46.250.238.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288121/; classtype:trojan-activity;sid:84151221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288118/; classtype:trojan-activity;sid:84151218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.69.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288117/; classtype:trojan-activity;sid:84151217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.117.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288116/; classtype:trojan-activity;sid:84151216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.137.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288115/; classtype:trojan-activity;sid:84151215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.98.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288114/; classtype:trojan-activity;sid:84151214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288112/; classtype:trojan-activity;sid:84151212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288113/; classtype:trojan-activity;sid:84151213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm7"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288111/; classtype:trojan-activity;sid:84151211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288101/; classtype:trojan-activity;sid:84151201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288102/; classtype:trojan-activity;sid:84151202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288103/; classtype:trojan-activity;sid:84151203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288104/; classtype:trojan-activity;sid:84151204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288105/; classtype:trojan-activity;sid:84151205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288106/; classtype:trojan-activity;sid:84151206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288107/; classtype:trojan-activity;sid:84151207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288108/; classtype:trojan-activity;sid:84151208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288109/; classtype:trojan-activity;sid:84151209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288110/; classtype:trojan-activity;sid:84151210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288093/; classtype:trojan-activity;sid:84151193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288094/; classtype:trojan-activity;sid:84151194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288095/; classtype:trojan-activity;sid:84151195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288096/; classtype:trojan-activity;sid:84151196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288097/; classtype:trojan-activity;sid:84151197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288098/; classtype:trojan-activity;sid:84151198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288099/; classtype:trojan-activity;sid:84151199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288100/; classtype:trojan-activity;sid:84151200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.ppc"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288092/; classtype:trojan-activity;sid:84151192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288090/; classtype:trojan-activity;sid:84151190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288091/; classtype:trojan-activity;sid:84151191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288081/; classtype:trojan-activity;sid:84151181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288082/; classtype:trojan-activity;sid:84151182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288083/; classtype:trojan-activity;sid:84151183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm5"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288084/; classtype:trojan-activity;sid:84151184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288085/; classtype:trojan-activity;sid:84151185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i586"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288086/; classtype:trojan-activity;sid:84151186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288087/; classtype:trojan-activity;sid:84151187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288088/; classtype:trojan-activity;sid:84151188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288089/; classtype:trojan-activity;sid:84151189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm4"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288076/; classtype:trojan-activity;sid:84151176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288077/; classtype:trojan-activity;sid:84151177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mips"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288078/; classtype:trojan-activity;sid:84151178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288079/; classtype:trojan-activity;sid:84151179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm6"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288080/; classtype:trojan-activity;sid:84151180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.170.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288075/; classtype:trojan-activity;sid:84151175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.sparc"; depth:14; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288070/; classtype:trojan-activity;sid:84151170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.x86"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288071/; classtype:trojan-activity;sid:84151171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.m68k"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288072/; classtype:trojan-activity;sid:84151172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i686"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288073/; classtype:trojan-activity;sid:84151173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mpsl"; depth:13; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288074/; classtype:trojan-activity;sid:84151174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288069/; classtype:trojan-activity;sid:84151169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splash.sh"; depth:10; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288068/; classtype:trojan-activity;sid:84151168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288063/; classtype:trojan-activity;sid:84151163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288064/; classtype:trojan-activity;sid:84151164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1"; depth:3; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288065/; classtype:trojan-activity;sid:84151165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288066/; classtype:trojan-activity;sid:84151166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288067/; classtype:trojan-activity;sid:84151167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288049/; classtype:trojan-activity;sid:84151149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288050/; classtype:trojan-activity;sid:84151150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.sh"; depth:6; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288051/; classtype:trojan-activity;sid:84151151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288052/; classtype:trojan-activity;sid:84151152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288053/; classtype:trojan-activity;sid:84151153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288054/; classtype:trojan-activity;sid:84151154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288055/; classtype:trojan-activity;sid:84151155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288056/; classtype:trojan-activity;sid:84151156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288057/; classtype:trojan-activity;sid:84151157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288058/; classtype:trojan-activity;sid:84151158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/necr0.py"; depth:9; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288059/; classtype:trojan-activity;sid:84151159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288060/; classtype:trojan-activity;sid:84151160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288061/; classtype:trojan-activity;sid:84151161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"82.57.165.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288062/; classtype:trojan-activity;sid:84151162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.67.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288048/; classtype:trojan-activity;sid:84151148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.255.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288047/; classtype:trojan-activity;sid:84151147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.244.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288046/; classtype:trojan-activity;sid:84151146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.117.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288045/; classtype:trojan-activity;sid:84151145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.92.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288044/; classtype:trojan-activity;sid:84151144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan2.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288043/; classtype:trojan-activity;sid:84151143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan3.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288042/; classtype:trojan-activity;sid:84151142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan3.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288041/; classtype:trojan-activity;sid:84151141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan3.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288039/; classtype:trojan-activity;sid:84151139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan3.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288040/; classtype:trojan-activity;sid:84151140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan4.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288037/; classtype:trojan-activity;sid:84151137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan4.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288038/; classtype:trojan-activity;sid:84151138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan4.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288036/; classtype:trojan-activity;sid:84151136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan4.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288035/; classtype:trojan-activity;sid:84151135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan1.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288031/; classtype:trojan-activity;sid:84151131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan2.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288032/; classtype:trojan-activity;sid:84151132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan2.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288033/; classtype:trojan-activity;sid:84151133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan1.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288034/; classtype:trojan-activity;sid:84151134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan1.zip"; depth:13; endswith; nocase; http.host; content:"185.145.97.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288028/; classtype:trojan-activity;sid:84151128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan1.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288029/; classtype:trojan-activity;sid:84151129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paz/pan2.zip"; depth:13; endswith; nocase; http.host; content:"gatugo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288030/; classtype:trojan-activity;sid:84151130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.137.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288027/; classtype:trojan-activity;sid:84151127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.56.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288026/; classtype:trojan-activity;sid:84151126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.14.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288025/; classtype:trojan-activity;sid:84151125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.11.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288024/; classtype:trojan-activity;sid:84151124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.209.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288023/; classtype:trojan-activity;sid:84151123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.157.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288022/; classtype:trojan-activity;sid:84151122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.40.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288021/; classtype:trojan-activity;sid:84151121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.67.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288020/; classtype:trojan-activity;sid:84151120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.117.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288019/; classtype:trojan-activity;sid:84151119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.142.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288018/; classtype:trojan-activity;sid:84151118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.244.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288017/; classtype:trojan-activity;sid:84151117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.139.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288016/; classtype:trojan-activity;sid:84151116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm5"; depth:18; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288014/; classtype:trojan-activity;sid:84151114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.69.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288015/; classtype:trojan-activity;sid:84151115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.102.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288003/; classtype:trojan-activity;sid:84151103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.m68k"; depth:18; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288004/; classtype:trojan-activity;sid:84151104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.x86"; depth:17; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288005/; classtype:trojan-activity;sid:84151105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.ppc"; depth:17; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288006/; classtype:trojan-activity;sid:84151106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.mips"; depth:18; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288007/; classtype:trojan-activity;sid:84151107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.spc"; depth:17; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288008/; classtype:trojan-activity;sid:84151108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm"; depth:17; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288009/; classtype:trojan-activity;sid:84151109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.mpsl"; depth:18; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288010/; classtype:trojan-activity;sid:84151110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm6"; depth:18; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288011/; classtype:trojan-activity;sid:84151111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.sh4"; depth:17; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288012/; classtype:trojan-activity;sid:84151112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm7"; depth:18; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288013/; classtype:trojan-activity;sid:84151113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.157.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288002/; classtype:trojan-activity;sid:84151102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.48.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288001/; classtype:trojan-activity;sid:84151101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.237.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288000/; classtype:trojan-activity;sid:84151100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.107.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287999/; classtype:trojan-activity;sid:84151099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.182.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287998/; classtype:trojan-activity;sid:84151098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.26.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287997/; classtype:trojan-activity;sid:84151097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.32.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287996/; classtype:trojan-activity;sid:84151096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.40.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287995/; classtype:trojan-activity;sid:84151095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.98.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287994/; classtype:trojan-activity;sid:84151094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.56.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287993/; classtype:trojan-activity;sid:84151093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.88.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287992/; classtype:trojan-activity;sid:84151092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.162.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287991/; classtype:trojan-activity;sid:84151091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.159.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287990/; classtype:trojan-activity;sid:84151090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.235.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287989/; classtype:trojan-activity;sid:84151089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.65.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287988/; classtype:trojan-activity;sid:84151088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.67.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287987/; classtype:trojan-activity;sid:84151087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287986/; classtype:trojan-activity;sid:84151086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.243.133.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287985/; classtype:trojan-activity;sid:84151085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.107.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287984/; classtype:trojan-activity;sid:84151084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.48.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287983/; classtype:trojan-activity;sid:84151083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.246.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287982/; classtype:trojan-activity;sid:84151082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.162.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287981/; classtype:trojan-activity;sid:84151081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.65.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287980/; classtype:trojan-activity;sid:84151080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.5.42"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287979/; classtype:trojan-activity;sid:84151079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287978/; classtype:trojan-activity;sid:84151078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.159.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287977/; classtype:trojan-activity;sid:84151077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.238.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287976/; classtype:trojan-activity;sid:84151076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.249.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287975/; classtype:trojan-activity;sid:84151075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.110.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287974/; classtype:trojan-activity;sid:84151074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.144.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287973/; classtype:trojan-activity;sid:84151073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.88.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287972/; classtype:trojan-activity;sid:84151072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.235.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287971/; classtype:trojan-activity;sid:84151071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.67.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287970/; classtype:trojan-activity;sid:84151070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1blf0zzvh-eywcjtnvheiotml9tgypmcr"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287969/; classtype:trojan-activity;sid:84151069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ooimdag94mrdppxidgzaresdeev0fzwi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287968/; classtype:trojan-activity;sid:84151068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.66.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287967/; classtype:trojan-activity;sid:84151067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287966/; classtype:trojan-activity;sid:84151066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.52.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287965/; classtype:trojan-activity;sid:84151065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287964/; classtype:trojan-activity;sid:84151064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287963/; classtype:trojan-activity;sid:84151063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287962/; classtype:trojan-activity;sid:84151062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.246.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287961/; classtype:trojan-activity;sid:84151061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287959/; classtype:trojan-activity;sid:84151059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287960/; classtype:trojan-activity;sid:84151060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.129.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287958/; classtype:trojan-activity;sid:84151058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.65.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287957/; classtype:trojan-activity;sid:84151057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaxnvvwaqv3.bin"; depth:16; endswith; nocase; http.host; content:"kinltd.top"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287956/; classtype:trojan-activity;sid:84151056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zihpzkmmlckfsra217.bin"; depth:23; endswith; nocase; http.host; content:"212.162.149.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287955/; classtype:trojan-activity;sid:84151055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xdreuo191.bin"; depth:14; endswith; nocase; http.host; content:"109.248.151.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287953/; classtype:trojan-activity;sid:84151053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.249.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287954/; classtype:trojan-activity;sid:84151054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.4.56"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287952/; classtype:trojan-activity;sid:84151052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287951/; classtype:trojan-activity;sid:84151051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rearyzgrn117.bin"; depth:17; endswith; nocase; http.host; content:"23.226.128.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287950/; classtype:trojan-activity;sid:84151050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.243.133.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287949/; classtype:trojan-activity;sid:84151049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.215.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287948/; classtype:trojan-activity;sid:84151048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/allin"; depth:6; endswith; nocase; http.host; content:"116.198.204.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287947/; classtype:trojan-activity;sid:84151047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app"; depth:4; endswith; nocase; http.host; content:"116.198.204.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287941/; classtype:trojan-activity;sid:84151041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.bin"; depth:13; endswith; nocase; http.host; content:"116.198.204.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287942/; classtype:trojan-activity;sid:84151042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.ps1"; depth:12; endswith; nocase; http.host; content:"116.198.204.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287943/; classtype:trojan-activity;sid:84151043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app.exe"; depth:8; endswith; nocase; http.host; content:"116.198.204.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287944/; classtype:trojan-activity;sid:84151044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloader.exe"; depth:15; endswith; nocase; http.host; content:"116.198.204.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287945/; classtype:trojan-activity;sid:84151045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_x64_agent_no_crypt"; depth:25; endswith; nocase; http.host; content:"116.198.204.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287946/; classtype:trojan-activity;sid:84151046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.192.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287940/; classtype:trojan-activity;sid:84151040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.25.232.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287939/; classtype:trojan-activity;sid:84151039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.35.78.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287938/; classtype:trojan-activity;sid:84151038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.51.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287937/; classtype:trojan-activity;sid:84151037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.2.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287936/; classtype:trojan-activity;sid:84151036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287935/; classtype:trojan-activity;sid:84151035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.235.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287934/; classtype:trojan-activity;sid:84151034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.246.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287933/; classtype:trojan-activity;sid:84151033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.131.68.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287932/; classtype:trojan-activity;sid:84151032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.184.20.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287931/; classtype:trojan-activity;sid:84151031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.249.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287930/; classtype:trojan-activity;sid:84151030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"62.219.128.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287929/; classtype:trojan-activity;sid:84151029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.215.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287928/; classtype:trojan-activity;sid:84151028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.82.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287927/; classtype:trojan-activity;sid:84151027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.158.100.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287926/; classtype:trojan-activity;sid:84151026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.146.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287925/; classtype:trojan-activity;sid:84151025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.2.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287924/; classtype:trojan-activity;sid:84151024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287923/; classtype:trojan-activity;sid:84151023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.15.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287922/; classtype:trojan-activity;sid:84151022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.81.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287921/; classtype:trojan-activity;sid:84151021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.117.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287920/; classtype:trojan-activity;sid:84151020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.11.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287919/; classtype:trojan-activity;sid:84151019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.216.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287918/; classtype:trojan-activity;sid:84151018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.229.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287917/; classtype:trojan-activity;sid:84151017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.158.100.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287915/; classtype:trojan-activity;sid:84151015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.232.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287916/; classtype:trojan-activity;sid:84151016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"dfg.events.socalpocis.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287914/; classtype:trojan-activity;sid:84151014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.124.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287913/; classtype:trojan-activity;sid:84151013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.215.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287912/; classtype:trojan-activity;sid:84151012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.81.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287911/; classtype:trojan-activity;sid:84151011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.15.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287910/; classtype:trojan-activity;sid:84151010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.89.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287909/; classtype:trojan-activity;sid:84151009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.99.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287908/; classtype:trojan-activity;sid:84151008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.69.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287907/; classtype:trojan-activity;sid:84151007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.253.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287906/; classtype:trojan-activity;sid:84151006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.124.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287905/; classtype:trojan-activity;sid:84151005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.236.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287904/; classtype:trojan-activity;sid:84151004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.206.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287902/; classtype:trojan-activity;sid:84151002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.45.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287903/; classtype:trojan-activity;sid:84151003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.34.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287901/; classtype:trojan-activity;sid:84151001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.133.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287900/; classtype:trojan-activity;sid:84151000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.160.112.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287899/; classtype:trojan-activity;sid:84150999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.190.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287898/; classtype:trojan-activity;sid:84150998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.154.80.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287897/; classtype:trojan-activity;sid:84150997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.90.246.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287896/; classtype:trojan-activity;sid:84150996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287895/; classtype:trojan-activity;sid:84150995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.160.112.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287894/; classtype:trojan-activity;sid:84150994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.122.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287893/; classtype:trojan-activity;sid:84150993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287892/; classtype:trojan-activity;sid:84150992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.10.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287891/; classtype:trojan-activity;sid:84150991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.108.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287889/; classtype:trojan-activity;sid:84150989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.60.106.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287890/; classtype:trojan-activity;sid:84150990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.34.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287888/; classtype:trojan-activity;sid:84150988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287887/; classtype:trojan-activity;sid:84150987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.17.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287886/; classtype:trojan-activity;sid:84150986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.83.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287885/; classtype:trojan-activity;sid:84150985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287884/; classtype:trojan-activity;sid:84150984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.206.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287883/; classtype:trojan-activity;sid:84150983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.182.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287882/; classtype:trojan-activity;sid:84150982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.83.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287881/; classtype:trojan-activity;sid:84150981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287880/; classtype:trojan-activity;sid:84150980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.90.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287879/; classtype:trojan-activity;sid:84150979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.5.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287878/; classtype:trojan-activity;sid:84150978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.54.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287877/; classtype:trojan-activity;sid:84150977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.9.144"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287876/; classtype:trojan-activity;sid:84150976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.182.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287875/; classtype:trojan-activity;sid:84150975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.240.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287874/; classtype:trojan-activity;sid:84150974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.43.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287873/; classtype:trojan-activity;sid:84150973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.198.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287872/; classtype:trojan-activity;sid:84150972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.82.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287871/; classtype:trojan-activity;sid:84150971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.56.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287870/; classtype:trojan-activity;sid:84150970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.124.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287869/; classtype:trojan-activity;sid:84150969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.195.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287868/; classtype:trojan-activity;sid:84150968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.156.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287867/; classtype:trojan-activity;sid:84150967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.240.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287866/; classtype:trojan-activity;sid:84150966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.52.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287865/; classtype:trojan-activity;sid:84150965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287863/; classtype:trojan-activity;sid:84150963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.225.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287864/; classtype:trojan-activity;sid:84150964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.240.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287862/; classtype:trojan-activity;sid:84150962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.120.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287861/; classtype:trojan-activity;sid:84150961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.102.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287860/; classtype:trojan-activity;sid:84150960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.5.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287859/; classtype:trojan-activity;sid:84150959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.195.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287858/; classtype:trojan-activity;sid:84150958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.125.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287857/; classtype:trojan-activity;sid:84150957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.25.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287856/; classtype:trojan-activity;sid:84150956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.225.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287855/; classtype:trojan-activity;sid:84150955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.115.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287854/; classtype:trojan-activity;sid:84150954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287853/; classtype:trojan-activity;sid:84150953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.11.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287852/; classtype:trojan-activity;sid:84150952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.11.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287851/; classtype:trojan-activity;sid:84150951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.201.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287850/; classtype:trojan-activity;sid:84150950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287849/; classtype:trojan-activity;sid:84150949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.102.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287848/; classtype:trojan-activity;sid:84150948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.37.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287847/; classtype:trojan-activity;sid:84150947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.54.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287846/; classtype:trojan-activity;sid:84150946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.11.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287845/; classtype:trojan-activity;sid:84150945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.16.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287842/; classtype:trojan-activity;sid:84150942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287843/; classtype:trojan-activity;sid:84150943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287844/; classtype:trojan-activity;sid:84150944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.89.126.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287840/; classtype:trojan-activity;sid:84150940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.33.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287841/; classtype:trojan-activity;sid:84150941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.33.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287839/; classtype:trojan-activity;sid:84150939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.169.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287838/; classtype:trojan-activity;sid:84150938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.116.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287837/; classtype:trojan-activity;sid:84150937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.114.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287836/; classtype:trojan-activity;sid:84150936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.122.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287835/; classtype:trojan-activity;sid:84150935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.115.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287834/; classtype:trojan-activity;sid:84150934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.91.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287833/; classtype:trojan-activity;sid:84150933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.249.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287832/; classtype:trojan-activity;sid:84150932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bad.elf"; depth:8; endswith; nocase; http.host; content:"45.32.200.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287831/; classtype:trojan-activity;sid:84150931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.107.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287830/; classtype:trojan-activity;sid:84150930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.143.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287829/; classtype:trojan-activity;sid:84150929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.18.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287828/; classtype:trojan-activity;sid:84150928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.246.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287827/; classtype:trojan-activity;sid:84150927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.172.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287826/; classtype:trojan-activity;sid:84150926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.152.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287825/; classtype:trojan-activity;sid:84150925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.152.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287824/; classtype:trojan-activity;sid:84150924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.165.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287823/; classtype:trojan-activity;sid:84150923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287822/; classtype:trojan-activity;sid:84150922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.43.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287821/; classtype:trojan-activity;sid:84150921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.2.48"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287820/; classtype:trojan-activity;sid:84150920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.216.166.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287819/; classtype:trojan-activity;sid:84150919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.58"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287817/; classtype:trojan-activity;sid:84150917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.88.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287818/; classtype:trojan-activity;sid:84150918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.145.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287816/; classtype:trojan-activity;sid:84150916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.169.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287815/; classtype:trojan-activity;sid:84150915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.25.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287814/; classtype:trojan-activity;sid:84150914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287813/; classtype:trojan-activity;sid:84150913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287812/; classtype:trojan-activity;sid:84150912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.243.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287811/; classtype:trojan-activity;sid:84150911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.126.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287810/; classtype:trojan-activity;sid:84150910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.32.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287809/; classtype:trojan-activity;sid:84150909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.169.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287807/; classtype:trojan-activity;sid:84150907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.251.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287808/; classtype:trojan-activity;sid:84150908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.56.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287806/; classtype:trojan-activity;sid:84150906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.165.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287805/; classtype:trojan-activity;sid:84150905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.124.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287804/; classtype:trojan-activity;sid:84150904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.x86"; depth:11; endswith; nocase; http.host; content:"154.216.20.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287803/; classtype:trojan-activity;sid:84150903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287802/; classtype:trojan-activity;sid:84150902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.68.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287800/; classtype:trojan-activity;sid:84150900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.10.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287801/; classtype:trojan-activity;sid:84150901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.121.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287799/; classtype:trojan-activity;sid:84150899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.125.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287798/; classtype:trojan-activity;sid:84150898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.124.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287797/; classtype:trojan-activity;sid:84150897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.155.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287796/; classtype:trojan-activity;sid:84150896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287795/; classtype:trojan-activity;sid:84150895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287794/; classtype:trojan-activity;sid:84150894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.56.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287793/; classtype:trojan-activity;sid:84150893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.18.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287792/; classtype:trojan-activity;sid:84150892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.136.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287791/; classtype:trojan-activity;sid:84150891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.15.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287790/; classtype:trojan-activity;sid:84150890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.210.96.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287789/; classtype:trojan-activity;sid:84150889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.148.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287788/; classtype:trojan-activity;sid:84150888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.52.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287787/; classtype:trojan-activity;sid:84150887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.93.16.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287786/; classtype:trojan-activity;sid:84150886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.155.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287785/; classtype:trojan-activity;sid:84150885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287784/; classtype:trojan-activity;sid:84150884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.116.122.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287783/; classtype:trojan-activity;sid:84150883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287782/; classtype:trojan-activity;sid:84150882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.173.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287781/; classtype:trojan-activity;sid:84150881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.210.96.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287780/; classtype:trojan-activity;sid:84150880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.148.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287779/; classtype:trojan-activity;sid:84150879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.152.20.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287778/; classtype:trojan-activity;sid:84150878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287777/; classtype:trojan-activity;sid:84150877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.116.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287776/; classtype:trojan-activity;sid:84150876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.19.183.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287774/; classtype:trojan-activity;sid:84150874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.126.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287775/; classtype:trojan-activity;sid:84150875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.52.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287773/; classtype:trojan-activity;sid:84150873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.81.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287772/; classtype:trojan-activity;sid:84150872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287757/; classtype:trojan-activity;sid:84150857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287758/; classtype:trojan-activity;sid:84150858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287759/; classtype:trojan-activity;sid:84150859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287760/; classtype:trojan-activity;sid:84150860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287750/; classtype:trojan-activity;sid:84150850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287751/; classtype:trojan-activity;sid:84150851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287752/; classtype:trojan-activity;sid:84150852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287753/; classtype:trojan-activity;sid:84150853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287754/; classtype:trojan-activity;sid:84150854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287755/; classtype:trojan-activity;sid:84150855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"botnet.minebeo.fun"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287756/; classtype:trojan-activity;sid:84150856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287749/; classtype:trojan-activity;sid:84150849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.93.16.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287748/; classtype:trojan-activity;sid:84150848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.16.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287747/; classtype:trojan-activity;sid:84150847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.44.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287746/; classtype:trojan-activity;sid:84150846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.205.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287745/; classtype:trojan-activity;sid:84150845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.128.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287744/; classtype:trojan-activity;sid:84150844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.152.20.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287743/; classtype:trojan-activity;sid:84150843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.85.55.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287742/; classtype:trojan-activity;sid:84150842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.103.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287741/; classtype:trojan-activity;sid:84150841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287740/; classtype:trojan-activity;sid:84150840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.54.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287736/; classtype:trojan-activity;sid:84150836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.83.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287737/; classtype:trojan-activity;sid:84150837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.16.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287738/; classtype:trojan-activity;sid:84150838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.173.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287739/; classtype:trojan-activity;sid:84150839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.116.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287734/; classtype:trojan-activity;sid:84150834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.43.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287735/; classtype:trojan-activity;sid:84150835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287733/; classtype:trojan-activity;sid:84150833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.94.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287732/; classtype:trojan-activity;sid:84150832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287731/; classtype:trojan-activity;sid:84150831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.66.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287730/; classtype:trojan-activity;sid:84150830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7blhqsgofx/payload.exe"; depth:23; endswith; nocase; http.host; content:"transfer.whalebone.io"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287729/; classtype:trojan-activity;sid:84150829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig.exe"; depth:10; endswith; nocase; http.host; content:"123.60.59.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287728/; classtype:trojan-activity;sid:84150828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ransom.ps1"; depth:11; endswith; nocase; http.host; content:"152.42.221.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287727/; classtype:trojan-activity;sid:84150827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.1.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287726/; classtype:trojan-activity;sid:84150826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.166.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287725/; classtype:trojan-activity;sid:84150825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.77.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287724/; classtype:trojan-activity;sid:84150824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287723/; classtype:trojan-activity;sid:84150823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.164.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287722/; classtype:trojan-activity;sid:84150822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"83.229.127.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287721/; classtype:trojan-activity;sid:84150821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.148.5.228"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287719/; classtype:trojan-activity;sid:84150819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"94.156.177.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287720/; classtype:trojan-activity;sid:84150820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.138.28.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287718/; classtype:trojan-activity;sid:84150818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"62.234.81.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287717/; classtype:trojan-activity;sid:84150817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287716/; classtype:trojan-activity;sid:84150816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.232.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287715/; classtype:trojan-activity;sid:84150815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.102.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287714/; classtype:trojan-activity;sid:84150814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.126.18.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287713/; classtype:trojan-activity;sid:84150813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"159.75.74.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287712/; classtype:trojan-activity;sid:84150812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.39.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287710/; classtype:trojan-activity;sid:84150810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"114.116.246.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287711/; classtype:trojan-activity;sid:84150811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"142.93.209.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287700/; classtype:trojan-activity;sid:84150800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.59.48.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287701/; classtype:trojan-activity;sid:84150801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"156.238.227.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287702/; classtype:trojan-activity;sid:84150802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.136.218.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287703/; classtype:trojan-activity;sid:84150803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.183.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287704/; classtype:trojan-activity;sid:84150804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.155.147.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287705/; classtype:trojan-activity;sid:84150805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.136.218.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287706/; classtype:trojan-activity;sid:84150806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.94.179.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287707/; classtype:trojan-activity;sid:84150807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"36.138.229.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287708/; classtype:trojan-activity;sid:84150808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.59.48.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287709/; classtype:trojan-activity;sid:84150809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.96.12.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287689/; classtype:trojan-activity;sid:84150789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.121.211.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287690/; classtype:trojan-activity;sid:84150790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"142.93.209.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287691/; classtype:trojan-activity;sid:84150791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"123.57.209.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287692/; classtype:trojan-activity;sid:84150792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"113.141.83.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287693/; classtype:trojan-activity;sid:84150793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.119.18.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287694/; classtype:trojan-activity;sid:84150794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.43.110.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287695/; classtype:trojan-activity;sid:84150795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.196.53.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287696/; classtype:trojan-activity;sid:84150796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.251.16.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287697/; classtype:trojan-activity;sid:84150797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.220.76.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287698/; classtype:trojan-activity;sid:84150798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.137.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287699/; classtype:trojan-activity;sid:84150799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.59.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287687/; classtype:trojan-activity;sid:84150787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"193.233.254.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287688/; classtype:trojan-activity;sid:84150788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.193.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287683/; classtype:trojan-activity;sid:84150783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.34.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287684/; classtype:trojan-activity;sid:84150784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"122.51.10.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287685/; classtype:trojan-activity;sid:84150785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"123.207.196.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287686/; classtype:trojan-activity;sid:84150786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287682/; classtype:trojan-activity;sid:84150782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.113.231.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287681/; classtype:trojan-activity;sid:84150781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.105.204.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287679/; classtype:trojan-activity;sid:84150779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"119.45.19.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287680/; classtype:trojan-activity;sid:84150780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/synaptics.zip"; depth:14; endswith; nocase; http.host; content:"boostcreatives-ai.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287678/; classtype:trojan-activity;sid:84150778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.exe"; depth:6; endswith; nocase; http.host; content:"efaoehfohahighiee.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287673/; classtype:trojan-activity;sid:84150773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287674/; classtype:trojan-activity;sid:84150774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.245.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287675/; classtype:trojan-activity;sid:84150775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287676/; classtype:trojan-activity;sid:84150776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287677/; classtype:trojan-activity;sid:84150777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287665/; classtype:trojan-activity;sid:84150765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287666/; classtype:trojan-activity;sid:84150766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287667/; classtype:trojan-activity;sid:84150767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287668/; classtype:trojan-activity;sid:84150768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287669/; classtype:trojan-activity;sid:84150769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287670/; classtype:trojan-activity;sid:84150770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287671/; classtype:trojan-activity;sid:84150771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"20.6.130.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287672/; classtype:trojan-activity;sid:84150772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.hta"; depth:6; endswith; nocase; http.host; content:"new-tech-savvy.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287656/; classtype:trojan-activity;sid:84150756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.hta"; depth:6; endswith; nocase; http.host; content:"new-tech-savvy.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287657/; classtype:trojan-activity;sid:84150757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287658/; classtype:trojan-activity;sid:84150758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287659/; classtype:trojan-activity;sid:84150759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287660/; classtype:trojan-activity;sid:84150760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287661/; classtype:trojan-activity;sid:84150761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287662/; classtype:trojan-activity;sid:84150762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287663/; classtype:trojan-activity;sid:84150763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287664/; classtype:trojan-activity;sid:84150764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287653/; classtype:trojan-activity;sid:84150753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287654/; classtype:trojan-activity;sid:84150754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287655/; classtype:trojan-activity;sid:84150755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclientxbx.b64"; depth:15; endswith; nocase; http.host; content:"42.96.10.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287652/; classtype:trojan-activity;sid:84150752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.233.119.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287651/; classtype:trojan-activity;sid:84150751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.188.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287650/; classtype:trojan-activity;sid:84150750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.31.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287649/; classtype:trojan-activity;sid:84150749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.205.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287648/; classtype:trojan-activity;sid:84150748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.201.197.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287647/; classtype:trojan-activity;sid:84150747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.205.99.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287638/; classtype:trojan-activity;sid:84150738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.233.95.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287639/; classtype:trojan-activity;sid:84150739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.171.188.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287640/; classtype:trojan-activity;sid:84150740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.233.95.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287641/; classtype:trojan-activity;sid:84150741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.233.95.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287642/; classtype:trojan-activity;sid:84150742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.233.95.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287643/; classtype:trojan-activity;sid:84150743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.233.95.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.166.191.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287645/; classtype:trojan-activity;sid:84150745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.119.43.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287646/; classtype:trojan-activity;sid:84150746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.121.12.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.136.227.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287633/; classtype:trojan-activity;sid:84150733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.96.209.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287634/; classtype:trojan-activity;sid:84150734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.255.247.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287635/; classtype:trojan-activity;sid:84150735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.127.218.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.252.66.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.131.65.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287631/; classtype:trojan-activity;sid:84150731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"jzyk.strategies.mvpstrat.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287630/; classtype:trojan-activity;sid:84150730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.39.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287629/; classtype:trojan-activity;sid:84150729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.149.247.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287628/; classtype:trojan-activity;sid:84150728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.189.133.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287626/; classtype:trojan-activity;sid:84150726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.1.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287627/; classtype:trojan-activity;sid:84150727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.142.95.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287625/; classtype:trojan-activity;sid:84150725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.120.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287624/; classtype:trojan-activity;sid:84150724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.132.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287623/; classtype:trojan-activity;sid:84150723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.89.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287622/; classtype:trojan-activity;sid:84150722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.172.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287621/; classtype:trojan-activity;sid:84150721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.156.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287620/; classtype:trojan-activity;sid:84150720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.143.104.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287619/; classtype:trojan-activity;sid:84150719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287618/; classtype:trojan-activity;sid:84150718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.109.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287617/; classtype:trojan-activity;sid:84150717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.90.3.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287616/; classtype:trojan-activity;sid:84150716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.92.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287615/; classtype:trojan-activity;sid:84150715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.232.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287614/; classtype:trojan-activity;sid:84150714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.3.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287613/; classtype:trojan-activity;sid:84150713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.173.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287612/; classtype:trojan-activity;sid:84150712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.46.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287611/; classtype:trojan-activity;sid:84150711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.44.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287610/; classtype:trojan-activity;sid:84150710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.46.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287609/; classtype:trojan-activity;sid:84150709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.62.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287608/; classtype:trojan-activity;sid:84150708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.248.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287607/; classtype:trojan-activity;sid:84150707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.183.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287606/; classtype:trojan-activity;sid:84150706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287605/; classtype:trojan-activity;sid:84150705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.84.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287604/; classtype:trojan-activity;sid:84150704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.113.132.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287603/; classtype:trojan-activity;sid:84150703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.61.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287602/; classtype:trojan-activity;sid:84150702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.105.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287601/; classtype:trojan-activity;sid:84150701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.232.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287600/; classtype:trojan-activity;sid:84150700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.31.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287599/; classtype:trojan-activity;sid:84150699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287598/; classtype:trojan-activity;sid:84150698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.85.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287597/; classtype:trojan-activity;sid:84150697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.237.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287596/; classtype:trojan-activity;sid:84150696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.46.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287595/; classtype:trojan-activity;sid:84150695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.98.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287594/; classtype:trojan-activity;sid:84150694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.50.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287593/; classtype:trojan-activity;sid:84150693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287592/; classtype:trojan-activity;sid:84150692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.154.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287591/; classtype:trojan-activity;sid:84150691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.105.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287590/; classtype:trojan-activity;sid:84150690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.35.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287589/; classtype:trojan-activity;sid:84150689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.29.229"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287588/; classtype:trojan-activity;sid:84150688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287587/; classtype:trojan-activity;sid:84150687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.205.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287586/; classtype:trojan-activity;sid:84150686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.120.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287585/; classtype:trojan-activity;sid:84150685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287583/; classtype:trojan-activity;sid:84150683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.103.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287584/; classtype:trojan-activity;sid:84150684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.126.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287582/; classtype:trojan-activity;sid:84150682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.90.191"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287581/; classtype:trojan-activity;sid:84150681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.50.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287580/; classtype:trojan-activity;sid:84150680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.118.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287579/; classtype:trojan-activity;sid:84150679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.50.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287578/; classtype:trojan-activity;sid:84150678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.120.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287577/; classtype:trojan-activity;sid:84150677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.167.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287576/; classtype:trojan-activity;sid:84150676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.238.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287575/; classtype:trojan-activity;sid:84150675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.103.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287574/; classtype:trojan-activity;sid:84150674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.9.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287573/; classtype:trojan-activity;sid:84150673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.151.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287572/; classtype:trojan-activity;sid:84150672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.80.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287571/; classtype:trojan-activity;sid:84150671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.154.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287570/; classtype:trojan-activity;sid:84150670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287569/; classtype:trojan-activity;sid:84150669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.51.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287568/; classtype:trojan-activity;sid:84150668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.50.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287567/; classtype:trojan-activity;sid:84150667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.190.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287566/; classtype:trojan-activity;sid:84150666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.242.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287565/; classtype:trojan-activity;sid:84150665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.171.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287564/; classtype:trojan-activity;sid:84150664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.162.157.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287563/; classtype:trojan-activity;sid:84150663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.87.120.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287562/; classtype:trojan-activity;sid:84150662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287555/; classtype:trojan-activity;sid:84150655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287556/; classtype:trojan-activity;sid:84150656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287557/; classtype:trojan-activity;sid:84150657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287558/; classtype:trojan-activity;sid:84150658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287559/; classtype:trojan-activity;sid:84150659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287560/; classtype:trojan-activity;sid:84150660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287561/; classtype:trojan-activity;sid:84150661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287554/; classtype:trojan-activity;sid:84150654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287552/; classtype:trojan-activity;sid:84150652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287553/; classtype:trojan-activity;sid:84150653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"191.96.235.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287551/; classtype:trojan-activity;sid:84150651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.31.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287550/; classtype:trojan-activity;sid:84150650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.86.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287549/; classtype:trojan-activity;sid:84150649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287548/; classtype:trojan-activity;sid:84150648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.192.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287547/; classtype:trojan-activity;sid:84150647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287546/; classtype:trojan-activity;sid:84150646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.213.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287545/; classtype:trojan-activity;sid:84150645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.117.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287544/; classtype:trojan-activity;sid:84150644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.49.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287543/; classtype:trojan-activity;sid:84150643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.45.19.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287541/; classtype:trojan-activity;sid:84150641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.117.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287542/; classtype:trojan-activity;sid:84150642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.7.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287540/; classtype:trojan-activity;sid:84150640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.64.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287539/; classtype:trojan-activity;sid:84150639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.159.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287538/; classtype:trojan-activity;sid:84150638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.140.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287537/; classtype:trojan-activity;sid:84150637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.158.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287536/; classtype:trojan-activity;sid:84150636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.10.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287535/; classtype:trojan-activity;sid:84150635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.162.157.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287534/; classtype:trojan-activity;sid:84150634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287532/; classtype:trojan-activity;sid:84150632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.80.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287533/; classtype:trojan-activity;sid:84150633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.171.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287531/; classtype:trojan-activity;sid:84150631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.204.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287530/; classtype:trojan-activity;sid:84150630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.124.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287529/; classtype:trojan-activity;sid:84150629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.157.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287528/; classtype:trojan-activity;sid:84150628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.148.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287525/; classtype:trojan-activity;sid:84150625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.179.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287526/; classtype:trojan-activity;sid:84150626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.119.81.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287527/; classtype:trojan-activity;sid:84150627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"154.19.164.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287523/; classtype:trojan-activity;sid:84150623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"202.61.84.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287524/; classtype:trojan-activity;sid:84150624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.192.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287522/; classtype:trojan-activity;sid:84150622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.104.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287521/; classtype:trojan-activity;sid:84150621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287520/; classtype:trojan-activity;sid:84150620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287519/; classtype:trojan-activity;sid:84150619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.116.122.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287518/; classtype:trojan-activity;sid:84150618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.140.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287517/; classtype:trojan-activity;sid:84150617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.63.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287516/; classtype:trojan-activity;sid:84150616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.122.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287515/; classtype:trojan-activity;sid:84150615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.11.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287514/; classtype:trojan-activity;sid:84150614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.120.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287513/; classtype:trojan-activity;sid:84150613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.192.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287512/; classtype:trojan-activity;sid:84150612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.255.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287511/; classtype:trojan-activity;sid:84150611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.7.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287510/; classtype:trojan-activity;sid:84150610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.76.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287509/; classtype:trojan-activity;sid:84150609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.126.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287508/; classtype:trojan-activity;sid:84150608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.24.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287507/; classtype:trojan-activity;sid:84150607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287506/; classtype:trojan-activity;sid:84150606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.83.176.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287505/; classtype:trojan-activity;sid:84150605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287504/; classtype:trojan-activity;sid:84150604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.82.156.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287503/; classtype:trojan-activity;sid:84150603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287502/; classtype:trojan-activity;sid:84150602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.37.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287500/; classtype:trojan-activity;sid:84150600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.156.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287501/; classtype:trojan-activity;sid:84150601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.92.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287499/; classtype:trojan-activity;sid:84150599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.63.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287498/; classtype:trojan-activity;sid:84150598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.50.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287497/; classtype:trojan-activity;sid:84150597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.241.176.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287496/; classtype:trojan-activity;sid:84150596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.199.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287495/; classtype:trojan-activity;sid:84150595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.143.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287494/; classtype:trojan-activity;sid:84150594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287493/; classtype:trojan-activity;sid:84150593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287491/; classtype:trojan-activity;sid:84150591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.172.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287492/; classtype:trojan-activity;sid:84150592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.137.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287490/; classtype:trojan-activity;sid:84150590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.14.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287489/; classtype:trojan-activity;sid:84150589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.194.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287488/; classtype:trojan-activity;sid:84150588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.224.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287487/; classtype:trojan-activity;sid:84150587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.64.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287486/; classtype:trojan-activity;sid:84150586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287485/; classtype:trojan-activity;sid:84150585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287484/; classtype:trojan-activity;sid:84150584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.14.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287483/; classtype:trojan-activity;sid:84150583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.10.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287482/; classtype:trojan-activity;sid:84150582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.26.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287481/; classtype:trojan-activity;sid:84150581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.92.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287480/; classtype:trojan-activity;sid:84150580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287479/; classtype:trojan-activity;sid:84150579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287478/; classtype:trojan-activity;sid:84150578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287477/; classtype:trojan-activity;sid:84150577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.170.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287476/; classtype:trojan-activity;sid:84150576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287475/; classtype:trojan-activity;sid:84150575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.245.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287474/; classtype:trojan-activity;sid:84150574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.156.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287473/; classtype:trojan-activity;sid:84150573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.15.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287472/; classtype:trojan-activity;sid:84150572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.65.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287471/; classtype:trojan-activity;sid:84150571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.169.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287470/; classtype:trojan-activity;sid:84150570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.121.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287469/; classtype:trojan-activity;sid:84150569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.122.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287468/; classtype:trojan-activity;sid:84150568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.194.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287467/; classtype:trojan-activity;sid:84150567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.58.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287466/; classtype:trojan-activity;sid:84150566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287465/; classtype:trojan-activity;sid:84150565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webdav/team_performance_report(2024-11).docx.lnk"; depth:49; endswith; nocase; http.host; content:"download.swire-pacific.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287464/; classtype:trojan-activity;sid:84150564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webdav/25-26_salary_adjustment.docx.lnk"; depth:40; endswith; nocase; http.host; content:"download.swire-pacific.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287463/; classtype:trojan-activity;sid:84150563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.103.68.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287462/; classtype:trojan-activity;sid:84150562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.123.102.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287461/; classtype:trojan-activity;sid:84150561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.8.81.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287459/; classtype:trojan-activity;sid:84150559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.64.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287460/; classtype:trojan-activity;sid:84150560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.169.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287458/; classtype:trojan-activity;sid:84150558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.114.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287457/; classtype:trojan-activity;sid:84150557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.242.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287456/; classtype:trojan-activity;sid:84150556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287455/; classtype:trojan-activity;sid:84150555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.246.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287454/; classtype:trojan-activity;sid:84150554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.255.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287453/; classtype:trojan-activity;sid:84150553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.50.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287452/; classtype:trojan-activity;sid:84150552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.118.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287450/; classtype:trojan-activity;sid:84150550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287451/; classtype:trojan-activity;sid:84150551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.182.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287449/; classtype:trojan-activity;sid:84150549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.248.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287448/; classtype:trojan-activity;sid:84150548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"zmscf.events.socalpocis.org"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287447/; classtype:trojan-activity;sid:84150547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.40.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287446/; classtype:trojan-activity;sid:84150546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.189.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287445/; classtype:trojan-activity;sid:84150545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.146.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287444/; classtype:trojan-activity;sid:84150544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287443/; classtype:trojan-activity;sid:84150543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.117.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287442/; classtype:trojan-activity;sid:84150542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.217.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287441/; classtype:trojan-activity;sid:84150541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.227.56.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287440/; classtype:trojan-activity;sid:84150540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.242.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287439/; classtype:trojan-activity;sid:84150539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.177.36.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287438/; classtype:trojan-activity;sid:84150538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.26.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287437/; classtype:trojan-activity;sid:84150537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287436/; classtype:trojan-activity;sid:84150536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.80.200.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287435/; classtype:trojan-activity;sid:84150535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.125.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287433/; classtype:trojan-activity;sid:84150533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uuaszjss_f1deqe1a8-hwmk3m5sisl8o"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287434/; classtype:trojan-activity;sid:84150534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/gh/creatingnextleeverthingswithentireprocessgetitinonlineback.hta"; depth:72; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287432/; classtype:trojan-activity;sid:84150532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.81.247.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287431/; classtype:trojan-activity;sid:84150531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.62.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287429/; classtype:trojan-activity;sid:84150529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.188.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287430/; classtype:trojan-activity;sid:84150530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.102.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287428/; classtype:trojan-activity;sid:84150528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287427/; classtype:trojan-activity;sid:84150527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.248.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287426/; classtype:trojan-activity;sid:84150526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.40.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287425/; classtype:trojan-activity;sid:84150525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.80.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287424/; classtype:trojan-activity;sid:84150524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.144.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287423/; classtype:trojan-activity;sid:84150523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.102.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287422/; classtype:trojan-activity;sid:84150522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.166.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287421/; classtype:trojan-activity;sid:84150521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.177.36.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287420/; classtype:trojan-activity;sid:84150520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.21.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287419/; classtype:trojan-activity;sid:84150519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.224.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287418/; classtype:trojan-activity;sid:84150518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.208.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287416/; classtype:trojan-activity;sid:84150516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.203.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287417/; classtype:trojan-activity;sid:84150517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rlljgnfmbdzut44.bin"; depth:20; endswith; nocase; http.host; content:"212.162.149.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287415/; classtype:trojan-activity;sid:84150515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fyjjzdxnggcbdwfmzh209.bin"; depth:26; endswith; nocase; http.host; content:"mertvinc.com.tr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287414/; classtype:trojan-activity;sid:84150514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.74.249"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287413/; classtype:trojan-activity;sid:84150513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.116.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287412/; classtype:trojan-activity;sid:84150512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qvmezflljcc194.bin"; depth:19; endswith; nocase; http.host; content:"94.141.120.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287410/; classtype:trojan-activity;sid:84150510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mvwoluxbrkywqsu236.bin"; depth:23; endswith; nocase; http.host; content:"93.123.109.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287411/; classtype:trojan-activity;sid:84150511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.139.98.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287406/; classtype:trojan-activity;sid:84150506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287407/; classtype:trojan-activity;sid:84150507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.84.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287408/; classtype:trojan-activity;sid:84150508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.247.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287409/; classtype:trojan-activity;sid:84150509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.60.238.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287405/; classtype:trojan-activity;sid:84150505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.126.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287404/; classtype:trojan-activity;sid:84150504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.188.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287403/; classtype:trojan-activity;sid:84150503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.241.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287402/; classtype:trojan-activity;sid:84150502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.29.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287401/; classtype:trojan-activity;sid:84150501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.167.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287399/; classtype:trojan-activity;sid:84150499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.156.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287400/; classtype:trojan-activity;sid:84150500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.219.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287398/; classtype:trojan-activity;sid:84150498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.245.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287397/; classtype:trojan-activity;sid:84150497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.235.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287395/; classtype:trojan-activity;sid:84150495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.144.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287396/; classtype:trojan-activity;sid:84150496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287394/; classtype:trojan-activity;sid:84150494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.110.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287393/; classtype:trojan-activity;sid:84150493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.36.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287392/; classtype:trojan-activity;sid:84150492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.241.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287391/; classtype:trojan-activity;sid:84150491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.spc"; depth:9; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287387/; classtype:trojan-activity;sid:84150487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.arm6"; depth:10; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287388/; classtype:trojan-activity;sid:84150488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.x86"; depth:9; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287389/; classtype:trojan-activity;sid:84150489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown.gif"; depth:12; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287390/; classtype:trojan-activity;sid:84150490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.arm"; depth:9; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287376/; classtype:trojan-activity;sid:84150476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.m68k"; depth:10; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287377/; classtype:trojan-activity;sid:84150477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.ppc"; depth:9; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287378/; classtype:trojan-activity;sid:84150478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.mips"; depth:10; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287379/; classtype:trojan-activity;sid:84150479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blank.gif"; depth:10; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287380/; classtype:trojan-activity;sid:84150480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl.b"; depth:7; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287381/; classtype:trojan-activity;sid:84150481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amen.mpsl"; depth:10; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287382/; classtype:trojan-activity;sid:84150482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.b"; depth:6; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287383/; classtype:trojan-activity;sid:84150483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/back.gif"; depth:9; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287384/; classtype:trojan-activity;sid:84150484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/folder.gif"; depth:11; endswith; nocase; http.host; content:"67.217.246.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287385/; classtype:trojan-activity;sid:84150485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svhost.exe"; depth:11; endswith; nocase; http.host; content:"101.43.83.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287386/; classtype:trojan-activity;sid:84150486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url|3f|q=https://dl.dropboxusercontent.com/scl/fi/1b3qdpnqx1ho46tgb7h7u/2oficio-nro-192-notificaci-n-judicial-auto-admisorio-demanda-laboral-esm.tar.uue.tar.001|3f|rlkey%3dkv7tv4v03hjp1cwycaiagq3fh%26st%3dlmaolu0a%26dl%3d0|7c|26|7c|sa=d|7c|26|7c|source=editors|7c|26|7c|ust=1731015340766663|7c|26|7c|usg=aovvaw2rsmsqqje6sw6bllmajpes"; depth:333; endswith; nocase; http.host; content:"www.google.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287374/; classtype:trojan-activity;sid:84150474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/sw/seethebestthingswithgreatthingstobefrankwithme.tif"; depth:60; endswith; nocase; http.host; content:"107.172.148.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287375/; classtype:trojan-activity;sid:84150475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.176.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287373/; classtype:trojan-activity;sid:84150473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287372/; classtype:trojan-activity;sid:84150472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.126.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287371/; classtype:trojan-activity;sid:84150471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.244.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287370/; classtype:trojan-activity;sid:84150470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.224.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287369/; classtype:trojan-activity;sid:84150469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.24.36.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287368/; classtype:trojan-activity;sid:84150468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.122.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287367/; classtype:trojan-activity;sid:84150467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287366/; classtype:trojan-activity;sid:84150466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.245.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287365/; classtype:trojan-activity;sid:84150465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.15.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287364/; classtype:trojan-activity;sid:84150464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287363/; classtype:trojan-activity;sid:84150463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.10.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287362/; classtype:trojan-activity;sid:84150462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.119.193.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287360/; classtype:trojan-activity;sid:84150460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.98.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287361/; classtype:trojan-activity;sid:84150461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.219.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287359/; classtype:trojan-activity;sid:84150459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.2.165"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287358/; classtype:trojan-activity;sid:84150458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.86.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287357/; classtype:trojan-activity;sid:84150457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287356/; classtype:trojan-activity;sid:84150456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.235.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287355/; classtype:trojan-activity;sid:84150455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.68.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287354/; classtype:trojan-activity;sid:84150454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.36.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287353/; classtype:trojan-activity;sid:84150453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.114.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287352/; classtype:trojan-activity;sid:84150452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.146.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287351/; classtype:trojan-activity;sid:84150451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.50.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287350/; classtype:trojan-activity;sid:84150450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.150.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287349/; classtype:trojan-activity;sid:84150449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.21.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287348/; classtype:trojan-activity;sid:84150448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.42.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287347/; classtype:trojan-activity;sid:84150447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.37.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287346/; classtype:trojan-activity;sid:84150446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.112.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287345/; classtype:trojan-activity;sid:84150445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.29.109.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287343/; classtype:trojan-activity;sid:84150443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.213.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287344/; classtype:trojan-activity;sid:84150444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.115.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287342/; classtype:trojan-activity;sid:84150442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.211.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287341/; classtype:trojan-activity;sid:84150441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.31.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287340/; classtype:trojan-activity;sid:84150440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.153.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287339/; classtype:trojan-activity;sid:84150439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.2.165"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287338/; classtype:trojan-activity;sid:84150438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.119.193.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287337/; classtype:trojan-activity;sid:84150437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.59.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287336/; classtype:trojan-activity;sid:84150436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.252.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287335/; classtype:trojan-activity;sid:84150435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.106.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287334/; classtype:trojan-activity;sid:84150434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.27.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287333/; classtype:trojan-activity;sid:84150433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.146.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287332/; classtype:trojan-activity;sid:84150432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287331/; classtype:trojan-activity;sid:84150431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.12.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287330/; classtype:trojan-activity;sid:84150430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287329/; classtype:trojan-activity;sid:84150429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287328/; classtype:trojan-activity;sid:84150428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.237.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287326/; classtype:trojan-activity;sid:84150426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.100.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287327/; classtype:trojan-activity;sid:84150427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.127.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287324/; classtype:trojan-activity;sid:84150424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.211.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287325/; classtype:trojan-activity;sid:84150425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.106.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287323/; classtype:trojan-activity;sid:84150423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.31.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287322/; classtype:trojan-activity;sid:84150422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.8.127"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287321/; classtype:trojan-activity;sid:84150421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.56.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287320/; classtype:trojan-activity;sid:84150420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.136.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287319/; classtype:trojan-activity;sid:84150419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.25.183.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287317/; classtype:trojan-activity;sid:84150417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.172.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287318/; classtype:trojan-activity;sid:84150418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.48.14"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287316/; classtype:trojan-activity;sid:84150416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.247.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287315/; classtype:trojan-activity;sid:84150415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.25.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287314/; classtype:trojan-activity;sid:84150414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.149.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287313/; classtype:trojan-activity;sid:84150413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.162.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287312/; classtype:trojan-activity;sid:84150412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.35.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287311/; classtype:trojan-activity;sid:84150411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.180.21.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287310/; classtype:trojan-activity;sid:84150410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.88.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287309/; classtype:trojan-activity;sid:84150409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287308/; classtype:trojan-activity;sid:84150408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.74.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287307/; classtype:trojan-activity;sid:84150407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.21.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287306/; classtype:trojan-activity;sid:84150406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.114.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287305/; classtype:trojan-activity;sid:84150405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.56.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287304/; classtype:trojan-activity;sid:84150404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.209.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287302/; classtype:trojan-activity;sid:84150402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.238.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287303/; classtype:trojan-activity;sid:84150403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.47.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287301/; classtype:trojan-activity;sid:84150401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.172.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287300/; classtype:trojan-activity;sid:84150400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287299/; classtype:trojan-activity;sid:84150399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.237.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287298/; classtype:trojan-activity;sid:84150398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.62.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287296/; classtype:trojan-activity;sid:84150396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.35.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287297/; classtype:trojan-activity;sid:84150397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.59.102.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287295/; classtype:trojan-activity;sid:84150395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.100.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287294/; classtype:trojan-activity;sid:84150394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.110.13.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287293/; classtype:trojan-activity;sid:84150393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.57.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287292/; classtype:trojan-activity;sid:84150392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287290/; classtype:trojan-activity;sid:84150390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.90.191"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287291/; classtype:trojan-activity;sid:84150391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.43.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287288/; classtype:trojan-activity;sid:84150388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.181.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287289/; classtype:trojan-activity;sid:84150389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.238.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287286/; classtype:trojan-activity;sid:84150386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287287/; classtype:trojan-activity;sid:84150387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.214.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287285/; classtype:trojan-activity;sid:84150385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.117.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287284/; classtype:trojan-activity;sid:84150384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.74.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287283/; classtype:trojan-activity;sid:84150383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.88.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287282/; classtype:trojan-activity;sid:84150382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.209.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287281/; classtype:trojan-activity;sid:84150381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.179.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287280/; classtype:trojan-activity;sid:84150380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287279/; classtype:trojan-activity;sid:84150379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.195.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287278/; classtype:trojan-activity;sid:84150378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.114.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287277/; classtype:trojan-activity;sid:84150377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.75.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287276/; classtype:trojan-activity;sid:84150376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.208.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287275/; classtype:trojan-activity;sid:84150375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.110.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287274/; classtype:trojan-activity;sid:84150374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.125.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287273/; classtype:trojan-activity;sid:84150373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.69.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287272/; classtype:trojan-activity;sid:84150372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.142.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287271/; classtype:trojan-activity;sid:84150371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.118.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287270/; classtype:trojan-activity;sid:84150370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.60.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287269/; classtype:trojan-activity;sid:84150369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.43.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287268/; classtype:trojan-activity;sid:84150368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287267/; classtype:trojan-activity;sid:84150367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.235.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287266/; classtype:trojan-activity;sid:84150366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.74.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287265/; classtype:trojan-activity;sid:84150365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.184.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287264/; classtype:trojan-activity;sid:84150364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.76.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287263/; classtype:trojan-activity;sid:84150363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.155.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287262/; classtype:trojan-activity;sid:84150362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.100.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287261/; classtype:trojan-activity;sid:84150361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.200.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287260/; classtype:trojan-activity;sid:84150360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/file1.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287259/; classtype:trojan-activity;sid:84150359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.230.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287258/; classtype:trojan-activity;sid:84150358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.7.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287257/; classtype:trojan-activity;sid:84150357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287256/; classtype:trojan-activity;sid:84150356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.244.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287255/; classtype:trojan-activity;sid:84150355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.180.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287254/; classtype:trojan-activity;sid:84150354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287253/; classtype:trojan-activity;sid:84150353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.27.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287252/; classtype:trojan-activity;sid:84150352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.93.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287251/; classtype:trojan-activity;sid:84150351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.239.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287250/; classtype:trojan-activity;sid:84150350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.32.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287249/; classtype:trojan-activity;sid:84150349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.93.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287248/; classtype:trojan-activity;sid:84150348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.60.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287247/; classtype:trojan-activity;sid:84150347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.125.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287246/; classtype:trojan-activity;sid:84150346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.180.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287245/; classtype:trojan-activity;sid:84150345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.251.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287244/; classtype:trojan-activity;sid:84150344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287243/; classtype:trojan-activity;sid:84150343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.159.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287242/; classtype:trojan-activity;sid:84150342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.181.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287241/; classtype:trojan-activity;sid:84150341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.138.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287240/; classtype:trojan-activity;sid:84150340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.226.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287239/; classtype:trojan-activity;sid:84150339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.113.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287238/; classtype:trojan-activity;sid:84150338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.235.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287237/; classtype:trojan-activity;sid:84150337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.3.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287236/; classtype:trojan-activity;sid:84150336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.207.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287235/; classtype:trojan-activity;sid:84150335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.54.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287234/; classtype:trojan-activity;sid:84150334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.24.36.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287233/; classtype:trojan-activity;sid:84150333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.231.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287232/; classtype:trojan-activity;sid:84150332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287231/; classtype:trojan-activity;sid:84150331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.117.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287230/; classtype:trojan-activity;sid:84150330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.52.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287229/; classtype:trojan-activity;sid:84150329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.223.218.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287228/; classtype:trojan-activity;sid:84150328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.93.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287227/; classtype:trojan-activity;sid:84150327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.162.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287226/; classtype:trojan-activity;sid:84150326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.244.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287225/; classtype:trojan-activity;sid:84150325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.239.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287224/; classtype:trojan-activity;sid:84150324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.109.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287223/; classtype:trojan-activity;sid:84150323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.214.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287222/; classtype:trojan-activity;sid:84150322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.154.80.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287221/; classtype:trojan-activity;sid:84150321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.107.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287220/; classtype:trojan-activity;sid:84150320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.21.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287219/; classtype:trojan-activity;sid:84150319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.181.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287218/; classtype:trojan-activity;sid:84150318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.226.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287217/; classtype:trojan-activity;sid:84150317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.207.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287216/; classtype:trojan-activity;sid:84150316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.242.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287214/; classtype:trojan-activity;sid:84150314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.242.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287215/; classtype:trojan-activity;sid:84150315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287213/; classtype:trojan-activity;sid:84150313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.44.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287212/; classtype:trojan-activity;sid:84150312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.31.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287210/; classtype:trojan-activity;sid:84150310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.248.113.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287211/; classtype:trojan-activity;sid:84150311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.179.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287208/; classtype:trojan-activity;sid:84150308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.145.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287209/; classtype:trojan-activity;sid:84150309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.180.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287207/; classtype:trojan-activity;sid:84150307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.252.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287206/; classtype:trojan-activity;sid:84150306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.77.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287205/; classtype:trojan-activity;sid:84150305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.54.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287204/; classtype:trojan-activity;sid:84150304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.241.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287203/; classtype:trojan-activity;sid:84150303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.231.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287202/; classtype:trojan-activity;sid:84150302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.173.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287201/; classtype:trojan-activity;sid:84150301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.109.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287200/; classtype:trojan-activity;sid:84150300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.162.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287199/; classtype:trojan-activity;sid:84150299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.11.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287198/; classtype:trojan-activity;sid:84150298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.179.213.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287197/; classtype:trojan-activity;sid:84150297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.214.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287196/; classtype:trojan-activity;sid:84150296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.44.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287195/; classtype:trojan-activity;sid:84150295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.86.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287194/; classtype:trojan-activity;sid:84150294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.121.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287193/; classtype:trojan-activity;sid:84150293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.239.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287192/; classtype:trojan-activity;sid:84150292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.242.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287191/; classtype:trojan-activity;sid:84150291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.77.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287190/; classtype:trojan-activity;sid:84150290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.125.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287189/; classtype:trojan-activity;sid:84150289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.245.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287187/; classtype:trojan-activity;sid:84150287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.91.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287188/; classtype:trojan-activity;sid:84150288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.45.65.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287186/; classtype:trojan-activity;sid:84150286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.128.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287185/; classtype:trojan-activity;sid:84150285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.252.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287184/; classtype:trojan-activity;sid:84150284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.109.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287183/; classtype:trojan-activity;sid:84150283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.163.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287182/; classtype:trojan-activity;sid:84150282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.112.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287181/; classtype:trojan-activity;sid:84150281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.83.145"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287180/; classtype:trojan-activity;sid:84150280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.90.39.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287179/; classtype:trojan-activity;sid:84150279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.94.181.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287175/; classtype:trojan-activity;sid:84150275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.134.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287176/; classtype:trojan-activity;sid:84150276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287177/; classtype:trojan-activity;sid:84150277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.32.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287178/; classtype:trojan-activity;sid:84150278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.60.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287174/; classtype:trojan-activity;sid:84150274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.37.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287172/; classtype:trojan-activity;sid:84150272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.108.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287173/; classtype:trojan-activity;sid:84150273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.201.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287171/; classtype:trojan-activity;sid:84150271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.24.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287170/; classtype:trojan-activity;sid:84150270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.171.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287169/; classtype:trojan-activity;sid:84150269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.83.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287168/; classtype:trojan-activity;sid:84150268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.224.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287167/; classtype:trojan-activity;sid:84150267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.181.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287166/; classtype:trojan-activity;sid:84150266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.245.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287165/; classtype:trojan-activity;sid:84150265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287164/; classtype:trojan-activity;sid:84150264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.210.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287163/; classtype:trojan-activity;sid:84150263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.239.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287162/; classtype:trojan-activity;sid:84150262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.121.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287161/; classtype:trojan-activity;sid:84150261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.76.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287160/; classtype:trojan-activity;sid:84150260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.9.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287159/; classtype:trojan-activity;sid:84150259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.6.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287158/; classtype:trojan-activity;sid:84150258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.32.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287157/; classtype:trojan-activity;sid:84150257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.225.85.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287155/; classtype:trojan-activity;sid:84150255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.171.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287156/; classtype:trojan-activity;sid:84150256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.128.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287153/; classtype:trojan-activity;sid:84150253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287154/; classtype:trojan-activity;sid:84150254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.192.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287151/; classtype:trojan-activity;sid:84150251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.170.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287152/; classtype:trojan-activity;sid:84150252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.162.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287150/; classtype:trojan-activity;sid:84150250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.32.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287149/; classtype:trojan-activity;sid:84150249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.212.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287148/; classtype:trojan-activity;sid:84150248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287147/; classtype:trojan-activity;sid:84150247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.173.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287146/; classtype:trojan-activity;sid:84150246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.94.181.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287145/; classtype:trojan-activity;sid:84150245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.75.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287144/; classtype:trojan-activity;sid:84150244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.214.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287143/; classtype:trojan-activity;sid:84150243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.181.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287142/; classtype:trojan-activity;sid:84150242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.227.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287141/; classtype:trojan-activity;sid:84150241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287140/; classtype:trojan-activity;sid:84150240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287139/; classtype:trojan-activity;sid:84150239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"122.254.13.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287138/; classtype:trojan-activity;sid:84150238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.234.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287136/; classtype:trojan-activity;sid:84150236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287137/; classtype:trojan-activity;sid:84150237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.213.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287134/; classtype:trojan-activity;sid:84150234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287135/; classtype:trojan-activity;sid:84150235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.58.179.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287133/; classtype:trojan-activity;sid:84150233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.211.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287131/; classtype:trojan-activity;sid:84150231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287132/; classtype:trojan-activity;sid:84150232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.29.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287130/; classtype:trojan-activity;sid:84150230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.76.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287129/; classtype:trojan-activity;sid:84150229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.170.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287128/; classtype:trojan-activity;sid:84150228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.12.193.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287127/; classtype:trojan-activity;sid:84150227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.6.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287126/; classtype:trojan-activity;sid:84150226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.108.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287125/; classtype:trojan-activity;sid:84150225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.56.146.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287124/; classtype:trojan-activity;sid:84150224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.235.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287123/; classtype:trojan-activity;sid:84150223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.23.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287122/; classtype:trojan-activity;sid:84150222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.194.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287121/; classtype:trojan-activity;sid:84150221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.173.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287120/; classtype:trojan-activity;sid:84150220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.214.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287119/; classtype:trojan-activity;sid:84150219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287117/; classtype:trojan-activity;sid:84150217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.35.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287118/; classtype:trojan-activity;sid:84150218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.192.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287116/; classtype:trojan-activity;sid:84150216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287115/; classtype:trojan-activity;sid:84150215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.213.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287114/; classtype:trojan-activity;sid:84150214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.21.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287113/; classtype:trojan-activity;sid:84150213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.160.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287112/; classtype:trojan-activity;sid:84150212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287111/; classtype:trojan-activity;sid:84150211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.66.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287110/; classtype:trojan-activity;sid:84150210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.211.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287109/; classtype:trojan-activity;sid:84150209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.212.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287108/; classtype:trojan-activity;sid:84150208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.149.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287107/; classtype:trojan-activity;sid:84150207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287106/; classtype:trojan-activity;sid:84150206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.234.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287105/; classtype:trojan-activity;sid:84150205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.166.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287104/; classtype:trojan-activity;sid:84150204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.6.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287103/; classtype:trojan-activity;sid:84150203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.255.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287102/; classtype:trojan-activity;sid:84150202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.173.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287101/; classtype:trojan-activity;sid:84150201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.108.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287100/; classtype:trojan-activity;sid:84150200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.71.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287099/; classtype:trojan-activity;sid:84150199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.171.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287098/; classtype:trojan-activity;sid:84150198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.225.205.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287097/; classtype:trojan-activity;sid:84150197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.171.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287096/; classtype:trojan-activity;sid:84150196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.77.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287095/; classtype:trojan-activity;sid:84150195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.79.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287094/; classtype:trojan-activity;sid:84150194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.59.102.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287093/; classtype:trojan-activity;sid:84150193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287092/; classtype:trojan-activity;sid:84150192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.69.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287091/; classtype:trojan-activity;sid:84150191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287090/; classtype:trojan-activity;sid:84150190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.248.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287089/; classtype:trojan-activity;sid:84150189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287088/; classtype:trojan-activity;sid:84150188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.0.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287087/; classtype:trojan-activity;sid:84150187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287086/; classtype:trojan-activity;sid:84150186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.4.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287085/; classtype:trojan-activity;sid:84150185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.252.190.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287084/; classtype:trojan-activity;sid:84150184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.42.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287083/; classtype:trojan-activity;sid:84150183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.220.154.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287082/; classtype:trojan-activity;sid:84150182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.71.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287081/; classtype:trojan-activity;sid:84150181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.115.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287080/; classtype:trojan-activity;sid:84150180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.77.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287079/; classtype:trojan-activity;sid:84150179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.255.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287078/; classtype:trojan-activity;sid:84150178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.142.75.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287077/; classtype:trojan-activity;sid:84150177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.192.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287076/; classtype:trojan-activity;sid:84150176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.192.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287073/; classtype:trojan-activity;sid:84150173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.163.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287074/; classtype:trojan-activity;sid:84150174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.122.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287075/; classtype:trojan-activity;sid:84150175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.68.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287072/; classtype:trojan-activity;sid:84150172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.173.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287071/; classtype:trojan-activity;sid:84150171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.100.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287070/; classtype:trojan-activity;sid:84150170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.215.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287069/; classtype:trojan-activity;sid:84150169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.152.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287068/; classtype:trojan-activity;sid:84150168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.137.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287067/; classtype:trojan-activity;sid:84150167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.121.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287066/; classtype:trojan-activity;sid:84150166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.139.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287065/; classtype:trojan-activity;sid:84150165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287064/; classtype:trojan-activity;sid:84150164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.175.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287062/; classtype:trojan-activity;sid:84150162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287063/; classtype:trojan-activity;sid:84150163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.120.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287061/; classtype:trojan-activity;sid:84150161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.248.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287059/; classtype:trojan-activity;sid:84150159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.160.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287060/; classtype:trojan-activity;sid:84150160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.89.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287058/; classtype:trojan-activity;sid:84150158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.180.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287057/; classtype:trojan-activity;sid:84150157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.115.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287056/; classtype:trojan-activity;sid:84150156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287055/; classtype:trojan-activity;sid:84150155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.122.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287054/; classtype:trojan-activity;sid:84150154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.13.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287053/; classtype:trojan-activity;sid:84150153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.207.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287052/; classtype:trojan-activity;sid:84150152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.164.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287050/; classtype:trojan-activity;sid:84150150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.26.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287051/; classtype:trojan-activity;sid:84150151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.201.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287049/; classtype:trojan-activity;sid:84150149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.166.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287048/; classtype:trojan-activity;sid:84150148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.77.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287047/; classtype:trojan-activity;sid:84150147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.121.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287046/; classtype:trojan-activity;sid:84150146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287045/; classtype:trojan-activity;sid:84150145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.235.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287044/; classtype:trojan-activity;sid:84150144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.107.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287043/; classtype:trojan-activity;sid:84150143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.109.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287042/; classtype:trojan-activity;sid:84150142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287041/; classtype:trojan-activity;sid:84150141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.8.109.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287039/; classtype:trojan-activity;sid:84150139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.231.83.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287040/; classtype:trojan-activity;sid:84150140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.126.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287038/; classtype:trojan-activity;sid:84150138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.4.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287037/; classtype:trojan-activity;sid:84150137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.89.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287035/; classtype:trojan-activity;sid:84150135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.248.225.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287036/; classtype:trojan-activity;sid:84150136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.176.101.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287033/; classtype:trojan-activity;sid:84150133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.107.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287034/; classtype:trojan-activity;sid:84150134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.220.154.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287032/; classtype:trojan-activity;sid:84150132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.178.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287031/; classtype:trojan-activity;sid:84150131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.164.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287030/; classtype:trojan-activity;sid:84150130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.118.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287029/; classtype:trojan-activity;sid:84150129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.207.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287028/; classtype:trojan-activity;sid:84150128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.8.119"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287027/; classtype:trojan-activity;sid:84150127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.211.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287026/; classtype:trojan-activity;sid:84150126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287025/; classtype:trojan-activity;sid:84150125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287024/; classtype:trojan-activity;sid:84150124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.206.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287023/; classtype:trojan-activity;sid:84150123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.124.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287022/; classtype:trojan-activity;sid:84150122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287021/; classtype:trojan-activity;sid:84150121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.10.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287020/; classtype:trojan-activity;sid:84150120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.90.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287018/; classtype:trojan-activity;sid:84150118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287019/; classtype:trojan-activity;sid:84150119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.26.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287017/; classtype:trojan-activity;sid:84150117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.22.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287016/; classtype:trojan-activity;sid:84150116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.225.221.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287015/; classtype:trojan-activity;sid:84150115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.166.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287014/; classtype:trojan-activity;sid:84150114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.77.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287013/; classtype:trojan-activity;sid:84150113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.126.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287012/; classtype:trojan-activity;sid:84150112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.235.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287011/; classtype:trojan-activity;sid:84150111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.153.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287010/; classtype:trojan-activity;sid:84150110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.238.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287008/; classtype:trojan-activity;sid:84150108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.248.225.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287009/; classtype:trojan-activity;sid:84150109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.90.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287007/; classtype:trojan-activity;sid:84150107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.2.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287006/; classtype:trojan-activity;sid:84150106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.83.140"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287005/; classtype:trojan-activity;sid:84150105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.5.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287003/; classtype:trojan-activity;sid:84150103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.98.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287004/; classtype:trojan-activity;sid:84150104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.178.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287002/; classtype:trojan-activity;sid:84150102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.132.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287001/; classtype:trojan-activity;sid:84150101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.89.126.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3287000/; classtype:trojan-activity;sid:84150100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.180.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286999/; classtype:trojan-activity;sid:84150099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286998/; classtype:trojan-activity;sid:84150098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.110.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286997/; classtype:trojan-activity;sid:84150097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.145.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286996/; classtype:trojan-activity;sid:84150096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.35.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286995/; classtype:trojan-activity;sid:84150095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.22.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286994/; classtype:trojan-activity;sid:84150094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.29.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286993/; classtype:trojan-activity;sid:84150093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286991/; classtype:trojan-activity;sid:84150091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.10.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286992/; classtype:trojan-activity;sid:84150092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.68.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286990/; classtype:trojan-activity;sid:84150090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.22.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286989/; classtype:trojan-activity;sid:84150089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286988/; classtype:trojan-activity;sid:84150088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.133.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286987/; classtype:trojan-activity;sid:84150087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.109.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286986/; classtype:trojan-activity;sid:84150086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.109.147.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286985/; classtype:trojan-activity;sid:84150085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.37.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286983/; classtype:trojan-activity;sid:84150083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.124.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286984/; classtype:trojan-activity;sid:84150084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.247.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286982/; classtype:trojan-activity;sid:84150082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.244.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286981/; classtype:trojan-activity;sid:84150081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filtpennes26.vbs"; depth:17; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286980/; classtype:trojan-activity;sid:84150080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.85.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286979/; classtype:trojan-activity;sid:84150079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forskergruppen.cmd"; depth:19; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286973/; classtype:trojan-activity;sid:84150073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arkivskab.cmd"; depth:14; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286974/; classtype:trojan-activity;sid:84150074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/milliardte.wsf"; depth:15; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286975/; classtype:trojan-activity;sid:84150075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keglerejsere.wsf"; depth:17; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286977/; classtype:trojan-activity;sid:84150077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stutsen.vbs"; depth:12; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286978/; classtype:trojan-activity;sid:84150078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286972/; classtype:trojan-activity;sid:84150072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.34.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286971/; classtype:trojan-activity;sid:84150071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.220.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286970/; classtype:trojan-activity;sid:84150070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.143.20.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.93.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286968/; classtype:trojan-activity;sid:84150068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286967/; classtype:trojan-activity;sid:84150067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.156.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286966/; classtype:trojan-activity;sid:84150066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.55.178.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286965/; classtype:trojan-activity;sid:84150065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.12.94.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286963/; classtype:trojan-activity;sid:84150063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.23.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286964/; classtype:trojan-activity;sid:84150064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.77.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286962/; classtype:trojan-activity;sid:84150062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.244.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286961/; classtype:trojan-activity;sid:84150061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.68.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286960/; classtype:trojan-activity;sid:84150060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.85.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286959/; classtype:trojan-activity;sid:84150059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.85.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286957/; classtype:trojan-activity;sid:84150057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286958/; classtype:trojan-activity;sid:84150058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.241.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286956/; classtype:trojan-activity;sid:84150056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.86.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286955/; classtype:trojan-activity;sid:84150055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.85.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286954/; classtype:trojan-activity;sid:84150054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.247.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286953/; classtype:trojan-activity;sid:84150053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.121.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286952/; classtype:trojan-activity;sid:84150052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.244.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286951/; classtype:trojan-activity;sid:84150051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.37.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286950/; classtype:trojan-activity;sid:84150050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.34.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286949/; classtype:trojan-activity;sid:84150049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.108.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286948/; classtype:trojan-activity;sid:84150048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286946/; classtype:trojan-activity;sid:84150046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.169.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286947/; classtype:trojan-activity;sid:84150047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286945/; classtype:trojan-activity;sid:84150045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.11.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286943/; classtype:trojan-activity;sid:84150043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rj"; depth:3; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286944/; classtype:trojan-activity;sid:84150044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/way"; depth:4; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286942/; classtype:trojan-activity;sid:84150042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.12.94.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286941/; classtype:trojan-activity;sid:84150041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.218.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286940/; classtype:trojan-activity;sid:84150040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.106.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286939/; classtype:trojan-activity;sid:84150039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.18.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286938/; classtype:trojan-activity;sid:84150038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.248.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286937/; classtype:trojan-activity;sid:84150037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.153.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286936/; classtype:trojan-activity;sid:84150036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.86.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286935/; classtype:trojan-activity;sid:84150035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.28.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286934/; classtype:trojan-activity;sid:84150034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.168.225.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286932/; classtype:trojan-activity;sid:84150032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.50.59"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286933/; classtype:trojan-activity;sid:84150033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286931/; classtype:trojan-activity;sid:84150031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.153.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286930/; classtype:trojan-activity;sid:84150030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.74.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286929/; classtype:trojan-activity;sid:84150029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.190.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286928/; classtype:trojan-activity;sid:84150028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.11.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286927/; classtype:trojan-activity;sid:84150027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.11.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286926/; classtype:trojan-activity;sid:84150026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.exe"; depth:6; endswith; nocase; http.host; content:"freewaylumma.online"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286925/; classtype:trojan-activity;sid:84150025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286913/; classtype:trojan-activity;sid:84150013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286914/; classtype:trojan-activity;sid:84150014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286915/; classtype:trojan-activity;sid:84150015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286916/; classtype:trojan-activity;sid:84150016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286917/; classtype:trojan-activity;sid:84150017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286918/; classtype:trojan-activity;sid:84150018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286919/; classtype:trojan-activity;sid:84150019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286920/; classtype:trojan-activity;sid:84150020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286921/; classtype:trojan-activity;sid:84150021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286922/; classtype:trojan-activity;sid:84150022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286923/; classtype:trojan-activity;sid:84150023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"technovm-hk.tioffiop.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286924/; classtype:trojan-activity;sid:84150024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286912/; classtype:trojan-activity;sid:84150012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm"; depth:23; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286899/; classtype:trojan-activity;sid:84149999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.x86_64"; depth:26; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286900/; classtype:trojan-activity;sid:84150000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.m68k"; depth:24; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286901/; classtype:trojan-activity;sid:84150001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.sh4"; depth:23; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286902/; classtype:trojan-activity;sid:84150002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.mips"; depth:24; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286903/; classtype:trojan-activity;sid:84150003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm7"; depth:24; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286904/; classtype:trojan-activity;sid:84150004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.mpsl"; depth:24; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286905/; classtype:trojan-activity;sid:84150005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.x86"; depth:23; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286906/; classtype:trojan-activity;sid:84150006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm5"; depth:24; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286907/; classtype:trojan-activity;sid:84150007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm6"; depth:24; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286908/; classtype:trojan-activity;sid:84150008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.spc"; depth:23; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286909/; classtype:trojan-activity;sid:84150009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.ppc"; depth:23; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286910/; classtype:trojan-activity;sid:84150010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.x86_64.dbg"; depth:30; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286911/; classtype:trojan-activity;sid:84150011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.sh"; depth:22; endswith; nocase; http.host; content:"omg.rekugg.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286898/; classtype:trojan-activity;sid:84149998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.95.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286897/; classtype:trojan-activity;sid:84149997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.218.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286896/; classtype:trojan-activity;sid:84149996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.65.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286894/; classtype:trojan-activity;sid:84149994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.62.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286895/; classtype:trojan-activity;sid:84149995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forte12premium.zip"; depth:19; endswith; nocase; http.host; content:"ecem.edu.ar"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286893/; classtype:trojan-activity;sid:84149993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.83.176.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286892/; classtype:trojan-activity;sid:84149992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286891/; classtype:trojan-activity;sid:84149991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286890/; classtype:trojan-activity;sid:84149990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.28.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286889/; classtype:trojan-activity;sid:84149989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.168.225.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286888/; classtype:trojan-activity;sid:84149988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.143.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286887/; classtype:trojan-activity;sid:84149987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.42.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286886/; classtype:trojan-activity;sid:84149986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.145.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286885/; classtype:trojan-activity;sid:84149985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.190.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286884/; classtype:trojan-activity;sid:84149984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.84.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286883/; classtype:trojan-activity;sid:84149983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.95.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286882/; classtype:trojan-activity;sid:84149982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.139.50.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286881/; classtype:trojan-activity;sid:84149981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.246.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286880/; classtype:trojan-activity;sid:84149980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.119.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286879/; classtype:trojan-activity;sid:84149979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.62.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286878/; classtype:trojan-activity;sid:84149978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.186.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286877/; classtype:trojan-activity;sid:84149977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286876/; classtype:trojan-activity;sid:84149976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.84.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286874/; classtype:trojan-activity;sid:84149974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.105.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286875/; classtype:trojan-activity;sid:84149975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.83.176.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286873/; classtype:trojan-activity;sid:84149973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.205.167.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286871/; classtype:trojan-activity;sid:84149971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.65.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286872/; classtype:trojan-activity;sid:84149972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.16.91.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286870/; classtype:trojan-activity;sid:84149970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.107.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286868/; classtype:trojan-activity;sid:84149968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.42.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286869/; classtype:trojan-activity;sid:84149969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.253.80.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286867/; classtype:trojan-activity;sid:84149967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.201.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286866/; classtype:trojan-activity;sid:84149966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.219.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286865/; classtype:trojan-activity;sid:84149965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.93.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286864/; classtype:trojan-activity;sid:84149964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.143.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286863/; classtype:trojan-activity;sid:84149963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.225.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286862/; classtype:trojan-activity;sid:84149962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286861/; classtype:trojan-activity;sid:84149961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286860/; classtype:trojan-activity;sid:84149960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.46.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286859/; classtype:trojan-activity;sid:84149959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.134.15.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286858/; classtype:trojan-activity;sid:84149958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.79.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286857/; classtype:trojan-activity;sid:84149957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.102.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286856/; classtype:trojan-activity;sid:84149956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.73.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286855/; classtype:trojan-activity;sid:84149955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.92.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286854/; classtype:trojan-activity;sid:84149954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.8.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286853/; classtype:trojan-activity;sid:84149953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/powdergpl.exe"; depth:20; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286852/; classtype:trojan-activity;sid:84149952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.mips"; depth:15; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286846/; classtype:trojan-activity;sid:84149946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.242.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286847/; classtype:trojan-activity;sid:84149947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.sh4"; depth:14; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286848/; classtype:trojan-activity;sid:84149948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm.b"; depth:11; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286849/; classtype:trojan-activity;sid:84149949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.ppc"; depth:14; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286850/; classtype:trojan-activity;sid:84149950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.spc"; depth:14; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286851/; classtype:trojan-activity;sid:84149951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.x86"; depth:14; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286839/; classtype:trojan-activity;sid:84149939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.arm6"; depth:15; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286840/; classtype:trojan-activity;sid:84149940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.arm"; depth:14; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286841/; classtype:trojan-activity;sid:84149941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl.b"; depth:12; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286842/; classtype:trojan-activity;sid:84149942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zgp"; depth:9; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286843/; classtype:trojan-activity;sid:84149943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.mpsl"; depth:15; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286844/; classtype:trojan-activity;sid:84149944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amen.m68k"; depth:15; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286845/; classtype:trojan-activity;sid:84149945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.119.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286838/; classtype:trojan-activity;sid:84149938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh"; depth:8; endswith; nocase; http.host; content:"154.213.187.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286837/; classtype:trojan-activity;sid:84149937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.207.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286836/; classtype:trojan-activity;sid:84149936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.84.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286835/; classtype:trojan-activity;sid:84149935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.215.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286834/; classtype:trojan-activity;sid:84149934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286833/; classtype:trojan-activity;sid:84149933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.42.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286832/; classtype:trojan-activity;sid:84149932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286830/; classtype:trojan-activity;sid:84149930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.93.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286831/; classtype:trojan-activity;sid:84149931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286829/; classtype:trojan-activity;sid:84149929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.227.56.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286826/; classtype:trojan-activity;sid:84149926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.39.131.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286827/; classtype:trojan-activity;sid:84149927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.73.64.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.44.88.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286824/; classtype:trojan-activity;sid:84149924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.17.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286825/; classtype:trojan-activity;sid:84149925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.242.144.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286823/; classtype:trojan-activity;sid:84149923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.77.228.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.73.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286822/; classtype:trojan-activity;sid:84149922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.56.250.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286820/; classtype:trojan-activity;sid:84149920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.235.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286819/; classtype:trojan-activity;sid:84149919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.193.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286818/; classtype:trojan-activity;sid:84149918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.174.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286817/; classtype:trojan-activity;sid:84149917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.226.3.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286816/; classtype:trojan-activity;sid:84149916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.192.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286815/; classtype:trojan-activity;sid:84149915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.251.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286814/; classtype:trojan-activity;sid:84149914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.131.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286813/; classtype:trojan-activity;sid:84149913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.164.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286812/; classtype:trojan-activity;sid:84149912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.227.51.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286811/; classtype:trojan-activity;sid:84149911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.69.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286809/; classtype:trojan-activity;sid:84149909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.2.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286810/; classtype:trojan-activity;sid:84149910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.154.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286808/; classtype:trojan-activity;sid:84149908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.11.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286807/; classtype:trojan-activity;sid:84149907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.8.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286806/; classtype:trojan-activity;sid:84149906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.27.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286805/; classtype:trojan-activity;sid:84149905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286804/; classtype:trojan-activity;sid:84149904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.247.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286803/; classtype:trojan-activity;sid:84149903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.55.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286802/; classtype:trojan-activity;sid:84149902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.165.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286801/; classtype:trojan-activity;sid:84149901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.107.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286800/; classtype:trojan-activity;sid:84149900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.64.233.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286799/; classtype:trojan-activity;sid:84149899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.42.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286798/; classtype:trojan-activity;sid:84149898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.11.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286797/; classtype:trojan-activity;sid:84149897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.162.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286796/; classtype:trojan-activity;sid:84149896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.130.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286794/; classtype:trojan-activity;sid:84149894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.239.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286795/; classtype:trojan-activity;sid:84149895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.179.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286793/; classtype:trojan-activity;sid:84149893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.18.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286792/; classtype:trojan-activity;sid:84149892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.45.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286791/; classtype:trojan-activity;sid:84149891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.185.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286790/; classtype:trojan-activity;sid:84149890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.86.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286789/; classtype:trojan-activity;sid:84149889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286788/; classtype:trojan-activity;sid:84149888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.24.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286787/; classtype:trojan-activity;sid:84149887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.15.61"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286786/; classtype:trojan-activity;sid:84149886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.143.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286785/; classtype:trojan-activity;sid:84149885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.78.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286784/; classtype:trojan-activity;sid:84149884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.5.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286783/; classtype:trojan-activity;sid:84149883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.19.57.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286782/; classtype:trojan-activity;sid:84149882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.216.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286781/; classtype:trojan-activity;sid:84149881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.154.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286780/; classtype:trojan-activity;sid:84149880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.27.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286779/; classtype:trojan-activity;sid:84149879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.246.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286778/; classtype:trojan-activity;sid:84149878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.78.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286777/; classtype:trojan-activity;sid:84149877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.193.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286776/; classtype:trojan-activity;sid:84149876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.248.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286775/; classtype:trojan-activity;sid:84149875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.21.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286774/; classtype:trojan-activity;sid:84149874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.185.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286773/; classtype:trojan-activity;sid:84149873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.18.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286772/; classtype:trojan-activity;sid:84149872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.78.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286771/; classtype:trojan-activity;sid:84149871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.86.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286769/; classtype:trojan-activity;sid:84149869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.53.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286770/; classtype:trojan-activity;sid:84149870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.184.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286768/; classtype:trojan-activity;sid:84149868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.207.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286767/; classtype:trojan-activity;sid:84149867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.38.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286766/; classtype:trojan-activity;sid:84149866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.55.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286764/; classtype:trojan-activity;sid:84149864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286765/; classtype:trojan-activity;sid:84149865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.43.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286763/; classtype:trojan-activity;sid:84149863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.21.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286762/; classtype:trojan-activity;sid:84149862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.84.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286761/; classtype:trojan-activity;sid:84149861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.75.173.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286760/; classtype:trojan-activity;sid:84149860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.11.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286759/; classtype:trojan-activity;sid:84149859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.246.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286758/; classtype:trojan-activity;sid:84149858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.80.82.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286757/; classtype:trojan-activity;sid:84149857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.207.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286756/; classtype:trojan-activity;sid:84149856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.253.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286755/; classtype:trojan-activity;sid:84149855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.248.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286754/; classtype:trojan-activity;sid:84149854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.190.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286753/; classtype:trojan-activity;sid:84149853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.78.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286752/; classtype:trojan-activity;sid:84149852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286751/; classtype:trojan-activity;sid:84149851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.21.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286750/; classtype:trojan-activity;sid:84149850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.121.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286749/; classtype:trojan-activity;sid:84149849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286748/; classtype:trojan-activity;sid:84149848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.4.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286747/; classtype:trojan-activity;sid:84149847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.142.75.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286746/; classtype:trojan-activity;sid:84149846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.73.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286745/; classtype:trojan-activity;sid:84149845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.196.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286744/; classtype:trojan-activity;sid:84149844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.53.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286743/; classtype:trojan-activity;sid:84149843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.184.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286742/; classtype:trojan-activity;sid:84149842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286741/; classtype:trojan-activity;sid:84149841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286740/; classtype:trojan-activity;sid:84149840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.245.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286739/; classtype:trojan-activity;sid:84149839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.240.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286738/; classtype:trojan-activity;sid:84149838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.129.18.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286737/; classtype:trojan-activity;sid:84149837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.75.173.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286736/; classtype:trojan-activity;sid:84149836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.160.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286734/; classtype:trojan-activity;sid:84149834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286735/; classtype:trojan-activity;sid:84149835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.200.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286732/; classtype:trojan-activity;sid:84149832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.230.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286733/; classtype:trojan-activity;sid:84149833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286731/; classtype:trojan-activity;sid:84149831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.198.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286730/; classtype:trojan-activity;sid:84149830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.22.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286729/; classtype:trojan-activity;sid:84149829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286728/; classtype:trojan-activity;sid:84149828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.73.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286727/; classtype:trojan-activity;sid:84149827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286726/; classtype:trojan-activity;sid:84149826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286725/; classtype:trojan-activity;sid:84149825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.166.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286724/; classtype:trojan-activity;sid:84149824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286723/; classtype:trojan-activity;sid:84149823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.156.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286722/; classtype:trojan-activity;sid:84149822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.230.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286721/; classtype:trojan-activity;sid:84149821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.200.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286720/; classtype:trojan-activity;sid:84149820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.252.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286718/; classtype:trojan-activity;sid:84149818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286719/; classtype:trojan-activity;sid:84149819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.139.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286717/; classtype:trojan-activity;sid:84149817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.144.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286716/; classtype:trojan-activity;sid:84149816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.87.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286715/; classtype:trojan-activity;sid:84149815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.21.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286714/; classtype:trojan-activity;sid:84149814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.4.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286712/; classtype:trojan-activity;sid:84149812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.164.239.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286713/; classtype:trojan-activity;sid:84149813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.11.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286711/; classtype:trojan-activity;sid:84149811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.237.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286710/; classtype:trojan-activity;sid:84149810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.47.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286709/; classtype:trojan-activity;sid:84149809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.4.224.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286707/; classtype:trojan-activity;sid:84149807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.179.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286708/; classtype:trojan-activity;sid:84149808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.158.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286706/; classtype:trojan-activity;sid:84149806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.156.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286705/; classtype:trojan-activity;sid:84149805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.68.226"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286704/; classtype:trojan-activity;sid:84149804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.252.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286703/; classtype:trojan-activity;sid:84149803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286702/; classtype:trojan-activity;sid:84149802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.109.147.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286701/; classtype:trojan-activity;sid:84149801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.26.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286700/; classtype:trojan-activity;sid:84149800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.179.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286699/; classtype:trojan-activity;sid:84149799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"42.203.68.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286698/; classtype:trojan-activity;sid:84149798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.4.224.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286697/; classtype:trojan-activity;sid:84149797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.19.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286696/; classtype:trojan-activity;sid:84149796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286695/; classtype:trojan-activity;sid:84149795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.47.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286693/; classtype:trojan-activity;sid:84149793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286694/; classtype:trojan-activity;sid:84149794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.116.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286692/; classtype:trojan-activity;sid:84149792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.185.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286691/; classtype:trojan-activity;sid:84149791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244_rgzwnbqrkpn"; depth:16; endswith; nocase; http.host; content:"mbsngradnja.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286690/; classtype:trojan-activity;sid:84149790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244_rgzwnbqrkpn"; depth:16; endswith; nocase; http.host; content:"mbsngradnja.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286689/; classtype:trojan-activity;sid:84149789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244_rgzwnbqrkpn"; depth:16; endswith; nocase; http.host; content:"92.114.2.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286685/; classtype:trojan-activity;sid:84149785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244_rgzwnbqrkpn"; depth:16; endswith; nocase; http.host; content:"92.114.2.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286686/; classtype:trojan-activity;sid:84149786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244_rgzwnbqrkpn"; depth:16; endswith; nocase; http.host; content:"voievodulgelu.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286687/; classtype:trojan-activity;sid:84149787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244_rgzwnbqrkpn"; depth:16; endswith; nocase; http.host; content:"voievodulgelu.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286688/; classtype:trojan-activity;sid:84149788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.72.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286684/; classtype:trojan-activity;sid:84149784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.26.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286683/; classtype:trojan-activity;sid:84149783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286682/; classtype:trojan-activity;sid:84149782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.10.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286681/; classtype:trojan-activity;sid:84149781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.142.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286680/; classtype:trojan-activity;sid:84149780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.169.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286678/; classtype:trojan-activity;sid:84149778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.64.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286679/; classtype:trojan-activity;sid:84149779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.6.91.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286677/; classtype:trojan-activity;sid:84149777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286676/; classtype:trojan-activity;sid:84149776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.172.48.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286675/; classtype:trojan-activity;sid:84149775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.169.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286674/; classtype:trojan-activity;sid:84149774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.10.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286673/; classtype:trojan-activity;sid:84149773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.142.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286672/; classtype:trojan-activity;sid:84149772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.64.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286671/; classtype:trojan-activity;sid:84149771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.9.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286670/; classtype:trojan-activity;sid:84149770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.251.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286669/; classtype:trojan-activity;sid:84149769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.131.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286668/; classtype:trojan-activity;sid:84149768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.241.49.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286667/; classtype:trojan-activity;sid:84149767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.6.91.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286666/; classtype:trojan-activity;sid:84149766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286665/; classtype:trojan-activity;sid:84149765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.99.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286664/; classtype:trojan-activity;sid:84149764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286663/; classtype:trojan-activity;sid:84149763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.111.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286662/; classtype:trojan-activity;sid:84149762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.74.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286661/; classtype:trojan-activity;sid:84149761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286660/; classtype:trojan-activity;sid:84149760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.137.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286659/; classtype:trojan-activity;sid:84149759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.113.132.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286658/; classtype:trojan-activity;sid:84149758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/efrgvfre.txt"; depth:16; endswith; nocase; http.host; content:"198.46.178.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286657/; classtype:trojan-activity;sid:84149757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/wg/seethebestthingswithgoodthingswithgreatthignsfor.hta"; depth:59; endswith; nocase; http.host; content:"198.46.178.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286655/; classtype:trojan-activity;sid:84149755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/sw/sw/seethebestthingswithentireworldgettinggoodthings.hta"; depth:65; endswith; nocase; http.host; content:"107.172.148.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286656/; classtype:trojan-activity;sid:84149756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/seethebestgirlseverdidbestthignswithmyself.tif"; depth:50; endswith; nocase; http.host; content:"198.46.178.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286654/; classtype:trojan-activity;sid:84149754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/seethebestgirlseverdidbestthignswithmyself.tif"; depth:50; endswith; nocase; http.host; content:"198.46.178.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286653/; classtype:trojan-activity;sid:84149753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=13avvmelmqto_mu6w9cwsshjk2bhdv7u4"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286651/; classtype:trojan-activity;sid:84149751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/kjm3p6dn0pqdlzy5e4e44/demanda-laboral_proceso-judicial-rdo-2003250-00214.gz|3f|rlkey=7mui9cgd8ktq5re4a9amgmjzc|7c|26|7c|st=0cy6e2s5|7c|26|7c|dl=1"; depth:153; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286652/; classtype:trojan-activity;sid:84149752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/bnc/see/seethebestthingswithentiretimeimadeforyousee.hta"; depth:63; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286647/; classtype:trojan-activity;sid:84149747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/155/rfgfvfr.txt"; depth:16; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286648/; classtype:trojan-activity;sid:84149748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.111.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286649/; classtype:trojan-activity;sid:84149749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1lbbx9xt4xxtbcwu6jtuhq3pq1-mtgz5h|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286650/; classtype:trojan-activity;sid:84149750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/155/vc/seethebestthingsneedtodowithgreatthingshappenedonheretosee.hta"; depth:70; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286646/; classtype:trojan-activity;sid:84149746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ziwz1i5mdrlw0beytiupuo2aoigqpgg3"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286645/; classtype:trojan-activity;sid:84149745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/5wypci2ocjuvk4u83bojh/fichero-20200324-demanda-laboral_proceso-judicial.gz|3f|rlkey=0qhtd1mshaadwjtklhhibyg3j|7c|26|7c|st=tq63jyix|7c|26|7c|dl=1"; depth:152; endswith; nocase; http.host; content:"dropbox.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286643/; classtype:trojan-activity;sid:84149743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/155/brandthingswithgreatamazingthingshappened.tif"; depth:50; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286644/; classtype:trojan-activity;sid:84149744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.244.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286642/; classtype:trojan-activity;sid:84149742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.92.103.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286641/; classtype:trojan-activity;sid:84149741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286640/; classtype:trojan-activity;sid:84149740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286639/; classtype:trojan-activity;sid:84149739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.74.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286638/; classtype:trojan-activity;sid:84149738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.82.99"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286637/; classtype:trojan-activity;sid:84149737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.181.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286636/; classtype:trojan-activity;sid:84149736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.221.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286635/; classtype:trojan-activity;sid:84149735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.163.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286634/; classtype:trojan-activity;sid:84149734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.78.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286633/; classtype:trojan-activity;sid:84149733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.73.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286632/; classtype:trojan-activity;sid:84149732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.134.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286630/; classtype:trojan-activity;sid:84149730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.51.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286631/; classtype:trojan-activity;sid:84149731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286629/; classtype:trojan-activity;sid:84149729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.49.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286628/; classtype:trojan-activity;sid:84149728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.67.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286627/; classtype:trojan-activity;sid:84149727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.134.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286626/; classtype:trojan-activity;sid:84149726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=116gevsxa7cm0vfw2ztpbmql8uyanda_o"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286625/; classtype:trojan-activity;sid:84149725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.82.99"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286624/; classtype:trojan-activity;sid:84149724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.37.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286621/; classtype:trojan-activity;sid:84149721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.237.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286622/; classtype:trojan-activity;sid:84149722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.215.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286623/; classtype:trojan-activity;sid:84149723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.82.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286620/; classtype:trojan-activity;sid:84149720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.227.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286619/; classtype:trojan-activity;sid:84149719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.29.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286618/; classtype:trojan-activity;sid:84149718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286617/; classtype:trojan-activity;sid:84149717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.255.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286616/; classtype:trojan-activity;sid:84149716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.60.238.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286615/; classtype:trojan-activity;sid:84149715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286614/; classtype:trojan-activity;sid:84149714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.16.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286613/; classtype:trojan-activity;sid:84149713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.67.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286612/; classtype:trojan-activity;sid:84149712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.218.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286611/; classtype:trojan-activity;sid:84149711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.226.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286609/; classtype:trojan-activity;sid:84149709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.11.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286610/; classtype:trojan-activity;sid:84149710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.237.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286608/; classtype:trojan-activity;sid:84149708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.129.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286607/; classtype:trojan-activity;sid:84149707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.184.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286605/; classtype:trojan-activity;sid:84149705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.97.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286606/; classtype:trojan-activity;sid:84149706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.80.82.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286604/; classtype:trojan-activity;sid:84149704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286603/; classtype:trojan-activity;sid:84149703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.79.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286602/; classtype:trojan-activity;sid:84149702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.82.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286601/; classtype:trojan-activity;sid:84149701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.113.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286600/; classtype:trojan-activity;sid:84149700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.53.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286599/; classtype:trojan-activity;sid:84149699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.238.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286598/; classtype:trojan-activity;sid:84149698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.26.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286597/; classtype:trojan-activity;sid:84149697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.11.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286596/; classtype:trojan-activity;sid:84149696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.131.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286595/; classtype:trojan-activity;sid:84149695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286594/; classtype:trojan-activity;sid:84149694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286593/; classtype:trojan-activity;sid:84149693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.173.10.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286592/; classtype:trojan-activity;sid:84149692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286591/; classtype:trojan-activity;sid:84149691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286589/; classtype:trojan-activity;sid:84149689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.179.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286590/; classtype:trojan-activity;sid:84149690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.129.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286588/; classtype:trojan-activity;sid:84149688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips/"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286586/; classtype:trojan-activity;sid:84149686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/fl-studio-cracked.com"; depth:27; endswith; nocase; http.host; content:"80.76.51.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286587/; classtype:trojan-activity;sid:84149687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sistemas/archivos/unico-venta3401005.exe"; depth:41; endswith; nocase; http.host; content:"www.flechabusretiro.com.ar"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286583/; classtype:trojan-activity;sid:84149683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recup/bum=187826617|7c|26|7c|ampfilename=hoshi_no_kirby_-_yume_no_izumi_deluxe_japan.exe"; depth:89; endswith; nocase; http.host; content:"superquest.info"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286581/; classtype:trojan-activity;sid:84149681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30622/shttpsr_mg.exe"; depth:21; endswith; nocase; http.host; content:"ns.smallsrv.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286582/; classtype:trojan-activity;sid:84149682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.184.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286580/; classtype:trojan-activity;sid:84149680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.53.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286579/; classtype:trojan-activity;sid:84149679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.26.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286577/; classtype:trojan-activity;sid:84149677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.192.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286578/; classtype:trojan-activity;sid:84149678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.208.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286576/; classtype:trojan-activity;sid:84149676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286575/; classtype:trojan-activity;sid:84149675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.249.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286574/; classtype:trojan-activity;sid:84149674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.31.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286573/; classtype:trojan-activity;sid:84149673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286572/; classtype:trojan-activity;sid:84149672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286570/; classtype:trojan-activity;sid:84149670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.217.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286571/; classtype:trojan-activity;sid:84149671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.185.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286569/; classtype:trojan-activity;sid:84149669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.43.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286568/; classtype:trojan-activity;sid:84149668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.26.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286567/; classtype:trojan-activity;sid:84149667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286566/; classtype:trojan-activity;sid:84149666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.32.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286565/; classtype:trojan-activity;sid:84149665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.226.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286563/; classtype:trojan-activity;sid:84149663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.18.208.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286562/; classtype:trojan-activity;sid:84149662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286560/; classtype:trojan-activity;sid:84149660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.29.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286561/; classtype:trojan-activity;sid:84149661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286559/; classtype:trojan-activity;sid:84149659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.163.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286558/; classtype:trojan-activity;sid:84149658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286557/; classtype:trojan-activity;sid:84149657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286556/; classtype:trojan-activity;sid:84149656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.211.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286554/; classtype:trojan-activity;sid:84149654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.194.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286555/; classtype:trojan-activity;sid:84149655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.129.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286552/; classtype:trojan-activity;sid:84149652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.209.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286553/; classtype:trojan-activity;sid:84149653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/[cpu]"; depth:6; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286551/; classtype:trojan-activity;sid:84149651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.241.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286550/; classtype:trojan-activity;sid:84149650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.192.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286549/; classtype:trojan-activity;sid:84149649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.52.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286547/; classtype:trojan-activity;sid:84149647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286548/; classtype:trojan-activity;sid:84149648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.18.208.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286546/; classtype:trojan-activity;sid:84149646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.62.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286545/; classtype:trojan-activity;sid:84149645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286531/; classtype:trojan-activity;sid:84149631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286532/; classtype:trojan-activity;sid:84149632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286533/; classtype:trojan-activity;sid:84149633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286534/; classtype:trojan-activity;sid:84149634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286535/; classtype:trojan-activity;sid:84149635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286537/; classtype:trojan-activity;sid:84149637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286538/; classtype:trojan-activity;sid:84149638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286539/; classtype:trojan-activity;sid:84149639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286540/; classtype:trojan-activity;sid:84149640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openssh"; depth:8; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286541/; classtype:trojan-activity;sid:84149641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286542/; classtype:trojan-activity;sid:84149642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286543/; classtype:trojan-activity;sid:84149643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pftp"; depth:5; endswith; nocase; http.host; content:"93.123.85.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286544/; classtype:trojan-activity;sid:84149644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.61.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286529/; classtype:trojan-activity;sid:84149629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.179.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286528/; classtype:trojan-activity;sid:84149628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.94.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286527/; classtype:trojan-activity;sid:84149627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286526/; classtype:trojan-activity;sid:84149626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.135.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286525/; classtype:trojan-activity;sid:84149625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"187.170.37.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286524/; classtype:trojan-activity;sid:84149624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.60.180.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286523/; classtype:trojan-activity;sid:84149623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/pidgeon.exe"; depth:16; endswith; nocase; http.host; content:"87.120.125.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286522/; classtype:trojan-activity;sid:84149622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286521/; classtype:trojan-activity;sid:84149621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.163.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286520/; classtype:trojan-activity;sid:84149620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.168.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286519/; classtype:trojan-activity;sid:84149619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; depth:55; endswith; nocase; http.host; content:"d.kpzip.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kuaileup/dianzhangzhushouanzhuanbao.exe"; depth:40; endswith; nocase; http.host; content:"klfs.synology.me"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286517/; classtype:trojan-activity;sid:84149617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installer.exe"; depth:14; endswith; nocase; http.host; content:"64.176.168.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286516/; classtype:trojan-activity;sid:84149616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoupdate/hostfile/autoupdate.exe"; depth:35; endswith; nocase; http.host; content:"kiemthehuyenlong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286515/; classtype:trojan-activity;sid:84149615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/xiaohu.exe"; depth:20; endswith; nocase; http.host; content:"110.40.51.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286514/; classtype:trojan-activity;sid:84149614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haozip.convertimg.exe"; depth:22; endswith; nocase; http.host; content:"download.haozip.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s_11222.exe"; depth:12; endswith; nocase; http.host; content:"62.109.5.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286512/; classtype:trojan-activity;sid:84149612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoupdate/hostfile/autoupdate.exe"; depth:35; endswith; nocase; http.host; content:"103.167.89.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286510/; classtype:trojan-activity;sid:84149610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/goodlabel%e6%89%93%e5%8d%b0%e6%9c%8d%e5%8a%a1%e5%ae%89%e8%a3%85%e7%a8%8b%e5%ba%8f.exe"; depth:94; endswith; nocase; http.host; content:"goodlabel.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286511/; classtype:trojan-activity;sid:84149611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noloadn_old_new.exe"; depth:20; endswith; nocase; http.host; content:"kortatay.myz.info"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286509/; classtype:trojan-activity;sid:84149609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/procx64.exe"; depth:12; endswith; nocase; http.host; content:"kortatay.myz.info"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286508/; classtype:trojan-activity;sid:84149608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asufer.exe"; depth:11; endswith; nocase; http.host; content:"kortatay.myz.info"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286507/; classtype:trojan-activity;sid:84149607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/securityhealthservice.exe"; depth:26; endswith; nocase; http.host; content:"103.230.121.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286505/; classtype:trojan-activity;sid:84149605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clr.exe"; depth:8; endswith; nocase; http.host; content:"kortatay.myz.info"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286506/; classtype:trojan-activity;sid:84149606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/java.exe"; depth:9; endswith; nocase; http.host; content:"64.176.168.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286502/; classtype:trojan-activity;sid:84149602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nanodump_ppl64.exe"; depth:19; endswith; nocase; http.host; content:"46.200.psinetpa.net.prodejdilu.cz"; depth:33; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286503/; classtype:trojan-activity;sid:84149603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.exe"; depth:9; endswith; nocase; http.host; content:"46.200.psinetpa.net.prodejdilu.cz"; depth:33; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286504/; classtype:trojan-activity;sid:84149604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.236.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286501/; classtype:trojan-activity;sid:84149601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.62.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286500/; classtype:trojan-activity;sid:84149600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.34.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286499/; classtype:trojan-activity;sid:84149599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286498/; classtype:trojan-activity;sid:84149598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.75.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286497/; classtype:trojan-activity;sid:84149597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.134.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286496/; classtype:trojan-activity;sid:84149596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.64.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286495/; classtype:trojan-activity;sid:84149595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.212.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286494/; classtype:trojan-activity;sid:84149594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.9.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286493/; classtype:trojan-activity;sid:84149593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.144.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286492/; classtype:trojan-activity;sid:84149592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.29.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286490/; classtype:trojan-activity;sid:84149590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.168.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286491/; classtype:trojan-activity;sid:84149591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.53.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286489/; classtype:trojan-activity;sid:84149589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.47.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286488/; classtype:trojan-activity;sid:84149588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.77.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286487/; classtype:trojan-activity;sid:84149587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.129.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286486/; classtype:trojan-activity;sid:84149586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.214.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286485/; classtype:trojan-activity;sid:84149585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286484/; classtype:trojan-activity;sid:84149584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.193.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286483/; classtype:trojan-activity;sid:84149583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.160.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286482/; classtype:trojan-activity;sid:84149582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.37.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286481/; classtype:trojan-activity;sid:84149581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.47.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286480/; classtype:trojan-activity;sid:84149580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.75.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286479/; classtype:trojan-activity;sid:84149579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.31.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286478/; classtype:trojan-activity;sid:84149578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.158.67.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286475/; classtype:trojan-activity;sid:84149575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.23.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286476/; classtype:trojan-activity;sid:84149576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.166.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286477/; classtype:trojan-activity;sid:84149577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.134.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286474/; classtype:trojan-activity;sid:84149574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.139.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286473/; classtype:trojan-activity;sid:84149573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286468/; classtype:trojan-activity;sid:84149568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286469/; classtype:trojan-activity;sid:84149569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286470/; classtype:trojan-activity;sid:84149570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286471/; classtype:trojan-activity;sid:84149571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286472/; classtype:trojan-activity;sid:84149572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.45.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286467/; classtype:trojan-activity;sid:84149567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286466/; classtype:trojan-activity;sid:84149566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286460/; classtype:trojan-activity;sid:84149560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286461/; classtype:trojan-activity;sid:84149561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286462/; classtype:trojan-activity;sid:84149562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286463/; classtype:trojan-activity;sid:84149563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286464/; classtype:trojan-activity;sid:84149564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"fra2utyr6zsdchelinais.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286465/; classtype:trojan-activity;sid:84149565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.47.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286459/; classtype:trojan-activity;sid:84149559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.237.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286458/; classtype:trojan-activity;sid:84149558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.219.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286457/; classtype:trojan-activity;sid:84149557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.151.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286456/; classtype:trojan-activity;sid:84149556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.42.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286455/; classtype:trojan-activity;sid:84149555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.99.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286454/; classtype:trojan-activity;sid:84149554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.106.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286453/; classtype:trojan-activity;sid:84149553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.31.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286452/; classtype:trojan-activity;sid:84149552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.26.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286451/; classtype:trojan-activity;sid:84149551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.26.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286450/; classtype:trojan-activity;sid:84149550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.122.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286449/; classtype:trojan-activity;sid:84149549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.47.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286448/; classtype:trojan-activity;sid:84149548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.197.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286447/; classtype:trojan-activity;sid:84149547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.69.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286446/; classtype:trojan-activity;sid:84149546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm5"; depth:6; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286444/; classtype:trojan-activity;sid:84149544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm4"; depth:6; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286445/; classtype:trojan-activity;sid:84149545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.237.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286443/; classtype:trojan-activity;sid:84149543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.99.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286442/; classtype:trojan-activity;sid:84149542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.47.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286441/; classtype:trojan-activity;sid:84149541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.226.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286440/; classtype:trojan-activity;sid:84149540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.81.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286439/; classtype:trojan-activity;sid:84149539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.22.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286438/; classtype:trojan-activity;sid:84149538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.41.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286437/; classtype:trojan-activity;sid:84149537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286436/; classtype:trojan-activity;sid:84149536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.150.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286435/; classtype:trojan-activity;sid:84149535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.8.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286434/; classtype:trojan-activity;sid:84149534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286433/; classtype:trojan-activity;sid:84149533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286432/; classtype:trojan-activity;sid:84149532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286431/; classtype:trojan-activity;sid:84149531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286430/; classtype:trojan-activity;sid:84149530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286427/; classtype:trojan-activity;sid:84149527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286428/; classtype:trojan-activity;sid:84149528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286429/; classtype:trojan-activity;sid:84149529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286414/; classtype:trojan-activity;sid:84149514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286415/; classtype:trojan-activity;sid:84149515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286416/; classtype:trojan-activity;sid:84149516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286417/; classtype:trojan-activity;sid:84149517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286418/; classtype:trojan-activity;sid:84149518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286419/; classtype:trojan-activity;sid:84149519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286420/; classtype:trojan-activity;sid:84149520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286421/; classtype:trojan-activity;sid:84149521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286422/; classtype:trojan-activity;sid:84149522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286423/; classtype:trojan-activity;sid:84149523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286424/; classtype:trojan-activity;sid:84149524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"94.154.172.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286425/; classtype:trojan-activity;sid:84149525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"104.37.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286426/; classtype:trojan-activity;sid:84149526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286413/; classtype:trojan-activity;sid:84149513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.45.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286411/; classtype:trojan-activity;sid:84149511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.119.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286412/; classtype:trojan-activity;sid:84149512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tbdxxyba5qkepcrx9buyely07cd5f5raqh"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286410/; classtype:trojan-activity;sid:84149510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dvh5m9ppg8ve0sjuqb30hvwzxieuq7eyqd"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286408/; classtype:trojan-activity;sid:84149508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iogezp2ofl1slbiklfrtx77fk74xh2jcbn"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286409/; classtype:trojan-activity;sid:84149509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286391/; classtype:trojan-activity;sid:84149491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wubs4mir8xqepuk3k86impwaewxxw20mxu"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286392/; classtype:trojan-activity;sid:84149492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/csuiq4h7okrnjzftle9wq8h90le6nl3qid"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286393/; classtype:trojan-activity;sid:84149493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286394/; classtype:trojan-activity;sid:84149494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dr9hptekx7ullwvjb8istdnegfwe9bugwn"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286395/; classtype:trojan-activity;sid:84149495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/01hwebx9tcxae3qljakwoq2eczxd84ifym"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286396/; classtype:trojan-activity;sid:84149496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286397/; classtype:trojan-activity;sid:84149497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286398/; classtype:trojan-activity;sid:84149498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zhz603w932kzpqm2wmbcoipeu4i1fqo17z"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286399/; classtype:trojan-activity;sid:84149499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286400/; classtype:trojan-activity;sid:84149500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4toufmu4ghvlcrynzh5oebi4bugqrqqnxy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286401/; classtype:trojan-activity;sid:84149501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286402/; classtype:trojan-activity;sid:84149502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bijmrbcj4hwkohqatwrvswakkn983xdznv"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286403/; classtype:trojan-activity;sid:84149503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/6fost20o0fvjnivbea5dckwtpovnylywed"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286404/; classtype:trojan-activity;sid:84149504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iay9mesrrk07gcfu6q1hnasqp7nsrpg5vk"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286405/; classtype:trojan-activity;sid:84149505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gebtsr5fz5nh7o1p9imhqxhlu5z9ugkrxo"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286406/; classtype:trojan-activity;sid:84149506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/oagv3juxcgqx3acxpbcpflpaqge9nx16yf"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286407/; classtype:trojan-activity;sid:84149507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286387/; classtype:trojan-activity;sid:84149487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286388/; classtype:trojan-activity;sid:84149488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286389/; classtype:trojan-activity;sid:84149489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286390/; classtype:trojan-activity;sid:84149490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.69.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286386/; classtype:trojan-activity;sid:84149486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.79.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286385/; classtype:trojan-activity;sid:84149485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.5.36.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286384/; classtype:trojan-activity;sid:84149484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.150.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286383/; classtype:trojan-activity;sid:84149483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.mips"; depth:14; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286382/; classtype:trojan-activity;sid:84149482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.mpsl"; depth:14; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286380/; classtype:trojan-activity;sid:84149480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.arm6"; depth:14; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286381/; classtype:trojan-activity;sid:84149481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.ppc"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286376/; classtype:trojan-activity;sid:84149476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.x86"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286377/; classtype:trojan-activity;sid:84149477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.arm4"; depth:14; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286378/; classtype:trojan-activity;sid:84149478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.arm5"; depth:14; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286379/; classtype:trojan-activity;sid:84149479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286375/; classtype:trojan-activity;sid:84149475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.124.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286374/; classtype:trojan-activity;sid:84149474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.41.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286373/; classtype:trojan-activity;sid:84149473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286372/; classtype:trojan-activity;sid:84149472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.70.244.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286371/; classtype:trojan-activity;sid:84149471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.212.144.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286370/; classtype:trojan-activity;sid:84149470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.252.167.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286369/; classtype:trojan-activity;sid:84149469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"132.255.117.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286368/; classtype:trojan-activity;sid:84149468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.166.251.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286367/; classtype:trojan-activity;sid:84149467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.21.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286364/; classtype:trojan-activity;sid:84149464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.115.213.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286365/; classtype:trojan-activity;sid:84149465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.254.13.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286366/; classtype:trojan-activity;sid:84149466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.160.164.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286361/; classtype:trojan-activity;sid:84149461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.0.226.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286362/; classtype:trojan-activity;sid:84149462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.201.40.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286363/; classtype:trojan-activity;sid:84149463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.14.162.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286360/; classtype:trojan-activity;sid:84149460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.163.19.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286359/; classtype:trojan-activity;sid:84149459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.129.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286358/; classtype:trojan-activity;sid:84149458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.54.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286357/; classtype:trojan-activity;sid:84149457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286356/; classtype:trojan-activity;sid:84149456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.119.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286355/; classtype:trojan-activity;sid:84149455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.232.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286353/; classtype:trojan-activity;sid:84149453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.79.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286354/; classtype:trojan-activity;sid:84149454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.168.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286352/; classtype:trojan-activity;sid:84149452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.118.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286351/; classtype:trojan-activity;sid:84149451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.251.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286349/; classtype:trojan-activity;sid:84149449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.6.91.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286350/; classtype:trojan-activity;sid:84149450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.45.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286348/; classtype:trojan-activity;sid:84149448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.247.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286347/; classtype:trojan-activity;sid:84149447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286346/; classtype:trojan-activity;sid:84149446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.72.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286345/; classtype:trojan-activity;sid:84149445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.62.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286344/; classtype:trojan-activity;sid:84149444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"118.107.43.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286343/; classtype:trojan-activity;sid:84149443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"kk30.xyz"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286342/; classtype:trojan-activity;sid:84149442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.64.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286341/; classtype:trojan-activity;sid:84149441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.144.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286340/; classtype:trojan-activity;sid:84149440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.89.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286339/; classtype:trojan-activity;sid:84149439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.104.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286337/; classtype:trojan-activity;sid:84149437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286338/; classtype:trojan-activity;sid:84149438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.95.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286336/; classtype:trojan-activity;sid:84149436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286335/; classtype:trojan-activity;sid:84149435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.251.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286334/; classtype:trojan-activity;sid:84149434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286333/; classtype:trojan-activity;sid:84149433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286332/; classtype:trojan-activity;sid:84149432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.249.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286331/; classtype:trojan-activity;sid:84149431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286327/; classtype:trojan-activity;sid:84149427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm"; depth:12; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286328/; classtype:trojan-activity;sid:84149428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.x86"; depth:12; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286329/; classtype:trojan-activity;sid:84149429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286330/; classtype:trojan-activity;sid:84149430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286323/; classtype:trojan-activity;sid:84149423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286324/; classtype:trojan-activity;sid:84149424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.spc"; depth:12; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286325/; classtype:trojan-activity;sid:84149425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mips"; depth:13; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286326/; classtype:trojan-activity;sid:84149426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286320/; classtype:trojan-activity;sid:84149420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286321/; classtype:trojan-activity;sid:84149421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286322/; classtype:trojan-activity;sid:84149422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286319/; classtype:trojan-activity;sid:84149419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286317/; classtype:trojan-activity;sid:84149417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286318/; classtype:trojan-activity;sid:84149418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286316/; classtype:trojan-activity;sid:84149416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.177.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286315/; classtype:trojan-activity;sid:84149415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.159.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286314/; classtype:trojan-activity;sid:84149414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.17.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286312/; classtype:trojan-activity;sid:84149412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.59.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286313/; classtype:trojan-activity;sid:84149413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.87.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286310/; classtype:trojan-activity;sid:84149410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286311/; classtype:trojan-activity;sid:84149411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286309/; classtype:trojan-activity;sid:84149409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286307/; classtype:trojan-activity;sid:84149407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286308/; classtype:trojan-activity;sid:84149408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.90.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286306/; classtype:trojan-activity;sid:84149406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.219.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286305/; classtype:trojan-activity;sid:84149405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.x86"; depth:7; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286304/; classtype:trojan-activity;sid:84149404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.153.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286303/; classtype:trojan-activity;sid:84149403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286294/; classtype:trojan-activity;sid:84149394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286295/; classtype:trojan-activity;sid:84149395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.mips"; depth:8; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286296/; classtype:trojan-activity;sid:84149396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286297/; classtype:trojan-activity;sid:84149397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286298/; classtype:trojan-activity;sid:84149398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286299/; classtype:trojan-activity;sid:84149399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286300/; classtype:trojan-activity;sid:84149400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286301/; classtype:trojan-activity;sid:84149401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286302/; classtype:trojan-activity;sid:84149402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286293/; classtype:trojan-activity;sid:84149393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.arm6"; depth:8; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286291/; classtype:trojan-activity;sid:84149391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286292/; classtype:trojan-activity;sid:84149392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.arm7"; depth:8; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286289/; classtype:trojan-activity;sid:84149389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.arm5"; depth:8; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286290/; classtype:trojan-activity;sid:84149390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.243.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286286/; classtype:trojan-activity;sid:84149386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.arm"; depth:7; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286287/; classtype:trojan-activity;sid:84149387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.m68k"; depth:8; endswith; nocase; http.host; content:"vi2.02nier.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286288/; classtype:trojan-activity;sid:84149388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.162.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286284/; classtype:trojan-activity;sid:84149384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.177.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286283/; classtype:trojan-activity;sid:84149383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.159.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286281/; classtype:trojan-activity;sid:84149381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.4.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286282/; classtype:trojan-activity;sid:84149382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.134.15.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286280/; classtype:trojan-activity;sid:84149380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.225.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286279/; classtype:trojan-activity;sid:84149379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.39.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286278/; classtype:trojan-activity;sid:84149378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.46.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286277/; classtype:trojan-activity;sid:84149377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.122.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286276/; classtype:trojan-activity;sid:84149376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.90.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286275/; classtype:trojan-activity;sid:84149375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.177.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286274/; classtype:trojan-activity;sid:84149374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.168.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286273/; classtype:trojan-activity;sid:84149373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.129.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286272/; classtype:trojan-activity;sid:84149372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.201.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286271/; classtype:trojan-activity;sid:84149371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.243.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286270/; classtype:trojan-activity;sid:84149370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.4.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286269/; classtype:trojan-activity;sid:84149369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.249.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286268/; classtype:trojan-activity;sid:84149368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286267/; classtype:trojan-activity;sid:84149367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"187.86.183.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286264/; classtype:trojan-activity;sid:84149364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286265/; classtype:trojan-activity;sid:84149365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.81.159.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286266/; classtype:trojan-activity;sid:84149366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.191.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286263/; classtype:trojan-activity;sid:84149363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.1.167"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286262/; classtype:trojan-activity;sid:84149362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.114.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286261/; classtype:trojan-activity;sid:84149361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.132.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286260/; classtype:trojan-activity;sid:84149360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.113.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286259/; classtype:trojan-activity;sid:84149359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.6.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286257/; classtype:trojan-activity;sid:84149357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.116.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286258/; classtype:trojan-activity;sid:84149358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.70.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286256/; classtype:trojan-activity;sid:84149356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.72.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286254/; classtype:trojan-activity;sid:84149354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.1.167"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286255/; classtype:trojan-activity;sid:84149355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.107.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286253/; classtype:trojan-activity;sid:84149353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"27.124.46.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286246/; classtype:trojan-activity;sid:84149346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"27.124.46.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286247/; classtype:trojan-activity;sid:84149347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.114.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286248/; classtype:trojan-activity;sid:84149348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.178.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286249/; classtype:trojan-activity;sid:84149349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"27.124.46.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286250/; classtype:trojan-activity;sid:84149350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"27.124.46.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286251/; classtype:trojan-activity;sid:84149351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"27.124.46.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286252/; classtype:trojan-activity;sid:84149352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"154.212.150.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286240/; classtype:trojan-activity;sid:84149340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"45.194.37.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286241/; classtype:trojan-activity;sid:84149341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"154.198.53.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286242/; classtype:trojan-activity;sid:84149342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"154.212.150.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286243/; classtype:trojan-activity;sid:84149343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"154.212.150.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286244/; classtype:trojan-activity;sid:84149344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"202.61.84.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286245/; classtype:trojan-activity;sid:84149345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.197.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286239/; classtype:trojan-activity;sid:84149339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.100.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286238/; classtype:trojan-activity;sid:84149338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.246.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286237/; classtype:trojan-activity;sid:84149337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.130.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286236/; classtype:trojan-activity;sid:84149336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.124.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286235/; classtype:trojan-activity;sid:84149335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.245.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286233/; classtype:trojan-activity;sid:84149333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286234/; classtype:trojan-activity;sid:84149334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"27.124.46.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286231/; classtype:trojan-activity;sid:84149331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"27.124.46.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286232/; classtype:trojan-activity;sid:84149332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.197.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286229/; classtype:trojan-activity;sid:84149329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.199.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286230/; classtype:trojan-activity;sid:84149330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"202.61.84.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286228/; classtype:trojan-activity;sid:84149328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.199.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286226/; classtype:trojan-activity;sid:84149326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.txt"; depth:9; endswith; nocase; http.host; content:"206.238.199.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286227/; classtype:trojan-activity;sid:84149327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.162.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286225/; classtype:trojan-activity;sid:84149325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.6.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286224/; classtype:trojan-activity;sid:84149324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.49.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286223/; classtype:trojan-activity;sid:84149323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.114.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286222/; classtype:trojan-activity;sid:84149322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.65.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286221/; classtype:trojan-activity;sid:84149321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.14.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286220/; classtype:trojan-activity;sid:84149320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.132.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286219/; classtype:trojan-activity;sid:84149319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.246.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286218/; classtype:trojan-activity;sid:84149318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.219.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286217/; classtype:trojan-activity;sid:84149317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.236.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286216/; classtype:trojan-activity;sid:84149316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.53.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286215/; classtype:trojan-activity;sid:84149315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.100.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286214/; classtype:trojan-activity;sid:84149314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.66.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286213/; classtype:trojan-activity;sid:84149313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geek_se.exe"; depth:12; endswith; nocase; http.host; content:"47.236.122.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286212/; classtype:trojan-activity;sid:84149312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//transformationarthur.zip"; depth:26; endswith; nocase; http.host; content:"185.241.208.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286211/; classtype:trojan-activity;sid:84149311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dutch.txt"; depth:10; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286204/; classtype:trojan-activity;sid:84149304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1010.png"; depth:9; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286205/; classtype:trojan-activity;sid:84149305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xt.png"; depth:7; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286206/; classtype:trojan-activity;sid:84149306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gold.exe"; depth:9; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286207/; classtype:trojan-activity;sid:84149307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oldxteam.exe"; depth:13; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286208/; classtype:trojan-activity;sid:84149308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sae.txt"; depth:8; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286209/; classtype:trojan-activity;sid:84149309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zharkbot.exe"; depth:14; endswith; nocase; http.host; content:"185.241.208.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286210/; classtype:trojan-activity;sid:84149310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.208.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286203/; classtype:trojan-activity;sid:84149303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1010.bat"; depth:9; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286202/; classtype:trojan-activity;sid:84149302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gen0610wsf.txt"; depth:15; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286199/; classtype:trojan-activity;sid:84149299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca.bat"; depth:7; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286200/; classtype:trojan-activity;sid:84149300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ai.png"; depth:7; endswith; nocase; http.host; content:"194.26.192.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286201/; classtype:trojan-activity;sid:84149301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.92.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286198/; classtype:trojan-activity;sid:84149298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yjh97p7lckqbzymkvgigx_60sdauyyny"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286196/; classtype:trojan-activity;sid:84149296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1omveqtzefu0cmpxedidtmbkzk0lvqcdx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286197/; classtype:trojan-activity;sid:84149297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.236.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286195/; classtype:trojan-activity;sid:84149295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=126zvtis_umxhmhhrnkbzisz3tqzgyrv8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286194/; classtype:trojan-activity;sid:84149294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hpjsxzvhlbqfoucxyrsqiy0r-c12gq_4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286193/; classtype:trojan-activity;sid:84149293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.227.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286192/; classtype:trojan-activity;sid:84149292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.124.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286191/; classtype:trojan-activity;sid:84149291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.125.241.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286190/; classtype:trojan-activity;sid:84149290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.117.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286188/; classtype:trojan-activity;sid:84149288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.39.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286189/; classtype:trojan-activity;sid:84149289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.132.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286187/; classtype:trojan-activity;sid:84149287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.175.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286186/; classtype:trojan-activity;sid:84149286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/155/vc/seethebestthingsneedtodowithgreatthingshappenedonheretosee.hta"; depth:70; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286185/; classtype:trojan-activity;sid:84149285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/155/brandthingswithgreatamazingthingshappened.tif"; depth:50; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286184/; classtype:trojan-activity;sid:84149284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286183/; classtype:trojan-activity;sid:84149283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/350/wcb/seethebstpricewithbestthinghappingwithgoodnews.hta"; depth:59; endswith; nocase; http.host; content:"23.94.171.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286182/; classtype:trojan-activity;sid:84149282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/350/seethebestpicturewithgreatthingswithouthandlethethings.tif"; depth:63; endswith; nocase; http.host; content:"23.94.171.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286181/; classtype:trojan-activity;sid:84149281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.40.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286180/; classtype:trojan-activity;sid:84149280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.217.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286179/; classtype:trojan-activity;sid:84149279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.79.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286178/; classtype:trojan-activity;sid:84149278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.96.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286177/; classtype:trojan-activity;sid:84149277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.6.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286176/; classtype:trojan-activity;sid:84149276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.242.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286174/; classtype:trojan-activity;sid:84149274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.136.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286175/; classtype:trojan-activity;sid:84149275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.227.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286173/; classtype:trojan-activity;sid:84149273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.236.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286172/; classtype:trojan-activity;sid:84149272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286171/; classtype:trojan-activity;sid:84149271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.246.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286170/; classtype:trojan-activity;sid:84149270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchot%20-%20%e5%89%af%e6%9c%ac.exe"; depth:36; endswith; nocase; http.host; content:"154.201.87.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286167/; classtype:trojan-activity;sid:84149267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchot.exe"; depth:11; endswith; nocase; http.host; content:"154.201.87.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286168/; classtype:trojan-activity;sid:84149268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//polymorphieres1109.exe"; depth:24; endswith; nocase; http.host; content:"62.60.236.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286169/; classtype:trojan-activity;sid:84149269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svcyr.exe"; depth:10; endswith; nocase; http.host; content:"154.201.87.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286166/; classtype:trojan-activity;sid:84149266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286165/; classtype:trojan-activity;sid:84149265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.221.223.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286164/; classtype:trojan-activity;sid:84149264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.228.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286163/; classtype:trojan-activity;sid:84149263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.28.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286162/; classtype:trojan-activity;sid:84149262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.177.5.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286161/; classtype:trojan-activity;sid:84149261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.101.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286160/; classtype:trojan-activity;sid:84149260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.125.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286159/; classtype:trojan-activity;sid:84149259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.79.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286158/; classtype:trojan-activity;sid:84149258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.96.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286157/; classtype:trojan-activity;sid:84149257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.85.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286156/; classtype:trojan-activity;sid:84149256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.65.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286155/; classtype:trojan-activity;sid:84149255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.72.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286153/; classtype:trojan-activity;sid:84149253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.32.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286154/; classtype:trojan-activity;sid:84149254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.192.162.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286152/; classtype:trojan-activity;sid:84149252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.208.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286150/; classtype:trojan-activity;sid:84149250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.208.68.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286151/; classtype:trojan-activity;sid:84149251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.96.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286149/; classtype:trojan-activity;sid:84149249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.198.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286148/; classtype:trojan-activity;sid:84149248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.154.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286147/; classtype:trojan-activity;sid:84149247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.6.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286146/; classtype:trojan-activity;sid:84149246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/public/ghost_1.5.11.5.exe"; depth:35; endswith; nocase; http.host; content:"114.132.167.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286145/; classtype:trojan-activity;sid:84149245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/public/ghost.exe"; depth:26; endswith; nocase; http.host; content:"114.132.167.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286144/; classtype:trojan-activity;sid:84149244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/public/nb.exe"; depth:23; endswith; nocase; http.host; content:"114.132.167.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286143/; classtype:trojan-activity;sid:84149243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/public/sewanclt.exe"; depth:29; endswith; nocase; http.host; content:"114.132.167.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286142/; classtype:trojan-activity;sid:84149242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/public/installpg.dll"; depth:30; endswith; nocase; http.host; content:"114.132.167.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286140/; classtype:trojan-activity;sid:84149240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/public/ua.exe"; depth:23; endswith; nocase; http.host; content:"114.132.167.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286141/; classtype:trojan-activity;sid:84149241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.dll"; depth:6; endswith; nocase; http.host; content:"143.92.62.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286139/; classtype:trojan-activity;sid:84149239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runtimebroker.exe"; depth:18; endswith; nocase; http.host; content:"143.92.62.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286138/; classtype:trojan-activity;sid:84149238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.100.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286137/; classtype:trojan-activity;sid:84149237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.75.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286136/; classtype:trojan-activity;sid:84149236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.83.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286135/; classtype:trojan-activity;sid:84149235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.28.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286134/; classtype:trojan-activity;sid:84149234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.217.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286133/; classtype:trojan-activity;sid:84149233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.192.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286132/; classtype:trojan-activity;sid:84149232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.245.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286131/; classtype:trojan-activity;sid:84149231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.31.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286129/; classtype:trojan-activity;sid:84149229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.32.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286130/; classtype:trojan-activity;sid:84149230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.72.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286128/; classtype:trojan-activity;sid:84149228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.118.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286127/; classtype:trojan-activity;sid:84149227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.169.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286126/; classtype:trojan-activity;sid:84149226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/astraloader.exe"; depth:16; endswith; nocase; http.host; content:"15.188.60.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286125/; classtype:trojan-activity;sid:84149225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/espsemhvcioff.exe"; depth:18; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286124/; classtype:trojan-activity;sid:84149224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esphvcion.exe"; depth:14; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286122/; classtype:trojan-activity;sid:84149222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aimhvcion.exe"; depth:14; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286123/; classtype:trojan-activity;sid:84149223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aimsemhvcioff.exe"; depth:18; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286121/; classtype:trojan-activity;sid:84149221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djksahjkdhkh.exe"; depth:17; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286120/; classtype:trojan-activity;sid:84149220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dkasjhajksdhdjkas.exe"; depth:22; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286118/; classtype:trojan-activity;sid:84149218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runtimebrikon.exe"; depth:18; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286119/; classtype:trojan-activity;sid:84149219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sjkhjkh.exe"; depth:12; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286117/; classtype:trojan-activity;sid:84149217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdkashk.exe"; depth:12; endswith; nocase; http.host; content:"109.110.184.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286115/; classtype:trojan-activity;sid:84149215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3.exe"; depth:7; endswith; nocase; http.host; content:"154.218.7.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286116/; classtype:trojan-activity;sid:84149216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anti.exe"; depth:9; endswith; nocase; http.host; content:"a1050330.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286114/; classtype:trojan-activity;sid:84149214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"89.23.96.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286113/; classtype:trojan-activity;sid:84149213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/bootstrapperv1.19.exe"; depth:31; endswith; nocase; http.host; content:"91.200.220.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286112/; classtype:trojan-activity;sid:84149212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/dlhost.exe"; depth:20; endswith; nocase; http.host; content:"91.200.220.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286111/; classtype:trojan-activity;sid:84149211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.64.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286110/; classtype:trojan-activity;sid:84149210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.170.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286109/; classtype:trojan-activity;sid:84149209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.129.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286108/; classtype:trojan-activity;sid:84149208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286107/; classtype:trojan-activity;sid:84149207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.62.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286106/; classtype:trojan-activity;sid:84149206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.212.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286105/; classtype:trojan-activity;sid:84149205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.67.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286104/; classtype:trojan-activity;sid:84149204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.175.206.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286103/; classtype:trojan-activity;sid:84149203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.6.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286102/; classtype:trojan-activity;sid:84149202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.154.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286101/; classtype:trojan-activity;sid:84149201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.16.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286100/; classtype:trojan-activity;sid:84149200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.83.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286099/; classtype:trojan-activity;sid:84149199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.113.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286098/; classtype:trojan-activity;sid:84149198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aujbbt.zip"; depth:11; endswith; nocase; http.host; content:"185.241.208.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286097/; classtype:trojan-activity;sid:84149197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ha7dur10.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286096/; classtype:trojan-activity;sid:84149196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gaozw40v.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286094/; classtype:trojan-activity;sid:84149194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/41m98slk.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286095/; classtype:trojan-activity;sid:84149195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/88851n80.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286093/; classtype:trojan-activity;sid:84149193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/99awhy8l.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286091/; classtype:trojan-activity;sid:84149191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mjpvghw.exe"; depth:12; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286092/; classtype:trojan-activity;sid:84149192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/2r61ahry.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286090/; classtype:trojan-activity;sid:84149190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fru7nk9/plugins/cred64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286088/; classtype:trojan-activity;sid:84149188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fru7nk9/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286089/; classtype:trojan-activity;sid:84149189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fru7nk9/plugins/clip.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286087/; classtype:trojan-activity;sid:84149187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fru7nk9/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286086/; classtype:trojan-activity;sid:84149186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286085/; classtype:trojan-activity;sid:84149185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.99.173"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286084/; classtype:trojan-activity;sid:84149184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.165.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286083/; classtype:trojan-activity;sid:84149183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davwwwroot/255112432526044.dll"; depth:31; endswith; nocase; http.host; content:"94.159.113.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286082/; classtype:trojan-activity;sid:84149182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venkovisual/loli-mod/refs/heads/main/asyncclient.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286081/; classtype:trojan-activity;sid:84149181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nexus/bypass3/adb.exe"; depth:22; endswith; nocase; http.host; content:"updatenexus.org.tc"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286080/; classtype:trojan-activity;sid:84149180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"89.23.96.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286078/; classtype:trojan-activity;sid:84149178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"89.23.96.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286079/; classtype:trojan-activity;sid:84149179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.129.18.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286077/; classtype:trojan-activity;sid:84149177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.2.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286076/; classtype:trojan-activity;sid:84149176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lnbpkdhz223.bin"; depth:16; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286075/; classtype:trojan-activity;sid:84149175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.143.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286074/; classtype:trojan-activity;sid:84149174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.118.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286072/; classtype:trojan-activity;sid:84149172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jiddxp45.bin"; depth:13; endswith; nocase; http.host; content:"185.149.234.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286073/; classtype:trojan-activity;sid:84149173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdteoelbktvbmw239.bin"; depth:22; endswith; nocase; http.host; content:"91.92.120.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286071/; classtype:trojan-activity;sid:84149171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.175.206.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286069/; classtype:trojan-activity;sid:84149169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.54.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286070/; classtype:trojan-activity;sid:84149170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.91.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286068/; classtype:trojan-activity;sid:84149168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hello.github.io/info.bin"; depth:25; endswith; nocase; http.host; content:"authmex.github.io"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286066/; classtype:trojan-activity;sid:84149166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/showqa/xt/refs/heads/main/shellcodeany.bin"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286065/; classtype:trojan-activity;sid:84149165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main/shell.bin"; depth:15; endswith; nocase; http.host; content:"encrypthub.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286064/; classtype:trojan-activity;sid:84149164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photobase64.dll"; depth:16; endswith; nocase; http.host; content:"89.213.134.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286063/; classtype:trojan-activity;sid:84149163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woord02/nigga/raw/refs/heads/main/majesticexec.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286062/; classtype:trojan-activity;sid:84149162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/925.bin"; depth:8; endswith; nocase; http.host; content:"121.62.18.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286060/; classtype:trojan-activity;sid:84149160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/927.bin"; depth:8; endswith; nocase; http.host; content:"121.62.18.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286061/; classtype:trojan-activity;sid:84149161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lumber.exe"; depth:11; endswith; nocase; http.host; content:"54.158.34.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286056/; classtype:trojan-activity;sid:84149156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.151.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286057/; classtype:trojan-activity;sid:84149157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/showqa/xt/raw/refs/heads/main/shellcodeany.bin"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286058/; classtype:trojan-activity;sid:84149158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.180.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286059/; classtype:trojan-activity;sid:84149159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286055/; classtype:trojan-activity;sid:84149155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.232.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286054/; classtype:trojan-activity;sid:84149154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.191.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286053/; classtype:trojan-activity;sid:84149153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.45.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286052/; classtype:trojan-activity;sid:84149152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286051/; classtype:trojan-activity;sid:84149151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.44.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286050/; classtype:trojan-activity;sid:84149150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.111.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286049/; classtype:trojan-activity;sid:84149149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.40.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286047/; classtype:trojan-activity;sid:84149147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.44.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286048/; classtype:trojan-activity;sid:84149148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.71.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286046/; classtype:trojan-activity;sid:84149146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286044/; classtype:trojan-activity;sid:84149144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.192.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286045/; classtype:trojan-activity;sid:84149145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286043/; classtype:trojan-activity;sid:84149143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.96.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286042/; classtype:trojan-activity;sid:84149142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.174.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286041/; classtype:trojan-activity;sid:84149141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.80.32.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286040/; classtype:trojan-activity;sid:84149140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.127.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286039/; classtype:trojan-activity;sid:84149139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286038/; classtype:trojan-activity;sid:84149138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.163.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286037/; classtype:trojan-activity;sid:84149137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.63.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286035/; classtype:trojan-activity;sid:84149135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.134.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286036/; classtype:trojan-activity;sid:84149136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286033/; classtype:trojan-activity;sid:84149133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.18.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286034/; classtype:trojan-activity;sid:84149134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.68.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286032/; classtype:trojan-activity;sid:84149132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.235.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286030/; classtype:trojan-activity;sid:84149130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.192.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286031/; classtype:trojan-activity;sid:84149131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.130.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286029/; classtype:trojan-activity;sid:84149129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.44.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286028/; classtype:trojan-activity;sid:84149128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.100.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286027/; classtype:trojan-activity;sid:84149127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.196.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286026/; classtype:trojan-activity;sid:84149126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.180.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286025/; classtype:trojan-activity;sid:84149125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.82.197.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286024/; classtype:trojan-activity;sid:84149124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.31.228.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286023/; classtype:trojan-activity;sid:84149123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.152.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286022/; classtype:trojan-activity;sid:84149122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.2.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286021/; classtype:trojan-activity;sid:84149121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.246.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286020/; classtype:trojan-activity;sid:84149120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286019/; classtype:trojan-activity;sid:84149119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.206.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286018/; classtype:trojan-activity;sid:84149118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.71.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286017/; classtype:trojan-activity;sid:84149117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.70.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286016/; classtype:trojan-activity;sid:84149116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.245.2.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286015/; classtype:trojan-activity;sid:84149115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.77.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286013/; classtype:trojan-activity;sid:84149113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286014/; classtype:trojan-activity;sid:84149114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.228.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286010/; classtype:trojan-activity;sid:84149110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.22.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286011/; classtype:trojan-activity;sid:84149111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.112.76.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286012/; classtype:trojan-activity;sid:84149112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.203.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286009/; classtype:trojan-activity;sid:84149109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.58.23.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286008/; classtype:trojan-activity;sid:84149108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.7.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286007/; classtype:trojan-activity;sid:84149107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.174.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286006/; classtype:trojan-activity;sid:84149106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.95.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286005/; classtype:trojan-activity;sid:84149105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.233.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286004/; classtype:trojan-activity;sid:84149104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286003/; classtype:trojan-activity;sid:84149103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.196.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286002/; classtype:trojan-activity;sid:84149102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.193.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286001/; classtype:trojan-activity;sid:84149101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.229.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286000/; classtype:trojan-activity;sid:84149100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.163.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285999/; classtype:trojan-activity;sid:84149099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.68.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285998/; classtype:trojan-activity;sid:84149098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.163.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285997/; classtype:trojan-activity;sid:84149097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285996/; classtype:trojan-activity;sid:84149096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.183.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285994/; classtype:trojan-activity;sid:84149094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.31.201.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285995/; classtype:trojan-activity;sid:84149095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.123.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285993/; classtype:trojan-activity;sid:84149093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.26.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285992/; classtype:trojan-activity;sid:84149092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.239.220.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285991/; classtype:trojan-activity;sid:84149091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.70.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285990/; classtype:trojan-activity;sid:84149090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.77.40.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285989/; classtype:trojan-activity;sid:84149089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.245.2.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285988/; classtype:trojan-activity;sid:84149088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.152.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285987/; classtype:trojan-activity;sid:84149087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.100.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285986/; classtype:trojan-activity;sid:84149086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285985/; classtype:trojan-activity;sid:84149085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.111.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285984/; classtype:trojan-activity;sid:84149084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.5.36.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285983/; classtype:trojan-activity;sid:84149083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.22.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285982/; classtype:trojan-activity;sid:84149082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.31.201.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285981/; classtype:trojan-activity;sid:84149081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285980/; classtype:trojan-activity;sid:84149080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.30.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285979/; classtype:trojan-activity;sid:84149079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.31.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285978/; classtype:trojan-activity;sid:84149078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.219.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285977/; classtype:trojan-activity;sid:84149077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.13.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285976/; classtype:trojan-activity;sid:84149076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.79.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285975/; classtype:trojan-activity;sid:84149075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.228.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285974/; classtype:trojan-activity;sid:84149074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.109.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285973/; classtype:trojan-activity;sid:84149073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.167.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285972/; classtype:trojan-activity;sid:84149072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.22.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285971/; classtype:trojan-activity;sid:84149071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.149.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285970/; classtype:trojan-activity;sid:84149070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4e7c1351c9e2eb/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"45.88.76.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285968/; classtype:trojan-activity;sid:84149068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4e7c1351c9e2eb/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"45.88.76.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285969/; classtype:trojan-activity;sid:84149069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4e7c1351c9e2eb/nss3.dll"; depth:26; endswith; nocase; http.host; content:"45.88.76.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285965/; classtype:trojan-activity;sid:84149065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4e7c1351c9e2eb/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.76.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285966/; classtype:trojan-activity;sid:84149066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4e7c1351c9e2eb/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"45.88.76.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285967/; classtype:trojan-activity;sid:84149067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.13.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285964/; classtype:trojan-activity;sid:84149064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4e7c1351c9e2eb/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.76.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285962/; classtype:trojan-activity;sid:84149062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4e7c1351c9e2eb/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"45.88.76.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285963/; classtype:trojan-activity;sid:84149063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.165.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285961/; classtype:trojan-activity;sid:84149061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.229.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285960/; classtype:trojan-activity;sid:84149060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.115.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285959/; classtype:trojan-activity;sid:84149059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285958/; classtype:trojan-activity;sid:84149058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.63.21.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285957/; classtype:trojan-activity;sid:84149057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.141.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285956/; classtype:trojan-activity;sid:84149056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.59.251.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285954/; classtype:trojan-activity;sid:84149054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.54.88.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285955/; classtype:trojan-activity;sid:84149055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.55.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285953/; classtype:trojan-activity;sid:84149053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.179.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285952/; classtype:trojan-activity;sid:84149052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.22.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285951/; classtype:trojan-activity;sid:84149051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.169.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285950/; classtype:trojan-activity;sid:84149050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.19.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285949/; classtype:trojan-activity;sid:84149049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285947/; classtype:trojan-activity;sid:84149047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.209.16.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285948/; classtype:trojan-activity;sid:84149048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.108.66.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285946/; classtype:trojan-activity;sid:84149046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.58.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285945/; classtype:trojan-activity;sid:84149045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.120.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285944/; classtype:trojan-activity;sid:84149044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.235.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285943/; classtype:trojan-activity;sid:84149043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.78.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285942/; classtype:trojan-activity;sid:84149042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.167.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285941/; classtype:trojan-activity;sid:84149041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285940/; classtype:trojan-activity;sid:84149040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285939/; classtype:trojan-activity;sid:84149039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.19.249.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285938/; classtype:trojan-activity;sid:84149038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285937/; classtype:trojan-activity;sid:84149037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285936/; classtype:trojan-activity;sid:84149036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285935/; classtype:trojan-activity;sid:84149035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.154.17.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285934/; classtype:trojan-activity;sid:84149034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.117.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285933/; classtype:trojan-activity;sid:84149033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.175.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285932/; classtype:trojan-activity;sid:84149032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.153.144.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285931/; classtype:trojan-activity;sid:84149031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285930/; classtype:trojan-activity;sid:84149030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.210.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285929/; classtype:trojan-activity;sid:84149029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.50.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285928/; classtype:trojan-activity;sid:84149028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.179.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285927/; classtype:trojan-activity;sid:84149027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.19.139.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285926/; classtype:trojan-activity;sid:84149026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.168.88.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285925/; classtype:trojan-activity;sid:84149025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.45.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285924/; classtype:trojan-activity;sid:84149024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.199.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285923/; classtype:trojan-activity;sid:84149023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.255.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285922/; classtype:trojan-activity;sid:84149022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.78.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285921/; classtype:trojan-activity;sid:84149021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.97.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285920/; classtype:trojan-activity;sid:84149020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285919/; classtype:trojan-activity;sid:84149019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.6.51"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285918/; classtype:trojan-activity;sid:84149018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.4.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285916/; classtype:trojan-activity;sid:84149016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.55.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285917/; classtype:trojan-activity;sid:84149017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.214.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285915/; classtype:trojan-activity;sid:84149015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.145.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285914/; classtype:trojan-activity;sid:84149014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.167.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285913/; classtype:trojan-activity;sid:84149013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.84.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285912/; classtype:trojan-activity;sid:84149012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.140.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285911/; classtype:trojan-activity;sid:84149011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.149.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285909/; classtype:trojan-activity;sid:84149009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.129.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285910/; classtype:trojan-activity;sid:84149010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285908/; classtype:trojan-activity;sid:84149008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.244.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285907/; classtype:trojan-activity;sid:84149007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285906/; classtype:trojan-activity;sid:84149006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.189.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285904/; classtype:trojan-activity;sid:84149004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.174.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285905/; classtype:trojan-activity;sid:84149005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.85.178"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285903/; classtype:trojan-activity;sid:84149003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285902/; classtype:trojan-activity;sid:84149002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.201.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285901/; classtype:trojan-activity;sid:84149001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.242.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285900/; classtype:trojan-activity;sid:84149000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.9.101"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285898/; classtype:trojan-activity;sid:84148998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.116.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285899/; classtype:trojan-activity;sid:84148999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.96.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285897/; classtype:trojan-activity;sid:84148997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.79.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285895/; classtype:trojan-activity;sid:84148995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.30.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285896/; classtype:trojan-activity;sid:84148996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285894/; classtype:trojan-activity;sid:84148994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.55.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285893/; classtype:trojan-activity;sid:84148993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.214.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285892/; classtype:trojan-activity;sid:84148992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285891/; classtype:trojan-activity;sid:84148991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.185.200.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285890/; classtype:trojan-activity;sid:84148990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.4.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285889/; classtype:trojan-activity;sid:84148989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.154.17.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285888/; classtype:trojan-activity;sid:84148988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.244.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285887/; classtype:trojan-activity;sid:84148987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.174.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285886/; classtype:trojan-activity;sid:84148986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.104.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285885/; classtype:trojan-activity;sid:84148985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.44.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285884/; classtype:trojan-activity;sid:84148984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285883/; classtype:trojan-activity;sid:84148983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.140.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285882/; classtype:trojan-activity;sid:84148982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.84.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285881/; classtype:trojan-activity;sid:84148981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.175.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285880/; classtype:trojan-activity;sid:84148980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.186.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285879/; classtype:trojan-activity;sid:84148979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.30.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285878/; classtype:trojan-activity;sid:84148978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.142.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285877/; classtype:trojan-activity;sid:84148977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.182.166.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285876/; classtype:trojan-activity;sid:84148976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.177.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285875/; classtype:trojan-activity;sid:84148975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285874/; classtype:trojan-activity;sid:84148974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285873/; classtype:trojan-activity;sid:84148973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285872/; classtype:trojan-activity;sid:84148972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.247.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285871/; classtype:trojan-activity;sid:84148971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.77.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285870/; classtype:trojan-activity;sid:84148970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.193.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285869/; classtype:trojan-activity;sid:84148969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.116.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285868/; classtype:trojan-activity;sid:84148968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.242.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285867/; classtype:trojan-activity;sid:84148967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.26.235.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285866/; classtype:trojan-activity;sid:84148966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.236.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285865/; classtype:trojan-activity;sid:84148965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.54.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285864/; classtype:trojan-activity;sid:84148964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.105.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285863/; classtype:trojan-activity;sid:84148963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.70.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285862/; classtype:trojan-activity;sid:84148962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285861/; classtype:trojan-activity;sid:84148961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.255.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285858/; classtype:trojan-activity;sid:84148958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.55.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285859/; classtype:trojan-activity;sid:84148959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.109.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285860/; classtype:trojan-activity;sid:84148960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.209.16.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285857/; classtype:trojan-activity;sid:84148957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.206.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285856/; classtype:trojan-activity;sid:84148956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.140.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285855/; classtype:trojan-activity;sid:84148955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285854/; classtype:trojan-activity;sid:84148954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.96.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285853/; classtype:trojan-activity;sid:84148953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285851/; classtype:trojan-activity;sid:84148951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.196.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285852/; classtype:trojan-activity;sid:84148952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.50.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285850/; classtype:trojan-activity;sid:84148950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.56.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285849/; classtype:trojan-activity;sid:84148949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.160.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285848/; classtype:trojan-activity;sid:84148948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285847/; classtype:trojan-activity;sid:84148947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.193.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285846/; classtype:trojan-activity;sid:84148946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.221.222.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285844/; classtype:trojan-activity;sid:84148944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.141.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285845/; classtype:trojan-activity;sid:84148945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.96.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285843/; classtype:trojan-activity;sid:84148943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.sh"; depth:7; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285842/; classtype:trojan-activity;sid:84148942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.169.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285841/; classtype:trojan-activity;sid:84148941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.44.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285840/; classtype:trojan-activity;sid:84148940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285839/; classtype:trojan-activity;sid:84148939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.89.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285837/; classtype:trojan-activity;sid:84148937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285838/; classtype:trojan-activity;sid:84148938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.247.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285836/; classtype:trojan-activity;sid:84148936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.26.235.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285835/; classtype:trojan-activity;sid:84148935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.225.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285834/; classtype:trojan-activity;sid:84148934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285833/; classtype:trojan-activity;sid:84148933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.190.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285832/; classtype:trojan-activity;sid:84148932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.22.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285831/; classtype:trojan-activity;sid:84148931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.40.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285830/; classtype:trojan-activity;sid:84148930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.94.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285829/; classtype:trojan-activity;sid:84148929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.56.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285828/; classtype:trojan-activity;sid:84148928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.55.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285827/; classtype:trojan-activity;sid:84148927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.70.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285826/; classtype:trojan-activity;sid:84148926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.227.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285825/; classtype:trojan-activity;sid:84148925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285824/; classtype:trojan-activity;sid:84148924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.141.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285823/; classtype:trojan-activity;sid:84148923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.255.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285822/; classtype:trojan-activity;sid:84148922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.96.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285821/; classtype:trojan-activity;sid:84148921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.231.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285820/; classtype:trojan-activity;sid:84148920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.80.82.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285819/; classtype:trojan-activity;sid:84148919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.190.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285818/; classtype:trojan-activity;sid:84148918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.143.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285816/; classtype:trojan-activity;sid:84148916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.231.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285817/; classtype:trojan-activity;sid:84148917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.213.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285815/; classtype:trojan-activity;sid:84148915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.160.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285814/; classtype:trojan-activity;sid:84148914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285813/; classtype:trojan-activity;sid:84148913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.10.199.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285811/; classtype:trojan-activity;sid:84148911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.174.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285812/; classtype:trojan-activity;sid:84148912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.75.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285810/; classtype:trojan-activity;sid:84148910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.59.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285808/; classtype:trojan-activity;sid:84148908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.146.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285809/; classtype:trojan-activity;sid:84148909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.196.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285806/; classtype:trojan-activity;sid:84148906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.162.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285807/; classtype:trojan-activity;sid:84148907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.248.114.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285805/; classtype:trojan-activity;sid:84148905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285804/; classtype:trojan-activity;sid:84148904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.155.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285803/; classtype:trojan-activity;sid:84148903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.71.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285802/; classtype:trojan-activity;sid:84148902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.89.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285801/; classtype:trojan-activity;sid:84148901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.109.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285800/; classtype:trojan-activity;sid:84148900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.174.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285799/; classtype:trojan-activity;sid:84148899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.224.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285795/; classtype:trojan-activity;sid:84148895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.94.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285796/; classtype:trojan-activity;sid:84148896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.42.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285797/; classtype:trojan-activity;sid:84148897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285798/; classtype:trojan-activity;sid:84148898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.85.62.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285794/; classtype:trojan-activity;sid:84148894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.106.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285793/; classtype:trojan-activity;sid:84148893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.238.214.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285792/; classtype:trojan-activity;sid:84148892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.113.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285791/; classtype:trojan-activity;sid:84148891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.61.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285790/; classtype:trojan-activity;sid:84148890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.109.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285789/; classtype:trojan-activity;sid:84148889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.24.36.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285788/; classtype:trojan-activity;sid:84148888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.178.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285787/; classtype:trojan-activity;sid:84148887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.219.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285786/; classtype:trojan-activity;sid:84148886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285785/; classtype:trojan-activity;sid:84148885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.85.55.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285784/; classtype:trojan-activity;sid:84148884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.92.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285783/; classtype:trojan-activity;sid:84148883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.55.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285782/; classtype:trojan-activity;sid:84148882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.155.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285781/; classtype:trojan-activity;sid:84148881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.214.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285780/; classtype:trojan-activity;sid:84148880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285779/; classtype:trojan-activity;sid:84148879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285778/; classtype:trojan-activity;sid:84148878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285777/; classtype:trojan-activity;sid:84148877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.180.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285776/; classtype:trojan-activity;sid:84148876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.51.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285775/; classtype:trojan-activity;sid:84148875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.71.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285774/; classtype:trojan-activity;sid:84148874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.170.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285773/; classtype:trojan-activity;sid:84148873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.219.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285772/; classtype:trojan-activity;sid:84148872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.65.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285771/; classtype:trojan-activity;sid:84148871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285770/; classtype:trojan-activity;sid:84148870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.22.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285769/; classtype:trojan-activity;sid:84148869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.223.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285768/; classtype:trojan-activity;sid:84148868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.7.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285767/; classtype:trojan-activity;sid:84148867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.26.252"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285766/; classtype:trojan-activity;sid:84148866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.220.12.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285765/; classtype:trojan-activity;sid:84148865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.228.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285764/; classtype:trojan-activity;sid:84148864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.245.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285763/; classtype:trojan-activity;sid:84148863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.179.252"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285762/; classtype:trojan-activity;sid:84148862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.118.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285760/; classtype:trojan-activity;sid:84148860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285761/; classtype:trojan-activity;sid:84148861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.234.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285759/; classtype:trojan-activity;sid:84148859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.73.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285758/; classtype:trojan-activity;sid:84148858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.213.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285756/; classtype:trojan-activity;sid:84148856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.182.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285757/; classtype:trojan-activity;sid:84148857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.54.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285755/; classtype:trojan-activity;sid:84148855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.214.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285754/; classtype:trojan-activity;sid:84148854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.83.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285753/; classtype:trojan-activity;sid:84148853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285752/; classtype:trojan-activity;sid:84148852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.215.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285751/; classtype:trojan-activity;sid:84148851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.89.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285750/; classtype:trojan-activity;sid:84148850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.29.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285749/; classtype:trojan-activity;sid:84148849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285748/; classtype:trojan-activity;sid:84148848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285747/; classtype:trojan-activity;sid:84148847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.178.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285746/; classtype:trojan-activity;sid:84148846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.112.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285745/; classtype:trojan-activity;sid:84148845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.65.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285744/; classtype:trojan-activity;sid:84148844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.9.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285743/; classtype:trojan-activity;sid:84148843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.166.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285742/; classtype:trojan-activity;sid:84148842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.250.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285741/; classtype:trojan-activity;sid:84148841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.240.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285740/; classtype:trojan-activity;sid:84148840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.179.252"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285739/; classtype:trojan-activity;sid:84148839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.236.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285738/; classtype:trojan-activity;sid:84148838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.182.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285737/; classtype:trojan-activity;sid:84148837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285736/; classtype:trojan-activity;sid:84148836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.158.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285735/; classtype:trojan-activity;sid:84148835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.213.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285734/; classtype:trojan-activity;sid:84148834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.214.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285733/; classtype:trojan-activity;sid:84148833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.213.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285732/; classtype:trojan-activity;sid:84148832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.85.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285731/; classtype:trojan-activity;sid:84148831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.227.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285730/; classtype:trojan-activity;sid:84148830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.182.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285729/; classtype:trojan-activity;sid:84148829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.178.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285728/; classtype:trojan-activity;sid:84148828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.47.85.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285726/; classtype:trojan-activity;sid:84148826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.44.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285727/; classtype:trojan-activity;sid:84148827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.39.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285725/; classtype:trojan-activity;sid:84148825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.50.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285724/; classtype:trojan-activity;sid:84148824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.191.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285723/; classtype:trojan-activity;sid:84148823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.118.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285722/; classtype:trojan-activity;sid:84148822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.44.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285721/; classtype:trojan-activity;sid:84148821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.108.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285720/; classtype:trojan-activity;sid:84148820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.166.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285718/; classtype:trojan-activity;sid:84148818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.159.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285719/; classtype:trojan-activity;sid:84148819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.191.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285717/; classtype:trojan-activity;sid:84148817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.73.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285716/; classtype:trojan-activity;sid:84148816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.126.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285715/; classtype:trojan-activity;sid:84148815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.33.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285714/; classtype:trojan-activity;sid:84148814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285713/; classtype:trojan-activity;sid:84148813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.178.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285712/; classtype:trojan-activity;sid:84148812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.213.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285711/; classtype:trojan-activity;sid:84148811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285710/; classtype:trojan-activity;sid:84148810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285709/; classtype:trojan-activity;sid:84148809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.142.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285708/; classtype:trojan-activity;sid:84148808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.16.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285707/; classtype:trojan-activity;sid:84148807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.196.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285706/; classtype:trojan-activity;sid:84148806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285705/; classtype:trojan-activity;sid:84148805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.123.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285704/; classtype:trojan-activity;sid:84148804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.237.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285703/; classtype:trojan-activity;sid:84148803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.144.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285702/; classtype:trojan-activity;sid:84148802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.181.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285701/; classtype:trojan-activity;sid:84148801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.234.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285700/; classtype:trojan-activity;sid:84148800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.39.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285698/; classtype:trojan-activity;sid:84148798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.174.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285699/; classtype:trojan-activity;sid:84148799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.47.85.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285697/; classtype:trojan-activity;sid:84148797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.133.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285696/; classtype:trojan-activity;sid:84148796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.112.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285695/; classtype:trojan-activity;sid:84148795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.105.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285694/; classtype:trojan-activity;sid:84148794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.88.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285692/; classtype:trojan-activity;sid:84148792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.24.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285693/; classtype:trojan-activity;sid:84148793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.28.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285691/; classtype:trojan-activity;sid:84148791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.9.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285689/; classtype:trojan-activity;sid:84148789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.44.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285690/; classtype:trojan-activity;sid:84148790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.126.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285688/; classtype:trojan-activity;sid:84148788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.5.110"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285687/; classtype:trojan-activity;sid:84148787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.126.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285686/; classtype:trojan-activity;sid:84148786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.128.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285685/; classtype:trojan-activity;sid:84148785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.174.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285684/; classtype:trojan-activity;sid:84148784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.79.113.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285683/; classtype:trojan-activity;sid:84148783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.205.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285682/; classtype:trojan-activity;sid:84148782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.8.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285681/; classtype:trojan-activity;sid:84148781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.67.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285680/; classtype:trojan-activity;sid:84148780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.188.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285679/; classtype:trojan-activity;sid:84148779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285677/; classtype:trojan-activity;sid:84148777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.42.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285678/; classtype:trojan-activity;sid:84148778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.176.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285676/; classtype:trojan-activity;sid:84148776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.39.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285675/; classtype:trojan-activity;sid:84148775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.211.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285674/; classtype:trojan-activity;sid:84148774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.28.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285672/; classtype:trojan-activity;sid:84148772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.103.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285673/; classtype:trojan-activity;sid:84148773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285671/; classtype:trojan-activity;sid:84148771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.74.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285670/; classtype:trojan-activity;sid:84148770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.205.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285669/; classtype:trojan-activity;sid:84148769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.18.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285668/; classtype:trojan-activity;sid:84148768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.42.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285667/; classtype:trojan-activity;sid:84148767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285666/; classtype:trojan-activity;sid:84148766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.55.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285665/; classtype:trojan-activity;sid:84148765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.241.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285663/; classtype:trojan-activity;sid:84148763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.116.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285664/; classtype:trojan-activity;sid:84148764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.182.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285662/; classtype:trojan-activity;sid:84148762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.42.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285661/; classtype:trojan-activity;sid:84148761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.176.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285660/; classtype:trojan-activity;sid:84148760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285659/; classtype:trojan-activity;sid:84148759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.238.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285658/; classtype:trojan-activity;sid:84148758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.232.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285657/; classtype:trojan-activity;sid:84148757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285656/; classtype:trojan-activity;sid:84148756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.71.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285655/; classtype:trojan-activity;sid:84148755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.103.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285652/; classtype:trojan-activity;sid:84148752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.116.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285653/; classtype:trojan-activity;sid:84148753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.88.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285654/; classtype:trojan-activity;sid:84148754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.255.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285651/; classtype:trojan-activity;sid:84148751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.63.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285650/; classtype:trojan-activity;sid:84148750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.248.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285649/; classtype:trojan-activity;sid:84148749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.182.166.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285648/; classtype:trojan-activity;sid:84148748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.164.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285646/; classtype:trojan-activity;sid:84148746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285647/; classtype:trojan-activity;sid:84148747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.162.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285645/; classtype:trojan-activity;sid:84148745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285644/; classtype:trojan-activity;sid:84148744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285643/; classtype:trojan-activity;sid:84148743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.110.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285642/; classtype:trojan-activity;sid:84148742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.57.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285641/; classtype:trojan-activity;sid:84148741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.156.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285640/; classtype:trojan-activity;sid:84148740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.228.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285639/; classtype:trojan-activity;sid:84148739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.20.3.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285638/; classtype:trojan-activity;sid:84148738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.124.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285637/; classtype:trojan-activity;sid:84148737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.55.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285634/; classtype:trojan-activity;sid:84148734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.89.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285635/; classtype:trojan-activity;sid:84148735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.92.247.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285636/; classtype:trojan-activity;sid:84148736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285632/; classtype:trojan-activity;sid:84148732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.217.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285633/; classtype:trojan-activity;sid:84148733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.10.199.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285631/; classtype:trojan-activity;sid:84148731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"adqw.accounting.bridgemastersllc.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285630/; classtype:trojan-activity;sid:84148730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.65.56.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285629/; classtype:trojan-activity;sid:84148729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.39.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285628/; classtype:trojan-activity;sid:84148728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.183.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285627/; classtype:trojan-activity;sid:84148727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.57.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285626/; classtype:trojan-activity;sid:84148726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test2.exe"; depth:10; endswith; nocase; http.host; content:"mncrafter.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285625/; classtype:trojan-activity;sid:84148725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285624/; classtype:trojan-activity;sid:84148724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.228.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285623/; classtype:trojan-activity;sid:84148723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.168.88.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285622/; classtype:trojan-activity;sid:84148722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.110.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285621/; classtype:trojan-activity;sid:84148721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.217.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285619/; classtype:trojan-activity;sid:84148719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285620/; classtype:trojan-activity;sid:84148720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.78.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285618/; classtype:trojan-activity;sid:84148718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285617/; classtype:trojan-activity;sid:84148717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.89.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285616/; classtype:trojan-activity;sid:84148716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.20.3.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285615/; classtype:trojan-activity;sid:84148715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.186.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285614/; classtype:trojan-activity;sid:84148714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.55.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285613/; classtype:trojan-activity;sid:84148713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.183.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285612/; classtype:trojan-activity;sid:84148712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.30.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285611/; classtype:trojan-activity;sid:84148711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"199.45.129.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285608/; classtype:trojan-activity;sid:84148708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.65.56.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285609/; classtype:trojan-activity;sid:84148709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.59.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285610/; classtype:trojan-activity;sid:84148710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285607/; classtype:trojan-activity;sid:84148707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285606/; classtype:trojan-activity;sid:84148706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.209.75.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285605/; classtype:trojan-activity;sid:84148705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285604/; classtype:trojan-activity;sid:84148704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.186.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285603/; classtype:trojan-activity;sid:84148703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.78.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285601/; classtype:trojan-activity;sid:84148701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.176.101.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285602/; classtype:trojan-activity;sid:84148702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285600/; classtype:trojan-activity;sid:84148700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.107.72.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285599/; classtype:trojan-activity;sid:84148699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.126.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285598/; classtype:trojan-activity;sid:84148698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.85.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285597/; classtype:trojan-activity;sid:84148697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.255.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285596/; classtype:trojan-activity;sid:84148696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.219.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285594/; classtype:trojan-activity;sid:84148694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.108.30.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285595/; classtype:trojan-activity;sid:84148695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.125.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285593/; classtype:trojan-activity;sid:84148693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.209.75.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285592/; classtype:trojan-activity;sid:84148692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.43.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285591/; classtype:trojan-activity;sid:84148691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.253.221.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285590/; classtype:trojan-activity;sid:84148690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285589/; classtype:trojan-activity;sid:84148689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.254.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285588/; classtype:trojan-activity;sid:84148688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285587/; classtype:trojan-activity;sid:84148687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.151.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285586/; classtype:trojan-activity;sid:84148686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.229.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285585/; classtype:trojan-activity;sid:84148685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285584/; classtype:trojan-activity;sid:84148684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.255.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285583/; classtype:trojan-activity;sid:84148683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.133.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285582/; classtype:trojan-activity;sid:84148682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.15.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285581/; classtype:trojan-activity;sid:84148681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"68.115.131.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285580/; classtype:trojan-activity;sid:84148680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.215.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285579/; classtype:trojan-activity;sid:84148679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.24.66.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285578/; classtype:trojan-activity;sid:84148678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.130.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285577/; classtype:trojan-activity;sid:84148677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.45.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285576/; classtype:trojan-activity;sid:84148676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.254.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285575/; classtype:trojan-activity;sid:84148675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.12.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285574/; classtype:trojan-activity;sid:84148674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285573/; classtype:trojan-activity;sid:84148673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.202.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285571/; classtype:trojan-activity;sid:84148671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.29.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285572/; classtype:trojan-activity;sid:84148672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.245.11.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285569/; classtype:trojan-activity;sid:84148669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.247.218.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285570/; classtype:trojan-activity;sid:84148670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.249.26.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285568/; classtype:trojan-activity;sid:84148668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.253.181.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285567/; classtype:trojan-activity;sid:84148667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.70.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285566/; classtype:trojan-activity;sid:84148666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285565/; classtype:trojan-activity;sid:84148665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.133.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285564/; classtype:trojan-activity;sid:84148664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.44.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285563/; classtype:trojan-activity;sid:84148663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285562/; classtype:trojan-activity;sid:84148662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.237.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285561/; classtype:trojan-activity;sid:84148661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.250.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285560/; classtype:trojan-activity;sid:84148660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.73.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285559/; classtype:trojan-activity;sid:84148659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.229.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285557/; classtype:trojan-activity;sid:84148657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285558/; classtype:trojan-activity;sid:84148658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.221.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285556/; classtype:trojan-activity;sid:84148656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.111.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285555/; classtype:trojan-activity;sid:84148655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.242.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285554/; classtype:trojan-activity;sid:84148654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.98.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285553/; classtype:trojan-activity;sid:84148653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.214.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285551/; classtype:trojan-activity;sid:84148651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.171.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285552/; classtype:trojan-activity;sid:84148652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.141.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285550/; classtype:trojan-activity;sid:84148650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.44.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285549/; classtype:trojan-activity;sid:84148649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.123.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285548/; classtype:trojan-activity;sid:84148648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.202.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285547/; classtype:trojan-activity;sid:84148647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.145.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285546/; classtype:trojan-activity;sid:84148646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.215.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285545/; classtype:trojan-activity;sid:84148645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285544/; classtype:trojan-activity;sid:84148644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.123.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285543/; classtype:trojan-activity;sid:84148643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.17.49"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285542/; classtype:trojan-activity;sid:84148642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.231.200.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285541/; classtype:trojan-activity;sid:84148641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.237.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285540/; classtype:trojan-activity;sid:84148640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285539/; classtype:trojan-activity;sid:84148639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.55.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285538/; classtype:trojan-activity;sid:84148638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.73.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285537/; classtype:trojan-activity;sid:84148637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285536/; classtype:trojan-activity;sid:84148636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.236.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285535/; classtype:trojan-activity;sid:84148635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.91.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285534/; classtype:trojan-activity;sid:84148634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285533/; classtype:trojan-activity;sid:84148633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.54.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285532/; classtype:trojan-activity;sid:84148632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.17.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285531/; classtype:trojan-activity;sid:84148631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.209.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285530/; classtype:trojan-activity;sid:84148630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.116.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285529/; classtype:trojan-activity;sid:84148629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.38.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285528/; classtype:trojan-activity;sid:84148628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.145.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285527/; classtype:trojan-activity;sid:84148627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.75.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285526/; classtype:trojan-activity;sid:84148626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.94.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285525/; classtype:trojan-activity;sid:84148625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.167.172.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285524/; classtype:trojan-activity;sid:84148624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.225.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285523/; classtype:trojan-activity;sid:84148623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.14.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285522/; classtype:trojan-activity;sid:84148622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.177.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285521/; classtype:trojan-activity;sid:84148621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.174.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285520/; classtype:trojan-activity;sid:84148620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.101.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285519/; classtype:trojan-activity;sid:84148619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285518/; classtype:trojan-activity;sid:84148618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.1.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285517/; classtype:trojan-activity;sid:84148617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.195.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285516/; classtype:trojan-activity;sid:84148616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285515/; classtype:trojan-activity;sid:84148615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.47.85.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285514/; classtype:trojan-activity;sid:84148614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.183.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285513/; classtype:trojan-activity;sid:84148613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.14.100"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285512/; classtype:trojan-activity;sid:84148612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.111.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285511/; classtype:trojan-activity;sid:84148611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.17.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285510/; classtype:trojan-activity;sid:84148610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.70.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285509/; classtype:trojan-activity;sid:84148609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285508/; classtype:trojan-activity;sid:84148608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285506/; classtype:trojan-activity;sid:84148606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.201.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285507/; classtype:trojan-activity;sid:84148607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.228.189.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285504/; classtype:trojan-activity;sid:84148604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.77.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285505/; classtype:trojan-activity;sid:84148605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285502/; classtype:trojan-activity;sid:84148602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285503/; classtype:trojan-activity;sid:84148603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.94.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285501/; classtype:trojan-activity;sid:84148601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.128.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285500/; classtype:trojan-activity;sid:84148600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.45.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285493/; classtype:trojan-activity;sid:84148593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285494/; classtype:trojan-activity;sid:84148594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285495/; classtype:trojan-activity;sid:84148595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285496/; classtype:trojan-activity;sid:84148596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285497/; classtype:trojan-activity;sid:84148597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285498/; classtype:trojan-activity;sid:84148598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285499/; classtype:trojan-activity;sid:84148599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.44.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285492/; classtype:trojan-activity;sid:84148592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.14.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285491/; classtype:trojan-activity;sid:84148591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.167.172.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285490/; classtype:trojan-activity;sid:84148590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285488/; classtype:trojan-activity;sid:84148588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.219.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285489/; classtype:trojan-activity;sid:84148589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.247.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285487/; classtype:trojan-activity;sid:84148587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.199.157.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285486/; classtype:trojan-activity;sid:84148586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.55.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285484/; classtype:trojan-activity;sid:84148584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.3.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285485/; classtype:trojan-activity;sid:84148585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.60.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285483/; classtype:trojan-activity;sid:84148583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.183.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285482/; classtype:trojan-activity;sid:84148582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.224.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285480/; classtype:trojan-activity;sid:84148580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.215.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285481/; classtype:trojan-activity;sid:84148581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285479/; classtype:trojan-activity;sid:84148579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.73.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285478/; classtype:trojan-activity;sid:84148578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.123.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285477/; classtype:trojan-activity;sid:84148577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285476/; classtype:trojan-activity;sid:84148576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.55.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285475/; classtype:trojan-activity;sid:84148575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.132.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285474/; classtype:trojan-activity;sid:84148574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.3.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285473/; classtype:trojan-activity;sid:84148573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.201.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285472/; classtype:trojan-activity;sid:84148572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.79.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285471/; classtype:trojan-activity;sid:84148571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.49.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285470/; classtype:trojan-activity;sid:84148570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.120.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285469/; classtype:trojan-activity;sid:84148569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.40.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285468/; classtype:trojan-activity;sid:84148568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.134.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285467/; classtype:trojan-activity;sid:84148567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.55.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285466/; classtype:trojan-activity;sid:84148566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.247.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285465/; classtype:trojan-activity;sid:84148565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.224.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285464/; classtype:trojan-activity;sid:84148564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.241.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285463/; classtype:trojan-activity;sid:84148563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285462/; classtype:trojan-activity;sid:84148562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.1.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285461/; classtype:trojan-activity;sid:84148561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.164.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285460/; classtype:trojan-activity;sid:84148560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kz/shazam.exe"; depth:14; endswith; nocase; http.host; content:"64.52.80.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285459/; classtype:trojan-activity;sid:84148559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.132.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285458/; classtype:trojan-activity;sid:84148558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.183.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285457/; classtype:trojan-activity;sid:84148557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285456/; classtype:trojan-activity;sid:84148556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.107.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285455/; classtype:trojan-activity;sid:84148555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.49.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285454/; classtype:trojan-activity;sid:84148554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.55.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285452/; classtype:trojan-activity;sid:84148552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.194.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285453/; classtype:trojan-activity;sid:84148553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.58.251.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285451/; classtype:trojan-activity;sid:84148551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.187.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285450/; classtype:trojan-activity;sid:84148550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285449/; classtype:trojan-activity;sid:84148549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.91.98"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285448/; classtype:trojan-activity;sid:84148548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.241.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285447/; classtype:trojan-activity;sid:84148547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.11.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285446/; classtype:trojan-activity;sid:84148546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.31.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285445/; classtype:trojan-activity;sid:84148545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.173.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285444/; classtype:trojan-activity;sid:84148544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285443/; classtype:trojan-activity;sid:84148543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.49.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285442/; classtype:trojan-activity;sid:84148542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rrrrrr-72f36.appspot.com/o/proyecto%2ffdsf.txt|3f|alt=media|7c|26|7c|token=def09299-49b7-42a1-b069-dfa7cf3a6d0e"; depth:117; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285441/; classtype:trojan-activity;sid:84148541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rrrrrr-72f36.appspot.com/o/proyecto%2fskype.txt|3f|alt=media|7c|26|7c|token=d9d97dde-ba82-4237-8223-b6f9ce2dee88"; depth:118; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285440/; classtype:trojan-activity;sid:84148540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.58.251.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285439/; classtype:trojan-activity;sid:84148539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.246.20.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285438/; classtype:trojan-activity;sid:84148538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.99.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285437/; classtype:trojan-activity;sid:84148537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.99.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285436/; classtype:trojan-activity;sid:84148536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.14.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285435/; classtype:trojan-activity;sid:84148535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.159.198.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285434/; classtype:trojan-activity;sid:84148534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.162.59.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285433/; classtype:trojan-activity;sid:84148533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.135.210.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285432/; classtype:trojan-activity;sid:84148532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.162.103.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285431/; classtype:trojan-activity;sid:84148531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.119.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285430/; classtype:trojan-activity;sid:84148530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.138.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285429/; classtype:trojan-activity;sid:84148529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/-pril/refs/heads/main/kldrgawdtjawd.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285428/; classtype:trojan-activity;sid:84148528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.88.147.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285427/; classtype:trojan-activity;sid:84148527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.181.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285426/; classtype:trojan-activity;sid:84148526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.111.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285425/; classtype:trojan-activity;sid:84148525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.165.106.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285424/; classtype:trojan-activity;sid:84148524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.83.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285422/; classtype:trojan-activity;sid:84148522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285420/; classtype:trojan-activity;sid:84148520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.11.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285419/; classtype:trojan-activity;sid:84148519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.159.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285417/; classtype:trojan-activity;sid:84148517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.232.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285418/; classtype:trojan-activity;sid:84148518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.20.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285416/; classtype:trojan-activity;sid:84148516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.159.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285415/; classtype:trojan-activity;sid:84148515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.88.147.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285414/; classtype:trojan-activity;sid:84148514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.91.98"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285413/; classtype:trojan-activity;sid:84148513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.143.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285412/; classtype:trojan-activity;sid:84148512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.99.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285411/; classtype:trojan-activity;sid:84148511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.99.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285409/; classtype:trojan-activity;sid:84148509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.50.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285410/; classtype:trojan-activity;sid:84148510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.158.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285408/; classtype:trojan-activity;sid:84148508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.204.206.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285407/; classtype:trojan-activity;sid:84148507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.181.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285406/; classtype:trojan-activity;sid:84148506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.135.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285405/; classtype:trojan-activity;sid:84148505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.165.106.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285404/; classtype:trojan-activity;sid:84148504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285403/; classtype:trojan-activity;sid:84148503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.112.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285402/; classtype:trojan-activity;sid:84148502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.74.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285401/; classtype:trojan-activity;sid:84148501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.20.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285400/; classtype:trojan-activity;sid:84148500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"149.100.164.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285399/; classtype:trojan-activity;sid:84148499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285398/; classtype:trojan-activity;sid:84148498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285397/; classtype:trojan-activity;sid:84148497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.189.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285396/; classtype:trojan-activity;sid:84148496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.224.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285395/; classtype:trojan-activity;sid:84148495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.62.224.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285394/; classtype:trojan-activity;sid:84148494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.29.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285393/; classtype:trojan-activity;sid:84148493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.71.85.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285392/; classtype:trojan-activity;sid:84148492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.98.26.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285390/; classtype:trojan-activity;sid:84148490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.235.116.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285391/; classtype:trojan-activity;sid:84148491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.120.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285389/; classtype:trojan-activity;sid:84148489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.253.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285388/; classtype:trojan-activity;sid:84148488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.135.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285387/; classtype:trojan-activity;sid:84148487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.10.166.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285386/; classtype:trojan-activity;sid:84148486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.82.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285383/; classtype:trojan-activity;sid:84148483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.143.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285384/; classtype:trojan-activity;sid:84148484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.158.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285385/; classtype:trojan-activity;sid:84148485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.138.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285382/; classtype:trojan-activity;sid:84148482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.204.206.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285381/; classtype:trojan-activity;sid:84148481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.203.94.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285380/; classtype:trojan-activity;sid:84148480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.145.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285379/; classtype:trojan-activity;sid:84148479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.136.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285378/; classtype:trojan-activity;sid:84148478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.168.88.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285377/; classtype:trojan-activity;sid:84148477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.62.224.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285376/; classtype:trojan-activity;sid:84148476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285375/; classtype:trojan-activity;sid:84148475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.151.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285374/; classtype:trojan-activity;sid:84148474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285372/; classtype:trojan-activity;sid:84148472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285373/; classtype:trojan-activity;sid:84148473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285367/; classtype:trojan-activity;sid:84148467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285368/; classtype:trojan-activity;sid:84148468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285369/; classtype:trojan-activity;sid:84148469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285370/; classtype:trojan-activity;sid:84148470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285371/; classtype:trojan-activity;sid:84148471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285364/; classtype:trojan-activity;sid:84148464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285365/; classtype:trojan-activity;sid:84148465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285366/; classtype:trojan-activity;sid:84148466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.54.160.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285363/; classtype:trojan-activity;sid:84148463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285359/; classtype:trojan-activity;sid:84148459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnap"; depth:5; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285360/; classtype:trojan-activity;sid:84148460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285361/; classtype:trojan-activity;sid:84148461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285362/; classtype:trojan-activity;sid:84148462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285355/; classtype:trojan-activity;sid:84148455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285356/; classtype:trojan-activity;sid:84148456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.91.63.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285357/; classtype:trojan-activity;sid:84148457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285358/; classtype:trojan-activity;sid:84148458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285346/; classtype:trojan-activity;sid:84148446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285347/; classtype:trojan-activity;sid:84148447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285348/; classtype:trojan-activity;sid:84148448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285349/; classtype:trojan-activity;sid:84148449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285350/; classtype:trojan-activity;sid:84148450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285351/; classtype:trojan-activity;sid:84148451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285352/; classtype:trojan-activity;sid:84148452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pulse"; depth:6; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285353/; classtype:trojan-activity;sid:84148453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285354/; classtype:trojan-activity;sid:84148454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.144.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285344/; classtype:trojan-activity;sid:84148444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.160.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285343/; classtype:trojan-activity;sid:84148443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.239.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285342/; classtype:trojan-activity;sid:84148442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.187.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285341/; classtype:trojan-activity;sid:84148441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.196.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285340/; classtype:trojan-activity;sid:84148440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.235.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285339/; classtype:trojan-activity;sid:84148439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285338/; classtype:trojan-activity;sid:84148438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285337/; classtype:trojan-activity;sid:84148437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.247.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285336/; classtype:trojan-activity;sid:84148436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.31.201.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285335/; classtype:trojan-activity;sid:84148435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.m68k"; depth:9; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285334/; classtype:trojan-activity;sid:84148434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.ppc"; depth:10; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285332/; classtype:trojan-activity;sid:84148432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.ppc"; depth:8; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285333/; classtype:trojan-activity;sid:84148433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.13.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285331/; classtype:trojan-activity;sid:84148431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285329/; classtype:trojan-activity;sid:84148429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.x32"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285330/; classtype:trojan-activity;sid:84148430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mpsl"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285317/; classtype:trojan-activity;sid:84148417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.mpsl"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285318/; classtype:trojan-activity;sid:84148418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285319/; classtype:trojan-activity;sid:84148419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.mips"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285320/; classtype:trojan-activity;sid:84148420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.x86"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285321/; classtype:trojan-activity;sid:84148421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285322/; classtype:trojan-activity;sid:84148422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.arm6"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285323/; classtype:trojan-activity;sid:84148423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh4"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285324/; classtype:trojan-activity;sid:84148424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.mips"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285325/; classtype:trojan-activity;sid:84148425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.i586"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285326/; classtype:trojan-activity;sid:84148426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.i586"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285327/; classtype:trojan-activity;sid:84148427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.ppc"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285328/; classtype:trojan-activity;sid:84148428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.x86"; depth:8; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285303/; classtype:trojan-activity;sid:84148403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.sh4"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285304/; classtype:trojan-activity;sid:84148404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.m68k"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285305/; classtype:trojan-activity;sid:84148405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285306/; classtype:trojan-activity;sid:84148406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.mpsl"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285307/; classtype:trojan-activity;sid:84148407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.ppc"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285308/; classtype:trojan-activity;sid:84148408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285309/; classtype:trojan-activity;sid:84148409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.mips"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285310/; classtype:trojan-activity;sid:84148410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.x86"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285311/; classtype:trojan-activity;sid:84148411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.i586"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285312/; classtype:trojan-activity;sid:84148412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.mpsl"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285313/; classtype:trojan-activity;sid:84148413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.sh4"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285314/; classtype:trojan-activity;sid:84148414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.arm6"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285315/; classtype:trojan-activity;sid:84148415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.mips"; depth:9; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285316/; classtype:trojan-activity;sid:84148416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.x32"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285277/; classtype:trojan-activity;sid:84148377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.arm4"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285278/; classtype:trojan-activity;sid:84148378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.sh4"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285279/; classtype:trojan-activity;sid:84148379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.arm4"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285280/; classtype:trojan-activity;sid:84148380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.arm4"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285281/; classtype:trojan-activity;sid:84148381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.m68k"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285282/; classtype:trojan-activity;sid:84148382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.m68k"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285283/; classtype:trojan-activity;sid:84148383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.ppc"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285284/; classtype:trojan-activity;sid:84148384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.m68k"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285285/; classtype:trojan-activity;sid:84148385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.m68k"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285286/; classtype:trojan-activity;sid:84148386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.arm6"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285287/; classtype:trojan-activity;sid:84148387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.ppc"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285288/; classtype:trojan-activity;sid:84148388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.x86"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285289/; classtype:trojan-activity;sid:84148389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.x86"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285290/; classtype:trojan-activity;sid:84148390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x32"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285291/; classtype:trojan-activity;sid:84148391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.x86"; depth:10; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285292/; classtype:trojan-activity;sid:84148392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.x86"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285293/; classtype:trojan-activity;sid:84148393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285294/; classtype:trojan-activity;sid:84148394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.sh4"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285295/; classtype:trojan-activity;sid:84148395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.sh4"; depth:10; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285296/; classtype:trojan-activity;sid:84148396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.m68k"; depth:13; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285297/; classtype:trojan-activity;sid:84148397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.x32"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285298/; classtype:trojan-activity;sid:84148398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285299/; classtype:trojan-activity;sid:84148399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.sh4"; depth:8; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285300/; classtype:trojan-activity;sid:84148400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.ppc"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285301/; classtype:trojan-activity;sid:84148401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.sh4"; depth:12; endswith; nocase; http.host; content:"kykgenot.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285302/; classtype:trojan-activity;sid:84148402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"210.10.166.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285276/; classtype:trojan-activity;sid:84148376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.208.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285275/; classtype:trojan-activity;sid:84148375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.44.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285274/; classtype:trojan-activity;sid:84148374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"194.54.160.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285273/; classtype:trojan-activity;sid:84148373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.86.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285272/; classtype:trojan-activity;sid:84148372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.160.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285271/; classtype:trojan-activity;sid:84148371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.102.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285270/; classtype:trojan-activity;sid:84148370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.245.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285269/; classtype:trojan-activity;sid:84148369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.sh4"; depth:10; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285268/; classtype:trojan-activity;sid:84148368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.91.63.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285267/; classtype:trojan-activity;sid:84148367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.sh4"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285263/; classtype:trojan-activity;sid:84148363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.ppc"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285264/; classtype:trojan-activity;sid:84148364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.x32"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285265/; classtype:trojan-activity;sid:84148365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.113.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285266/; classtype:trojan-activity;sid:84148366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.m68k"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285261/; classtype:trojan-activity;sid:84148361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.ppc"; depth:8; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285262/; classtype:trojan-activity;sid:84148362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.m68k"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285254/; classtype:trojan-activity;sid:84148354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.x32"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285255/; classtype:trojan-activity;sid:84148355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.sh4"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285256/; classtype:trojan-activity;sid:84148356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.x86"; depth:8; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285257/; classtype:trojan-activity;sid:84148357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.x86"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285258/; classtype:trojan-activity;sid:84148358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.x86"; depth:10; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285259/; classtype:trojan-activity;sid:84148359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.ppc"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285260/; classtype:trojan-activity;sid:84148360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh4"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285253/; classtype:trojan-activity;sid:84148353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.x86"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285250/; classtype:trojan-activity;sid:84148350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.m68k"; depth:9; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285251/; classtype:trojan-activity;sid:84148351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.ppc"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285252/; classtype:trojan-activity;sid:84148352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.m68k"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285213/; classtype:trojan-activity;sid:84148313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.mpsl"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285214/; classtype:trojan-activity;sid:84148314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285215/; classtype:trojan-activity;sid:84148315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mpsl"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285216/; classtype:trojan-activity;sid:84148316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.m68k"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285217/; classtype:trojan-activity;sid:84148317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.arm4"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285218/; classtype:trojan-activity;sid:84148318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.arm4"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285219/; classtype:trojan-activity;sid:84148319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.arm6"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285220/; classtype:trojan-activity;sid:84148320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.sh4"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285221/; classtype:trojan-activity;sid:84148321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.i586"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285222/; classtype:trojan-activity;sid:84148322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.arm6"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285223/; classtype:trojan-activity;sid:84148323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285224/; classtype:trojan-activity;sid:84148324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285225/; classtype:trojan-activity;sid:84148325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285226/; classtype:trojan-activity;sid:84148326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.arm4"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285227/; classtype:trojan-activity;sid:84148327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.ppc"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285228/; classtype:trojan-activity;sid:84148328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285229/; classtype:trojan-activity;sid:84148329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.i586"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285230/; classtype:trojan-activity;sid:84148330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.m68k"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285231/; classtype:trojan-activity;sid:84148331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.i586"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285232/; classtype:trojan-activity;sid:84148332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.mips"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285233/; classtype:trojan-activity;sid:84148333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.mpsl"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285234/; classtype:trojan-activity;sid:84148334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.sh4"; depth:8; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285235/; classtype:trojan-activity;sid:84148335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.ppc"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285236/; classtype:trojan-activity;sid:84148336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza4.arm6"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285237/; classtype:trojan-activity;sid:84148337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285238/; classtype:trojan-activity;sid:84148338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.ppc"; depth:10; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285239/; classtype:trojan-activity;sid:84148339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.x86"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285240/; classtype:trojan-activity;sid:84148340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285241/; classtype:trojan-activity;sid:84148341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.mips"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285242/; classtype:trojan-activity;sid:84148342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.sh4"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285243/; classtype:trojan-activity;sid:84148343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sds.mips"; depth:9; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285244/; classtype:trojan-activity;sid:84148344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgueg.m68k"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285245/; classtype:trojan-activity;sid:84148345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.x86"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285246/; classtype:trojan-activity;sid:84148346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.x86"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285247/; classtype:trojan-activity;sid:84148347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelld.mips"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285248/; classtype:trojan-activity;sid:84148348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellv.sh4"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285249/; classtype:trojan-activity;sid:84148349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x32"; depth:11; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285210/; classtype:trojan-activity;sid:84148310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza3.x32"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285211/; classtype:trojan-activity;sid:84148311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza2.mpsl"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285212/; classtype:trojan-activity;sid:84148312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285209/; classtype:trojan-activity;sid:84148309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.58.114.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285208/; classtype:trojan-activity;sid:84148308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285207/; classtype:trojan-activity;sid:84148307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.139.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285206/; classtype:trojan-activity;sid:84148306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.175.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285205/; classtype:trojan-activity;sid:84148305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.120.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285204/; classtype:trojan-activity;sid:84148304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.125.242.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285202/; classtype:trojan-activity;sid:84148302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.134.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285203/; classtype:trojan-activity;sid:84148303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285201/; classtype:trojan-activity;sid:84148301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.170.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285200/; classtype:trojan-activity;sid:84148300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.29.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285199/; classtype:trojan-activity;sid:84148299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.113.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285198/; classtype:trojan-activity;sid:84148298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.245.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285196/; classtype:trojan-activity;sid:84148296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.224.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285197/; classtype:trojan-activity;sid:84148297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285195/; classtype:trojan-activity;sid:84148295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.26.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285194/; classtype:trojan-activity;sid:84148294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.116.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285192/; classtype:trojan-activity;sid:84148292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.100.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285193/; classtype:trojan-activity;sid:84148293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.189.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285191/; classtype:trojan-activity;sid:84148291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285190/; classtype:trojan-activity;sid:84148290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.28.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285189/; classtype:trojan-activity;sid:84148289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.58.114.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285188/; classtype:trojan-activity;sid:84148288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285187/; classtype:trojan-activity;sid:84148287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285186/; classtype:trojan-activity;sid:84148286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.146.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285185/; classtype:trojan-activity;sid:84148285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.224.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285184/; classtype:trojan-activity;sid:84148284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285183/; classtype:trojan-activity;sid:84148283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.174.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285182/; classtype:trojan-activity;sid:84148282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.146.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285181/; classtype:trojan-activity;sid:84148281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.67.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285180/; classtype:trojan-activity;sid:84148280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285179/; classtype:trojan-activity;sid:84148279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.28.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285178/; classtype:trojan-activity;sid:84148278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.88.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285176/; classtype:trojan-activity;sid:84148276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.219.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285177/; classtype:trojan-activity;sid:84148277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.111.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285175/; classtype:trojan-activity;sid:84148275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285174/; classtype:trojan-activity;sid:84148274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.110.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285173/; classtype:trojan-activity;sid:84148273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.167.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285172/; classtype:trojan-activity;sid:84148272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.120.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285171/; classtype:trojan-activity;sid:84148271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.174.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285170/; classtype:trojan-activity;sid:84148270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.108.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285169/; classtype:trojan-activity;sid:84148269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.67.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285168/; classtype:trojan-activity;sid:84148268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.111.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285167/; classtype:trojan-activity;sid:84148267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285166/; classtype:trojan-activity;sid:84148266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.102.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285165/; classtype:trojan-activity;sid:84148265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.246.114.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285164/; classtype:trojan-activity;sid:84148264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285163/; classtype:trojan-activity;sid:84148263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.167.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285162/; classtype:trojan-activity;sid:84148262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wrhvzsuzvnohoyztrp68.bin"; depth:25; endswith; nocase; http.host; content:"154.216.17.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285161/; classtype:trojan-activity;sid:84148261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.108.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285160/; classtype:trojan-activity;sid:84148260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.53.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285159/; classtype:trojan-activity;sid:84148259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.107.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285158/; classtype:trojan-activity;sid:84148258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2020/09/sd4.ps1"; depth:35; endswith; nocase; http.host; content:"www.allestimentilopera.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285157/; classtype:trojan-activity;sid:84148257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.102.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285156/; classtype:trojan-activity;sid:84148256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.141.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285155/; classtype:trojan-activity;sid:84148255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.26.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285154/; classtype:trojan-activity;sid:84148254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.111.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285153/; classtype:trojan-activity;sid:84148253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.151.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285152/; classtype:trojan-activity;sid:84148252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285151/; classtype:trojan-activity;sid:84148251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/w32e.exe"; depth:18; endswith; nocase; http.host; content:"100.11.212.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285150/; classtype:trojan-activity;sid:84148250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.112.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285149/; classtype:trojan-activity;sid:84148249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.122.114.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285148/; classtype:trojan-activity;sid:84148248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.244.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285147/; classtype:trojan-activity;sid:84148247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.94.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285146/; classtype:trojan-activity;sid:84148246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.141.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285145/; classtype:trojan-activity;sid:84148245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmaowtf/loligang.arm"; depth:21; endswith; nocase; http.host; content:"67.205.133.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285144/; classtype:trojan-activity;sid:84148244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.32.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285143/; classtype:trojan-activity;sid:84148243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igz.arm"; depth:8; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285141/; classtype:trojan-activity;sid:84148241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.198.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285142/; classtype:trojan-activity;sid:84148242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.48.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285140/; classtype:trojan-activity;sid:84148240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.199.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285139/; classtype:trojan-activity;sid:84148239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.254.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285138/; classtype:trojan-activity;sid:84148238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"wpj.offer.rpacxtaxappeal.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285137/; classtype:trojan-activity;sid:84148237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.247.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285136/; classtype:trojan-activity;sid:84148236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.arm4"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285133/; classtype:trojan-activity;sid:84148233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.spc"; depth:14; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285134/; classtype:trojan-activity;sid:84148234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.arm5"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285135/; classtype:trojan-activity;sid:84148235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.102.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285131/; classtype:trojan-activity;sid:84148231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.219.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285132/; classtype:trojan-activity;sid:84148232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.123.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285130/; classtype:trojan-activity;sid:84148230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.32.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285129/; classtype:trojan-activity;sid:84148229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.151.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285128/; classtype:trojan-activity;sid:84148228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.171.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285127/; classtype:trojan-activity;sid:84148227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.248.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285126/; classtype:trojan-activity;sid:84148226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.32.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285125/; classtype:trojan-activity;sid:84148225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.198.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285124/; classtype:trojan-activity;sid:84148224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; depth:38; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285119/; classtype:trojan-activity;sid:84148219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; depth:37; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285120/; classtype:trojan-activity;sid:84148220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; depth:37; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285121/; classtype:trojan-activity;sid:84148221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; depth:38; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285122/; classtype:trojan-activity;sid:84148222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; depth:40; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285123/; classtype:trojan-activity;sid:84148223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.84.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285118/; classtype:trojan-activity;sid:84148218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; depth:37; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285110/; classtype:trojan-activity;sid:84148210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; depth:37; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285111/; classtype:trojan-activity;sid:84148211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; depth:38; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285112/; classtype:trojan-activity;sid:84148212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; depth:38; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285113/; classtype:trojan-activity;sid:84148213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; depth:38; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285114/; classtype:trojan-activity;sid:84148214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; depth:38; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285115/; classtype:trojan-activity;sid:84148215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.189.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285116/; classtype:trojan-activity;sid:84148216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; depth:38; endswith; nocase; http.host; content:"213.199.41.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285117/; classtype:trojan-activity;sid:84148217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.176.107.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285109/; classtype:trojan-activity;sid:84148209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.85.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285108/; classtype:trojan-activity;sid:84148208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.199.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285107/; classtype:trojan-activity;sid:84148207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.250.77.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285106/; classtype:trojan-activity;sid:84148206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fishtailing.bat"; depth:16; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285102/; classtype:trojan-activity;sid:84148202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/didelphyidae.cmd"; depth:17; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285103/; classtype:trojan-activity;sid:84148203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tartarises.vbs"; depth:15; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285104/; classtype:trojan-activity;sid:84148204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guyaner.cmd"; depth:12; endswith; nocase; http.host; content:"191.96.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285105/; classtype:trojan-activity;sid:84148205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285090/; classtype:trojan-activity;sid:84148190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285091/; classtype:trojan-activity;sid:84148191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285092/; classtype:trojan-activity;sid:84148192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285093/; classtype:trojan-activity;sid:84148193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285094/; classtype:trojan-activity;sid:84148194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285095/; classtype:trojan-activity;sid:84148195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285096/; classtype:trojan-activity;sid:84148196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285097/; classtype:trojan-activity;sid:84148197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285098/; classtype:trojan-activity;sid:84148198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.ppc"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285099/; classtype:trojan-activity;sid:84148199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285100/; classtype:trojan-activity;sid:84148200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285101/; classtype:trojan-activity;sid:84148201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285084/; classtype:trojan-activity;sid:84148184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285085/; classtype:trojan-activity;sid:84148185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285086/; classtype:trojan-activity;sid:84148186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm7"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285087/; classtype:trojan-activity;sid:84148187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285088/; classtype:trojan-activity;sid:84148188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm6"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285089/; classtype:trojan-activity;sid:84148189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mips"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285072/; classtype:trojan-activity;sid:84148172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285073/; classtype:trojan-activity;sid:84148173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i686"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285074/; classtype:trojan-activity;sid:84148174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285075/; classtype:trojan-activity;sid:84148175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285076/; classtype:trojan-activity;sid:84148176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1"; depth:3; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285077/; classtype:trojan-activity;sid:84148177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/necr0.py"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285078/; classtype:trojan-activity;sid:84148178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splash.sh"; depth:10; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285079/; classtype:trojan-activity;sid:84148179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285080/; classtype:trojan-activity;sid:84148180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.sparc"; depth:14; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285081/; classtype:trojan-activity;sid:84148181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285082/; classtype:trojan-activity;sid:84148182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285083/; classtype:trojan-activity;sid:84148183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285069/; classtype:trojan-activity;sid:84148169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285070/; classtype:trojan-activity;sid:84148170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285071/; classtype:trojan-activity;sid:84148171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285064/; classtype:trojan-activity;sid:84148164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285065/; classtype:trojan-activity;sid:84148165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.sh"; depth:6; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285066/; classtype:trojan-activity;sid:84148166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285067/; classtype:trojan-activity;sid:84148167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285068/; classtype:trojan-activity;sid:84148168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285059/; classtype:trojan-activity;sid:84148159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285060/; classtype:trojan-activity;sid:84148160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285061/; classtype:trojan-activity;sid:84148161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285062/; classtype:trojan-activity;sid:84148162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.x86"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285063/; classtype:trojan-activity;sid:84148163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285049/; classtype:trojan-activity;sid:84148149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm5"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285050/; classtype:trojan-activity;sid:84148150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.m68k"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285051/; classtype:trojan-activity;sid:84148151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285052/; classtype:trojan-activity;sid:84148152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285053/; classtype:trojan-activity;sid:84148153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285054/; classtype:trojan-activity;sid:84148154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mpsl"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285055/; classtype:trojan-activity;sid:84148155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285056/; classtype:trojan-activity;sid:84148156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i586"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285057/; classtype:trojan-activity;sid:84148157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm4"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285058/; classtype:trojan-activity;sid:84148158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.54.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285048/; classtype:trojan-activity;sid:84148148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.124.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285047/; classtype:trojan-activity;sid:84148147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.122.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285046/; classtype:trojan-activity;sid:84148146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.252.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285045/; classtype:trojan-activity;sid:84148145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.120.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285044/; classtype:trojan-activity;sid:84148144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.44.242.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285043/; classtype:trojan-activity;sid:84148143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.210.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285042/; classtype:trojan-activity;sid:84148142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.199.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285041/; classtype:trojan-activity;sid:84148141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285039/; classtype:trojan-activity;sid:84148139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285040/; classtype:trojan-activity;sid:84148140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.95.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285037/; classtype:trojan-activity;sid:84148137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.228.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285038/; classtype:trojan-activity;sid:84148138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.248.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285036/; classtype:trojan-activity;sid:84148136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285030/; classtype:trojan-activity;sid:84148130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285031/; classtype:trojan-activity;sid:84148131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285032/; classtype:trojan-activity;sid:84148132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285033/; classtype:trojan-activity;sid:84148133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285034/; classtype:trojan-activity;sid:84148134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285035/; classtype:trojan-activity;sid:84148135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wev"; depth:4; endswith; nocase; http.host; content:"5.42.75.84"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285028/; classtype:trojan-activity;sid:84148128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"5.42.75.84"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285029/; classtype:trojan-activity;sid:84148129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh"; depth:10; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285027/; classtype:trojan-activity;sid:84148127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.mips"; depth:15; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285024/; classtype:trojan-activity;sid:84148124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.ppc"; depth:14; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285025/; classtype:trojan-activity;sid:84148125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285026/; classtype:trojan-activity;sid:84148126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/raw/a58044c5"; depth:18; endswith; nocase; http.host; content:"pastebin.pl"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285023/; classtype:trojan-activity;sid:84148123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.151.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285022/; classtype:trojan-activity;sid:84148122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.29.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285021/; classtype:trojan-activity;sid:84148121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.85.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285020/; classtype:trojan-activity;sid:84148120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.160.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285019/; classtype:trojan-activity;sid:84148119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.71.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285018/; classtype:trojan-activity;sid:84148118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285017/; classtype:trojan-activity;sid:84148117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.18.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285016/; classtype:trojan-activity;sid:84148116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.85.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285015/; classtype:trojan-activity;sid:84148115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.179.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285014/; classtype:trojan-activity;sid:84148114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.223.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285013/; classtype:trojan-activity;sid:84148113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.96.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285012/; classtype:trojan-activity;sid:84148112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.222.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285011/; classtype:trojan-activity;sid:84148111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.215.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285010/; classtype:trojan-activity;sid:84148110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.119.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285009/; classtype:trojan-activity;sid:84148109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.254.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285008/; classtype:trojan-activity;sid:84148108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.78.197.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285007/; classtype:trojan-activity;sid:84148107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.151.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285005/; classtype:trojan-activity;sid:84148105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.178.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285006/; classtype:trojan-activity;sid:84148106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.191.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285004/; classtype:trojan-activity;sid:84148104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.85.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285003/; classtype:trojan-activity;sid:84148103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285002/; classtype:trojan-activity;sid:84148102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.38.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285001/; classtype:trojan-activity;sid:84148101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.1.84"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285000/; classtype:trojan-activity;sid:84148100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284999/; classtype:trojan-activity;sid:84148099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/bin3.exe"; depth:12; endswith; nocase; http.host; content:"d3m0n.live"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284998/; classtype:trojan-activity;sid:84148098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.20.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284997/; classtype:trojan-activity;sid:84148097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.113.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284996/; classtype:trojan-activity;sid:84148096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.29.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284995/; classtype:trojan-activity;sid:84148095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284994/; classtype:trojan-activity;sid:84148094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.165.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284993/; classtype:trojan-activity;sid:84148093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.247.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284992/; classtype:trojan-activity;sid:84148092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284990/; classtype:trojan-activity;sid:84148090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284989/; classtype:trojan-activity;sid:84148089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.99.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284988/; classtype:trojan-activity;sid:84148088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.55.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284987/; classtype:trojan-activity;sid:84148087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.68.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284985/; classtype:trojan-activity;sid:84148085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.118.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284986/; classtype:trojan-activity;sid:84148086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm5"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284975/; classtype:trojan-activity;sid:84148075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm7"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284976/; classtype:trojan-activity;sid:84148076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindeppc"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284977/; classtype:trojan-activity;sid:84148077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284978/; classtype:trojan-activity;sid:84148078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevmips"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284979/; classtype:trojan-activity;sid:84148079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindempsl"; depth:18; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284980/; classtype:trojan-activity;sid:84148080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm"; depth:16; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284981/; classtype:trojan-activity;sid:84148081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevm68k"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284982/; classtype:trojan-activity;sid:84148082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindex86"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284983/; classtype:trojan-activity;sid:84148083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindem68k"; depth:18; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284984/; classtype:trojan-activity;sid:84148084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindesh4"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284974/; classtype:trojan-activity;sid:84148074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevmpsl"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284973/; classtype:trojan-activity;sid:84148073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284956/; classtype:trojan-activity;sid:84148056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm7"; depth:18; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284957/; classtype:trojan-activity;sid:84148057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm6"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284958/; classtype:trojan-activity;sid:84148058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevppc"; depth:16; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284959/; classtype:trojan-activity;sid:84148059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindemips"; depth:18; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284960/; classtype:trojan-activity;sid:84148060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/test"; depth:10; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284961/; classtype:trojan-activity;sid:84148061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevx86"; depth:16; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284962/; classtype:trojan-activity;sid:84148062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarc"; depth:16; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284963/; classtype:trojan-activity;sid:84148063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevspc"; depth:16; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284964/; classtype:trojan-activity;sid:84148064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindei686"; depth:18; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284965/; classtype:trojan-activity;sid:84148065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindespc"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284966/; classtype:trojan-activity;sid:84148066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm6"; depth:18; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284967/; classtype:trojan-activity;sid:84148067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindemips"; depth:16; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284968/; classtype:trojan-activity;sid:84148068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevsh4"; depth:16; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284969/; classtype:trojan-activity;sid:84148069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm5"; depth:18; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284970/; classtype:trojan-activity;sid:84148070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevi686"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284971/; classtype:trojan-activity;sid:84148071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearc"; depth:17; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284972/; classtype:trojan-activity;sid:84148072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.118.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284955/; classtype:trojan-activity;sid:84148055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"clients.kaitenc2.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284954/; classtype:trojan-activity;sid:84148054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284953/; classtype:trojan-activity;sid:84148053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm5"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284952/; classtype:trojan-activity;sid:84148052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284949/; classtype:trojan-activity;sid:84148049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevppc"; depth:16; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284950/; classtype:trojan-activity;sid:84148050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindesh4"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284951/; classtype:trojan-activity;sid:84148051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.247.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284948/; classtype:trojan-activity;sid:84148048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.24.25.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284947/; classtype:trojan-activity;sid:84148047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.165.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284946/; classtype:trojan-activity;sid:84148046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284945/; classtype:trojan-activity;sid:84148045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevmpsl"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284939/; classtype:trojan-activity;sid:84148039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevsh4"; depth:16; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284940/; classtype:trojan-activity;sid:84148040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindemips"; depth:18; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284941/; classtype:trojan-activity;sid:84148041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindei686"; depth:18; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284942/; classtype:trojan-activity;sid:84148042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm6"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284943/; classtype:trojan-activity;sid:84148043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm"; depth:16; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284944/; classtype:trojan-activity;sid:84148044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm7"; depth:18; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284923/; classtype:trojan-activity;sid:84148023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindem68k"; depth:18; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284924/; classtype:trojan-activity;sid:84148024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevspc"; depth:16; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284925/; classtype:trojan-activity;sid:84148025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevm68k"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284926/; classtype:trojan-activity;sid:84148026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarm7"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284927/; classtype:trojan-activity;sid:84148027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearc"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284928/; classtype:trojan-activity;sid:84148028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm6"; depth:18; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284929/; classtype:trojan-activity;sid:84148029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindeppc"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284930/; classtype:trojan-activity;sid:84148030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevarc"; depth:16; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284931/; classtype:trojan-activity;sid:84148031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevi686"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284932/; classtype:trojan-activity;sid:84148032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevmips"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284933/; classtype:trojan-activity;sid:84148033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindearm5"; depth:18; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284934/; classtype:trojan-activity;sid:84148034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindex86"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284935/; classtype:trojan-activity;sid:84148035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindempsl"; depth:18; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284936/; classtype:trojan-activity;sid:84148036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wkshindespc"; depth:17; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284937/; classtype:trojan-activity;sid:84148037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindevx86"; depth:16; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284938/; classtype:trojan-activity;sid:84148038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284922/; classtype:trojan-activity;sid:84148022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/shindemips"; depth:16; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284920/; classtype:trojan-activity;sid:84148020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.m68k"; depth:12; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284921/; classtype:trojan-activity;sid:84148021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/test"; depth:10; endswith; nocase; http.host; content:"5.255.127.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284918/; classtype:trojan-activity;sid:84148018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.116.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284919/; classtype:trojan-activity;sid:84148019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.217.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284917/; classtype:trojan-activity;sid:84148017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm5"; depth:12; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284913/; classtype:trojan-activity;sid:84148013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm6"; depth:12; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284914/; classtype:trojan-activity;sid:84148014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.x86"; depth:11; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284915/; classtype:trojan-activity;sid:84148015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284916/; classtype:trojan-activity;sid:84148016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.sh4"; depth:11; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284908/; classtype:trojan-activity;sid:84148008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mips"; depth:12; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284909/; classtype:trojan-activity;sid:84148009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mpsl"; depth:12; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284910/; classtype:trojan-activity;sid:84148010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm7"; depth:12; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284911/; classtype:trojan-activity;sid:84148011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.spc"; depth:11; endswith; nocase; http.host; content:"23.158.56.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284912/; classtype:trojan-activity;sid:84148012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284907/; classtype:trojan-activity;sid:84148007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284906/; classtype:trojan-activity;sid:84148006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.38.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284905/; classtype:trojan-activity;sid:84148005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.157.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284904/; classtype:trojan-activity;sid:84148004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.175.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284903/; classtype:trojan-activity;sid:84148003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.68.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284902/; classtype:trojan-activity;sid:84148002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.58.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284901/; classtype:trojan-activity;sid:84148001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.194.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284900/; classtype:trojan-activity;sid:84148000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.64.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284898/; classtype:trojan-activity;sid:84147998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.175.206.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284899/; classtype:trojan-activity;sid:84147999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.190.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284897/; classtype:trojan-activity;sid:84147997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.36.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284896/; classtype:trojan-activity;sid:84147996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.152.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284895/; classtype:trojan-activity;sid:84147995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.172.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284894/; classtype:trojan-activity;sid:84147994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.51.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284893/; classtype:trojan-activity;sid:84147993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.49.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284891/; classtype:trojan-activity;sid:84147991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284892/; classtype:trojan-activity;sid:84147992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.187.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284890/; classtype:trojan-activity;sid:84147990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.102.141.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284888/; classtype:trojan-activity;sid:84147988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.211.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284889/; classtype:trojan-activity;sid:84147989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.171.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284887/; classtype:trojan-activity;sid:84147987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284886/; classtype:trojan-activity;sid:84147986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.58.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284885/; classtype:trojan-activity;sid:84147985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.26.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284884/; classtype:trojan-activity;sid:84147984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.242.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284883/; classtype:trojan-activity;sid:84147983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.41.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284882/; classtype:trojan-activity;sid:84147982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.172.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284881/; classtype:trojan-activity;sid:84147981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.152.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284880/; classtype:trojan-activity;sid:84147980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.199.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284879/; classtype:trojan-activity;sid:84147979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.49.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284878/; classtype:trojan-activity;sid:84147978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.154.169.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284877/; classtype:trojan-activity;sid:84147977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284876/; classtype:trojan-activity;sid:84147976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.101.63.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284875/; classtype:trojan-activity;sid:84147975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284874/; classtype:trojan-activity;sid:84147974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284873/; classtype:trojan-activity;sid:84147973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.49.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284872/; classtype:trojan-activity;sid:84147972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284871/; classtype:trojan-activity;sid:84147971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.238.242.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284870/; classtype:trojan-activity;sid:84147970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.90.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284869/; classtype:trojan-activity;sid:84147969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.30.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284868/; classtype:trojan-activity;sid:84147968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284867/; classtype:trojan-activity;sid:84147967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.197.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284866/; classtype:trojan-activity;sid:84147966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.98.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284865/; classtype:trojan-activity;sid:84147965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284864/; classtype:trojan-activity;sid:84147964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.123.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284863/; classtype:trojan-activity;sid:84147963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284862/; classtype:trojan-activity;sid:84147962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.115.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284861/; classtype:trojan-activity;sid:84147961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.169.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284860/; classtype:trojan-activity;sid:84147960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.19.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284859/; classtype:trojan-activity;sid:84147959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.94.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284858/; classtype:trojan-activity;sid:84147958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"198.98.49.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284857/; classtype:trojan-activity;sid:84147957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.77.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284856/; classtype:trojan-activity;sid:84147956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.133.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284855/; classtype:trojan-activity;sid:84147955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.11.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284854/; classtype:trojan-activity;sid:84147954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.216.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284853/; classtype:trojan-activity;sid:84147953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.90.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284852/; classtype:trojan-activity;sid:84147952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.205.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284851/; classtype:trojan-activity;sid:84147951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.8.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284850/; classtype:trojan-activity;sid:84147950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.199.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284849/; classtype:trojan-activity;sid:84147949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.25.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284848/; classtype:trojan-activity;sid:84147948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.30.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284847/; classtype:trojan-activity;sid:84147947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.143.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284846/; classtype:trojan-activity;sid:84147946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.163.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284845/; classtype:trojan-activity;sid:84147945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284843/; classtype:trojan-activity;sid:84147943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.124.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284844/; classtype:trojan-activity;sid:84147944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.19.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284842/; classtype:trojan-activity;sid:84147942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.77.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284841/; classtype:trojan-activity;sid:84147941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.219.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284840/; classtype:trojan-activity;sid:84147940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.47.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284839/; classtype:trojan-activity;sid:84147939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.59.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284837/; classtype:trojan-activity;sid:84147937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.46.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284838/; classtype:trojan-activity;sid:84147938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.143.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284836/; classtype:trojan-activity;sid:84147936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.115.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284835/; classtype:trojan-activity;sid:84147935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.124.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284834/; classtype:trojan-activity;sid:84147934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.25.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284833/; classtype:trojan-activity;sid:84147933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.205.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284832/; classtype:trojan-activity;sid:84147932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.234.129.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284831/; classtype:trojan-activity;sid:84147931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.80.200.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284830/; classtype:trojan-activity;sid:84147930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.206.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284829/; classtype:trojan-activity;sid:84147929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.47.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284828/; classtype:trojan-activity;sid:84147928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.186.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284827/; classtype:trojan-activity;sid:84147927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284825/; classtype:trojan-activity;sid:84147925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.31.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284826/; classtype:trojan-activity;sid:84147926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.11.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284824/; classtype:trojan-activity;sid:84147924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.81.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284823/; classtype:trojan-activity;sid:84147923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.223.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284822/; classtype:trojan-activity;sid:84147922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.63.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284821/; classtype:trojan-activity;sid:84147921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.10.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284820/; classtype:trojan-activity;sid:84147920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/land/automatic_data_processing_terms_and_conditions.rar"; depth:56; endswith; nocase; http.host; content:"adp-auth.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284819/; classtype:trojan-activity;sid:84147919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.149.252.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284818/; classtype:trojan-activity;sid:84147918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.132.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284817/; classtype:trojan-activity;sid:84147917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.210.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284815/; classtype:trojan-activity;sid:84147915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.102.141.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284814/; classtype:trojan-activity;sid:84147914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.70.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284813/; classtype:trojan-activity;sid:84147913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.6.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284810/; classtype:trojan-activity;sid:84147910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.2.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284811/; classtype:trojan-activity;sid:84147911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.252.175.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284812/; classtype:trojan-activity;sid:84147912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ohtie89k.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284809/; classtype:trojan-activity;sid:84147909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"xlayerlabs.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284807/; classtype:trojan-activity;sid:84147907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"xlayerlabs.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284808/; classtype:trojan-activity;sid:84147908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/te3tlsre.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284806/; classtype:trojan-activity;sid:84147906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lego/ama.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284805/; classtype:trojan-activity;sid:84147905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/qth5kdee.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284804/; classtype:trojan-activity;sid:84147904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/88aext0k.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284802/; classtype:trojan-activity;sid:84147902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ji2xlo1f.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284803/; classtype:trojan-activity;sid:84147903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steam/random.exe|3f|9i/"; depth:24; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284801/; classtype:trojan-activity;sid:84147901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/sgx4824p.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284800/; classtype:trojan-activity;sid:84147900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bqkriy6l.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284799/; classtype:trojan-activity;sid:84147899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/7cl16anh.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284798/; classtype:trojan-activity;sid:84147898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/uctgkfb7.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284797/; classtype:trojan-activity;sid:84147897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284796/; classtype:trojan-activity;sid:84147896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.195.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284795/; classtype:trojan-activity;sid:84147895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.237.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284794/; classtype:trojan-activity;sid:84147894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.109.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284793/; classtype:trojan-activity;sid:84147893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284792/; classtype:trojan-activity;sid:84147892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marron.exe"; depth:11; endswith; nocase; http.host; content:"yazanr.net"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284791/; classtype:trojan-activity;sid:84147891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20bec3f306af6847/nss3.dll"; depth:26; endswith; nocase; http.host; content:"5.188.86.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284786/; classtype:trojan-activity;sid:84147886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68b591d6548ec281/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284787/; classtype:trojan-activity;sid:84147887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c3d53f1da5ea53a/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284788/; classtype:trojan-activity;sid:84147888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/narubu.zip"; depth:11; endswith; nocase; http.host; content:"sufusioticarchi.b-cdn.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284789/; classtype:trojan-activity;sid:84147889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e435f67f5361413d/nss3.dll"; depth:26; endswith; nocase; http.host; content:"5.181.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284790/; classtype:trojan-activity;sid:84147890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e435f67f5361413d/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"5.181.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284782/; classtype:trojan-activity;sid:84147882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c3d53f1da5ea53a/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284783/; classtype:trojan-activity;sid:84147883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c3d53f1da5ea53a/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284784/; classtype:trojan-activity;sid:84147884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68b591d6548ec281/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284785/; classtype:trojan-activity;sid:84147885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20bec3f306af6847/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"5.188.86.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284778/; classtype:trojan-activity;sid:84147878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20bec3f306af6847/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"5.188.86.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284779/; classtype:trojan-activity;sid:84147879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20bec3f306af6847/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"5.188.86.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284780/; classtype:trojan-activity;sid:84147880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68b591d6548ec281/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284781/; classtype:trojan-activity;sid:84147881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c3d53f1da5ea53a/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284775/; classtype:trojan-activity;sid:84147875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20bec3f306af6847/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"5.188.86.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284776/; classtype:trojan-activity;sid:84147876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e435f67f5361413d/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"5.181.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284777/; classtype:trojan-activity;sid:84147877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20bec3f306af6847/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"5.188.86.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284772/; classtype:trojan-activity;sid:84147872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68b591d6548ec281/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284773/; classtype:trojan-activity;sid:84147873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e435f67f5361413d/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"5.181.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284774/; classtype:trojan-activity;sid:84147874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e435f67f5361413d/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"5.181.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284770/; classtype:trojan-activity;sid:84147870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e435f67f5361413d/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"5.181.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284771/; classtype:trojan-activity;sid:84147871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20bec3f306af6847/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"5.188.86.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284767/; classtype:trojan-activity;sid:84147867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c3d53f1da5ea53a/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284768/; classtype:trojan-activity;sid:84147868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68b591d6548ec281/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284769/; classtype:trojan-activity;sid:84147869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e435f67f5361413d/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"5.181.2.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284765/; classtype:trojan-activity;sid:84147865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68b591d6548ec281/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284766/; classtype:trojan-activity;sid:84147866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c3d53f1da5ea53a/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284764/; classtype:trojan-activity;sid:84147864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c3d53f1da5ea53a/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284763/; classtype:trojan-activity;sid:84147863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284762/; classtype:trojan-activity;sid:84147862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284760/; classtype:trojan-activity;sid:84147860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284761/; classtype:trojan-activity;sid:84147861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68b591d6548ec281/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284758/; classtype:trojan-activity;sid:84147858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284759/; classtype:trojan-activity;sid:84147859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.m68k"; depth:9; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284750/; classtype:trojan-activity;sid:84147850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.x86"; depth:8; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284751/; classtype:trojan-activity;sid:84147851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.arm6"; depth:9; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284752/; classtype:trojan-activity;sid:84147852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.sh4"; depth:8; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284753/; classtype:trojan-activity;sid:84147853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.ppc"; depth:8; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284754/; classtype:trojan-activity;sid:84147854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.mpsl"; depth:9; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284755/; classtype:trojan-activity;sid:84147855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.arm5"; depth:9; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284756/; classtype:trojan-activity;sid:84147856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo.mips"; depth:9; endswith; nocase; http.host; content:"194.233.65.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284757/; classtype:trojan-activity;sid:84147857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/f86nrrc6.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284749/; classtype:trojan-activity;sid:84147849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284747/; classtype:trojan-activity;sid:84147847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284748/; classtype:trojan-activity;sid:84147848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284744/; classtype:trojan-activity;sid:84147844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284745/; classtype:trojan-activity;sid:84147845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284746/; classtype:trojan-activity;sid:84147846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284743/; classtype:trojan-activity;sid:84147843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/wdsecureutilities.exe"; depth:27; endswith; nocase; http.host; content:"pastesnip.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284742/; classtype:trojan-activity;sid:84147842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284741/; classtype:trojan-activity;sid:84147841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284738/; classtype:trojan-activity;sid:84147838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284739/; classtype:trojan-activity;sid:84147839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"82.55.220.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284740/; classtype:trojan-activity;sid:84147840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.x86_64"; depth:26; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284737/; classtype:trojan-activity;sid:84147837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"147.45.44.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284734/; classtype:trojan-activity;sid:84147834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/nss3.dll"; depth:26; endswith; nocase; http.host; content:"147.45.44.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284735/; classtype:trojan-activity;sid:84147835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"147.45.44.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284736/; classtype:trojan-activity;sid:84147836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"147.45.44.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284719/; classtype:trojan-activity;sid:84147819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"147.45.44.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284720/; classtype:trojan-activity;sid:84147820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.mips"; depth:24; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284721/; classtype:trojan-activity;sid:84147821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.sh4"; depth:23; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284722/; classtype:trojan-activity;sid:84147822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.x86"; depth:23; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284723/; classtype:trojan-activity;sid:84147823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm7"; depth:24; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284724/; classtype:trojan-activity;sid:84147824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.sh"; depth:22; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284725/; classtype:trojan-activity;sid:84147825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.ppc"; depth:23; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284726/; classtype:trojan-activity;sid:84147826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.m68k"; depth:24; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284727/; classtype:trojan-activity;sid:84147827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.spc"; depth:23; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284728/; classtype:trojan-activity;sid:84147828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm5"; depth:24; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284729/; classtype:trojan-activity;sid:84147829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.x86_64.dbg"; depth:30; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284730/; classtype:trojan-activity;sid:84147830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.mpsl"; depth:24; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284731/; classtype:trojan-activity;sid:84147831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm"; depth:23; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284732/; classtype:trojan-activity;sid:84147832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/speedtest-cli.arm6"; depth:24; endswith; nocase; http.host; content:"45.221.97.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284733/; classtype:trojan-activity;sid:84147833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"147.45.44.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284717/; classtype:trojan-activity;sid:84147817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"147.45.44.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284718/; classtype:trojan-activity;sid:84147818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/allah.txt"; depth:10; endswith; nocase; http.host; content:"pub-26ee9be236b54d0cb1b570a203543b93.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284716/; classtype:trojan-activity;sid:84147816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc/xmay.txt"; depth:12; endswith; nocase; http.host; content:"www.ranchoboscardin.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284715/; classtype:trojan-activity;sid:84147815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/phvnc.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284710/; classtype:trojan-activity;sid:84147810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yxwrm.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284711/; classtype:trojan-activity;sid:84147811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/l.txt"; depth:8; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284712/; classtype:trojan-activity;sid:84147812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yjust.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284713/; classtype:trojan-activity;sid:84147813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yhboks.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284714/; classtype:trojan-activity;sid:84147814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/pt.txt"; depth:9; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284709/; classtype:trojan-activity;sid:84147809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/tjust.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284708/; classtype:trojan-activity;sid:84147808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/n.txt"; depth:8; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284707/; classtype:trojan-activity;sid:84147807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/ymbk.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284703/; classtype:trojan-activity;sid:84147803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/rxwrm.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284704/; classtype:trojan-activity;sid:84147804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/p.txt"; depth:8; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284705/; classtype:trojan-activity;sid:84147805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/ujs.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284706/; classtype:trojan-activity;sid:84147806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xw.txt"; depth:9; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284697/; classtype:trojan-activity;sid:84147797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/w2h.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284698/; classtype:trojan-activity;sid:84147798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwi.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284699/; classtype:trojan-activity;sid:84147799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/oph.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284700/; classtype:trojan-activity;sid:84147800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwo.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284701/; classtype:trojan-activity;sid:84147801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/sxr.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284702/; classtype:trojan-activity;sid:84147802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwormsds.txt"; depth:15; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284695/; classtype:trojan-activity;sid:84147795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwom.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284696/; classtype:trojan-activity;sid:84147796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/hmbk.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284687/; classtype:trojan-activity;sid:84147787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/envs/ds4.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284688/; classtype:trojan-activity;sid:84147788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1phvnc.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284689/; classtype:trojan-activity;sid:84147789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/kek.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284690/; classtype:trojan-activity;sid:84147790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/hnvc1nm.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284691/; classtype:trojan-activity;sid:84147791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1pphvns.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284692/; classtype:trojan-activity;sid:84147792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1spe.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284693/; classtype:trojan-activity;sid:84147793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/hvnc.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284694/; classtype:trojan-activity;sid:84147794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1venommrs.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284686/; classtype:trojan-activity;sid:84147786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/jvenom.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284684/; classtype:trojan-activity;sid:84147784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/kjxwormgf.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284685/; classtype:trojan-activity;sid:84147785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/llglk.txt"; depth:14; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284680/; classtype:trojan-activity;sid:84147780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pastes/01922156-0a1a-798a-ba18-d0ce12473978/raw/"; depth:49; endswith; nocase; http.host; content:"pastecodeapp.vercel.app"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284681/; classtype:trojan-activity;sid:84147781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1vxworm.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284682/; classtype:trojan-activity;sid:84147782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1hxnc.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284683/; classtype:trojan-activity;sid:84147783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm"; depth:25; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284679/; classtype:trojan-activity;sid:84147779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.4.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284677/; classtype:trojan-activity;sid:84147777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.7.138"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284678/; classtype:trojan-activity;sid:84147778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.sh4"; depth:25; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284675/; classtype:trojan-activity;sid:84147775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.185.16.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284676/; classtype:trojan-activity;sid:84147776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm6"; depth:26; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284672/; classtype:trojan-activity;sid:84147772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.242.6.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284673/; classtype:trojan-activity;sid:84147773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.mpsl"; depth:26; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284674/; classtype:trojan-activity;sid:84147774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.9.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284669/; classtype:trojan-activity;sid:84147769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.dbg"; depth:25; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284670/; classtype:trojan-activity;sid:84147770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.x86"; depth:25; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284671/; classtype:trojan-activity;sid:84147771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.107.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284663/; classtype:trojan-activity;sid:84147763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.m68k"; depth:26; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284664/; classtype:trojan-activity;sid:84147764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.spc"; depth:25; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284665/; classtype:trojan-activity;sid:84147765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm7"; depth:26; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284666/; classtype:trojan-activity;sid:84147766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.arm5"; depth:26; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284667/; classtype:trojan-activity;sid:84147767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5r3fqt67ew531has4231.mips"; depth:26; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284668/; classtype:trojan-activity;sid:84147768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.23.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284662/; classtype:trojan-activity;sid:84147762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.175.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284661/; classtype:trojan-activity;sid:84147761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.127.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284660/; classtype:trojan-activity;sid:84147760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"154.213.189.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284659/; classtype:trojan-activity;sid:84147759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284658/; classtype:trojan-activity;sid:84147758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.14.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284657/; classtype:trojan-activity;sid:84147757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.85.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284656/; classtype:trojan-activity;sid:84147756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"197.204.206.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284655/; classtype:trojan-activity;sid:84147755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.170.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284654/; classtype:trojan-activity;sid:84147754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284653/; classtype:trojan-activity;sid:84147753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.81.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284652/; classtype:trojan-activity;sid:84147752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.239.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284651/; classtype:trojan-activity;sid:84147751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.3.58.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284650/; classtype:trojan-activity;sid:84147750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.181.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284649/; classtype:trojan-activity;sid:84147749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.213.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284648/; classtype:trojan-activity;sid:84147748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.225.142.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284647/; classtype:trojan-activity;sid:84147747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.161.160.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284646/; classtype:trojan-activity;sid:84147746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284644/; classtype:trojan-activity;sid:84147744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284645/; classtype:trojan-activity;sid:84147745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284643/; classtype:trojan-activity;sid:84147743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.3.58.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284642/; classtype:trojan-activity;sid:84147742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.240.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284641/; classtype:trojan-activity;sid:84147741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.181.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284640/; classtype:trojan-activity;sid:84147740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284639/; classtype:trojan-activity;sid:84147739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.84.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284638/; classtype:trojan-activity;sid:84147738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.126.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284636/; classtype:trojan-activity;sid:84147736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.161.160.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284637/; classtype:trojan-activity;sid:84147737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.52.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284635/; classtype:trojan-activity;sid:84147735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.12.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284634/; classtype:trojan-activity;sid:84147734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284633/; classtype:trojan-activity;sid:84147733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.200.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284632/; classtype:trojan-activity;sid:84147732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.219.83.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284631/; classtype:trojan-activity;sid:84147731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.85.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284630/; classtype:trojan-activity;sid:84147730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.25.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284629/; classtype:trojan-activity;sid:84147729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.246.20.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284628/; classtype:trojan-activity;sid:84147728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284627/; classtype:trojan-activity;sid:84147727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284626/; classtype:trojan-activity;sid:84147726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.81.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284625/; classtype:trojan-activity;sid:84147725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.91.63.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284624/; classtype:trojan-activity;sid:84147724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.107.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284623/; classtype:trojan-activity;sid:84147723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.126.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284622/; classtype:trojan-activity;sid:84147722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284621/; classtype:trojan-activity;sid:84147721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.245.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284620/; classtype:trojan-activity;sid:84147720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.49.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284619/; classtype:trojan-activity;sid:84147719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.26.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284618/; classtype:trojan-activity;sid:84147718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.252.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284617/; classtype:trojan-activity;sid:84147717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.25.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284613/; classtype:trojan-activity;sid:84147713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.68.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284614/; classtype:trojan-activity;sid:84147714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.93.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284615/; classtype:trojan-activity;sid:84147715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.107.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284616/; classtype:trojan-activity;sid:84147716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.29.129.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284612/; classtype:trojan-activity;sid:84147712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.25.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284611/; classtype:trojan-activity;sid:84147711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.167.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284610/; classtype:trojan-activity;sid:84147710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.224.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284609/; classtype:trojan-activity;sid:84147709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.138.222.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284608/; classtype:trojan-activity;sid:84147708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.9.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284607/; classtype:trojan-activity;sid:84147707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284606/; classtype:trojan-activity;sid:84147706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.62.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284604/; classtype:trojan-activity;sid:84147704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yde4cz.cmd"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284605/; classtype:trojan-activity;sid:84147705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284603/; classtype:trojan-activity;sid:84147703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.179.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284602/; classtype:trojan-activity;sid:84147702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284600/; classtype:trojan-activity;sid:84147700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284601/; classtype:trojan-activity;sid:84147701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284598/; classtype:trojan-activity;sid:84147698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284599/; classtype:trojan-activity;sid:84147699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284596/; classtype:trojan-activity;sid:84147696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284597/; classtype:trojan-activity;sid:84147697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284595/; classtype:trojan-activity;sid:84147695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co"; depth:3; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284594/; classtype:trojan-activity;sid:84147694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284591/; classtype:trojan-activity;sid:84147691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284592/; classtype:trojan-activity;sid:84147692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284593/; classtype:trojan-activity;sid:84147693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284585/; classtype:trojan-activity;sid:84147685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284586/; classtype:trojan-activity;sid:84147686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284587/; classtype:trojan-activity;sid:84147687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284588/; classtype:trojan-activity;sid:84147688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284589/; classtype:trojan-activity;sid:84147689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284590/; classtype:trojan-activity;sid:84147690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284580/; classtype:trojan-activity;sid:84147680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284581/; classtype:trojan-activity;sid:84147681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284582/; classtype:trojan-activity;sid:84147682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284583/; classtype:trojan-activity;sid:84147683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"191.96.235.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284584/; classtype:trojan-activity;sid:84147684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284572/; classtype:trojan-activity;sid:84147672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284573/; classtype:trojan-activity;sid:84147673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284574/; classtype:trojan-activity;sid:84147674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284575/; classtype:trojan-activity;sid:84147675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284576/; classtype:trojan-activity;sid:84147676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284577/; classtype:trojan-activity;sid:84147677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284578/; classtype:trojan-activity;sid:84147678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284579/; classtype:trojan-activity;sid:84147679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dss"; depth:4; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284563/; classtype:trojan-activity;sid:84147663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284564/; classtype:trojan-activity;sid:84147664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284565/; classtype:trojan-activity;sid:84147665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284566/; classtype:trojan-activity;sid:84147666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284567/; classtype:trojan-activity;sid:84147667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284568/; classtype:trojan-activity;sid:84147668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284569/; classtype:trojan-activity;sid:84147669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"209.141.54.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284570/; classtype:trojan-activity;sid:84147670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"31.13.224.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284571/; classtype:trojan-activity;sid:84147671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284558/; classtype:trojan-activity;sid:84147658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284559/; classtype:trojan-activity;sid:84147659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hhpuoclkp0odkxpnh55ai5hkldyco32j9t"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284560/; classtype:trojan-activity;sid:84147660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284561/; classtype:trojan-activity;sid:84147661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284562/; classtype:trojan-activity;sid:84147662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284556/; classtype:trojan-activity;sid:84147656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284557/; classtype:trojan-activity;sid:84147657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284554/; classtype:trojan-activity;sid:84147654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wigzmdm4oabajkcm3vjkbqujzbjms4dsih"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284555/; classtype:trojan-activity;sid:84147655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mips"; depth:13; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284548/; classtype:trojan-activity;sid:84147648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284549/; classtype:trojan-activity;sid:84147649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/unosnzigf7gbgb5yrdr4q49jk3epapoc2p"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284550/; classtype:trojan-activity;sid:84147650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm"; depth:12; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284551/; classtype:trojan-activity;sid:84147651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m65ypyhon0u23vnpvivfgwyfmntbbk0lkf"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284552/; classtype:trojan-activity;sid:84147652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3j3duyucl4zukaijam9w0gqqdlzcgrd6wt"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284553/; classtype:trojan-activity;sid:84147653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.x86"; depth:12; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284540/; classtype:trojan-activity;sid:84147640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284541/; classtype:trojan-activity;sid:84147641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284542/; classtype:trojan-activity;sid:84147642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284543/; classtype:trojan-activity;sid:84147643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.spc"; depth:12; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284544/; classtype:trojan-activity;sid:84147644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284545/; classtype:trojan-activity;sid:84147645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xtzu3f6tlxhlbgkwytqtne4kohu3l1qewp"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284546/; classtype:trojan-activity;sid:84147646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284547/; classtype:trojan-activity;sid:84147647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284535/; classtype:trojan-activity;sid:84147635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284536/; classtype:trojan-activity;sid:84147636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"178.215.238.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284537/; classtype:trojan-activity;sid:84147637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284538/; classtype:trojan-activity;sid:84147638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nsxeilsqaidcsvgceadedzjquydxtahep4"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284539/; classtype:trojan-activity;sid:84147639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gz67tq2yplyihpv66bgslktvzg9czbhbcf"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284533/; classtype:trojan-activity;sid:84147633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kxynri9s8khiwd1fsaah24pz7jxpwwkbpm"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284534/; classtype:trojan-activity;sid:84147634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ezei4xmuhrvihlc7ar8qmqbvuvpck1w9ls"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284530/; classtype:trojan-activity;sid:84147630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tuuwht4ha4hyaahngxdyb6n8hm2qxru2ip"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284531/; classtype:trojan-activity;sid:84147631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bs4wrh2whb8vugv61vrxynbzs9qtkuaywh"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284532/; classtype:trojan-activity;sid:84147632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/peivcihrwk9vs7xlckskj0qdtogh9guzbc"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284529/; classtype:trojan-activity;sid:84147629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wamuu3wstjbh57023dqn3dvidoczwdiuhi"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284526/; classtype:trojan-activity;sid:84147626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cvgkr2dhliwli7dipsmloudgq93vep0u7b"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284527/; classtype:trojan-activity;sid:84147627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iptfkhazqsglkt0ck7ipfvzpzakc1iapzf"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284528/; classtype:trojan-activity;sid:84147628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogimhnb9vg2zaxpdmsc110lq1g9xefebec"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284521/; classtype:trojan-activity;sid:84147621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/uon8ovrrb9frxi0genjznpkuwmpk8pw5up"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284522/; classtype:trojan-activity;sid:84147622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/33pi10vtqwaok6rsenslidpidgaaqysq7o"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284523/; classtype:trojan-activity;sid:84147623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hdfsdojjeqof0bpz66ptqklb2keyffqbag"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284524/; classtype:trojan-activity;sid:84147624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpjil9emvfuwiwwcitbaurbzqhl8jpq7ym"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284525/; classtype:trojan-activity;sid:84147625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arkfejmipbhh2zog4hol3irjp3vphus5rs"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284516/; classtype:trojan-activity;sid:84147616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tipd5alyyzlcilpxjxjmquiwbz7sjgagtq"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284517/; classtype:trojan-activity;sid:84147617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/0tqq9k0xg03smvsaiqyykqwbnvpbovft3c"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284518/; classtype:trojan-activity;sid:84147618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/9ipgdlkmmgmagjkurqde9q0kcpqpzok77g"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284519/; classtype:trojan-activity;sid:84147619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ehfzw7s3hde3i1zriwxe8dtm59q1e0vnwz"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284520/; classtype:trojan-activity;sid:84147620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/oghbguakynesomzdynlxmcxz7dlwbi8cwt"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284514/; classtype:trojan-activity;sid:84147614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/igz32mfunz24oqf1td08tibc9lxkar8zoi"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284515/; classtype:trojan-activity;sid:84147615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.239.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284513/; classtype:trojan-activity;sid:84147613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.217.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284512/; classtype:trojan-activity;sid:84147612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.167.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284511/; classtype:trojan-activity;sid:84147611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.209.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284510/; classtype:trojan-activity;sid:84147610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.39.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284509/; classtype:trojan-activity;sid:84147609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.187.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284508/; classtype:trojan-activity;sid:84147608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.201.105.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284507/; classtype:trojan-activity;sid:84147607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.185.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284506/; classtype:trojan-activity;sid:84147606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.89.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284505/; classtype:trojan-activity;sid:84147605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.25.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284504/; classtype:trojan-activity;sid:84147604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.84.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284503/; classtype:trojan-activity;sid:84147603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.213.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284502/; classtype:trojan-activity;sid:84147602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.22.123.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284501/; classtype:trojan-activity;sid:84147601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.212.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284500/; classtype:trojan-activity;sid:84147600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.84.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284499/; classtype:trojan-activity;sid:84147599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.25.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284498/; classtype:trojan-activity;sid:84147598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.124.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284497/; classtype:trojan-activity;sid:84147597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284496/; classtype:trojan-activity;sid:84147596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.239.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284495/; classtype:trojan-activity;sid:84147595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.15.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284494/; classtype:trojan-activity;sid:84147594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.209.154.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284492/; classtype:trojan-activity;sid:84147592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.44.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284493/; classtype:trojan-activity;sid:84147593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.0.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284491/; classtype:trojan-activity;sid:84147591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.25.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284490/; classtype:trojan-activity;sid:84147590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.138.222.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284489/; classtype:trojan-activity;sid:84147589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.208.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284488/; classtype:trojan-activity;sid:84147588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.81.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284487/; classtype:trojan-activity;sid:84147587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.145.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284486/; classtype:trojan-activity;sid:84147586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.45.56.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284485/; classtype:trojan-activity;sid:84147585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.70.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284484/; classtype:trojan-activity;sid:84147584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.89.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284483/; classtype:trojan-activity;sid:84147583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.177.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284482/; classtype:trojan-activity;sid:84147582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.200.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284481/; classtype:trojan-activity;sid:84147581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.59.84.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284479/; classtype:trojan-activity;sid:84147579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284480/; classtype:trojan-activity;sid:84147580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.107.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284478/; classtype:trojan-activity;sid:84147578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.212.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284477/; classtype:trojan-activity;sid:84147577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.164.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284476/; classtype:trojan-activity;sid:84147576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.56.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284475/; classtype:trojan-activity;sid:84147575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284474/; classtype:trojan-activity;sid:84147574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284472/; classtype:trojan-activity;sid:84147572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284473/; classtype:trojan-activity;sid:84147573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284471/; classtype:trojan-activity;sid:84147571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.119.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284470/; classtype:trojan-activity;sid:84147570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.121.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284469/; classtype:trojan-activity;sid:84147569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.11.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284468/; classtype:trojan-activity;sid:84147568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.208.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284467/; classtype:trojan-activity;sid:84147567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.45.56.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284466/; classtype:trojan-activity;sid:84147566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.93.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284465/; classtype:trojan-activity;sid:84147565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.123.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284464/; classtype:trojan-activity;sid:84147564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284463/; classtype:trojan-activity;sid:84147563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.8.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284462/; classtype:trojan-activity;sid:84147562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.31.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284461/; classtype:trojan-activity;sid:84147561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.18.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284460/; classtype:trojan-activity;sid:84147560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.242.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284459/; classtype:trojan-activity;sid:84147559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.193.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284458/; classtype:trojan-activity;sid:84147558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284457/; classtype:trojan-activity;sid:84147557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.134.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284456/; classtype:trojan-activity;sid:84147556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.252.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284455/; classtype:trojan-activity;sid:84147555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284454/; classtype:trojan-activity;sid:84147554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.220.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284453/; classtype:trojan-activity;sid:84147553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.35.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284452/; classtype:trojan-activity;sid:84147552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.29.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284451/; classtype:trojan-activity;sid:84147551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.11.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284450/; classtype:trojan-activity;sid:84147550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.35.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284449/; classtype:trojan-activity;sid:84147549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.121.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284448/; classtype:trojan-activity;sid:84147548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.178.67.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284447/; classtype:trojan-activity;sid:84147547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.56.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284446/; classtype:trojan-activity;sid:84147546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.251.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284445/; classtype:trojan-activity;sid:84147545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.81.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284444/; classtype:trojan-activity;sid:84147544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.56.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284443/; classtype:trojan-activity;sid:84147543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.81.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284442/; classtype:trojan-activity;sid:84147542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.102.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284441/; classtype:trojan-activity;sid:84147541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.110.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284440/; classtype:trojan-activity;sid:84147540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.237.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284439/; classtype:trojan-activity;sid:84147539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.131.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284438/; classtype:trojan-activity;sid:84147538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.186.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284437/; classtype:trojan-activity;sid:84147537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.65.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284436/; classtype:trojan-activity;sid:84147536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.182.67.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284435/; classtype:trojan-activity;sid:84147535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.40.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284434/; classtype:trojan-activity;sid:84147534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.110.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284433/; classtype:trojan-activity;sid:84147533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.96.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284432/; classtype:trojan-activity;sid:84147532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.134.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284431/; classtype:trojan-activity;sid:84147531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.21.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284430/; classtype:trojan-activity;sid:84147530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.29.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284429/; classtype:trojan-activity;sid:84147529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284428/; classtype:trojan-activity;sid:84147528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.117.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284426/; classtype:trojan-activity;sid:84147526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.79.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284427/; classtype:trojan-activity;sid:84147527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.58.23.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284425/; classtype:trojan-activity;sid:84147525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.204.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284424/; classtype:trojan-activity;sid:84147524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.102.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284423/; classtype:trojan-activity;sid:84147523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.32.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284422/; classtype:trojan-activity;sid:84147522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.191.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284421/; classtype:trojan-activity;sid:84147521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.81.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284420/; classtype:trojan-activity;sid:84147520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.86.210.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284419/; classtype:trojan-activity;sid:84147519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.237.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284418/; classtype:trojan-activity;sid:84147518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.198.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284417/; classtype:trojan-activity;sid:84147517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.187.205.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284416/; classtype:trojan-activity;sid:84147516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.194.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284415/; classtype:trojan-activity;sid:84147515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.96.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284414/; classtype:trojan-activity;sid:84147514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.214.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284413/; classtype:trojan-activity;sid:84147513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.6.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284412/; classtype:trojan-activity;sid:84147512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.49.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284411/; classtype:trojan-activity;sid:84147511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284410/; classtype:trojan-activity;sid:84147510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.75.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284409/; classtype:trojan-activity;sid:84147509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.21.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284408/; classtype:trojan-activity;sid:84147508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.45.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284407/; classtype:trojan-activity;sid:84147507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.204.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284406/; classtype:trojan-activity;sid:84147506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.200.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284405/; classtype:trojan-activity;sid:84147505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.89.112.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284404/; classtype:trojan-activity;sid:84147504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/mqcnr"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284403/; classtype:trojan-activity;sid:84147503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.234.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284402/; classtype:trojan-activity;sid:84147502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.32.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284401/; classtype:trojan-activity;sid:84147501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.123.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284400/; classtype:trojan-activity;sid:84147500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.11.140"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284399/; classtype:trojan-activity;sid:84147499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284398/; classtype:trojan-activity;sid:84147498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.251.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284397/; classtype:trojan-activity;sid:84147497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.138.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284396/; classtype:trojan-activity;sid:84147496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.171.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284395/; classtype:trojan-activity;sid:84147495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.62.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284394/; classtype:trojan-activity;sid:84147494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.79.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284393/; classtype:trojan-activity;sid:84147493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284392/; classtype:trojan-activity;sid:84147492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.248.235.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284391/; classtype:trojan-activity;sid:84147491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.198.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284389/; classtype:trojan-activity;sid:84147489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.214.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284390/; classtype:trojan-activity;sid:84147490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.186.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284388/; classtype:trojan-activity;sid:84147488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.248.235.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284387/; classtype:trojan-activity;sid:84147487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18e58bd9b3a5293b/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"77.83.175.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284386/; classtype:trojan-activity;sid:84147486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18e58bd9b3a5293b/nss3.dll"; depth:26; endswith; nocase; http.host; content:"77.83.175.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284385/; classtype:trojan-activity;sid:84147485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18e58bd9b3a5293b/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"77.83.175.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284383/; classtype:trojan-activity;sid:84147483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18e58bd9b3a5293b/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"77.83.175.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284384/; classtype:trojan-activity;sid:84147484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18e58bd9b3a5293b/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"77.83.175.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284380/; classtype:trojan-activity;sid:84147480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18e58bd9b3a5293b/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"77.83.175.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284381/; classtype:trojan-activity;sid:84147481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18e58bd9b3a5293b/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"77.83.175.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284382/; classtype:trojan-activity;sid:84147482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.27.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284379/; classtype:trojan-activity;sid:84147479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.123.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284378/; classtype:trojan-activity;sid:84147478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.241.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284377/; classtype:trojan-activity;sid:84147477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.0.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284376/; classtype:trojan-activity;sid:84147476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.200.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284375/; classtype:trojan-activity;sid:84147475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.120.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284374/; classtype:trojan-activity;sid:84147474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.47.188.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284372/; classtype:trojan-activity;sid:84147472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.183.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284373/; classtype:trojan-activity;sid:84147473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284371/; classtype:trojan-activity;sid:84147471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.206.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284370/; classtype:trojan-activity;sid:84147470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.81.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284369/; classtype:trojan-activity;sid:84147469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284368/; classtype:trojan-activity;sid:84147468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"38.55.251.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284367/; classtype:trojan-activity;sid:84147467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carm"; depth:5; endswith; nocase; http.host; content:"135.181.56.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284366/; classtype:trojan-activity;sid:84147466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.152.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284365/; classtype:trojan-activity;sid:84147465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.159.154.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284364/; classtype:trojan-activity;sid:84147464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.109.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284363/; classtype:trojan-activity;sid:84147463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.95.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284362/; classtype:trojan-activity;sid:84147462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajiasu_x64.zip"; depth:15; endswith; nocase; http.host; content:"zh.seacdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284353/; classtype:trojan-activity;sid:84147453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winrarx64.zip"; depth:14; endswith; nocase; http.host; content:"zh.seacdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284352/; classtype:trojan-activity;sid:84147452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epp64.exe"; depth:10; endswith; nocase; http.host; content:"135.125.62.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284350/; classtype:trojan-activity;sid:84147450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epp32.exe"; depth:10; endswith; nocase; http.host; content:"135.125.62.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284351/; classtype:trojan-activity;sid:84147451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.27.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284349/; classtype:trojan-activity;sid:84147449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.196.29.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284348/; classtype:trojan-activity;sid:84147448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hello.exe"; depth:10; endswith; nocase; http.host; content:"www.notmalicious.services"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284347/; classtype:trojan-activity;sid:84147447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/refs/heads/main/njrtdhadawt.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284346/; classtype:trojan-activity;sid:84147446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.206.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284345/; classtype:trojan-activity;sid:84147445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.111.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284343/; classtype:trojan-activity;sid:84147443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.184.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284344/; classtype:trojan-activity;sid:84147444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.9.100.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284342/; classtype:trojan-activity;sid:84147442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.200.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284341/; classtype:trojan-activity;sid:84147441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.111.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284340/; classtype:trojan-activity;sid:84147440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.27.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284339/; classtype:trojan-activity;sid:84147439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.95.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284338/; classtype:trojan-activity;sid:84147438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.213.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284337/; classtype:trojan-activity;sid:84147437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.103.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284336/; classtype:trojan-activity;sid:84147436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.6.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284335/; classtype:trojan-activity;sid:84147435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.120.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284334/; classtype:trojan-activity;sid:84147434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.47.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284332/; classtype:trojan-activity;sid:84147432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284333/; classtype:trojan-activity;sid:84147433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.116.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284331/; classtype:trojan-activity;sid:84147431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.25.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284330/; classtype:trojan-activity;sid:84147430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.72.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284329/; classtype:trojan-activity;sid:84147429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.180.38.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284328/; classtype:trojan-activity;sid:84147428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284327/; classtype:trojan-activity;sid:84147427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.95.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284326/; classtype:trojan-activity;sid:84147426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284325/; classtype:trojan-activity;sid:84147425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.80.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284324/; classtype:trojan-activity;sid:84147424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.190.102.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284321/; classtype:trojan-activity;sid:84147421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.20.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284322/; classtype:trojan-activity;sid:84147422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.88.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284323/; classtype:trojan-activity;sid:84147423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284320/; classtype:trojan-activity;sid:84147420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.72.17.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284319/; classtype:trojan-activity;sid:84147419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.6.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284318/; classtype:trojan-activity;sid:84147418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.85.166.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284317/; classtype:trojan-activity;sid:84147417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.103.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284316/; classtype:trojan-activity;sid:84147416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.98.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284315/; classtype:trojan-activity;sid:84147415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.154.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284313/; classtype:trojan-activity;sid:84147413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.16.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284314/; classtype:trojan-activity;sid:84147414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.191.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284311/; classtype:trojan-activity;sid:84147411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.10.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284312/; classtype:trojan-activity;sid:84147412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.180.38.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284310/; classtype:trojan-activity;sid:84147410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.116.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284309/; classtype:trojan-activity;sid:84147409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.124.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284308/; classtype:trojan-activity;sid:84147408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.85.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284307/; classtype:trojan-activity;sid:84147407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.106.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284306/; classtype:trojan-activity;sid:84147406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.117.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284305/; classtype:trojan-activity;sid:84147405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284304/; classtype:trojan-activity;sid:84147404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.18.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284303/; classtype:trojan-activity;sid:84147403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.113.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284302/; classtype:trojan-activity;sid:84147402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.232.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284301/; classtype:trojan-activity;sid:84147401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284300/; classtype:trojan-activity;sid:84147400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284299/; classtype:trojan-activity;sid:84147399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.85.166.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284298/; classtype:trojan-activity;sid:84147398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.17.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284297/; classtype:trojan-activity;sid:84147397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.173.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284296/; classtype:trojan-activity;sid:84147396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284295/; classtype:trojan-activity;sid:84147395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.112.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284294/; classtype:trojan-activity;sid:84147394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.148.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284293/; classtype:trojan-activity;sid:84147393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.206.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284292/; classtype:trojan-activity;sid:84147392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.28.221.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284290/; classtype:trojan-activity;sid:84147390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.159.154.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284291/; classtype:trojan-activity;sid:84147391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284289/; classtype:trojan-activity;sid:84147389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284288/; classtype:trojan-activity;sid:84147388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.135.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284287/; classtype:trojan-activity;sid:84147387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.3.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284286/; classtype:trojan-activity;sid:84147386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.99.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284285/; classtype:trojan-activity;sid:84147385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.18.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284284/; classtype:trojan-activity;sid:84147384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.156.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284283/; classtype:trojan-activity;sid:84147383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.173.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284282/; classtype:trojan-activity;sid:84147382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.240.168.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284281/; classtype:trojan-activity;sid:84147381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284280/; classtype:trojan-activity;sid:84147380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284279/; classtype:trojan-activity;sid:84147379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.52.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284278/; classtype:trojan-activity;sid:84147378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284275/; classtype:trojan-activity;sid:84147375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.46.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284276/; classtype:trojan-activity;sid:84147376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.213.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284277/; classtype:trojan-activity;sid:84147377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.238.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284274/; classtype:trojan-activity;sid:84147374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.238.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284273/; classtype:trojan-activity;sid:84147373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.153.254.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284272/; classtype:trojan-activity;sid:84147372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.82.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284271/; classtype:trojan-activity;sid:84147371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.123.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284270/; classtype:trojan-activity;sid:84147370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284269/; classtype:trojan-activity;sid:84147369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.78.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284268/; classtype:trojan-activity;sid:84147368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.238.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284267/; classtype:trojan-activity;sid:84147367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.156.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284266/; classtype:trojan-activity;sid:84147366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.135.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284265/; classtype:trojan-activity;sid:84147365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.233.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284264/; classtype:trojan-activity;sid:84147364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.123.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284263/; classtype:trojan-activity;sid:84147363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284262/; classtype:trojan-activity;sid:84147362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.95.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284261/; classtype:trojan-activity;sid:84147361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.83.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284260/; classtype:trojan-activity;sid:84147360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284259/; classtype:trojan-activity;sid:84147359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.176.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284258/; classtype:trojan-activity;sid:84147358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.16.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284257/; classtype:trojan-activity;sid:84147357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.177.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284256/; classtype:trojan-activity;sid:84147356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.103.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284255/; classtype:trojan-activity;sid:84147355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.3.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284253/; classtype:trojan-activity;sid:84147353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.109.159.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284254/; classtype:trojan-activity;sid:84147354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.137.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284252/; classtype:trojan-activity;sid:84147352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.199.147.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284251/; classtype:trojan-activity;sid:84147351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.174.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284250/; classtype:trojan-activity;sid:84147350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284249/; classtype:trojan-activity;sid:84147349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.99.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284248/; classtype:trojan-activity;sid:84147348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.47.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284246/; classtype:trojan-activity;sid:84147346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.89.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284247/; classtype:trojan-activity;sid:84147347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.164.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284244/; classtype:trojan-activity;sid:84147344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.207.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284245/; classtype:trojan-activity;sid:84147345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.231.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284243/; classtype:trojan-activity;sid:84147343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.58.23.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284242/; classtype:trojan-activity;sid:84147342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.121.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284241/; classtype:trojan-activity;sid:84147341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.83.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284240/; classtype:trojan-activity;sid:84147340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.175.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284238/; classtype:trojan-activity;sid:84147338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.103.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284239/; classtype:trojan-activity;sid:84147339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.44.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284237/; classtype:trojan-activity;sid:84147337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.120.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284236/; classtype:trojan-activity;sid:84147336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.236.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284235/; classtype:trojan-activity;sid:84147335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.174.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284234/; classtype:trojan-activity;sid:84147334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284233/; classtype:trojan-activity;sid:84147333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.199.147.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284232/; classtype:trojan-activity;sid:84147332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.141.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284231/; classtype:trojan-activity;sid:84147331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.42.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284230/; classtype:trojan-activity;sid:84147330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.73.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284229/; classtype:trojan-activity;sid:84147329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.233.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284227/; classtype:trojan-activity;sid:84147327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.109.159.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284228/; classtype:trojan-activity;sid:84147328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.63.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284226/; classtype:trojan-activity;sid:84147326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.118.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284225/; classtype:trojan-activity;sid:84147325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.115.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284224/; classtype:trojan-activity;sid:84147324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.220.138.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284222/; classtype:trojan-activity;sid:84147322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.191.82.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284223/; classtype:trojan-activity;sid:84147323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284221/; classtype:trojan-activity;sid:84147321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284220/; classtype:trojan-activity;sid:84147320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.131.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284219/; classtype:trojan-activity;sid:84147319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.175.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284217/; classtype:trojan-activity;sid:84147317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284218/; classtype:trojan-activity;sid:84147318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284216/; classtype:trojan-activity;sid:84147316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.115.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284215/; classtype:trojan-activity;sid:84147315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.241.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284214/; classtype:trojan-activity;sid:84147314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.236.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284213/; classtype:trojan-activity;sid:84147313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.44.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284211/; classtype:trojan-activity;sid:84147311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284212/; classtype:trojan-activity;sid:84147312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.73.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284210/; classtype:trojan-activity;sid:84147310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.118.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284209/; classtype:trojan-activity;sid:84147309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.63.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284208/; classtype:trojan-activity;sid:84147308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.150.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284207/; classtype:trojan-activity;sid:84147307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.122.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284206/; classtype:trojan-activity;sid:84147306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.125.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284205/; classtype:trojan-activity;sid:84147305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284204/; classtype:trojan-activity;sid:84147304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.141.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284203/; classtype:trojan-activity;sid:84147303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.217.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284202/; classtype:trojan-activity;sid:84147302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.150.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284201/; classtype:trojan-activity;sid:84147301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.1.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284200/; classtype:trojan-activity;sid:84147300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.134.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284199/; classtype:trojan-activity;sid:84147299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.118.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284198/; classtype:trojan-activity;sid:84147298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.252.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284197/; classtype:trojan-activity;sid:84147297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284196/; classtype:trojan-activity;sid:84147296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284195/; classtype:trojan-activity;sid:84147295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.142.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284194/; classtype:trojan-activity;sid:84147294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.183.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284192/; classtype:trojan-activity;sid:84147292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.192.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284193/; classtype:trojan-activity;sid:84147293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.84.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284191/; classtype:trojan-activity;sid:84147291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.87.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284190/; classtype:trojan-activity;sid:84147290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.59.119.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284189/; classtype:trojan-activity;sid:84147289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.49.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284188/; classtype:trojan-activity;sid:84147288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284187/; classtype:trojan-activity;sid:84147287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.186.29.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284186/; classtype:trojan-activity;sid:84147286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284185/; classtype:trojan-activity;sid:84147285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.118.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284184/; classtype:trojan-activity;sid:84147284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.232.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284183/; classtype:trojan-activity;sid:84147283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284182/; classtype:trojan-activity;sid:84147282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.1.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284180/; classtype:trojan-activity;sid:84147280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.181.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284181/; classtype:trojan-activity;sid:84147281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.219.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284179/; classtype:trojan-activity;sid:84147279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284178/; classtype:trojan-activity;sid:84147278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.45.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284177/; classtype:trojan-activity;sid:84147277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284176/; classtype:trojan-activity;sid:84147276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284175/; classtype:trojan-activity;sid:84147275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.249.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284174/; classtype:trojan-activity;sid:84147274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fru7nk9/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284173/; classtype:trojan-activity;sid:84147273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fru7nk9/plugins/clip.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284172/; classtype:trojan-activity;sid:84147272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.16.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284171/; classtype:trojan-activity;sid:84147271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284170/; classtype:trojan-activity;sid:84147270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.210.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284169/; classtype:trojan-activity;sid:84147269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284168/; classtype:trojan-activity;sid:84147268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.125.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284167/; classtype:trojan-activity;sid:84147267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.16.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284165/; classtype:trojan-activity;sid:84147265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284166/; classtype:trojan-activity;sid:84147266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.9.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284164/; classtype:trojan-activity;sid:84147264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.85.129.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284161/; classtype:trojan-activity;sid:84147261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.224.187.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284162/; classtype:trojan-activity;sid:84147262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.93.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284163/; classtype:trojan-activity;sid:84147263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.171.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284160/; classtype:trojan-activity;sid:84147260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284159/; classtype:trojan-activity;sid:84147259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.192.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284158/; classtype:trojan-activity;sid:84147258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.186.29.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284157/; classtype:trojan-activity;sid:84147257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284156/; classtype:trojan-activity;sid:84147256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.183.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284155/; classtype:trojan-activity;sid:84147255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.219.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284154/; classtype:trojan-activity;sid:84147254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.164.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284153/; classtype:trojan-activity;sid:84147253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284152/; classtype:trojan-activity;sid:84147252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.18.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284150/; classtype:trojan-activity;sid:84147250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284151/; classtype:trojan-activity;sid:84147251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284149/; classtype:trojan-activity;sid:84147249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.181.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284148/; classtype:trojan-activity;sid:84147248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.144.193.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284147/; classtype:trojan-activity;sid:84147247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.247.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284146/; classtype:trojan-activity;sid:84147246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.223.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284145/; classtype:trojan-activity;sid:84147245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.146.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284144/; classtype:trojan-activity;sid:84147244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.59.119.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284143/; classtype:trojan-activity;sid:84147243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.11.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284142/; classtype:trojan-activity;sid:84147242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.224.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284141/; classtype:trojan-activity;sid:84147241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.202.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284140/; classtype:trojan-activity;sid:84147240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.102.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284139/; classtype:trojan-activity;sid:84147239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.9.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284138/; classtype:trojan-activity;sid:84147238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284137/; classtype:trojan-activity;sid:84147237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.10.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284135/; classtype:trojan-activity;sid:84147235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.22.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284136/; classtype:trojan-activity;sid:84147236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.106.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284134/; classtype:trojan-activity;sid:84147234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284133/; classtype:trojan-activity;sid:84147233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.206.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284132/; classtype:trojan-activity;sid:84147232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.11.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284130/; classtype:trojan-activity;sid:84147230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.18.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284131/; classtype:trojan-activity;sid:84147231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.210.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284129/; classtype:trojan-activity;sid:84147229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.10.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284128/; classtype:trojan-activity;sid:84147228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.7.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284127/; classtype:trojan-activity;sid:84147227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.48.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284126/; classtype:trojan-activity;sid:84147226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.126.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284125/; classtype:trojan-activity;sid:84147225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.224.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284124/; classtype:trojan-activity;sid:84147224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.126.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284123/; classtype:trojan-activity;sid:84147223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284122/; classtype:trojan-activity;sid:84147222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.69.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284121/; classtype:trojan-activity;sid:84147221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.146.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284120/; classtype:trojan-activity;sid:84147220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.106.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284119/; classtype:trojan-activity;sid:84147219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.57.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284117/; classtype:trojan-activity;sid:84147217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.52.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284118/; classtype:trojan-activity;sid:84147218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.22.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284116/; classtype:trojan-activity;sid:84147216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.82.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284115/; classtype:trojan-activity;sid:84147215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.142.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284114/; classtype:trojan-activity;sid:84147214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.8.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284113/; classtype:trojan-activity;sid:84147213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284110/; classtype:trojan-activity;sid:84147210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.71.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284111/; classtype:trojan-activity;sid:84147211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.37.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284112/; classtype:trojan-activity;sid:84147212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.101.89.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284109/; classtype:trojan-activity;sid:84147209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.253.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284108/; classtype:trojan-activity;sid:84147208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.120.214.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284107/; classtype:trojan-activity;sid:84147207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.176.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284106/; classtype:trojan-activity;sid:84147206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.39.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284105/; classtype:trojan-activity;sid:84147205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.159.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284104/; classtype:trojan-activity;sid:84147204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.126.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284103/; classtype:trojan-activity;sid:84147203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284102/; classtype:trojan-activity;sid:84147202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284101/; classtype:trojan-activity;sid:84147201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.221.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284100/; classtype:trojan-activity;sid:84147200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.170.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284099/; classtype:trojan-activity;sid:84147199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.101.89.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284098/; classtype:trojan-activity;sid:84147198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.23.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284097/; classtype:trojan-activity;sid:84147197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.210.186.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284096/; classtype:trojan-activity;sid:84147196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.59.119.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284095/; classtype:trojan-activity;sid:84147195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.59.106.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284094/; classtype:trojan-activity;sid:84147194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.142.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284093/; classtype:trojan-activity;sid:84147193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.71.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284092/; classtype:trojan-activity;sid:84147192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284091/; classtype:trojan-activity;sid:84147191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.37.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284090/; classtype:trojan-activity;sid:84147190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284089/; classtype:trojan-activity;sid:84147189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.157.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284088/; classtype:trojan-activity;sid:84147188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284087/; classtype:trojan-activity;sid:84147187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.225.142.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284086/; classtype:trojan-activity;sid:84147186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.139.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284085/; classtype:trojan-activity;sid:84147185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.228.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284083/; classtype:trojan-activity;sid:84147183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284084/; classtype:trojan-activity;sid:84147184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.6.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284082/; classtype:trojan-activity;sid:84147182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.23.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284081/; classtype:trojan-activity;sid:84147181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.221.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284080/; classtype:trojan-activity;sid:84147180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.94.216.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284079/; classtype:trojan-activity;sid:84147179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.31.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284078/; classtype:trojan-activity;sid:84147178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.157.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284077/; classtype:trojan-activity;sid:84147177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.210.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284075/; classtype:trojan-activity;sid:84147175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.78.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284076/; classtype:trojan-activity;sid:84147176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.211.67.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284074/; classtype:trojan-activity;sid:84147174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.62.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284073/; classtype:trojan-activity;sid:84147173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.35.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284071/; classtype:trojan-activity;sid:84147171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.124.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284072/; classtype:trojan-activity;sid:84147172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284070/; classtype:trojan-activity;sid:84147170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.84.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284069/; classtype:trojan-activity;sid:84147169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.188.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284068/; classtype:trojan-activity;sid:84147168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.196"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284067/; classtype:trojan-activity;sid:84147167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.121.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284066/; classtype:trojan-activity;sid:84147166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.225.142.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284065/; classtype:trojan-activity;sid:84147165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.1.54"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284064/; classtype:trojan-activity;sid:84147164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.235.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284063/; classtype:trojan-activity;sid:84147163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.31.91"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284061/; classtype:trojan-activity;sid:84147161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.248.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284062/; classtype:trojan-activity;sid:84147162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.175.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284060/; classtype:trojan-activity;sid:84147160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284059/; classtype:trojan-activity;sid:84147159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.106.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284058/; classtype:trojan-activity;sid:84147158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.230.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284057/; classtype:trojan-activity;sid:84147157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.118.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284056/; classtype:trojan-activity;sid:84147156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.38.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284055/; classtype:trojan-activity;sid:84147155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.232.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284054/; classtype:trojan-activity;sid:84147154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284053/; classtype:trojan-activity;sid:84147153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284052/; classtype:trojan-activity;sid:84147152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.0.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284050/; classtype:trojan-activity;sid:84147150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.198.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284051/; classtype:trojan-activity;sid:84147151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.217.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284049/; classtype:trojan-activity;sid:84147149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284048/; classtype:trojan-activity;sid:84147148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.239.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284047/; classtype:trojan-activity;sid:84147147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.132.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284046/; classtype:trojan-activity;sid:84147146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.46.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284045/; classtype:trojan-activity;sid:84147145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.35.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284044/; classtype:trojan-activity;sid:84147144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.124.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284043/; classtype:trojan-activity;sid:84147143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.135.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284042/; classtype:trojan-activity;sid:84147142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.141.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284040/; classtype:trojan-activity;sid:84147140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.102.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284041/; classtype:trojan-activity;sid:84147141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284039/; classtype:trojan-activity;sid:84147139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.196"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284038/; classtype:trojan-activity;sid:84147138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.121.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284037/; classtype:trojan-activity;sid:84147137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.144.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284035/; classtype:trojan-activity;sid:84147135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284036/; classtype:trojan-activity;sid:84147136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284034/; classtype:trojan-activity;sid:84147134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.16.238"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284033/; classtype:trojan-activity;sid:84147133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.32.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284032/; classtype:trojan-activity;sid:84147132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.244.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284030/; classtype:trojan-activity;sid:84147130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.160.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284031/; classtype:trojan-activity;sid:84147131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.13.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284029/; classtype:trojan-activity;sid:84147129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.46.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284027/; classtype:trojan-activity;sid:84147127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.214.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284028/; classtype:trojan-activity;sid:84147128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.119.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284026/; classtype:trojan-activity;sid:84147126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.118.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284025/; classtype:trojan-activity;sid:84147125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.106.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284024/; classtype:trojan-activity;sid:84147124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.38.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284023/; classtype:trojan-activity;sid:84147123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.41.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284022/; classtype:trojan-activity;sid:84147122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.198.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284021/; classtype:trojan-activity;sid:84147121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.20.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284020/; classtype:trojan-activity;sid:84147120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.173.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284018/; classtype:trojan-activity;sid:84147118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.74.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284019/; classtype:trojan-activity;sid:84147119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.161.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284017/; classtype:trojan-activity;sid:84147117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.67.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284016/; classtype:trojan-activity;sid:84147116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.144.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284015/; classtype:trojan-activity;sid:84147115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.141.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284013/; classtype:trojan-activity;sid:84147113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.5.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284014/; classtype:trojan-activity;sid:84147114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.228.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284012/; classtype:trojan-activity;sid:84147112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.239.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284011/; classtype:trojan-activity;sid:84147111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.48.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284010/; classtype:trojan-activity;sid:84147110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.89.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284009/; classtype:trojan-activity;sid:84147109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.85.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284008/; classtype:trojan-activity;sid:84147108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284007/; classtype:trojan-activity;sid:84147107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.206.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284006/; classtype:trojan-activity;sid:84147106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.90.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284005/; classtype:trojan-activity;sid:84147105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.250.77.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284003/; classtype:trojan-activity;sid:84147103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.37.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284004/; classtype:trojan-activity;sid:84147104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.17.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284002/; classtype:trojan-activity;sid:84147102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.41.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284001/; classtype:trojan-activity;sid:84147101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.164.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3284000/; classtype:trojan-activity;sid:84147100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.65.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283999/; classtype:trojan-activity;sid:84147099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.5.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283998/; classtype:trojan-activity;sid:84147098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.169.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283997/; classtype:trojan-activity;sid:84147097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.161.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283996/; classtype:trojan-activity;sid:84147096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.88.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283995/; classtype:trojan-activity;sid:84147095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283994/; classtype:trojan-activity;sid:84147094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.3.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283993/; classtype:trojan-activity;sid:84147093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.133.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283992/; classtype:trojan-activity;sid:84147092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.232.187.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283991/; classtype:trojan-activity;sid:84147091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283990/; classtype:trojan-activity;sid:84147090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.88.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283989/; classtype:trojan-activity;sid:84147089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.65.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283988/; classtype:trojan-activity;sid:84147088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.67.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283987/; classtype:trojan-activity;sid:84147087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.42.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283986/; classtype:trojan-activity;sid:84147086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.242.50.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283985/; classtype:trojan-activity;sid:84147085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.8.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283984/; classtype:trojan-activity;sid:84147084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283983/; classtype:trojan-activity;sid:84147083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283982/; classtype:trojan-activity;sid:84147082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.109.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283981/; classtype:trojan-activity;sid:84147081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.163.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283979/; classtype:trojan-activity;sid:84147079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.33.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283980/; classtype:trojan-activity;sid:84147080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.188.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283978/; classtype:trojan-activity;sid:84147078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.0.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283976/; classtype:trojan-activity;sid:84147076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.232.187.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283977/; classtype:trojan-activity;sid:84147077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.164.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283975/; classtype:trojan-activity;sid:84147075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.170.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283974/; classtype:trojan-activity;sid:84147074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.119.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283973/; classtype:trojan-activity;sid:84147073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.133.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283972/; classtype:trojan-activity;sid:84147072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283971/; classtype:trojan-activity;sid:84147071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.88.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283970/; classtype:trojan-activity;sid:84147070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.8.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283969/; classtype:trojan-activity;sid:84147069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.167.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283968/; classtype:trojan-activity;sid:84147068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.89.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283966/; classtype:trojan-activity;sid:84147066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.100.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283967/; classtype:trojan-activity;sid:84147067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.88.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283965/; classtype:trojan-activity;sid:84147065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.229.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283964/; classtype:trojan-activity;sid:84147064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.80.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283963/; classtype:trojan-activity;sid:84147063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.182.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283962/; classtype:trojan-activity;sid:84147062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.242.50.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283961/; classtype:trojan-activity;sid:84147061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.42.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283960/; classtype:trojan-activity;sid:84147060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.45.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283959/; classtype:trojan-activity;sid:84147059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.163.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283958/; classtype:trojan-activity;sid:84147058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.33.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283957/; classtype:trojan-activity;sid:84147057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283956/; classtype:trojan-activity;sid:84147056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.91.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283955/; classtype:trojan-activity;sid:84147055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283954/; classtype:trojan-activity;sid:84147054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283953/; classtype:trojan-activity;sid:84147053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283951/; classtype:trojan-activity;sid:84147051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.11.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283952/; classtype:trojan-activity;sid:84147052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.119.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283950/; classtype:trojan-activity;sid:84147050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.197.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283949/; classtype:trojan-activity;sid:84147049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.92.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283948/; classtype:trojan-activity;sid:84147048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.255.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283947/; classtype:trojan-activity;sid:84147047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283946/; classtype:trojan-activity;sid:84147046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.188.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283945/; classtype:trojan-activity;sid:84147045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.80.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283944/; classtype:trojan-activity;sid:84147044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.184.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283943/; classtype:trojan-activity;sid:84147043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.99.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283942/; classtype:trojan-activity;sid:84147042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.197.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283941/; classtype:trojan-activity;sid:84147041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.96.237"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283940/; classtype:trojan-activity;sid:84147040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.98.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283939/; classtype:trojan-activity;sid:84147039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.120.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283938/; classtype:trojan-activity;sid:84147038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.52.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283937/; classtype:trojan-activity;sid:84147037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.45.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283936/; classtype:trojan-activity;sid:84147036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.116.168.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283935/; classtype:trojan-activity;sid:84147035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.45.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283933/; classtype:trojan-activity;sid:84147033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283934/; classtype:trojan-activity;sid:84147034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.255.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283932/; classtype:trojan-activity;sid:84147032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.122.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283931/; classtype:trojan-activity;sid:84147031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.184.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283930/; classtype:trojan-activity;sid:84147030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.196.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283929/; classtype:trojan-activity;sid:84147029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.98.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283927/; classtype:trojan-activity;sid:84147027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.116.168.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283928/; classtype:trojan-activity;sid:84147028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283926/; classtype:trojan-activity;sid:84147026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.46.80.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283925/; classtype:trojan-activity;sid:84147025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.205.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283924/; classtype:trojan-activity;sid:84147024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.218.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283923/; classtype:trojan-activity;sid:84147023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.133.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283922/; classtype:trojan-activity;sid:84147022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283921/; classtype:trojan-activity;sid:84147021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"gitae.strategies.mvpstrat.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283920/; classtype:trojan-activity;sid:84147020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.168.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283919/; classtype:trojan-activity;sid:84147019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283918/; classtype:trojan-activity;sid:84147018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283917/; classtype:trojan-activity;sid:84147017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.94.190.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283916/; classtype:trojan-activity;sid:84147016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283914/; classtype:trojan-activity;sid:84147014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283915/; classtype:trojan-activity;sid:84147015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283903/; classtype:trojan-activity;sid:84147003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283904/; classtype:trojan-activity;sid:84147004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283905/; classtype:trojan-activity;sid:84147005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283906/; classtype:trojan-activity;sid:84147006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283907/; classtype:trojan-activity;sid:84147007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283908/; classtype:trojan-activity;sid:84147008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283909/; classtype:trojan-activity;sid:84147009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283910/; classtype:trojan-activity;sid:84147010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283911/; classtype:trojan-activity;sid:84147011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283912/; classtype:trojan-activity;sid:84147012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"162.245.221.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283913/; classtype:trojan-activity;sid:84147013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283902/; classtype:trojan-activity;sid:84147002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283901/; classtype:trojan-activity;sid:84147001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.104.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283900/; classtype:trojan-activity;sid:84147000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.16.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283899/; classtype:trojan-activity;sid:84146999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.63.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283898/; classtype:trojan-activity;sid:84146998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.25.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283897/; classtype:trojan-activity;sid:84146997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.78.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283895/; classtype:trojan-activity;sid:84146995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.205.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283896/; classtype:trojan-activity;sid:84146996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.186.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283894/; classtype:trojan-activity;sid:84146994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.248.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283893/; classtype:trojan-activity;sid:84146993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283892/; classtype:trojan-activity;sid:84146992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283891/; classtype:trojan-activity;sid:84146991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283889/; classtype:trojan-activity;sid:84146989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283890/; classtype:trojan-activity;sid:84146990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283883/; classtype:trojan-activity;sid:84146983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283884/; classtype:trojan-activity;sid:84146984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283885/; classtype:trojan-activity;sid:84146985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283886/; classtype:trojan-activity;sid:84146986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283887/; classtype:trojan-activity;sid:84146987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283888/; classtype:trojan-activity;sid:84146988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283882/; classtype:trojan-activity;sid:84146982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283880/; classtype:trojan-activity;sid:84146980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283881/; classtype:trojan-activity;sid:84146981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"bot.proy.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283879/; classtype:trojan-activity;sid:84146979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283878/; classtype:trojan-activity;sid:84146978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.113.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283877/; classtype:trojan-activity;sid:84146977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283876/; classtype:trojan-activity;sid:84146976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.235.250.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283875/; classtype:trojan-activity;sid:84146975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283874/; classtype:trojan-activity;sid:84146974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283866/; classtype:trojan-activity;sid:84146966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283867/; classtype:trojan-activity;sid:84146967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283868/; classtype:trojan-activity;sid:84146968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283869/; classtype:trojan-activity;sid:84146969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283870/; classtype:trojan-activity;sid:84146970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283871/; classtype:trojan-activity;sid:84146971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283872/; classtype:trojan-activity;sid:84146972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"209.141.52.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283873/; classtype:trojan-activity;sid:84146973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.242.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283865/; classtype:trojan-activity;sid:84146965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.68.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283864/; classtype:trojan-activity;sid:84146964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.15.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283863/; classtype:trojan-activity;sid:84146963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.40.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283862/; classtype:trojan-activity;sid:84146962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.40.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283861/; classtype:trojan-activity;sid:84146961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.251.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283860/; classtype:trojan-activity;sid:84146960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.12.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283859/; classtype:trojan-activity;sid:84146959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.63.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283858/; classtype:trojan-activity;sid:84146958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.41.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283857/; classtype:trojan-activity;sid:84146957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.12.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283856/; classtype:trojan-activity;sid:84146956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.125.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283855/; classtype:trojan-activity;sid:84146955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.253.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283854/; classtype:trojan-activity;sid:84146954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.3.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283853/; classtype:trojan-activity;sid:84146953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.251.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283852/; classtype:trojan-activity;sid:84146952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.164.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283851/; classtype:trojan-activity;sid:84146951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283850/; classtype:trojan-activity;sid:84146950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.231.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283849/; classtype:trojan-activity;sid:84146949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.81.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283847/; classtype:trojan-activity;sid:84146947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.7.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283848/; classtype:trojan-activity;sid:84146948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.204.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283846/; classtype:trojan-activity;sid:84146946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.101.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283845/; classtype:trojan-activity;sid:84146945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.17.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283844/; classtype:trojan-activity;sid:84146944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.12.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283843/; classtype:trojan-activity;sid:84146943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.54.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283842/; classtype:trojan-activity;sid:84146942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.68.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283841/; classtype:trojan-activity;sid:84146941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283840/; classtype:trojan-activity;sid:84146940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.3.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283839/; classtype:trojan-activity;sid:84146939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.129.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283838/; classtype:trojan-activity;sid:84146938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283837/; classtype:trojan-activity;sid:84146937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.227.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283836/; classtype:trojan-activity;sid:84146936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.158.142.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283835/; classtype:trojan-activity;sid:84146935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.24.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283834/; classtype:trojan-activity;sid:84146934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.158.142.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283833/; classtype:trojan-activity;sid:84146933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.164.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283832/; classtype:trojan-activity;sid:84146932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.50.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283831/; classtype:trojan-activity;sid:84146931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.231.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283830/; classtype:trojan-activity;sid:84146930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.54.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283829/; classtype:trojan-activity;sid:84146929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.125.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283827/; classtype:trojan-activity;sid:84146927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283828/; classtype:trojan-activity;sid:84146928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.50.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283826/; classtype:trojan-activity;sid:84146926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.228.129.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283825/; classtype:trojan-activity;sid:84146925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.120.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283823/; classtype:trojan-activity;sid:84146923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.70.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283824/; classtype:trojan-activity;sid:84146924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283822/; classtype:trojan-activity;sid:84146922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.205.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283821/; classtype:trojan-activity;sid:84146921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.235.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283820/; classtype:trojan-activity;sid:84146920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.24.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283819/; classtype:trojan-activity;sid:84146919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.50.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283818/; classtype:trojan-activity;sid:84146918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.137.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283817/; classtype:trojan-activity;sid:84146917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283816/; classtype:trojan-activity;sid:84146916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.212.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283815/; classtype:trojan-activity;sid:84146915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.202.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283814/; classtype:trojan-activity;sid:84146914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.70.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283813/; classtype:trojan-activity;sid:84146913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.94.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283812/; classtype:trojan-activity;sid:84146912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283811/; classtype:trojan-activity;sid:84146911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.208.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283810/; classtype:trojan-activity;sid:84146910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.186.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283809/; classtype:trojan-activity;sid:84146909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.24.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283808/; classtype:trojan-activity;sid:84146908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283807/; classtype:trojan-activity;sid:84146907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.198.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283806/; classtype:trojan-activity;sid:84146906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.235.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283805/; classtype:trojan-activity;sid:84146905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283804/; classtype:trojan-activity;sid:84146904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.190.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283803/; classtype:trojan-activity;sid:84146903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.190.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283802/; classtype:trojan-activity;sid:84146902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.39.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283801/; classtype:trojan-activity;sid:84146901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.142.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283800/; classtype:trojan-activity;sid:84146900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283799/; classtype:trojan-activity;sid:84146899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.93.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283798/; classtype:trojan-activity;sid:84146898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.147.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283797/; classtype:trojan-activity;sid:84146897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.76.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283796/; classtype:trojan-activity;sid:84146896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.208.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283794/; classtype:trojan-activity;sid:84146894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.176.101.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283795/; classtype:trojan-activity;sid:84146895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.72.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283793/; classtype:trojan-activity;sid:84146893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.232.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283792/; classtype:trojan-activity;sid:84146892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.148.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283791/; classtype:trojan-activity;sid:84146891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.39.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283790/; classtype:trojan-activity;sid:84146890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.186.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283789/; classtype:trojan-activity;sid:84146889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.178.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283788/; classtype:trojan-activity;sid:84146888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.9.101"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283787/; classtype:trojan-activity;sid:84146887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.42.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283786/; classtype:trojan-activity;sid:84146886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.52.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283785/; classtype:trojan-activity;sid:84146885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283784/; classtype:trojan-activity;sid:84146884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283783/; classtype:trojan-activity;sid:84146883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.91.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283782/; classtype:trojan-activity;sid:84146882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.210.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283781/; classtype:trojan-activity;sid:84146881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.59.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283779/; classtype:trojan-activity;sid:84146879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.199.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283780/; classtype:trojan-activity;sid:84146880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283778/; classtype:trojan-activity;sid:84146878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.236.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283777/; classtype:trojan-activity;sid:84146877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.214.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283776/; classtype:trojan-activity;sid:84146876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.202.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283775/; classtype:trojan-activity;sid:84146875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.186.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283774/; classtype:trojan-activity;sid:84146874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.88.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283773/; classtype:trojan-activity;sid:84146873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.244.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283772/; classtype:trojan-activity;sid:84146872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.226.125.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283771/; classtype:trojan-activity;sid:84146871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.121.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283770/; classtype:trojan-activity;sid:84146870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"206.0.180.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283769/; classtype:trojan-activity;sid:84146869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.121.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283768/; classtype:trojan-activity;sid:84146868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.9.101"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283767/; classtype:trojan-activity;sid:84146867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.174.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283766/; classtype:trojan-activity;sid:84146866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.170.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283765/; classtype:trojan-activity;sid:84146865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.199.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283764/; classtype:trojan-activity;sid:84146864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.191.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283762/; classtype:trojan-activity;sid:84146862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.246.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283763/; classtype:trojan-activity;sid:84146863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.103.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283761/; classtype:trojan-activity;sid:84146861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.39.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283759/; classtype:trojan-activity;sid:84146859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.15.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283760/; classtype:trojan-activity;sid:84146860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.112.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283758/; classtype:trojan-activity;sid:84146858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.214.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283757/; classtype:trojan-activity;sid:84146857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.83.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283756/; classtype:trojan-activity;sid:84146856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.93.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283755/; classtype:trojan-activity;sid:84146855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.96.51"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283753/; classtype:trojan-activity;sid:84146853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.39.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283754/; classtype:trojan-activity;sid:84146854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.174.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283752/; classtype:trojan-activity;sid:84146852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.13.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283751/; classtype:trojan-activity;sid:84146851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.170.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283750/; classtype:trojan-activity;sid:84146850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283749/; classtype:trojan-activity;sid:84146849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.158.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283747/; classtype:trojan-activity;sid:84146847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283748/; classtype:trojan-activity;sid:84146848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.191.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283746/; classtype:trojan-activity;sid:84146846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283745/; classtype:trojan-activity;sid:84146845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"rulj.strategies.mvpstrat.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283744/; classtype:trojan-activity;sid:84146844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.213.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283743/; classtype:trojan-activity;sid:84146843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283742/; classtype:trojan-activity;sid:84146842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.26.82.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283741/; classtype:trojan-activity;sid:84146841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.98.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283740/; classtype:trojan-activity;sid:84146840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.83.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283739/; classtype:trojan-activity;sid:84146839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283737/; classtype:trojan-activity;sid:84146837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283738/; classtype:trojan-activity;sid:84146838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283733/; classtype:trojan-activity;sid:84146833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283734/; classtype:trojan-activity;sid:84146834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283735/; classtype:trojan-activity;sid:84146835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283736/; classtype:trojan-activity;sid:84146836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283732/; classtype:trojan-activity;sid:84146832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283731/; classtype:trojan-activity;sid:84146831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.62.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283728/; classtype:trojan-activity;sid:84146828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283729/; classtype:trojan-activity;sid:84146829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"185.78.76.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283730/; classtype:trojan-activity;sid:84146830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.135.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283727/; classtype:trojan-activity;sid:84146827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.244.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283726/; classtype:trojan-activity;sid:84146826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.79.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283725/; classtype:trojan-activity;sid:84146825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.76.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283724/; classtype:trojan-activity;sid:84146824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.147.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283723/; classtype:trojan-activity;sid:84146823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.251.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283722/; classtype:trojan-activity;sid:84146822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.61.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283721/; classtype:trojan-activity;sid:84146821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283720/; classtype:trojan-activity;sid:84146820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.213.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283719/; classtype:trojan-activity;sid:84146819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.36.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283718/; classtype:trojan-activity;sid:84146818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.61.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283717/; classtype:trojan-activity;sid:84146817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.81.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283716/; classtype:trojan-activity;sid:84146816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.46.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283715/; classtype:trojan-activity;sid:84146815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.83.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283714/; classtype:trojan-activity;sid:84146814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.181.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283713/; classtype:trojan-activity;sid:84146813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.239.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283712/; classtype:trojan-activity;sid:84146812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.84.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283711/; classtype:trojan-activity;sid:84146811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.81.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283710/; classtype:trojan-activity;sid:84146810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.181.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283709/; classtype:trojan-activity;sid:84146809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.59.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283708/; classtype:trojan-activity;sid:84146808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.47.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283707/; classtype:trojan-activity;sid:84146807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.252.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283706/; classtype:trojan-activity;sid:84146806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.155.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283705/; classtype:trojan-activity;sid:84146805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipr/ipr.pdf"; depth:12; endswith; nocase; http.host; content:"ordai.quest"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283701/; classtype:trojan-activity;sid:84146801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wan_conf"; depth:9; endswith; nocase; http.host; content:"ordai.quest"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283702/; classtype:trojan-activity;sid:84146802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipr/ipr.jpg"; depth:12; endswith; nocase; http.host; content:"ordai.quest"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283703/; classtype:trojan-activity;sid:84146803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lan_conf.sh"; depth:12; endswith; nocase; http.host; content:"ordai.quest"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283704/; classtype:trojan-activity;sid:84146804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.82.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283700/; classtype:trojan-activity;sid:84146800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.87.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283699/; classtype:trojan-activity;sid:84146799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.45.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283698/; classtype:trojan-activity;sid:84146798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.21.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283697/; classtype:trojan-activity;sid:84146797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.119.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283696/; classtype:trojan-activity;sid:84146796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283695/; classtype:trojan-activity;sid:84146795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.57.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283694/; classtype:trojan-activity;sid:84146794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.84.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283693/; classtype:trojan-activity;sid:84146793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.177.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283692/; classtype:trojan-activity;sid:84146792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.155.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283691/; classtype:trojan-activity;sid:84146791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.153.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283690/; classtype:trojan-activity;sid:84146790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.87.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283689/; classtype:trojan-activity;sid:84146789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.14.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283688/; classtype:trojan-activity;sid:84146788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.62.172.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283687/; classtype:trojan-activity;sid:84146787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.17.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283686/; classtype:trojan-activity;sid:84146786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.150.176.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283685/; classtype:trojan-activity;sid:84146785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.14.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283684/; classtype:trojan-activity;sid:84146784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.21.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283682/; classtype:trojan-activity;sid:84146782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.81.151.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283683/; classtype:trojan-activity;sid:84146783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.216.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283681/; classtype:trojan-activity;sid:84146781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283680/; classtype:trojan-activity;sid:84146780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283679/; classtype:trojan-activity;sid:84146779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.85.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283678/; classtype:trojan-activity;sid:84146778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.92.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283677/; classtype:trojan-activity;sid:84146777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.191.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283676/; classtype:trojan-activity;sid:84146776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.206.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283674/; classtype:trojan-activity;sid:84146774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.77.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283675/; classtype:trojan-activity;sid:84146775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.14.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283673/; classtype:trojan-activity;sid:84146773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.151.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283672/; classtype:trojan-activity;sid:84146772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.62.172.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283671/; classtype:trojan-activity;sid:84146771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.153.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283669/; classtype:trojan-activity;sid:84146769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.82.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283670/; classtype:trojan-activity;sid:84146770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283668/; classtype:trojan-activity;sid:84146768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.177.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283667/; classtype:trojan-activity;sid:84146767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.81.151.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283666/; classtype:trojan-activity;sid:84146766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.31.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283665/; classtype:trojan-activity;sid:84146765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.160.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283664/; classtype:trojan-activity;sid:84146764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.171.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283663/; classtype:trojan-activity;sid:84146763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.14.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283662/; classtype:trojan-activity;sid:84146762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.204.251.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283661/; classtype:trojan-activity;sid:84146761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.84.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283660/; classtype:trojan-activity;sid:84146760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.159.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283659/; classtype:trojan-activity;sid:84146759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283658/; classtype:trojan-activity;sid:84146758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.186.132.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283656/; classtype:trojan-activity;sid:84146756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.40.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283657/; classtype:trojan-activity;sid:84146757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.86.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283655/; classtype:trojan-activity;sid:84146755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.157.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283654/; classtype:trojan-activity;sid:84146754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.227.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283653/; classtype:trojan-activity;sid:84146753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.211.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283652/; classtype:trojan-activity;sid:84146752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"154.216.16.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283651/; classtype:trojan-activity;sid:84146751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davwwwroot/156622762916556.dll"; depth:31; endswith; nocase; http.host; content:"94.159.113.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283650/; classtype:trojan-activity;sid:84146750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.153.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283649/; classtype:trojan-activity;sid:84146749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283648/; classtype:trojan-activity;sid:84146748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.125.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283647/; classtype:trojan-activity;sid:84146747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.208.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283646/; classtype:trojan-activity;sid:84146746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283645/; classtype:trojan-activity;sid:84146745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.215.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283644/; classtype:trojan-activity;sid:84146744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.83.180.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283642/; classtype:trojan-activity;sid:84146742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.29.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283643/; classtype:trojan-activity;sid:84146743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283641/; classtype:trojan-activity;sid:84146741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.11.36"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283640/; classtype:trojan-activity;sid:84146740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.231.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283639/; classtype:trojan-activity;sid:84146739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.80.136.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283638/; classtype:trojan-activity;sid:84146738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.51.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283637/; classtype:trojan-activity;sid:84146737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283636/; classtype:trojan-activity;sid:84146736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"213.40.69.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283635/; classtype:trojan-activity;sid:84146735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.16.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283634/; classtype:trojan-activity;sid:84146734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283633/; classtype:trojan-activity;sid:84146733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.0.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283632/; classtype:trojan-activity;sid:84146732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.17.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283631/; classtype:trojan-activity;sid:84146731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/yhurwulxgo.pdf"; depth:20; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283622/; classtype:trojan-activity;sid:84146722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/chdloofphdx.mp3"; depth:21; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283623/; classtype:trojan-activity;sid:84146723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/hizcrud.mp4"; depth:17; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283624/; classtype:trojan-activity;sid:84146724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/jvnol.wav"; depth:15; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283625/; classtype:trojan-activity;sid:84146725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/snqtp.mp3"; depth:15; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283626/; classtype:trojan-activity;sid:84146726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/svzmuueit.pdf"; depth:19; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283627/; classtype:trojan-activity;sid:84146727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/icexipkbf.mp4"; depth:19; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283628/; classtype:trojan-activity;sid:84146728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/dsksthxpe.mp3"; depth:19; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283629/; classtype:trojan-activity;sid:84146729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/iofnajcqu.pdf"; depth:19; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283630/; classtype:trojan-activity;sid:84146730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/czxvu189.bin"; depth:18; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283614/; classtype:trojan-activity;sid:84146714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/btomv.pdf"; depth:15; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283615/; classtype:trojan-activity;sid:84146715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/xpzrqfie.vdf"; depth:18; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283616/; classtype:trojan-activity;sid:84146716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/oekqighf.pdf"; depth:18; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283617/; classtype:trojan-activity;sid:84146717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/apdjvtsqv.vdf"; depth:19; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283618/; classtype:trojan-activity;sid:84146718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/sbwxovw.mp3"; depth:17; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283619/; classtype:trojan-activity;sid:84146719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/zvdpmnudpq.vdf"; depth:20; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283620/; classtype:trojan-activity;sid:84146720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/exalr.pdf"; depth:15; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283621/; classtype:trojan-activity;sid:84146721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/bh/fshuttre.txt"; depth:22; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283612/; classtype:trojan-activity;sid:84146712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.jar"; depth:6; endswith; nocase; http.host; content:"176.111.174.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283613/; classtype:trojan-activity;sid:84146713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.166.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283609/; classtype:trojan-activity;sid:84146709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/712/sa/seethebestthingswithentirelifetaggreatwithmebestofthem.hta"; depth:66; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283610/; classtype:trojan-activity;sid:84146710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/712/fshhhre.txt"; depth:16; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283611/; classtype:trojan-activity;sid:84146711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/130/seethebestthingsevermadewithmecharacterneverchange.tif"; depth:59; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283606/; classtype:trojan-activity;sid:84146706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/712/givmebestthingwithentirelifetimethingsgivenmebackwith.tif"; depth:62; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283607/; classtype:trojan-activity;sid:84146707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/laqaueabzjteamziuhzp"; depth:26; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283608/; classtype:trojan-activity;sid:84146708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283605/; classtype:trojan-activity;sid:84146705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.242.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283604/; classtype:trojan-activity;sid:84146704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"194.54.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283602/; classtype:trojan-activity;sid:84146702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.111.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283603/; classtype:trojan-activity;sid:84146703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.38.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283601/; classtype:trojan-activity;sid:84146701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.166.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283600/; classtype:trojan-activity;sid:84146700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.57.242.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283599/; classtype:trojan-activity;sid:84146699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.52.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283598/; classtype:trojan-activity;sid:84146698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.175.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283596/; classtype:trojan-activity;sid:84146696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.170.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283597/; classtype:trojan-activity;sid:84146697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.194.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283593/; classtype:trojan-activity;sid:84146693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.0.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283594/; classtype:trojan-activity;sid:84146694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.17.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283595/; classtype:trojan-activity;sid:84146695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283592/; classtype:trojan-activity;sid:84146692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.54.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283591/; classtype:trojan-activity;sid:84146691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.175.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283590/; classtype:trojan-activity;sid:84146690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283589/; classtype:trojan-activity;sid:84146689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.202.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283588/; classtype:trojan-activity;sid:84146688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.132.113.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283587/; classtype:trojan-activity;sid:84146687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.52.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283586/; classtype:trojan-activity;sid:84146686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.242.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283585/; classtype:trojan-activity;sid:84146685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/tczqgzpv.mp3"; depth:18; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283584/; classtype:trojan-activity;sid:84146684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/hprrahwniil.pdf"; depth:21; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283583/; classtype:trojan-activity;sid:84146683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgif/tsppz136.bin"; depth:18; endswith; nocase; http.host; content:"103.72.57.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283582/; classtype:trojan-activity;sid:84146682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.194.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283581/; classtype:trojan-activity;sid:84146681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.58.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283580/; classtype:trojan-activity;sid:84146680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.139.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283579/; classtype:trojan-activity;sid:84146679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.72.17.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283578/; classtype:trojan-activity;sid:84146678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.177.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283577/; classtype:trojan-activity;sid:84146677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.215.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283576/; classtype:trojan-activity;sid:84146676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.233.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283575/; classtype:trojan-activity;sid:84146675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.43.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283572/; classtype:trojan-activity;sid:84146672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283573/; classtype:trojan-activity;sid:84146673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.253.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283574/; classtype:trojan-activity;sid:84146674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/bh/givemebestthingswithentirelifetimegetmebestthignsalwaystogetme.tif"; depth:76; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283571/; classtype:trojan-activity;sid:84146671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/readme/glued.hta"; depth:17; endswith; nocase; http.host; content:"armanayegh.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283570/; classtype:trojan-activity;sid:84146670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/bh/cd/creatbesthingswithbettersytelgivenmebestthingstobe.hta"; depth:67; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283569/; classtype:trojan-activity;sid:84146669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.214.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283568/; classtype:trojan-activity;sid:84146668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.187.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283567/; classtype:trojan-activity;sid:84146667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.62.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283566/; classtype:trojan-activity;sid:84146666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.77.118.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283565/; classtype:trojan-activity;sid:84146665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.148.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283564/; classtype:trojan-activity;sid:84146664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.32.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283563/; classtype:trojan-activity;sid:84146663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.12.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283562/; classtype:trojan-activity;sid:84146662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283561/; classtype:trojan-activity;sid:84146661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/readme/bin.exe"; depth:15; endswith; nocase; http.host; content:"armanayegh.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283560/; classtype:trojan-activity;sid:84146660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.58.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283559/; classtype:trojan-activity;sid:84146659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.125.241.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283557/; classtype:trojan-activity;sid:84146657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283558/; classtype:trojan-activity;sid:84146658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.96.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283556/; classtype:trojan-activity;sid:84146656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.12.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283555/; classtype:trojan-activity;sid:84146655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.253.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283554/; classtype:trojan-activity;sid:84146654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.121.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283553/; classtype:trojan-activity;sid:84146653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.116.168.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283552/; classtype:trojan-activity;sid:84146652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.30.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283551/; classtype:trojan-activity;sid:84146651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.24.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283550/; classtype:trojan-activity;sid:84146650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.108.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283549/; classtype:trojan-activity;sid:84146649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.112.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283548/; classtype:trojan-activity;sid:84146648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.35.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283547/; classtype:trojan-activity;sid:84146647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283546/; classtype:trojan-activity;sid:84146646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.77.118.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283545/; classtype:trojan-activity;sid:84146645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.160.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283544/; classtype:trojan-activity;sid:84146644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.223.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283543/; classtype:trojan-activity;sid:84146643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.32.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283542/; classtype:trojan-activity;sid:84146642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.156.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283541/; classtype:trojan-activity;sid:84146641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283540/; classtype:trojan-activity;sid:84146640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.160.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283539/; classtype:trojan-activity;sid:84146639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.156.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283538/; classtype:trojan-activity;sid:84146638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.33.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283536/; classtype:trojan-activity;sid:84146636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.11.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283537/; classtype:trojan-activity;sid:84146637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.23.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283535/; classtype:trojan-activity;sid:84146635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.135.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283534/; classtype:trojan-activity;sid:84146634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.3.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283533/; classtype:trojan-activity;sid:84146633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.130.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283532/; classtype:trojan-activity;sid:84146632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.129.209.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283531/; classtype:trojan-activity;sid:84146631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.242.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283530/; classtype:trojan-activity;sid:84146630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.32.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283529/; classtype:trojan-activity;sid:84146629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.68.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283528/; classtype:trojan-activity;sid:84146628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.35.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283527/; classtype:trojan-activity;sid:84146627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.96.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283526/; classtype:trojan-activity;sid:84146626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.116.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283525/; classtype:trojan-activity;sid:84146625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.11.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283524/; classtype:trojan-activity;sid:84146624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.146.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283523/; classtype:trojan-activity;sid:84146623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.159.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283522/; classtype:trojan-activity;sid:84146622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.11.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283521/; classtype:trojan-activity;sid:84146621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.188.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283520/; classtype:trojan-activity;sid:84146620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.68.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283519/; classtype:trojan-activity;sid:84146619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.204.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283518/; classtype:trojan-activity;sid:84146618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.170.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283517/; classtype:trojan-activity;sid:84146617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.23.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283516/; classtype:trojan-activity;sid:84146616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.255.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283515/; classtype:trojan-activity;sid:84146615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.193.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283514/; classtype:trojan-activity;sid:84146614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.214.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283513/; classtype:trojan-activity;sid:84146613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.237.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283512/; classtype:trojan-activity;sid:84146612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.32.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283511/; classtype:trojan-activity;sid:84146611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.11.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283510/; classtype:trojan-activity;sid:84146610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.162.203.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283509/; classtype:trojan-activity;sid:84146609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.81.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283508/; classtype:trojan-activity;sid:84146608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.189.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283507/; classtype:trojan-activity;sid:84146607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.170.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283506/; classtype:trojan-activity;sid:84146606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.237.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283505/; classtype:trojan-activity;sid:84146605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.216.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283504/; classtype:trojan-activity;sid:84146604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283503/; classtype:trojan-activity;sid:84146603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.92.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283502/; classtype:trojan-activity;sid:84146602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.162.203.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283500/; classtype:trojan-activity;sid:84146600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283501/; classtype:trojan-activity;sid:84146601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.19.57.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283499/; classtype:trojan-activity;sid:84146599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.85.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283498/; classtype:trojan-activity;sid:84146598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.112.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283497/; classtype:trojan-activity;sid:84146597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.44.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283496/; classtype:trojan-activity;sid:84146596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.250.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283495/; classtype:trojan-activity;sid:84146595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.213.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283494/; classtype:trojan-activity;sid:84146594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.49.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283493/; classtype:trojan-activity;sid:84146593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283492/; classtype:trojan-activity;sid:84146592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.255.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283491/; classtype:trojan-activity;sid:84146591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.204.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283490/; classtype:trojan-activity;sid:84146590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.107.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283488/; classtype:trojan-activity;sid:84146588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.71.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283489/; classtype:trojan-activity;sid:84146589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283487/; classtype:trojan-activity;sid:84146587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.180.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283486/; classtype:trojan-activity;sid:84146586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283485/; classtype:trojan-activity;sid:84146585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.92.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283484/; classtype:trojan-activity;sid:84146584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.82.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283483/; classtype:trojan-activity;sid:84146583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.34.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283482/; classtype:trojan-activity;sid:84146582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.224.187.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283481/; classtype:trojan-activity;sid:84146581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.223.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283480/; classtype:trojan-activity;sid:84146580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.6.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283479/; classtype:trojan-activity;sid:84146579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.1.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283476/; classtype:trojan-activity;sid:84146576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283477/; classtype:trojan-activity;sid:84146577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.43.108.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283478/; classtype:trojan-activity;sid:84146578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.43.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283475/; classtype:trojan-activity;sid:84146575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.136.103.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283474/; classtype:trojan-activity;sid:84146574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283473/; classtype:trojan-activity;sid:84146573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.49.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283472/; classtype:trojan-activity;sid:84146572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.151.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283471/; classtype:trojan-activity;sid:84146571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.177.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283470/; classtype:trojan-activity;sid:84146570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.12.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283468/; classtype:trojan-activity;sid:84146568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.227.109.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283469/; classtype:trojan-activity;sid:84146569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.43.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283467/; classtype:trojan-activity;sid:84146567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.1.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283466/; classtype:trojan-activity;sid:84146566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.x86_64"; depth:17; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283465/; classtype:trojan-activity;sid:84146565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.224.187.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283464/; classtype:trojan-activity;sid:84146564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.arc"; depth:14; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283463/; classtype:trojan-activity;sid:84146563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.38.212.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283462/; classtype:trojan-activity;sid:84146562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.136.103.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283461/; classtype:trojan-activity;sid:84146561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.225.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283460/; classtype:trojan-activity;sid:84146560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"87.8.142.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283459/; classtype:trojan-activity;sid:84146559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.151.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283458/; classtype:trojan-activity;sid:84146558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.240.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283457/; classtype:trojan-activity;sid:84146557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.18.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283456/; classtype:trojan-activity;sid:84146556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.160.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283455/; classtype:trojan-activity;sid:84146555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.93.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283454/; classtype:trojan-activity;sid:84146554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.247.7.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283453/; classtype:trojan-activity;sid:84146553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.94.34.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283452/; classtype:trojan-activity;sid:84146552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283451/; classtype:trojan-activity;sid:84146551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.92.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283450/; classtype:trojan-activity;sid:84146550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.183.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283446/; classtype:trojan-activity;sid:84146546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283447/; classtype:trojan-activity;sid:84146547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.179.238.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283448/; classtype:trojan-activity;sid:84146548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.181.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283449/; classtype:trojan-activity;sid:84146549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.23.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283445/; classtype:trojan-activity;sid:84146545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.204.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283444/; classtype:trojan-activity;sid:84146544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.231.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283443/; classtype:trojan-activity;sid:84146543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.180.130.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283442/; classtype:trojan-activity;sid:84146542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.4.2.45"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283441/; classtype:trojan-activity;sid:84146541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.78.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283440/; classtype:trojan-activity;sid:84146540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.221.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283439/; classtype:trojan-activity;sid:84146539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283438/; classtype:trojan-activity;sid:84146538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wrhvzsuzvnohoyztrp68.bin"; depth:25; endswith; nocase; http.host; content:"hopitaldesbois.ddns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283436/; classtype:trojan-activity;sid:84146536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.75.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283437/; classtype:trojan-activity;sid:84146537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.86.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283435/; classtype:trojan-activity;sid:84146535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.116.132.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283434/; classtype:trojan-activity;sid:84146534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.234.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283433/; classtype:trojan-activity;sid:84146533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.51.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283431/; classtype:trojan-activity;sid:84146531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.225.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283432/; classtype:trojan-activity;sid:84146532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.75.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283430/; classtype:trojan-activity;sid:84146530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.38.212.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283429/; classtype:trojan-activity;sid:84146529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.149.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283428/; classtype:trojan-activity;sid:84146528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.242.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283427/; classtype:trojan-activity;sid:84146527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.4.2.45"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283426/; classtype:trojan-activity;sid:84146526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.232.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283425/; classtype:trojan-activity;sid:84146525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.172.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283424/; classtype:trojan-activity;sid:84146524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.127.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283423/; classtype:trojan-activity;sid:84146523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.51.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283422/; classtype:trojan-activity;sid:84146522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.180.130.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283420/; classtype:trojan-activity;sid:84146520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.188.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283421/; classtype:trojan-activity;sid:84146521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.13.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283419/; classtype:trojan-activity;sid:84146519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.92.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283418/; classtype:trojan-activity;sid:84146518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.202.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283417/; classtype:trojan-activity;sid:84146517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.78.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283416/; classtype:trojan-activity;sid:84146516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.133.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283415/; classtype:trojan-activity;sid:84146515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.108.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283414/; classtype:trojan-activity;sid:84146514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.231.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283413/; classtype:trojan-activity;sid:84146513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283412/; classtype:trojan-activity;sid:84146512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.90.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283411/; classtype:trojan-activity;sid:84146511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.127.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283410/; classtype:trojan-activity;sid:84146510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.51.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283409/; classtype:trojan-activity;sid:84146509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/picturewithmebackwithnewthingsgreatforme.tif"; depth:49; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283408/; classtype:trojan-activity;sid:84146508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.170.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283407/; classtype:trojan-activity;sid:84146507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.33.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283405/; classtype:trojan-activity;sid:84146505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.153.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283406/; classtype:trojan-activity;sid:84146506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.112.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283404/; classtype:trojan-activity;sid:84146504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.175.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283403/; classtype:trojan-activity;sid:84146503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.105.196.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283402/; classtype:trojan-activity;sid:84146502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.194.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283401/; classtype:trojan-activity;sid:84146501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.89.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283399/; classtype:trojan-activity;sid:84146499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.109.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283400/; classtype:trojan-activity;sid:84146500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.67.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283398/; classtype:trojan-activity;sid:84146498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.67.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283397/; classtype:trojan-activity;sid:84146497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.188.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283396/; classtype:trojan-activity;sid:84146496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rzgwcb250.bin"; depth:14; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283395/; classtype:trojan-activity;sid:84146495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykivlltja18.bin"; depth:16; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283394/; classtype:trojan-activity;sid:84146494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.118.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283393/; classtype:trojan-activity;sid:84146493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.101.119.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283392/; classtype:trojan-activity;sid:84146492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.189.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283391/; classtype:trojan-activity;sid:84146491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.78.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283390/; classtype:trojan-activity;sid:84146490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.228.170.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283389/; classtype:trojan-activity;sid:84146489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.250.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283388/; classtype:trojan-activity;sid:84146488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.208.10.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283386/; classtype:trojan-activity;sid:84146486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.89.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283387/; classtype:trojan-activity;sid:84146487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.108.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283385/; classtype:trojan-activity;sid:84146485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.151.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283384/; classtype:trojan-activity;sid:84146484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283378/; classtype:trojan-activity;sid:84146478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283379/; classtype:trojan-activity;sid:84146479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283380/; classtype:trojan-activity;sid:84146480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283381/; classtype:trojan-activity;sid:84146481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283382/; classtype:trojan-activity;sid:84146482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283383/; classtype:trojan-activity;sid:84146483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283373/; classtype:trojan-activity;sid:84146473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283374/; classtype:trojan-activity;sid:84146474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283375/; classtype:trojan-activity;sid:84146475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/utnxerzs5nuixas6vlqpi1sngsojgfke7s"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283376/; classtype:trojan-activity;sid:84146476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283377/; classtype:trojan-activity;sid:84146477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwhdbg"; depth:7; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283345/; classtype:trojan-activity;sid:84146445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283346/; classtype:trojan-activity;sid:84146446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283347/; classtype:trojan-activity;sid:84146447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwhdbg"; depth:7; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283348/; classtype:trojan-activity;sid:84146448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283349/; classtype:trojan-activity;sid:84146449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwkjebwi686"; depth:12; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283350/; classtype:trojan-activity;sid:84146450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283351/; classtype:trojan-activity;sid:84146451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283352/; classtype:trojan-activity;sid:84146452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283353/; classtype:trojan-activity;sid:84146453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283354/; classtype:trojan-activity;sid:84146454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283355/; classtype:trojan-activity;sid:84146455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283356/; classtype:trojan-activity;sid:84146456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283357/; classtype:trojan-activity;sid:84146457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283358/; classtype:trojan-activity;sid:84146458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwkjebwi686"; depth:12; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283359/; classtype:trojan-activity;sid:84146459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283360/; classtype:trojan-activity;sid:84146460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283361/; classtype:trojan-activity;sid:84146461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283362/; classtype:trojan-activity;sid:84146462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283363/; classtype:trojan-activity;sid:84146463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283364/; classtype:trojan-activity;sid:84146464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283365/; classtype:trojan-activity;sid:84146465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283366/; classtype:trojan-activity;sid:84146466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283367/; classtype:trojan-activity;sid:84146467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283368/; classtype:trojan-activity;sid:84146468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.120.116.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283369/; classtype:trojan-activity;sid:84146469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283370/; classtype:trojan-activity;sid:84146470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283371/; classtype:trojan-activity;sid:84146471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bd6g9foigcqban1woe8uqjfegas0lzb5am"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283372/; classtype:trojan-activity;sid:84146472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.153.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283342/; classtype:trojan-activity;sid:84146442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"154.216.16.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283343/; classtype:trojan-activity;sid:84146443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283344/; classtype:trojan-activity;sid:84146444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t6v9isv8fay0afdmpi2ls20sdrjdj2jb6c"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283338/; classtype:trojan-activity;sid:84146438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283339/; classtype:trojan-activity;sid:84146439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283340/; classtype:trojan-activity;sid:84146440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hn4vokypy6ckycb9z93vrm66fox5qzammr"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283341/; classtype:trojan-activity;sid:84146441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283337/; classtype:trojan-activity;sid:84146437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lwtlgbvupu9pp9kuoshpqtfhgvhnzoqmye"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283335/; classtype:trojan-activity;sid:84146435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gplbivsf6oozryvwlrblgnetw7jfqkwh9m"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283336/; classtype:trojan-activity;sid:84146436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rqdtoyootdw6cya3vsjvqivvv1xxltwgxm"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283331/; classtype:trojan-activity;sid:84146431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x9diorkoqilu7j4px4mfdprjj3v5lguqb1"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283332/; classtype:trojan-activity;sid:84146432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/edr1upbd39kcmkh1vrgdxdhtl739rpd4yk"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283333/; classtype:trojan-activity;sid:84146433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rcttk60m9cwdsnjdzsihfpnwuo7r7f8e7b"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283334/; classtype:trojan-activity;sid:84146434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fpdwarks0hd1znztz7x3u68ovov6z08prh"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283329/; classtype:trojan-activity;sid:84146429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cs1agy6nucoyua3wqtk3jsrotyiwni3osi"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283330/; classtype:trojan-activity;sid:84146430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ot2vlml0frxkrxhhzqirm0de8b5lubsibe"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283313/; classtype:trojan-activity;sid:84146413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kx398tj2stoqoa2endh0p45rzt9bdqydrj"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283314/; classtype:trojan-activity;sid:84146414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gigrcyu57rl2zclb9c8tanbo8booacr3mw"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283315/; classtype:trojan-activity;sid:84146415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbz5fzqnlzj62elsm4u5dyhejo5o7y1gps"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283316/; classtype:trojan-activity;sid:84146416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kioro4ddujmbdymxj8vthkrish5e5tuq0x"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283317/; classtype:trojan-activity;sid:84146417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/6wexhcqsolchsytomhleosjyav6xabuh5w"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283318/; classtype:trojan-activity;sid:84146418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fra1rmvx2gvtxpsktmjmwfnddvk6w53rcy"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283319/; classtype:trojan-activity;sid:84146419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/httuxwkxz0wfgxp689urgjjklzwyx3ar4i"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283320/; classtype:trojan-activity;sid:84146420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xg15jhbyjkozj1q1bttqekqfzgftizxbda"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283321/; classtype:trojan-activity;sid:84146421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/f68uzcfxydnewdqlsiv7wlfhrh1jpeib27"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283322/; classtype:trojan-activity;sid:84146422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zk6hjerxdt2ray9itb518dx2buivirdex6"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283323/; classtype:trojan-activity;sid:84146423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/inbu1thju49aubqiurbrcwvvjzbdegtjle"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283324/; classtype:trojan-activity;sid:84146424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3ni1u3zhs6a0b4dmpwxggeqiwycecob88g"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283325/; classtype:trojan-activity;sid:84146425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xx1ukundswu0lf3tty1jhsreihdnbmur7o"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283326/; classtype:trojan-activity;sid:84146426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/l0kv53gosrg0twysnhumu9tmoongxpuwrc"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283327/; classtype:trojan-activity;sid:84146427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ktlj9ifnx6e7m0upcxvnavnrkey4d2cmdp"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283328/; classtype:trojan-activity;sid:84146428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.212.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283312/; classtype:trojan-activity;sid:84146412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.90.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283311/; classtype:trojan-activity;sid:84146411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.191.154.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283310/; classtype:trojan-activity;sid:84146410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.233.94.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283309/; classtype:trojan-activity;sid:84146409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.81.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283308/; classtype:trojan-activity;sid:84146408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.51.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283307/; classtype:trojan-activity;sid:84146407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.12.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283306/; classtype:trojan-activity;sid:84146406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.117.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283305/; classtype:trojan-activity;sid:84146405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.68.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283304/; classtype:trojan-activity;sid:84146404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.150.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283303/; classtype:trojan-activity;sid:84146403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.109.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283302/; classtype:trojan-activity;sid:84146402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.189.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283301/; classtype:trojan-activity;sid:84146401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.135.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283300/; classtype:trojan-activity;sid:84146400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283299/; classtype:trojan-activity;sid:84146399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283298/; classtype:trojan-activity;sid:84146398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283297/; classtype:trojan-activity;sid:84146397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.81.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283296/; classtype:trojan-activity;sid:84146396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.26.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283295/; classtype:trojan-activity;sid:84146395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.220.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283294/; classtype:trojan-activity;sid:84146394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.40.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283293/; classtype:trojan-activity;sid:84146393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.20.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283291/; classtype:trojan-activity;sid:84146391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.125.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283292/; classtype:trojan-activity;sid:84146392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.12.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283290/; classtype:trojan-activity;sid:84146390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.92.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283289/; classtype:trojan-activity;sid:84146389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.54.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283288/; classtype:trojan-activity;sid:84146388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.139.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283287/; classtype:trojan-activity;sid:84146387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283286/; classtype:trojan-activity;sid:84146386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.168.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283285/; classtype:trojan-activity;sid:84146385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283284/; classtype:trojan-activity;sid:84146384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.150.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283283/; classtype:trojan-activity;sid:84146383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.215.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283282/; classtype:trojan-activity;sid:84146382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283281/; classtype:trojan-activity;sid:84146381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.34.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283280/; classtype:trojan-activity;sid:84146380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.126.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283279/; classtype:trojan-activity;sid:84146379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.196.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283277/; classtype:trojan-activity;sid:84146377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.135.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283278/; classtype:trojan-activity;sid:84146378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.63.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283276/; classtype:trojan-activity;sid:84146376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.0.136.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283275/; classtype:trojan-activity;sid:84146375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.30.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283274/; classtype:trojan-activity;sid:84146374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.225.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283273/; classtype:trojan-activity;sid:84146373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283272/; classtype:trojan-activity;sid:84146372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.190.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283271/; classtype:trojan-activity;sid:84146371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.122.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283270/; classtype:trojan-activity;sid:84146370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.0.197"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283269/; classtype:trojan-activity;sid:84146369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.48.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283268/; classtype:trojan-activity;sid:84146368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.208.167.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283267/; classtype:trojan-activity;sid:84146367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"141.195.51.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283266/; classtype:trojan-activity;sid:84146366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.225.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283265/; classtype:trojan-activity;sid:84146365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.33.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283264/; classtype:trojan-activity;sid:84146364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.34.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283263/; classtype:trojan-activity;sid:84146363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283262/; classtype:trojan-activity;sid:84146362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.125.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283261/; classtype:trojan-activity;sid:84146361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283260/; classtype:trojan-activity;sid:84146360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283259/; classtype:trojan-activity;sid:84146359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.107.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283258/; classtype:trojan-activity;sid:84146358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.111.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283257/; classtype:trojan-activity;sid:84146357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.46.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283256/; classtype:trojan-activity;sid:84146356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.196.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283255/; classtype:trojan-activity;sid:84146355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.206.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283254/; classtype:trojan-activity;sid:84146354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.114.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283253/; classtype:trojan-activity;sid:84146353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.146.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283251/; classtype:trojan-activity;sid:84146351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.47.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283252/; classtype:trojan-activity;sid:84146352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.131.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283250/; classtype:trojan-activity;sid:84146350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.83.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283249/; classtype:trojan-activity;sid:84146349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.30.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283248/; classtype:trojan-activity;sid:84146348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.0.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283246/; classtype:trojan-activity;sid:84146346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.85.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283247/; classtype:trojan-activity;sid:84146347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283245/; classtype:trojan-activity;sid:84146345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.22.201.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283244/; classtype:trojan-activity;sid:84146344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.199.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283243/; classtype:trojan-activity;sid:84146343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.60.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283242/; classtype:trojan-activity;sid:84146342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.59.103.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283241/; classtype:trojan-activity;sid:84146341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.77.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283240/; classtype:trojan-activity;sid:84146340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.249.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283239/; classtype:trojan-activity;sid:84146339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.237.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283238/; classtype:trojan-activity;sid:84146338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.217.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283237/; classtype:trojan-activity;sid:84146337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.45.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283235/; classtype:trojan-activity;sid:84146335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.0.136.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283236/; classtype:trojan-activity;sid:84146336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283234/; classtype:trojan-activity;sid:84146334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.142.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283233/; classtype:trojan-activity;sid:84146333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.210.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283232/; classtype:trojan-activity;sid:84146332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.59.103.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283231/; classtype:trojan-activity;sid:84146331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283230/; classtype:trojan-activity;sid:84146330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.40.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283229/; classtype:trojan-activity;sid:84146329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.177.100.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283228/; classtype:trojan-activity;sid:84146328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.146.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283227/; classtype:trojan-activity;sid:84146327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.168.88.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283226/; classtype:trojan-activity;sid:84146326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.60.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283224/; classtype:trojan-activity;sid:84146324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.206.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283225/; classtype:trojan-activity;sid:84146325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.36.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283223/; classtype:trojan-activity;sid:84146323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.68.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283221/; classtype:trojan-activity;sid:84146321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"zyf.strategies.mvpstrat.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283222/; classtype:trojan-activity;sid:84146322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.166.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283220/; classtype:trojan-activity;sid:84146320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.152.160.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283219/; classtype:trojan-activity;sid:84146319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.79.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283218/; classtype:trojan-activity;sid:84146318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.61.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283216/; classtype:trojan-activity;sid:84146316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.133.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283217/; classtype:trojan-activity;sid:84146317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.43.71.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283214/; classtype:trojan-activity;sid:84146314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.68.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283215/; classtype:trojan-activity;sid:84146315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.62.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283213/; classtype:trojan-activity;sid:84146313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.144.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283212/; classtype:trojan-activity;sid:84146312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.89.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283211/; classtype:trojan-activity;sid:84146311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.150.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283209/; classtype:trojan-activity;sid:84146309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.183.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283210/; classtype:trojan-activity;sid:84146310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283208/; classtype:trojan-activity;sid:84146308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283206/; classtype:trojan-activity;sid:84146306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.91.223.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283207/; classtype:trojan-activity;sid:84146307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.83.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283205/; classtype:trojan-activity;sid:84146305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.96.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283204/; classtype:trojan-activity;sid:84146304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.164.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283203/; classtype:trojan-activity;sid:84146303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.249.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283202/; classtype:trojan-activity;sid:84146302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.53.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283201/; classtype:trojan-activity;sid:84146301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.176.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283200/; classtype:trojan-activity;sid:84146300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.40.69.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283199/; classtype:trojan-activity;sid:84146299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.100.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283198/; classtype:trojan-activity;sid:84146298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.45.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283197/; classtype:trojan-activity;sid:84146297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283196/; classtype:trojan-activity;sid:84146296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.89.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283195/; classtype:trojan-activity;sid:84146295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.21.33"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283194/; classtype:trojan-activity;sid:84146294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.72.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283193/; classtype:trojan-activity;sid:84146293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.109.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283192/; classtype:trojan-activity;sid:84146292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283191/; classtype:trojan-activity;sid:84146291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283190/; classtype:trojan-activity;sid:84146290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283189/; classtype:trojan-activity;sid:84146289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.77.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283188/; classtype:trojan-activity;sid:84146288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.86.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283186/; classtype:trojan-activity;sid:84146286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283187/; classtype:trojan-activity;sid:84146287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.219.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283185/; classtype:trojan-activity;sid:84146285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.53.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283184/; classtype:trojan-activity;sid:84146284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283183/; classtype:trojan-activity;sid:84146283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283182/; classtype:trojan-activity;sid:84146282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.89.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283181/; classtype:trojan-activity;sid:84146281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.31.185"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283180/; classtype:trojan-activity;sid:84146280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.159.193.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283179/; classtype:trojan-activity;sid:84146279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.234.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283178/; classtype:trojan-activity;sid:84146278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283177/; classtype:trojan-activity;sid:84146277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.164.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283176/; classtype:trojan-activity;sid:84146276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283175/; classtype:trojan-activity;sid:84146275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.176.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283174/; classtype:trojan-activity;sid:84146274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.40.69.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283173/; classtype:trojan-activity;sid:84146273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.99.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283172/; classtype:trojan-activity;sid:84146272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.25.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283171/; classtype:trojan-activity;sid:84146271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.225.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283170/; classtype:trojan-activity;sid:84146270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.183.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283169/; classtype:trojan-activity;sid:84146269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283168/; classtype:trojan-activity;sid:84146268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283167/; classtype:trojan-activity;sid:84146267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/allnew.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283166/; classtype:trojan-activity;sid:84146266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.83.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283165/; classtype:trojan-activity;sid:84146265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.219.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283164/; classtype:trojan-activity;sid:84146264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.21.33"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283163/; classtype:trojan-activity;sid:84146263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.86.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283161/; classtype:trojan-activity;sid:84146261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.68.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283162/; classtype:trojan-activity;sid:84146262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283160/; classtype:trojan-activity;sid:84146260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.91.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283159/; classtype:trojan-activity;sid:84146259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.203.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283158/; classtype:trojan-activity;sid:84146258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.166.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283157/; classtype:trojan-activity;sid:84146257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.90.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283156/; classtype:trojan-activity;sid:84146256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.8.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283155/; classtype:trojan-activity;sid:84146255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283153/; classtype:trojan-activity;sid:84146253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.80.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283154/; classtype:trojan-activity;sid:84146254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.155.68.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283151/; classtype:trojan-activity;sid:84146251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.213.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283152/; classtype:trojan-activity;sid:84146252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.225.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283150/; classtype:trojan-activity;sid:84146250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.220.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283149/; classtype:trojan-activity;sid:84146249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.231.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283148/; classtype:trojan-activity;sid:84146248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283147/; classtype:trojan-activity;sid:84146247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.111.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283146/; classtype:trojan-activity;sid:84146246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283145/; classtype:trojan-activity;sid:84146245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283143/; classtype:trojan-activity;sid:84146243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"160.177.0.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283144/; classtype:trojan-activity;sid:84146244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.213.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283142/; classtype:trojan-activity;sid:84146242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.224.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283141/; classtype:trojan-activity;sid:84146241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.126.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283140/; classtype:trojan-activity;sid:84146240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.68.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283139/; classtype:trojan-activity;sid:84146239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.155.68.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283138/; classtype:trojan-activity;sid:84146238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.53.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283137/; classtype:trojan-activity;sid:84146237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.10.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283136/; classtype:trojan-activity;sid:84146236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.85.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283135/; classtype:trojan-activity;sid:84146235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.122.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283134/; classtype:trojan-activity;sid:84146234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.125.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283132/; classtype:trojan-activity;sid:84146232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.199.57.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283133/; classtype:trojan-activity;sid:84146233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.160.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283131/; classtype:trojan-activity;sid:84146231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283130/; classtype:trojan-activity;sid:84146230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.33.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283129/; classtype:trojan-activity;sid:84146229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.22.201.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283128/; classtype:trojan-activity;sid:84146228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/cheatkeyssetup.exe"; depth:28; endswith; nocase; http.host; content:"cheatkeys.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283127/; classtype:trojan-activity;sid:84146227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.106.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283125/; classtype:trojan-activity;sid:84146225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.111.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283126/; classtype:trojan-activity;sid:84146226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.165.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283124/; classtype:trojan-activity;sid:84146224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.36.180.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283121/; classtype:trojan-activity;sid:84146221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.115.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283122/; classtype:trojan-activity;sid:84146222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.9.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283123/; classtype:trojan-activity;sid:84146223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283120/; classtype:trojan-activity;sid:84146220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.224.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283119/; classtype:trojan-activity;sid:84146219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.55.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283118/; classtype:trojan-activity;sid:84146218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.10.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283117/; classtype:trojan-activity;sid:84146217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.201.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283116/; classtype:trojan-activity;sid:84146216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.106.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283115/; classtype:trojan-activity;sid:84146215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.32.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283114/; classtype:trojan-activity;sid:84146214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.93.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283113/; classtype:trojan-activity;sid:84146213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.248.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283112/; classtype:trojan-activity;sid:84146212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.201.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283111/; classtype:trojan-activity;sid:84146211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.165.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283110/; classtype:trojan-activity;sid:84146210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.arm6"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283109/; classtype:trojan-activity;sid:84146209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.181.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283084/; classtype:trojan-activity;sid:84146184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.ppc"; depth:14; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283085/; classtype:trojan-activity;sid:84146185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.x86"; depth:14; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283086/; classtype:trojan-activity;sid:84146186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.sh"; depth:13; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283087/; classtype:trojan-activity;sid:84146187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.9.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283088/; classtype:trojan-activity;sid:84146188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.i586"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283089/; classtype:trojan-activity;sid:84146189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.mpsl"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283090/; classtype:trojan-activity;sid:84146190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.m68k"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283091/; classtype:trojan-activity;sid:84146191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.sh4"; depth:14; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283092/; classtype:trojan-activity;sid:84146192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.arm7"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283093/; classtype:trojan-activity;sid:84146193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.mips"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283094/; classtype:trojan-activity;sid:84146194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.x32"; depth:14; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283095/; classtype:trojan-activity;sid:84146195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283096/; classtype:trojan-activity;sid:84146196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283097/; classtype:trojan-activity;sid:84146197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283098/; classtype:trojan-activity;sid:84146198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283099/; classtype:trojan-activity;sid:84146199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283100/; classtype:trojan-activity;sid:84146200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283101/; classtype:trojan-activity;sid:84146201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283102/; classtype:trojan-activity;sid:84146202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283103/; classtype:trojan-activity;sid:84146203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283104/; classtype:trojan-activity;sid:84146204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283105/; classtype:trojan-activity;sid:84146205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283106/; classtype:trojan-activity;sid:84146206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283107/; classtype:trojan-activity;sid:84146207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"77.221.151.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283108/; classtype:trojan-activity;sid:84146208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.36.180.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283083/; classtype:trojan-activity;sid:84146183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.115.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283082/; classtype:trojan-activity;sid:84146182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.98.72"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283081/; classtype:trojan-activity;sid:84146181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.87.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283080/; classtype:trojan-activity;sid:84146180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.168.179.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283078/; classtype:trojan-activity;sid:84146178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283079/; classtype:trojan-activity;sid:84146179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.242.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283077/; classtype:trojan-activity;sid:84146177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.8.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283076/; classtype:trojan-activity;sid:84146176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.106.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283075/; classtype:trojan-activity;sid:84146175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.7.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283074/; classtype:trojan-activity;sid:84146174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.182.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283073/; classtype:trojan-activity;sid:84146173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.73.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283071/; classtype:trojan-activity;sid:84146171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.250.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283072/; classtype:trojan-activity;sid:84146172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.253.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283069/; classtype:trojan-activity;sid:84146169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.53.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283070/; classtype:trojan-activity;sid:84146170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283068/; classtype:trojan-activity;sid:84146168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.62.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283067/; classtype:trojan-activity;sid:84146167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.186.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283066/; classtype:trojan-activity;sid:84146166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.248.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283065/; classtype:trojan-activity;sid:84146165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.247.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283064/; classtype:trojan-activity;sid:84146164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283063/; classtype:trojan-activity;sid:84146163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.48.149.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283062/; classtype:trojan-activity;sid:84146162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.13.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283061/; classtype:trojan-activity;sid:84146161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.186.132.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283060/; classtype:trojan-activity;sid:84146160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.25.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283059/; classtype:trojan-activity;sid:84146159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.113.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283057/; classtype:trojan-activity;sid:84146157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.238.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283058/; classtype:trojan-activity;sid:84146158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283056/; classtype:trojan-activity;sid:84146156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.33.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283055/; classtype:trojan-activity;sid:84146155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.250.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283054/; classtype:trojan-activity;sid:84146154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.86.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283050/; classtype:trojan-activity;sid:84146150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.202.246.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283051/; classtype:trojan-activity;sid:84146151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283052/; classtype:trojan-activity;sid:84146152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.73.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283053/; classtype:trojan-activity;sid:84146153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283049/; classtype:trojan-activity;sid:84146149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.105.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283048/; classtype:trojan-activity;sid:84146148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.227.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283047/; classtype:trojan-activity;sid:84146147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283046/; classtype:trojan-activity;sid:84146146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.213.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283045/; classtype:trojan-activity;sid:84146145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.14.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283044/; classtype:trojan-activity;sid:84146144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.202.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283043/; classtype:trojan-activity;sid:84146143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.151.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283042/; classtype:trojan-activity;sid:84146142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.205.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283041/; classtype:trojan-activity;sid:84146141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.104.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283040/; classtype:trojan-activity;sid:84146140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.86.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283039/; classtype:trojan-activity;sid:84146139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.249.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283038/; classtype:trojan-activity;sid:84146138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.240.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283036/; classtype:trojan-activity;sid:84146136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.247.6.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283037/; classtype:trojan-activity;sid:84146137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.196.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283035/; classtype:trojan-activity;sid:84146135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.201.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283033/; classtype:trojan-activity;sid:84146133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.77.118.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283034/; classtype:trojan-activity;sid:84146134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.110.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283032/; classtype:trojan-activity;sid:84146132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283031/; classtype:trojan-activity;sid:84146131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.97.46.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283030/; classtype:trojan-activity;sid:84146130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.239.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283029/; classtype:trojan-activity;sid:84146129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.73.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283028/; classtype:trojan-activity;sid:84146128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.176.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283027/; classtype:trojan-activity;sid:84146127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283026/; classtype:trojan-activity;sid:84146126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.83.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283025/; classtype:trojan-activity;sid:84146125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.238.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283024/; classtype:trojan-activity;sid:84146124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283023/; classtype:trojan-activity;sid:84146123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.11.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283022/; classtype:trojan-activity;sid:84146122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.250.77.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283021/; classtype:trojan-activity;sid:84146121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.227.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283020/; classtype:trojan-activity;sid:84146120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.168.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283019/; classtype:trojan-activity;sid:84146119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.202.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283018/; classtype:trojan-activity;sid:84146118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.198.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283017/; classtype:trojan-activity;sid:84146117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.186.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283015/; classtype:trojan-activity;sid:84146115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.224.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283016/; classtype:trojan-activity;sid:84146116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283014/; classtype:trojan-activity;sid:84146114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.94.216.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283013/; classtype:trojan-activity;sid:84146113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.74.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283012/; classtype:trojan-activity;sid:84146112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.54.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283010/; classtype:trojan-activity;sid:84146110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.40.69.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283011/; classtype:trojan-activity;sid:84146111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.23.132"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283009/; classtype:trojan-activity;sid:84146109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.59.251.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283008/; classtype:trojan-activity;sid:84146108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.21.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283007/; classtype:trojan-activity;sid:84146107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.102.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283006/; classtype:trojan-activity;sid:84146106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.25.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283004/; classtype:trojan-activity;sid:84146104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.150.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283005/; classtype:trojan-activity;sid:84146105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.253.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283003/; classtype:trojan-activity;sid:84146103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.4.224.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283002/; classtype:trojan-activity;sid:84146102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.5.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283001/; classtype:trojan-activity;sid:84146101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.247.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283000/; classtype:trojan-activity;sid:84146100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.153.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282999/; classtype:trojan-activity;sid:84146099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.91.223.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282998/; classtype:trojan-activity;sid:84146098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.212.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282997/; classtype:trojan-activity;sid:84146097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.245.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282996/; classtype:trojan-activity;sid:84146096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.11.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282995/; classtype:trojan-activity;sid:84146095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.113.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282994/; classtype:trojan-activity;sid:84146094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282993/; classtype:trojan-activity;sid:84146093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.54.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282992/; classtype:trojan-activity;sid:84146092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282991/; classtype:trojan-activity;sid:84146091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282989/; classtype:trojan-activity;sid:84146089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.102.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282990/; classtype:trojan-activity;sid:84146090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.36.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282988/; classtype:trojan-activity;sid:84146088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.206.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282987/; classtype:trojan-activity;sid:84146087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.226.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282986/; classtype:trojan-activity;sid:84146086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.210.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282985/; classtype:trojan-activity;sid:84146085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.62.8.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282984/; classtype:trojan-activity;sid:84146084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.27.50"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282983/; classtype:trojan-activity;sid:84146083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.65.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282982/; classtype:trojan-activity;sid:84146082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.115.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282981/; classtype:trojan-activity;sid:84146081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282980/; classtype:trojan-activity;sid:84146080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.115.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282979/; classtype:trojan-activity;sid:84146079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.91.223.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282978/; classtype:trojan-activity;sid:84146078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.62.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282977/; classtype:trojan-activity;sid:84146077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.21.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282976/; classtype:trojan-activity;sid:84146076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.165.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282975/; classtype:trojan-activity;sid:84146075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.5.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282974/; classtype:trojan-activity;sid:84146074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.150.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282973/; classtype:trojan-activity;sid:84146073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.40.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282972/; classtype:trojan-activity;sid:84146072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.253.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282971/; classtype:trojan-activity;sid:84146071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.102.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282970/; classtype:trojan-activity;sid:84146070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.70.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282969/; classtype:trojan-activity;sid:84146069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.114.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282968/; classtype:trojan-activity;sid:84146068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.105.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282967/; classtype:trojan-activity;sid:84146067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282966/; classtype:trojan-activity;sid:84146066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.48.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282965/; classtype:trojan-activity;sid:84146065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.244.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282964/; classtype:trojan-activity;sid:84146064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282963/; classtype:trojan-activity;sid:84146063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282962/; classtype:trojan-activity;sid:84146062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.190.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282961/; classtype:trojan-activity;sid:84146061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.110.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282960/; classtype:trojan-activity;sid:84146060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.106.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282959/; classtype:trojan-activity;sid:84146059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"198.163.192.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282956/; classtype:trojan-activity;sid:84146056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.190.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282957/; classtype:trojan-activity;sid:84146057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.170.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282958/; classtype:trojan-activity;sid:84146058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282955/; classtype:trojan-activity;sid:84146055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.150.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282954/; classtype:trojan-activity;sid:84146054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.70.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282953/; classtype:trojan-activity;sid:84146053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.245.5.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282952/; classtype:trojan-activity;sid:84146052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.2.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282950/; classtype:trojan-activity;sid:84146050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.253.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282951/; classtype:trojan-activity;sid:84146051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.191.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282949/; classtype:trojan-activity;sid:84146049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282948/; classtype:trojan-activity;sid:84146048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.17.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282947/; classtype:trojan-activity;sid:84146047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.221.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282946/; classtype:trojan-activity;sid:84146046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.11.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282945/; classtype:trojan-activity;sid:84146045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.64.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282944/; classtype:trojan-activity;sid:84146044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.11.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282943/; classtype:trojan-activity;sid:84146043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.168.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282942/; classtype:trojan-activity;sid:84146042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282941/; classtype:trojan-activity;sid:84146041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282940/; classtype:trojan-activity;sid:84146040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282939/; classtype:trojan-activity;sid:84146039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.245.5.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282938/; classtype:trojan-activity;sid:84146038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.181.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282937/; classtype:trojan-activity;sid:84146037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.249.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282936/; classtype:trojan-activity;sid:84146036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.150.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282935/; classtype:trojan-activity;sid:84146035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.85.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282934/; classtype:trojan-activity;sid:84146034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.63.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282933/; classtype:trojan-activity;sid:84146033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282932/; classtype:trojan-activity;sid:84146032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.158.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282931/; classtype:trojan-activity;sid:84146031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"198.163.192.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282929/; classtype:trojan-activity;sid:84146029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.121.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282930/; classtype:trojan-activity;sid:84146030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.123.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282928/; classtype:trojan-activity;sid:84146028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.224.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282927/; classtype:trojan-activity;sid:84146027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.18.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282926/; classtype:trojan-activity;sid:84146026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.243.139.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282925/; classtype:trojan-activity;sid:84146025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.223.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282924/; classtype:trojan-activity;sid:84146024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.106.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282923/; classtype:trojan-activity;sid:84146023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.75.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282921/; classtype:trojan-activity;sid:84146021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.238.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282922/; classtype:trojan-activity;sid:84146022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.244.122.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282920/; classtype:trojan-activity;sid:84146020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.89.252.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282919/; classtype:trojan-activity;sid:84146019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.22.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282918/; classtype:trojan-activity;sid:84146018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282917/; classtype:trojan-activity;sid:84146017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282916/; classtype:trojan-activity;sid:84146016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.137.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282915/; classtype:trojan-activity;sid:84146015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.164.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282913/; classtype:trojan-activity;sid:84146013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.153.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282914/; classtype:trojan-activity;sid:84146014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.224.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282912/; classtype:trojan-activity;sid:84146012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.1.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282911/; classtype:trojan-activity;sid:84146011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.158.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282910/; classtype:trojan-activity;sid:84146010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.127.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282909/; classtype:trojan-activity;sid:84146009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.121.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282908/; classtype:trojan-activity;sid:84146008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.63.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282906/; classtype:trojan-activity;sid:84146006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.3.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282907/; classtype:trojan-activity;sid:84146007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"199.255.181.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282905/; classtype:trojan-activity;sid:84146005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282904/; classtype:trojan-activity;sid:84146004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.112.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282903/; classtype:trojan-activity;sid:84146003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.237.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282902/; classtype:trojan-activity;sid:84146002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.139.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282901/; classtype:trojan-activity;sid:84146001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.173.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282900/; classtype:trojan-activity;sid:84146000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.223.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282899/; classtype:trojan-activity;sid:84145999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282898/; classtype:trojan-activity;sid:84145998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282897/; classtype:trojan-activity;sid:84145997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282895/; classtype:trojan-activity;sid:84145995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.89.252.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282896/; classtype:trojan-activity;sid:84145996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.22.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282892/; classtype:trojan-activity;sid:84145992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.244.122.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282893/; classtype:trojan-activity;sid:84145993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.2.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282894/; classtype:trojan-activity;sid:84145994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.121.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282891/; classtype:trojan-activity;sid:84145991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.89.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282890/; classtype:trojan-activity;sid:84145990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.173.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282889/; classtype:trojan-activity;sid:84145989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.198.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282888/; classtype:trojan-activity;sid:84145988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.112.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282887/; classtype:trojan-activity;sid:84145987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.163.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282886/; classtype:trojan-activity;sid:84145986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.164.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282885/; classtype:trojan-activity;sid:84145985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.127.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282884/; classtype:trojan-activity;sid:84145984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.121.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282883/; classtype:trojan-activity;sid:84145983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282882/; classtype:trojan-activity;sid:84145982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.32.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282881/; classtype:trojan-activity;sid:84145981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.224.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282880/; classtype:trojan-activity;sid:84145980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.70.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282879/; classtype:trojan-activity;sid:84145979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.228.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282878/; classtype:trojan-activity;sid:84145978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.40.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282876/; classtype:trojan-activity;sid:84145976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.19.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282877/; classtype:trojan-activity;sid:84145977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282875/; classtype:trojan-activity;sid:84145975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282874/; classtype:trojan-activity;sid:84145974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282873/; classtype:trojan-activity;sid:84145973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.70.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282871/; classtype:trojan-activity;sid:84145971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.11.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282872/; classtype:trojan-activity;sid:84145972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.119.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282870/; classtype:trojan-activity;sid:84145970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.4.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282869/; classtype:trojan-activity;sid:84145969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282867/; classtype:trojan-activity;sid:84145967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.181.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282868/; classtype:trojan-activity;sid:84145968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.108.211.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282866/; classtype:trojan-activity;sid:84145966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.99.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282865/; classtype:trojan-activity;sid:84145965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.62.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3282864/; classtype:trojan-activity;sid:84145964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"60.19.217.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282863/; classtype:trojan-activity;sid:84145963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.153.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282862/; classtype:trojan-activity;sid:84145962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.7.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282861/; classtype:trojan-activity;sid:84145961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.173.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282860/; classtype:trojan-activity;sid:84145960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.157.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282859/; classtype:trojan-activity;sid:84145959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282858/; classtype:trojan-activity;sid:84145958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.139.58.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282857/; classtype:trojan-activity;sid:84145957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.77.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282856/; classtype:trojan-activity;sid:84145956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.17.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282855/; classtype:trojan-activity;sid:84145955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.86.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282854/; classtype:trojan-activity;sid:84145954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282853/; classtype:trojan-activity;sid:84145953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.181.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282852/; classtype:trojan-activity;sid:84145952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.132.113.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282851/; classtype:trojan-activity;sid:84145951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.51.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282850/; classtype:trojan-activity;sid:84145950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.23.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282849/; classtype:trojan-activity;sid:84145949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.211.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282848/; classtype:trojan-activity;sid:84145948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.10.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282847/; classtype:trojan-activity;sid:84145947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.56.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282846/; classtype:trojan-activity;sid:84145946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.241.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282845/; classtype:trojan-activity;sid:84145945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.70.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282844/; classtype:trojan-activity;sid:84145944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.157.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282843/; classtype:trojan-activity;sid:84145943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.203.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282842/; classtype:trojan-activity;sid:84145942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.153.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282841/; classtype:trojan-activity;sid:84145941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.209.154.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282840/; classtype:trojan-activity;sid:84145940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.17.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282839/; classtype:trojan-activity;sid:84145939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282837/; classtype:trojan-activity;sid:84145937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.109.157.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282838/; classtype:trojan-activity;sid:84145938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.132.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282835/; classtype:trojan-activity;sid:84145935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.64.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282836/; classtype:trojan-activity;sid:84145936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.86.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282834/; classtype:trojan-activity;sid:84145934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.51.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282833/; classtype:trojan-activity;sid:84145933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.203.68.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282832/; classtype:trojan-activity;sid:84145932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.152.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282831/; classtype:trojan-activity;sid:84145931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.73.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282830/; classtype:trojan-activity;sid:84145930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.209.154.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282829/; classtype:trojan-activity;sid:84145929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.181.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282828/; classtype:trojan-activity;sid:84145928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.23.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282827/; classtype:trojan-activity;sid:84145927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.151.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282826/; classtype:trojan-activity;sid:84145926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.121.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282825/; classtype:trojan-activity;sid:84145925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.164.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282824/; classtype:trojan-activity;sid:84145924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.203.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282823/; classtype:trojan-activity;sid:84145923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.96.184.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282821/; classtype:trojan-activity;sid:84145921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.208.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282822/; classtype:trojan-activity;sid:84145922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.84.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282820/; classtype:trojan-activity;sid:84145920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.132.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282819/; classtype:trojan-activity;sid:84145919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.73.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282818/; classtype:trojan-activity;sid:84145918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.77.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282817/; classtype:trojan-activity;sid:84145917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.92.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282816/; classtype:trojan-activity;sid:84145916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.91.92.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282815/; classtype:trojan-activity;sid:84145915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.64.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282812/; classtype:trojan-activity;sid:84145912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.53.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282813/; classtype:trojan-activity;sid:84145913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.234.198.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282814/; classtype:trojan-activity;sid:84145914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.48.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282811/; classtype:trojan-activity;sid:84145911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.151.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282810/; classtype:trojan-activity;sid:84145910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.145.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282809/; classtype:trojan-activity;sid:84145909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.184.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282808/; classtype:trojan-activity;sid:84145908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.213.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282807/; classtype:trojan-activity;sid:84145907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.208.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282806/; classtype:trojan-activity;sid:84145906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.242.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282805/; classtype:trojan-activity;sid:84145905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.12.193.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282804/; classtype:trojan-activity;sid:84145904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.179.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282803/; classtype:trojan-activity;sid:84145903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282802/; classtype:trojan-activity;sid:84145902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.64.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282801/; classtype:trojan-activity;sid:84145901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.231.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282800/; classtype:trojan-activity;sid:84145900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.84.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282799/; classtype:trojan-activity;sid:84145899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.1.32"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282798/; classtype:trojan-activity;sid:84145898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.45.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282796/; classtype:trojan-activity;sid:84145896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.154.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282797/; classtype:trojan-activity;sid:84145897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.79.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282795/; classtype:trojan-activity;sid:84145895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282793/; classtype:trojan-activity;sid:84145893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.96.184.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282794/; classtype:trojan-activity;sid:84145894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.156.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282792/; classtype:trojan-activity;sid:84145892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.224.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282791/; classtype:trojan-activity;sid:84145891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.81.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282790/; classtype:trojan-activity;sid:84145890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.178.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282789/; classtype:trojan-activity;sid:84145889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.2.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282788/; classtype:trojan-activity;sid:84145888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.101.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282787/; classtype:trojan-activity;sid:84145887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.89.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282786/; classtype:trojan-activity;sid:84145886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282785/; classtype:trojan-activity;sid:84145885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.55.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282784/; classtype:trojan-activity;sid:84145884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.158.67.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282783/; classtype:trojan-activity;sid:84145883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.117.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282782/; classtype:trojan-activity;sid:84145882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.199.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282781/; classtype:trojan-activity;sid:84145881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.229.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282780/; classtype:trojan-activity;sid:84145880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.219.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282779/; classtype:trojan-activity;sid:84145879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.242.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282778/; classtype:trojan-activity;sid:84145878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.77.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282777/; classtype:trojan-activity;sid:84145877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.213.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282776/; classtype:trojan-activity;sid:84145876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.154.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282775/; classtype:trojan-activity;sid:84145875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.45.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282774/; classtype:trojan-activity;sid:84145874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.79.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282773/; classtype:trojan-activity;sid:84145873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282772/; classtype:trojan-activity;sid:84145872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.81.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282771/; classtype:trojan-activity;sid:84145871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282770/; classtype:trojan-activity;sid:84145870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282769/; classtype:trojan-activity;sid:84145869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.158.67.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282768/; classtype:trojan-activity;sid:84145868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.136.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282767/; classtype:trojan-activity;sid:84145867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.202.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282766/; classtype:trojan-activity;sid:84145866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.112.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282765/; classtype:trojan-activity;sid:84145865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.223.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282764/; classtype:trojan-activity;sid:84145864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.177.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282763/; classtype:trojan-activity;sid:84145863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.117.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282762/; classtype:trojan-activity;sid:84145862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.250.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282761/; classtype:trojan-activity;sid:84145861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.15.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282760/; classtype:trojan-activity;sid:84145860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.116.122.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282759/; classtype:trojan-activity;sid:84145859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.179.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282758/; classtype:trojan-activity;sid:84145858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.177.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282757/; classtype:trojan-activity;sid:84145857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.219.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282756/; classtype:trojan-activity;sid:84145856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.50.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282755/; classtype:trojan-activity;sid:84145855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282754/; classtype:trojan-activity;sid:84145854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.112.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282753/; classtype:trojan-activity;sid:84145853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282752/; classtype:trojan-activity;sid:84145852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.230.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282751/; classtype:trojan-activity;sid:84145851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.71.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282750/; classtype:trojan-activity;sid:84145850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.179.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282749/; classtype:trojan-activity;sid:84145849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.191.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282748/; classtype:trojan-activity;sid:84145848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.116.122.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282747/; classtype:trojan-activity;sid:84145847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.210.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282746/; classtype:trojan-activity;sid:84145846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.215.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282745/; classtype:trojan-activity;sid:84145845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.195.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282744/; classtype:trojan-activity;sid:84145844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.250.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282743/; classtype:trojan-activity;sid:84145843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.16.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282742/; classtype:trojan-activity;sid:84145842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.40.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282741/; classtype:trojan-activity;sid:84145841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.63.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282740/; classtype:trojan-activity;sid:84145840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.15.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282739/; classtype:trojan-activity;sid:84145839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.61.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282738/; classtype:trojan-activity;sid:84145838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282737/; classtype:trojan-activity;sid:84145837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.7.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282735/; classtype:trojan-activity;sid:84145835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.71.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282736/; classtype:trojan-activity;sid:84145836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.243.139.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282734/; classtype:trojan-activity;sid:84145834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282733/; classtype:trojan-activity;sid:84145833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.188.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282732/; classtype:trojan-activity;sid:84145832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.210.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282731/; classtype:trojan-activity;sid:84145831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.97.6.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282730/; classtype:trojan-activity;sid:84145830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.8.187"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282729/; classtype:trojan-activity;sid:84145829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.235.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282728/; classtype:trojan-activity;sid:84145828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.159.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282727/; classtype:trojan-activity;sid:84145827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.215.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282726/; classtype:trojan-activity;sid:84145826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.240.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282725/; classtype:trojan-activity;sid:84145825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282724/; classtype:trojan-activity;sid:84145824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.146.122.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282723/; classtype:trojan-activity;sid:84145823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.29.179"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282722/; classtype:trojan-activity;sid:84145822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.234.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282721/; classtype:trojan-activity;sid:84145821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.77.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282720/; classtype:trojan-activity;sid:84145820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.126.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282719/; classtype:trojan-activity;sid:84145819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.3.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282718/; classtype:trojan-activity;sid:84145818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.235.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282717/; classtype:trojan-activity;sid:84145817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.114.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282716/; classtype:trojan-activity;sid:84145816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.234.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282715/; classtype:trojan-activity;sid:84145815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282714/; classtype:trojan-activity;sid:84145814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.111.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282713/; classtype:trojan-activity;sid:84145813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.152.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282712/; classtype:trojan-activity;sid:84145812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.22.35"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282711/; classtype:trojan-activity;sid:84145811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.61.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282710/; classtype:trojan-activity;sid:84145810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.24.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282709/; classtype:trojan-activity;sid:84145809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.121.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282708/; classtype:trojan-activity;sid:84145808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282707/; classtype:trojan-activity;sid:84145807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282706/; classtype:trojan-activity;sid:84145806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282705/; classtype:trojan-activity;sid:84145805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.250.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282704/; classtype:trojan-activity;sid:84145804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.29.179"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282703/; classtype:trojan-activity;sid:84145803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282702/; classtype:trojan-activity;sid:84145802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.233.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282701/; classtype:trojan-activity;sid:84145801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282700/; classtype:trojan-activity;sid:84145800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282699/; classtype:trojan-activity;sid:84145799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.7.21"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282698/; classtype:trojan-activity;sid:84145798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282697/; classtype:trojan-activity;sid:84145797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.76.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282696/; classtype:trojan-activity;sid:84145796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.180.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282695/; classtype:trojan-activity;sid:84145795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.165.69.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282694/; classtype:trojan-activity;sid:84145794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.240.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282693/; classtype:trojan-activity;sid:84145793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.126.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282692/; classtype:trojan-activity;sid:84145792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.77.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282691/; classtype:trojan-activity;sid:84145791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.50.70.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282690/; classtype:trojan-activity;sid:84145790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.12.40"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282689/; classtype:trojan-activity;sid:84145789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.121.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282688/; classtype:trojan-activity;sid:84145788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.24.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282687/; classtype:trojan-activity;sid:84145787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.233.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282686/; classtype:trojan-activity;sid:84145786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.114.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282685/; classtype:trojan-activity;sid:84145785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282684/; classtype:trojan-activity;sid:84145784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.195.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282683/; classtype:trojan-activity;sid:84145783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.9.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282682/; classtype:trojan-activity;sid:84145782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.158.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282681/; classtype:trojan-activity;sid:84145781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.120.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282680/; classtype:trojan-activity;sid:84145780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.245.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282679/; classtype:trojan-activity;sid:84145779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joined.exe"; depth:11; endswith; nocase; http.host; content:"husktools.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282678/; classtype:trojan-activity;sid:84145778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282677/; classtype:trojan-activity;sid:84145777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282676/; classtype:trojan-activity;sid:84145776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282675/; classtype:trojan-activity;sid:84145775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.62.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282674/; classtype:trojan-activity;sid:84145774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.241.63.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282673/; classtype:trojan-activity;sid:84145773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282672/; classtype:trojan-activity;sid:84145772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.198.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282671/; classtype:trojan-activity;sid:84145771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282670/; classtype:trojan-activity;sid:84145770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.9.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282669/; classtype:trojan-activity;sid:84145769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.217.49.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282668/; classtype:trojan-activity;sid:84145768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.251.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282667/; classtype:trojan-activity;sid:84145767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.72.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282666/; classtype:trojan-activity;sid:84145766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.62.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282665/; classtype:trojan-activity;sid:84145765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.195.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282664/; classtype:trojan-activity;sid:84145764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.59.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282663/; classtype:trojan-activity;sid:84145763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.204.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282662/; classtype:trojan-activity;sid:84145762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.57.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282661/; classtype:trojan-activity;sid:84145761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.228.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282660/; classtype:trojan-activity;sid:84145760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.40.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282659/; classtype:trojan-activity;sid:84145759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.220.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282658/; classtype:trojan-activity;sid:84145758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.98.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282657/; classtype:trojan-activity;sid:84145757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282656/; classtype:trojan-activity;sid:84145756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.86.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282655/; classtype:trojan-activity;sid:84145755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.53.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282654/; classtype:trojan-activity;sid:84145754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.93.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282653/; classtype:trojan-activity;sid:84145753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.15.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282652/; classtype:trojan-activity;sid:84145752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282651/; classtype:trojan-activity;sid:84145751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.198.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282650/; classtype:trojan-activity;sid:84145750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282649/; classtype:trojan-activity;sid:84145749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.227.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282648/; classtype:trojan-activity;sid:84145748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.59.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282647/; classtype:trojan-activity;sid:84145747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.210.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282646/; classtype:trojan-activity;sid:84145746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.195.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282643/; classtype:trojan-activity;sid:84145743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.129.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282644/; classtype:trojan-activity;sid:84145744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.219.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282645/; classtype:trojan-activity;sid:84145745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.216.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282642/; classtype:trojan-activity;sid:84145742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.25.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282641/; classtype:trojan-activity;sid:84145741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.97.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282640/; classtype:trojan-activity;sid:84145740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.92.185.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282639/; classtype:trojan-activity;sid:84145739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.173.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282638/; classtype:trojan-activity;sid:84145738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.53.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282637/; classtype:trojan-activity;sid:84145737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.149.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282636/; classtype:trojan-activity;sid:84145736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.98.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282635/; classtype:trojan-activity;sid:84145735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.70.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282633/; classtype:trojan-activity;sid:84145733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.91.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282634/; classtype:trojan-activity;sid:84145734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.41.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282632/; classtype:trojan-activity;sid:84145732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.220.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282631/; classtype:trojan-activity;sid:84145731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.213.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282630/; classtype:trojan-activity;sid:84145730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.228.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282629/; classtype:trojan-activity;sid:84145729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.88.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282628/; classtype:trojan-activity;sid:84145728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.184.251.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282627/; classtype:trojan-activity;sid:84145727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.116.116.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282626/; classtype:trojan-activity;sid:84145726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.86.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282625/; classtype:trojan-activity;sid:84145725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.149.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282624/; classtype:trojan-activity;sid:84145724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.91.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282623/; classtype:trojan-activity;sid:84145723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.252.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282622/; classtype:trojan-activity;sid:84145722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/worm.exe"; depth:9; endswith; nocase; http.host; content:"husktools.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282621/; classtype:trojan-activity;sid:84145721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.174.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282619/; classtype:trojan-activity;sid:84145719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.240.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282620/; classtype:trojan-activity;sid:84145720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.94.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282618/; classtype:trojan-activity;sid:84145718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282617/; classtype:trojan-activity;sid:84145717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.251.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282616/; classtype:trojan-activity;sid:84145716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.153.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282615/; classtype:trojan-activity;sid:84145715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.132.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282614/; classtype:trojan-activity;sid:84145714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.103.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282613/; classtype:trojan-activity;sid:84145713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.70.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282612/; classtype:trojan-activity;sid:84145712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.10.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282611/; classtype:trojan-activity;sid:84145711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.33.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282610/; classtype:trojan-activity;sid:84145710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.88.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282609/; classtype:trojan-activity;sid:84145709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.93.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282608/; classtype:trojan-activity;sid:84145708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282606/; classtype:trojan-activity;sid:84145706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.120.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282607/; classtype:trojan-activity;sid:84145707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282605/; classtype:trojan-activity;sid:84145705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.121.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282604/; classtype:trojan-activity;sid:84145704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.125.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282603/; classtype:trojan-activity;sid:84145703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.252.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282602/; classtype:trojan-activity;sid:84145702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282601/; classtype:trojan-activity;sid:84145701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.120.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282600/; classtype:trojan-activity;sid:84145700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.47.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282599/; classtype:trojan-activity;sid:84145699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.210.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282598/; classtype:trojan-activity;sid:84145698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.117.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282597/; classtype:trojan-activity;sid:84145697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.91.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282596/; classtype:trojan-activity;sid:84145696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282595/; classtype:trojan-activity;sid:84145695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.33.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282593/; classtype:trojan-activity;sid:84145693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.90.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282594/; classtype:trojan-activity;sid:84145694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.235.245.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282592/; classtype:trojan-activity;sid:84145692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282591/; classtype:trojan-activity;sid:84145691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.132.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282590/; classtype:trojan-activity;sid:84145690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.219.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282589/; classtype:trojan-activity;sid:84145689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.71.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282588/; classtype:trojan-activity;sid:84145688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.216.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282587/; classtype:trojan-activity;sid:84145687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.182.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282586/; classtype:trojan-activity;sid:84145686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.234.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282585/; classtype:trojan-activity;sid:84145685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.107.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282584/; classtype:trojan-activity;sid:84145684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.26.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282583/; classtype:trojan-activity;sid:84145683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.106.130.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282582/; classtype:trojan-activity;sid:84145682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.175.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282581/; classtype:trojan-activity;sid:84145681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.112.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282580/; classtype:trojan-activity;sid:84145680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.153.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282579/; classtype:trojan-activity;sid:84145679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.248.12.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282578/; classtype:trojan-activity;sid:84145678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.8.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282577/; classtype:trojan-activity;sid:84145677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.252.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282576/; classtype:trojan-activity;sid:84145676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.45.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282575/; classtype:trojan-activity;sid:84145675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282574/; classtype:trojan-activity;sid:84145674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.86.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282573/; classtype:trojan-activity;sid:84145673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.132.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282572/; classtype:trojan-activity;sid:84145672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.151.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282571/; classtype:trojan-activity;sid:84145671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.72.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282570/; classtype:trojan-activity;sid:84145670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.106.130.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282569/; classtype:trojan-activity;sid:84145669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.135.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282568/; classtype:trojan-activity;sid:84145668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/crypted.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282566/; classtype:trojan-activity;sid:84145666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.216.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282567/; classtype:trojan-activity;sid:84145667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.71.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282565/; classtype:trojan-activity;sid:84145665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.221.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282564/; classtype:trojan-activity;sid:84145664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.96.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282563/; classtype:trojan-activity;sid:84145663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282562/; classtype:trojan-activity;sid:84145662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.4.104"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282561/; classtype:trojan-activity;sid:84145661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.143.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282560/; classtype:trojan-activity;sid:84145660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.227.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282559/; classtype:trojan-activity;sid:84145659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.56.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282558/; classtype:trojan-activity;sid:84145658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.175.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282557/; classtype:trojan-activity;sid:84145657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282556/; classtype:trojan-activity;sid:84145656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.151.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282555/; classtype:trojan-activity;sid:84145655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/chrone.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282554/; classtype:trojan-activity;sid:84145654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.153.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282553/; classtype:trojan-activity;sid:84145653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.56.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282552/; classtype:trojan-activity;sid:84145652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282550/; classtype:trojan-activity;sid:84145650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.126.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282551/; classtype:trojan-activity;sid:84145651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.173.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282549/; classtype:trojan-activity;sid:84145649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.218.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282548/; classtype:trojan-activity;sid:84145648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.115.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282547/; classtype:trojan-activity;sid:84145647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.100.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282546/; classtype:trojan-activity;sid:84145646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.174.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282545/; classtype:trojan-activity;sid:84145645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.112.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282543/; classtype:trojan-activity;sid:84145643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.183.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282544/; classtype:trojan-activity;sid:84145644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.48.107.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282542/; classtype:trojan-activity;sid:84145642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.169.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282541/; classtype:trojan-activity;sid:84145641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.56.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282540/; classtype:trojan-activity;sid:84145640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.153.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282539/; classtype:trojan-activity;sid:84145639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.selfip.org"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282538/; classtype:trojan-activity;sid:84145638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-me.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282536/; classtype:trojan-activity;sid:84145636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-de.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282537/; classtype:trojan-activity;sid:84145637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.homedns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282519/; classtype:trojan-activity;sid:84145619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.is-a-bulls-fan.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282520/; classtype:trojan-activity;sid:84145620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.is-a-republican.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282521/; classtype:trojan-activity;sid:84145621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.blogdns.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282522/; classtype:trojan-activity;sid:84145622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-md.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282523/; classtype:trojan-activity;sid:84145623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"nftg.is-a-bruinsfan.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282524/; classtype:trojan-activity;sid:84145624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-pa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282525/; classtype:trojan-activity;sid:84145625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.space-to-rent.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282526/; classtype:trojan-activity;sid:84145626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.is-slick.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282527/; classtype:trojan-activity;sid:84145627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.is-a-democrat.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282528/; classtype:trojan-activity;sid:84145628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-nd.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282529/; classtype:trojan-activity;sid:84145629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.is-a-nurse.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282530/; classtype:trojan-activity;sid:84145630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.is-a-landscaper.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282531/; classtype:trojan-activity;sid:84145631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.homeunix.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282532/; classtype:trojan-activity;sid:84145632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.here-for-more.info"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282533/; classtype:trojan-activity;sid:84145633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.forgot.her.name"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282534/; classtype:trojan-activity;sid:84145634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.groks-the.info"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282535/; classtype:trojan-activity;sid:84145635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"soniafernandes.my3cx.com.br"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282518/; classtype:trojan-activity;sid:84145618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ggg.is-a-painter.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282517/; classtype:trojan-activity;sid:84145617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.dyndns.biz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282516/; classtype:trojan-activity;sid:84145616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.dnsalias.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282507/; classtype:trojan-activity;sid:84145607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.webhop.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282508/; classtype:trojan-activity;sid:84145608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.isa-geek.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282509/; classtype:trojan-activity;sid:84145609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-az.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282510/; classtype:trojan-activity;sid:84145610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"nftg.here-for-more.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282511/; classtype:trojan-activity;sid:84145611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"agenal.ajayusoft.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282512/; classtype:trojan-activity;sid:84145612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.dyndns.info"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282513/; classtype:trojan-activity;sid:84145613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.groks-this.info"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282514/; classtype:trojan-activity;sid:84145614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aerret.webhop.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282515/; classtype:trojan-activity;sid:84145615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.173.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282506/; classtype:trojan-activity;sid:84145606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.105.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282505/; classtype:trojan-activity;sid:84145605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.245.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282504/; classtype:trojan-activity;sid:84145604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.32.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282503/; classtype:trojan-activity;sid:84145603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.218.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282502/; classtype:trojan-activity;sid:84145602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282501/; classtype:trojan-activity;sid:84145601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.246.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282500/; classtype:trojan-activity;sid:84145600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.197.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282499/; classtype:trojan-activity;sid:84145599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282498/; classtype:trojan-activity;sid:84145598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.119.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282496/; classtype:trojan-activity;sid:84145596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.23.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282497/; classtype:trojan-activity;sid:84145597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.226.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282495/; classtype:trojan-activity;sid:84145595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.16.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282494/; classtype:trojan-activity;sid:84145594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.218.214.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282493/; classtype:trojan-activity;sid:84145593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.226.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282492/; classtype:trojan-activity;sid:84145592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282491/; classtype:trojan-activity;sid:84145591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.208.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282490/; classtype:trojan-activity;sid:84145590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.80.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282489/; classtype:trojan-activity;sid:84145589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.113.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282488/; classtype:trojan-activity;sid:84145588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282487/; classtype:trojan-activity;sid:84145587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.38.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282486/; classtype:trojan-activity;sid:84145586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.93.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282485/; classtype:trojan-activity;sid:84145585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282484/; classtype:trojan-activity;sid:84145584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.80.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282483/; classtype:trojan-activity;sid:84145583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.92.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282481/; classtype:trojan-activity;sid:84145581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.241.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282482/; classtype:trojan-activity;sid:84145582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.177.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282479/; classtype:trojan-activity;sid:84145579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.42.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282480/; classtype:trojan-activity;sid:84145580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.238.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282478/; classtype:trojan-activity;sid:84145578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.16.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282477/; classtype:trojan-activity;sid:84145577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.243.137.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282476/; classtype:trojan-activity;sid:84145576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.186.45.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282475/; classtype:trojan-activity;sid:84145575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.6.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282474/; classtype:trojan-activity;sid:84145574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.52.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282472/; classtype:trojan-activity;sid:84145572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.zip"; depth:11; endswith; nocase; http.host; content:"betano-cupom.site"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282473/; classtype:trojan-activity;sid:84145573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.45.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282471/; classtype:trojan-activity;sid:84145571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.224.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282470/; classtype:trojan-activity;sid:84145570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282469/; classtype:trojan-activity;sid:84145569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.177.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282468/; classtype:trojan-activity;sid:84145568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.156.50.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282467/; classtype:trojan-activity;sid:84145567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.182.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282466/; classtype:trojan-activity;sid:84145566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.252.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282463/; classtype:trojan-activity;sid:84145563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282464/; classtype:trojan-activity;sid:84145564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282465/; classtype:trojan-activity;sid:84145565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.245.224.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282462/; classtype:trojan-activity;sid:84145562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/default.exe"; depth:12; endswith; nocase; http.host; content:"87.120.117.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282461/; classtype:trojan-activity;sid:84145561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.104.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282460/; classtype:trojan-activity;sid:84145560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.35.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282459/; classtype:trojan-activity;sid:84145559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.55.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282458/; classtype:trojan-activity;sid:84145558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.113.164.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282457/; classtype:trojan-activity;sid:84145557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.243.137.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282456/; classtype:trojan-activity;sid:84145556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.191.154.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282455/; classtype:trojan-activity;sid:84145555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.186.45.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282454/; classtype:trojan-activity;sid:84145554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.160.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282453/; classtype:trojan-activity;sid:84145553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282452/; classtype:trojan-activity;sid:84145552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.167.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282451/; classtype:trojan-activity;sid:84145551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.35.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282449/; classtype:trojan-activity;sid:84145549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.172.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282450/; classtype:trojan-activity;sid:84145550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.204.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282448/; classtype:trojan-activity;sid:84145548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282447/; classtype:trojan-activity;sid:84145547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.23.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282446/; classtype:trojan-activity;sid:84145546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.217.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282445/; classtype:trojan-activity;sid:84145545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282444/; classtype:trojan-activity;sid:84145544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282443/; classtype:trojan-activity;sid:84145543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.99.115.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282442/; classtype:trojan-activity;sid:84145542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.205.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282441/; classtype:trojan-activity;sid:84145541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.193.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282440/; classtype:trojan-activity;sid:84145540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282439/; classtype:trojan-activity;sid:84145539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.242.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282438/; classtype:trojan-activity;sid:84145538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"199.255.181.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282437/; classtype:trojan-activity;sid:84145537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282436/; classtype:trojan-activity;sid:84145536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.117.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282435/; classtype:trojan-activity;sid:84145535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282434/; classtype:trojan-activity;sid:84145534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282433/; classtype:trojan-activity;sid:84145533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282432/; classtype:trojan-activity;sid:84145532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.87.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282431/; classtype:trojan-activity;sid:84145531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.55.178.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282430/; classtype:trojan-activity;sid:84145530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.247.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282429/; classtype:trojan-activity;sid:84145529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.55.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282428/; classtype:trojan-activity;sid:84145528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.205.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282427/; classtype:trojan-activity;sid:84145527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.235.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282426/; classtype:trojan-activity;sid:84145526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.239.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282425/; classtype:trojan-activity;sid:84145525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1g1jmxusx9mc9vmhvrjj2xofz3ak_clot"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282423/; classtype:trojan-activity;sid:84145523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1naqdnxigvi_q1rpkazftmygmaqtjxu42"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282424/; classtype:trojan-activity;sid:84145524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/cpvob/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282422/; classtype:trojan-activity;sid:84145522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/13pvy/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282420/; classtype:trojan-activity;sid:84145520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/twmvx/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282421/; classtype:trojan-activity;sid:84145521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.107.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282419/; classtype:trojan-activity;sid:84145519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/z8hgy/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282417/; classtype:trojan-activity;sid:84145517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/faith"; depth:13; endswith; nocase; http.host; content:"65.175.140.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282418/; classtype:trojan-activity;sid:84145518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.95.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282415/; classtype:trojan-activity;sid:84145515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.235.116.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282416/; classtype:trojan-activity;sid:84145516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.64.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282414/; classtype:trojan-activity;sid:84145514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282413/; classtype:trojan-activity;sid:84145513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282412/; classtype:trojan-activity;sid:84145512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.107.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282411/; classtype:trojan-activity;sid:84145511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.101.63.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282410/; classtype:trojan-activity;sid:84145510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282408/; classtype:trojan-activity;sid:84145508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282409/; classtype:trojan-activity;sid:84145509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.166.36.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282407/; classtype:trojan-activity;sid:84145507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.56.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282406/; classtype:trojan-activity;sid:84145506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282405/; classtype:trojan-activity;sid:84145505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.241.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282404/; classtype:trojan-activity;sid:84145504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.235.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282403/; classtype:trojan-activity;sid:84145503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.79.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282402/; classtype:trojan-activity;sid:84145502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.64.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282401/; classtype:trojan-activity;sid:84145501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.59.251.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282400/; classtype:trojan-activity;sid:84145500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.11.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282399/; classtype:trojan-activity;sid:84145499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282398/; classtype:trojan-activity;sid:84145498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"198.98.54.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282397/; classtype:trojan-activity;sid:84145497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asegurar.vbs"; depth:13; endswith; nocase; http.host; content:"152.202.226.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282396/; classtype:trojan-activity;sid:84145496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/zte"; depth:11; endswith; nocase; http.host; content:"65.175.140.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282395/; classtype:trojan-activity;sid:84145495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/segura.vbs"; depth:11; endswith; nocase; http.host; content:"152.202.226.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282394/; classtype:trojan-activity;sid:84145494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282393/; classtype:trojan-activity;sid:84145493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.35.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282392/; classtype:trojan-activity;sid:84145492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.32.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282391/; classtype:trojan-activity;sid:84145491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.182.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282390/; classtype:trojan-activity;sid:84145490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.148.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282389/; classtype:trojan-activity;sid:84145489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.7.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282388/; classtype:trojan-activity;sid:84145488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282387/; classtype:trojan-activity;sid:84145487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.157.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282386/; classtype:trojan-activity;sid:84145486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.95.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282385/; classtype:trojan-activity;sid:84145485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.60.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282384/; classtype:trojan-activity;sid:84145484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.182.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282383/; classtype:trojan-activity;sid:84145483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.224.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282382/; classtype:trojan-activity;sid:84145482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.79.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282381/; classtype:trojan-activity;sid:84145481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.7.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282380/; classtype:trojan-activity;sid:84145480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.247.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282379/; classtype:trojan-activity;sid:84145479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.52.33"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282378/; classtype:trojan-activity;sid:84145478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282377/; classtype:trojan-activity;sid:84145477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.148.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282376/; classtype:trojan-activity;sid:84145476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wctwqryuqxcldr152.bin"; depth:22; endswith; nocase; http.host; content:"evesecret.ma"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282373/; classtype:trojan-activity;sid:84145473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wctwqryuqxcldr152.bin"; depth:22; endswith; nocase; http.host; content:"evesecret.ma"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282374/; classtype:trojan-activity;sid:84145474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.252.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282372/; classtype:trojan-activity;sid:84145472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.95.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282371/; classtype:trojan-activity;sid:84145471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282370/; classtype:trojan-activity;sid:84145470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.14.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282369/; classtype:trojan-activity;sid:84145469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.114.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282368/; classtype:trojan-activity;sid:84145468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282367/; classtype:trojan-activity;sid:84145467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.1.187"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282366/; classtype:trojan-activity;sid:84145466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.86.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282365/; classtype:trojan-activity;sid:84145465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.85.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282364/; classtype:trojan-activity;sid:84145464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.76.180.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282363/; classtype:trojan-activity;sid:84145463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282362/; classtype:trojan-activity;sid:84145462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.253.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282361/; classtype:trojan-activity;sid:84145461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.243.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282360/; classtype:trojan-activity;sid:84145460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xerin_v3.0.0.29.zip"; depth:20; endswith; nocase; http.host; content:"154.216.17.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282356/; classtype:trojan-activity;sid:84145456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xerin_v3.0.0.29_full_src_@code2reverse.rar"; depth:43; endswith; nocase; http.host; content:"154.216.17.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282357/; classtype:trojan-activity;sid:84145457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armdot%20v2024.8.zip"; depth:21; endswith; nocase; http.host; content:"154.216.17.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282358/; classtype:trojan-activity;sid:84145458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282355/; classtype:trojan-activity;sid:84145455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.18.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282354/; classtype:trojan-activity;sid:84145454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.247.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282353/; classtype:trojan-activity;sid:84145453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.1.187"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282352/; classtype:trojan-activity;sid:84145452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.18.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282351/; classtype:trojan-activity;sid:84145451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.105.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282350/; classtype:trojan-activity;sid:84145450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.43.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282347/; classtype:trojan-activity;sid:84145447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.245.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282348/; classtype:trojan-activity;sid:84145448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.14.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282349/; classtype:trojan-activity;sid:84145449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.201.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282346/; classtype:trojan-activity;sid:84145446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.89.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282345/; classtype:trojan-activity;sid:84145445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.134.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282344/; classtype:trojan-activity;sid:84145444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.from-nj.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282342/; classtype:trojan-activity;sid:84145442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"www.drdanfe.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282343/; classtype:trojan-activity;sid:84145443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"drdanfe.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282338/; classtype:trojan-activity;sid:84145438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.est-mon-blogueur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282339/; classtype:trojan-activity;sid:84145439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"compounded.fghnbv.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282340/; classtype:trojan-activity;sid:84145440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gegrewew.endoftheinternet.org"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282341/; classtype:trojan-activity;sid:84145441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"mail.drdanfe.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282337/; classtype:trojan-activity;sid:84145437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.is-a-celticsfan.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282335/; classtype:trojan-activity;sid:84145435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.dyndns-office.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282336/; classtype:trojan-activity;sid:84145436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.homelinux.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282332/; classtype:trojan-activity;sid:84145432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"vbxvb.is-very-good.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282333/; classtype:trojan-activity;sid:84145433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.sellsyourhome.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282334/; classtype:trojan-activity;sid:84145434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.is-a-painter.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282328/; classtype:trojan-activity;sid:84145428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wewef.gets-it.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282329/; classtype:trojan-activity;sid:84145429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.is-a-rockstar.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282330/; classtype:trojan-activity;sid:84145430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"scsfscscs.homelinux.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282331/; classtype:trojan-activity;sid:84145431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sccsdcsdcv.is-an-actress.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282327/; classtype:trojan-activity;sid:84145427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.from-nv.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282324/; classtype:trojan-activity;sid:84145424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.remotecam.nu"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282325/; classtype:trojan-activity;sid:84145425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"hyhyhy.is-a-therapist.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282326/; classtype:trojan-activity;sid:84145426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.hobby-site.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282317/; classtype:trojan-activity;sid:84145417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"nmfhnjf.knowsitall.info"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282318/; classtype:trojan-activity;sid:84145418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.is-a-anarchist.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282319/; classtype:trojan-activity;sid:84145419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"yyhyhy.simple-url.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282320/; classtype:trojan-activity;sid:84145420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.barrel-of-knowledge.info"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282321/; classtype:trojan-activity;sid:84145421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"charlote.is-a-geek.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282322/; classtype:trojan-activity;sid:84145422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.selfip.biz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282323/; classtype:trojan-activity;sid:84145423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"fghfgbfg.dyndns-work.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282315/; classtype:trojan-activity;sid:84145415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.is-found.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282316/; classtype:trojan-activity;sid:84145416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.dyndns.tv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282312/; classtype:trojan-activity;sid:84145412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"jujuju.dyndns-free.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282313/; classtype:trojan-activity;sid:84145413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.merseine.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282314/; classtype:trojan-activity;sid:84145414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"dgdfb.groks-this.info"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282311/; classtype:trojan-activity;sid:84145411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"suanfe.is-a-landscaper.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282310/; classtype:trojan-activity;sid:84145410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdfgdfdv.groks-this.info"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282309/; classtype:trojan-activity;sid:84145409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"awrqa.is-gone.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282306/; classtype:trojan-activity;sid:84145406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aweewe.barrel-of-knowledge.info"; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282307/; classtype:trojan-activity;sid:84145407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aewaew.barrel-of-knowledge.info"; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282308/; classtype:trojan-activity;sid:84145408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sccsdcsdcv.from-tn.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282302/; classtype:trojan-activity;sid:84145402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"azczxs.from-nd.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282303/; classtype:trojan-activity;sid:84145403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"kjjghhjgf.is-uberleet.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282304/; classtype:trojan-activity;sid:84145404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sccsdcsdcv.likescandy.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282305/; classtype:trojan-activity;sid:84145405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"grtgr.webhop.biz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282301/; classtype:trojan-activity;sid:84145401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ewrew.is-a-caterer.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282299/; classtype:trojan-activity;sid:84145399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"scsfscscs.is-an-actress.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282300/; classtype:trojan-activity;sid:84145400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.broke-it.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282296/; classtype:trojan-activity;sid:84145396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"hjmhjm.is-a-landscaper.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282297/; classtype:trojan-activity;sid:84145397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"dfvdfvfddf.is-a-anarchist.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282298/; classtype:trojan-activity;sid:84145398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.is-very-sweet.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282294/; classtype:trojan-activity;sid:84145394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sccsdcsdcv.homeunix.net"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282295/; classtype:trojan-activity;sid:84145395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"compounded.fghnbv.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282293/; classtype:trojan-activity;sid:84145393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.from-nj.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282292/; classtype:trojan-activity;sid:84145392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujuju.for-better.biz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282291/; classtype:trojan-activity;sid:84145391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"tehytdf.sellsyourhome.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282290/; classtype:trojan-activity;sid:84145390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.is-a-student.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282289/; classtype:trojan-activity;sid:84145389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"fgnfgfgsd.dynathome.net"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282287/; classtype:trojan-activity;sid:84145387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.dyndns-office.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282288/; classtype:trojan-activity;sid:84145388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"addnew.doesntexist.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282286/; classtype:trojan-activity;sid:84145386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujuju.from-md.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282285/; classtype:trojan-activity;sid:84145385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sccsdcsdcv.is-a-democrat.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282283/; classtype:trojan-activity;sid:84145383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"hthth.is-a-knight.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282284/; classtype:trojan-activity;sid:84145384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"suanfe.kicks-ass.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282282/; classtype:trojan-activity;sid:84145382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.dynalias.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282279/; classtype:trojan-activity;sid:84145379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-nv.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282280/; classtype:trojan-activity;sid:84145380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.92.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282281/; classtype:trojan-activity;sid:84145381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.is-a-blogger.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282277/; classtype:trojan-activity;sid:84145377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.merseine.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282278/; classtype:trojan-activity;sid:84145378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"scsfscscs.doomdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282272/; classtype:trojan-activity;sid:84145372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"zvczcz.saves-the-whales.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282273/; classtype:trojan-activity;sid:84145373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ewrew.is-a-musician.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282274/; classtype:trojan-activity;sid:84145374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.is-a-celticsfan.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282275/; classtype:trojan-activity;sid:84145375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.from-wi.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282276/; classtype:trojan-activity;sid:84145376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.is-into-games.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282267/; classtype:trojan-activity;sid:84145367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujuju.here-for-more.info"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282268/; classtype:trojan-activity;sid:84145368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"egg.est-mon-blogueur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282269/; classtype:trojan-activity;sid:84145369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wewef.from-sc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282270/; classtype:trojan-activity;sid:84145370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"tehytdf.ftpaccess.cc"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282271/; classtype:trojan-activity;sid:84145371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"aaaee.from-wa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282259/; classtype:trojan-activity;sid:84145359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"scsfscscs.is-a-chef.net"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282260/; classtype:trojan-activity;sid:84145360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.from-la.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282261/; classtype:trojan-activity;sid:84145361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.is-a-blogger.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282262/; classtype:trojan-activity;sid:84145362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.homelinux.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282263/; classtype:trojan-activity;sid:84145363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"www.drdanfe.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282264/; classtype:trojan-activity;sid:84145364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.is-a-republican.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282265/; classtype:trojan-activity;sid:84145365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"dfdfdfvd.is-a-geek.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282266/; classtype:trojan-activity;sid:84145366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"jujuju.from-pa.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282255/; classtype:trojan-activity;sid:84145355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.hobby-site.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282256/; classtype:trojan-activity;sid:84145356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.blogdns.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282257/; classtype:trojan-activity;sid:84145357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.selfip.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282258/; classtype:trojan-activity;sid:84145358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gegrewew.ath.cx"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282254/; classtype:trojan-activity;sid:84145354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gegrewew.endoftheinternet.org"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282253/; classtype:trojan-activity;sid:84145353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"wrwwewfe.selfip.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282252/; classtype:trojan-activity;sid:84145352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"awewrwa.dnsalias.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282251/; classtype:trojan-activity;sid:84145351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sfsdfsdvsd.neat-url.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282250/; classtype:trojan-activity;sid:84145350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.from-pa.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282249/; classtype:trojan-activity;sid:84145349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"drdanfe.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282247/; classtype:trojan-activity;sid:84145347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"mail.drdanfe.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282248/; classtype:trojan-activity;sid:84145348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"gdhbbdv.is-a-bruinsfan.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282246/; classtype:trojan-activity;sid:84145346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"ujujuju.is-uberleet.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282242/; classtype:trojan-activity;sid:84145342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"tttht.is-a-therapist.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282243/; classtype:trojan-activity;sid:84145343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sdfgfv.dyndns-free.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282244/; classtype:trojan-activity;sid:84145344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sfsdfsdvsd.gets-it.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282245/; classtype:trojan-activity;sid:84145345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"sdfgfv.stuff-4-sale.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282240/; classtype:trojan-activity;sid:84145340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"198.23.136.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282238/; classtype:trojan-activity;sid:84145338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela/atualizador_fiscal_nfe.msi"; depth:37; endswith; nocase; http.host; content:"198.23.136.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282239/; classtype:trojan-activity;sid:84145339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.122.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282237/; classtype:trojan-activity;sid:84145337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.245.118.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282235/; classtype:trojan-activity;sid:84145335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.139.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282236/; classtype:trojan-activity;sid:84145336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.127.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282234/; classtype:trojan-activity;sid:84145334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282233/; classtype:trojan-activity;sid:84145333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.123.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282232/; classtype:trojan-activity;sid:84145332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.86.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282231/; classtype:trojan-activity;sid:84145331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282230/; classtype:trojan-activity;sid:84145330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.13.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282229/; classtype:trojan-activity;sid:84145329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.143.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282228/; classtype:trojan-activity;sid:84145328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.10.238.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282227/; classtype:trojan-activity;sid:84145327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.154.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282226/; classtype:trojan-activity;sid:84145326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.76.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282225/; classtype:trojan-activity;sid:84145325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.60.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282224/; classtype:trojan-activity;sid:84145324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.89.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282223/; classtype:trojan-activity;sid:84145323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.114.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282222/; classtype:trojan-activity;sid:84145322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.9.51"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282221/; classtype:trojan-activity;sid:84145321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"doutshared.octabracessorioscom.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282220/; classtype:trojan-activity;sid:84145320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"guitrar.drumbalsruffows.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282219/; classtype:trojan-activity;sid:84145319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"octabracessorioscom.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282218/; classtype:trojan-activity;sid:84145318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"striker.drumbalsruffows.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282217/; classtype:trojan-activity;sid:84145317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.225.92.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282215/; classtype:trojan-activity;sid:84145315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.19.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282216/; classtype:trojan-activity;sid:84145316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.38.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282214/; classtype:trojan-activity;sid:84145314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"drumbalsruffows.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282213/; classtype:trojan-activity;sid:84145313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"80.85.152.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282212/; classtype:trojan-activity;sid:84145312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"80.85.152.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282211/; classtype:trojan-activity;sid:84145311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.112.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282210/; classtype:trojan-activity;sid:84145310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.235.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282209/; classtype:trojan-activity;sid:84145309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toobloshfoldssqlite.jpg"; depth:24; endswith; nocase; http.host; content:"springs.octabracessorioscom.com"; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282208/; classtype:trojan-activity;sid:84145308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/and"; depth:4; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282204/; classtype:trojan-activity;sid:84145304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sky.sh"; depth:7; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282205/; classtype:trojan-activity;sid:84145305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282206/; classtype:trojan-activity;sid:84145306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.138.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282207/; classtype:trojan-activity;sid:84145307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.35.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282203/; classtype:trojan-activity;sid:84145303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.39.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282202/; classtype:trojan-activity;sid:84145302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.101.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282201/; classtype:trojan-activity;sid:84145301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282200/; classtype:trojan-activity;sid:84145300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.76.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282199/; classtype:trojan-activity;sid:84145299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.10.238.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282197/; classtype:trojan-activity;sid:84145297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282198/; classtype:trojan-activity;sid:84145298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.246.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282196/; classtype:trojan-activity;sid:84145296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.200.168.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282194/; classtype:trojan-activity;sid:84145294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.24.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282195/; classtype:trojan-activity;sid:84145295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.148.163.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282193/; classtype:trojan-activity;sid:84145293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282192/; classtype:trojan-activity;sid:84145292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282189/; classtype:trojan-activity;sid:84145289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282190/; classtype:trojan-activity;sid:84145290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282191/; classtype:trojan-activity;sid:84145291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282187/; classtype:trojan-activity;sid:84145287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282188/; classtype:trojan-activity;sid:84145288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282182/; classtype:trojan-activity;sid:84145282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282183/; classtype:trojan-activity;sid:84145283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282184/; classtype:trojan-activity;sid:84145284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"45.154.24.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282185/; classtype:trojan-activity;sid:84145285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; depth:37; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282170/; classtype:trojan-activity;sid:84145270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; depth:38; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282171/; classtype:trojan-activity;sid:84145271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; depth:38; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282172/; classtype:trojan-activity;sid:84145272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; depth:37; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282173/; classtype:trojan-activity;sid:84145273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; depth:38; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282174/; classtype:trojan-activity;sid:84145274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; depth:38; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282175/; classtype:trojan-activity;sid:84145275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; depth:37; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282176/; classtype:trojan-activity;sid:84145276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; depth:38; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282177/; classtype:trojan-activity;sid:84145277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; depth:37; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282178/; classtype:trojan-activity;sid:84145278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; depth:37; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282179/; classtype:trojan-activity;sid:84145279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; depth:40; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282180/; classtype:trojan-activity;sid:84145280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; depth:38; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282181/; classtype:trojan-activity;sid:84145281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.12.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282169/; classtype:trojan-activity;sid:84145269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; depth:38; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282167/; classtype:trojan-activity;sid:84145267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282168/; classtype:trojan-activity;sid:84145268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282164/; classtype:trojan-activity;sid:84145264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.100.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282163/; classtype:trojan-activity;sid:84145263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.13.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282162/; classtype:trojan-activity;sid:84145262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.35.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282160/; classtype:trojan-activity;sid:84145260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.240.168.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282161/; classtype:trojan-activity;sid:84145261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.253.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282159/; classtype:trojan-activity;sid:84145259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.69.60.204"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282158/; classtype:trojan-activity;sid:84145258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.114.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282157/; classtype:trojan-activity;sid:84145257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.145.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282156/; classtype:trojan-activity;sid:84145256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.22.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282155/; classtype:trojan-activity;sid:84145255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282154/; classtype:trojan-activity;sid:84145254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282153/; classtype:trojan-activity;sid:84145253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.235.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282152/; classtype:trojan-activity;sid:84145252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.92.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282151/; classtype:trojan-activity;sid:84145251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282150/; classtype:trojan-activity;sid:84145250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.99.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282149/; classtype:trojan-activity;sid:84145249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.88.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282148/; classtype:trojan-activity;sid:84145248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.180.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282147/; classtype:trojan-activity;sid:84145247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.61.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282146/; classtype:trojan-activity;sid:84145246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282145/; classtype:trojan-activity;sid:84145245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.99.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282144/; classtype:trojan-activity;sid:84145244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.22.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282143/; classtype:trojan-activity;sid:84145243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.24.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282142/; classtype:trojan-activity;sid:84145242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.92.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282141/; classtype:trojan-activity;sid:84145241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.92.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282140/; classtype:trojan-activity;sid:84145240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282139/; classtype:trojan-activity;sid:84145239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.214.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282138/; classtype:trojan-activity;sid:84145238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.173.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282137/; classtype:trojan-activity;sid:84145237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.139.160.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282135/; classtype:trojan-activity;sid:84145235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.83.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282136/; classtype:trojan-activity;sid:84145236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282134/; classtype:trojan-activity;sid:84145234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.229.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282133/; classtype:trojan-activity;sid:84145233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.240.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282132/; classtype:trojan-activity;sid:84145232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.68.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282131/; classtype:trojan-activity;sid:84145231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.96.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282130/; classtype:trojan-activity;sid:84145230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.67.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282129/; classtype:trojan-activity;sid:84145229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frpc.exe"; depth:9; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282128/; classtype:trojan-activity;sid:84145228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nohup.out"; depth:10; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282127/; classtype:trojan-activity;sid:84145227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.apk"; depth:6; endswith; nocase; http.host; content:"101.133.166.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282126/; classtype:trojan-activity;sid:84145226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nohup.out"; depth:10; endswith; nocase; http.host; content:"101.133.166.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282125/; classtype:trojan-activity;sid:84145225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.36.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282124/; classtype:trojan-activity;sid:84145224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.apk"; depth:6; endswith; nocase; http.host; content:"101.200.176.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282123/; classtype:trojan-activity;sid:84145223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mysql.bat"; depth:10; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282120/; classtype:trojan-activity;sid:84145220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.210.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282121/; classtype:trojan-activity;sid:84145221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yaml-payload.jar"; depth:17; endswith; nocase; http.host; content:"101.200.160.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282122/; classtype:trojan-activity;sid:84145222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282119/; classtype:trojan-activity;sid:84145219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frpc.ini"; depth:9; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282118/; classtype:trojan-activity;sid:84145218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.255.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282116/; classtype:trojan-activity;sid:84145216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.247.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282117/; classtype:trojan-activity;sid:84145217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.198.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282113/; classtype:trojan-activity;sid:84145213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.202.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282114/; classtype:trojan-activity;sid:84145214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.235.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282115/; classtype:trojan-activity;sid:84145215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.92.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282112/; classtype:trojan-activity;sid:84145212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.229.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282111/; classtype:trojan-activity;sid:84145211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.181.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282110/; classtype:trojan-activity;sid:84145210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.160.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282109/; classtype:trojan-activity;sid:84145209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.161.160.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282108/; classtype:trojan-activity;sid:84145208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.39.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282107/; classtype:trojan-activity;sid:84145207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.36.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282106/; classtype:trojan-activity;sid:84145206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.81.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282104/; classtype:trojan-activity;sid:84145204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.68.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282105/; classtype:trojan-activity;sid:84145205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.198.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282103/; classtype:trojan-activity;sid:84145203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.246.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282102/; classtype:trojan-activity;sid:84145202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infopage/unt.ps1"; depth:17; endswith; nocase; http.host; content:"147.45.44.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282096/; classtype:trojan-activity;sid:84145196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infopage/bhdh552.ps1"; depth:21; endswith; nocase; http.host; content:"147.45.44.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282097/; classtype:trojan-activity;sid:84145197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infopage/hdt.exe"; depth:17; endswith; nocase; http.host; content:"147.45.44.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282098/; classtype:trojan-activity;sid:84145198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infopage/tuh.exe"; depth:17; endswith; nocase; http.host; content:"147.45.44.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282099/; classtype:trojan-activity;sid:84145199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infopage/tbg9.exe"; depth:18; endswith; nocase; http.host; content:"147.45.44.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282100/; classtype:trojan-activity;sid:84145200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infopage/oit.ps1"; depth:17; endswith; nocase; http.host; content:"147.45.44.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282101/; classtype:trojan-activity;sid:84145201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.226.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282095/; classtype:trojan-activity;sid:84145195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.72.250.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282094/; classtype:trojan-activity;sid:84145194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.96.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282092/; classtype:trojan-activity;sid:84145192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.177.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282093/; classtype:trojan-activity;sid:84145193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282091/; classtype:trojan-activity;sid:84145191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hxaoumrdakm80.bin"; depth:18; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282089/; classtype:trojan-activity;sid:84145189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dorpxaiuedumegoj254.bin"; depth:24; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282090/; classtype:trojan-activity;sid:84145190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnwvhqwa203.bin"; depth:16; endswith; nocase; http.host; content:"212.162.149.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282088/; classtype:trojan-activity;sid:84145188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wqylnyqakdh155.bin"; depth:19; endswith; nocase; http.host; content:"212.162.149.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282087/; classtype:trojan-activity;sid:84145187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.248.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282086/; classtype:trojan-activity;sid:84145186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.107.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282083/; classtype:trojan-activity;sid:84145183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrarm7"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282084/; classtype:trojan-activity;sid:84145184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282085/; classtype:trojan-activity;sid:84145185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pwllqqq3qzhmbfrtzdfbheu7szhoggzfbt"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282060/; classtype:trojan-activity;sid:84145160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282061/; classtype:trojan-activity;sid:84145161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.181.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282062/; classtype:trojan-activity;sid:84145162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/oragr3j8xj2sd5hrjhub3c7eb9yzixy1rl"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282063/; classtype:trojan-activity;sid:84145163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.sh"; depth:12; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282064/; classtype:trojan-activity;sid:84145164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm6"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282065/; classtype:trojan-activity;sid:84145165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282066/; classtype:trojan-activity;sid:84145166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nhikd2ltrr3umwfwfcldvh5gunwkhhaj7a"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282067/; classtype:trojan-activity;sid:84145167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.213.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282068/; classtype:trojan-activity;sid:84145168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.235.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282069/; classtype:trojan-activity;sid:84145169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gomips"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282070/; classtype:trojan-activity;sid:84145170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282071/; classtype:trojan-activity;sid:84145171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm5"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282072/; classtype:trojan-activity;sid:84145172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.mips"; depth:14; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282073/; classtype:trojan-activity;sid:84145173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.mpsl"; depth:14; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282074/; classtype:trojan-activity;sid:84145174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.arm4"; depth:14; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282075/; classtype:trojan-activity;sid:84145175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.arm6"; depth:14; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282076/; classtype:trojan-activity;sid:84145176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrmips"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282077/; classtype:trojan-activity;sid:84145177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.ppc"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282078/; classtype:trojan-activity;sid:84145178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.x86"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282079/; classtype:trojan-activity;sid:84145179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282080/; classtype:trojan-activity;sid:84145180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.10.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282081/; classtype:trojan-activity;sid:84145181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282082/; classtype:trojan-activity;sid:84145182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282050/; classtype:trojan-activity;sid:84145150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282051/; classtype:trojan-activity;sid:84145151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282052/; classtype:trojan-activity;sid:84145152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/0soczecyza3yqlyidsdojaqabm6te9z2x6"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282053/; classtype:trojan-activity;sid:84145153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282054/; classtype:trojan-activity;sid:84145154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282055/; classtype:trojan-activity;sid:84145155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bmjqhc7tl7rpg6tyvhtks1rl3wjjfy4my6"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282056/; classtype:trojan-activity;sid:84145156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/v6btk4bwem6lnm2ob3erpytat0nm0raocu"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282057/; classtype:trojan-activity;sid:84145157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4jtw6cnhrm9t52y61dr15wn5woyu8m0ghl"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282058/; classtype:trojan-activity;sid:84145158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mif6vwzv2vo3g8wyc8e2sbh87ocl4tewuj"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282059/; classtype:trojan-activity;sid:84145159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el_softfloat"; depth:25; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282044/; classtype:trojan-activity;sid:84145144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282045/; classtype:trojan-activity;sid:84145145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips_softfloat"; depth:21; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282046/; classtype:trojan-activity;sid:84145146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282047/; classtype:trojan-activity;sid:84145147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282048/; classtype:trojan-activity;sid:84145148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel_softfloat"; depth:23; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282049/; classtype:trojan-activity;sid:84145149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282042/; classtype:trojan-activity;sid:84145142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64_softfloat"; depth:23; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282043/; classtype:trojan-activity;sid:84145143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282041/; classtype:trojan-activity;sid:84145141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282040/; classtype:trojan-activity;sid:84145140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282039/; classtype:trojan-activity;sid:84145139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm64"; depth:12; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282038/; classtype:trojan-activity;sid:84145138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282037/; classtype:trojan-activity;sid:84145137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64el"; depth:14; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282036/; classtype:trojan-activity;sid:84145136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282034/; classtype:trojan-activity;sid:84145134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64"; depth:12; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282035/; classtype:trojan-activity;sid:84145135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"154.201.84.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282033/; classtype:trojan-activity;sid:84145133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm5"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282030/; classtype:trojan-activity;sid:84145130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282031/; classtype:trojan-activity;sid:84145131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282032/; classtype:trojan-activity;sid:84145132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gppc"; depth:5; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282027/; classtype:trojan-activity;sid:84145127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282028/; classtype:trojan-activity;sid:84145128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.216.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282029/; classtype:trojan-activity;sid:84145129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282005/; classtype:trojan-activity;sid:84145105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm7"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282006/; classtype:trojan-activity;sid:84145106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bjxwckkmei6unazvz7db7yzvmoludizwgl"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282007/; classtype:trojan-activity;sid:84145107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m7nrwkbejmy49gow0i6wyiabmeeh2gggbe"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282008/; classtype:trojan-activity;sid:84145108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fwggjq0zeufspwtfvap6bz57m5ugjn4idy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282009/; classtype:trojan-activity;sid:84145109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282010/; classtype:trojan-activity;sid:84145110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282011/; classtype:trojan-activity;sid:84145111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.146.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282012/; classtype:trojan-activity;sid:84145112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282013/; classtype:trojan-activity;sid:84145113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/da6ep4aqojoiz4emchyil8xx6ilnxafxfb"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282014/; classtype:trojan-activity;sid:84145114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n8mprldjzlrz6bhg7wrbovsal6zztmjltu"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282015/; classtype:trojan-activity;sid:84145115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282016/; classtype:trojan-activity;sid:84145116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282017/; classtype:trojan-activity;sid:84145117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm6"; depth:7; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282018/; classtype:trojan-activity;sid:84145118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm"; depth:5; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282019/; classtype:trojan-activity;sid:84145119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282020/; classtype:trojan-activity;sid:84145120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282021/; classtype:trojan-activity;sid:84145121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282022/; classtype:trojan-activity;sid:84145122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fxzu0zslkyin1fwkz4sf4mnncovfiax7j0"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282023/; classtype:trojan-activity;sid:84145123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrsh4"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282024/; classtype:trojan-activity;sid:84145124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrppc"; depth:6; endswith; nocase; http.host; content:"targo-wisko.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282025/; classtype:trojan-activity;sid:84145125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgiegeir.arm5"; depth:14; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282026/; classtype:trojan-activity;sid:84145126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/metaex.zip"; depth:11; endswith; nocase; http.host; content:"meta-exezip.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282002/; classtype:trojan-activity;sid:84145102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runtst.zip"; depth:11; endswith; nocase; http.host; content:"rfyvghjgpag.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282003/; classtype:trojan-activity;sid:84145103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winsc.zip"; depth:10; endswith; nocase; http.host; content:"dwnlod-c212.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282004/; classtype:trojan-activity;sid:84145104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/the/rack/fscplugin.zip"; depth:23; endswith; nocase; http.host; content:"vassal.b-cdn.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282001/; classtype:trojan-activity;sid:84145101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/medsset.zip"; depth:12; endswith; nocase; http.host; content:"creativeloadzzgh.b-cdn.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282000/; classtype:trojan-activity;sid:84145100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/med.txt"; depth:8; endswith; nocase; http.host; content:"creativeloadzzgh.b-cdn.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281997/; classtype:trojan-activity;sid:84145097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stp/rtst.txt"; depth:13; endswith; nocase; http.host; content:"rfyvghjgpag.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281998/; classtype:trojan-activity;sid:84145098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.txt"; depth:8; endswith; nocase; http.host; content:"dwnlod-c212.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281999/; classtype:trojan-activity;sid:84145099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.36.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281996/; classtype:trojan-activity;sid:84145096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.95.163.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281995/; classtype:trojan-activity;sid:84145095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.39.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281994/; classtype:trojan-activity;sid:84145094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.254.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281993/; classtype:trojan-activity;sid:84145093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.60.204"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281992/; classtype:trojan-activity;sid:84145092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281991/; classtype:trojan-activity;sid:84145091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.84.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281990/; classtype:trojan-activity;sid:84145090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281989/; classtype:trojan-activity;sid:84145089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.246.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281988/; classtype:trojan-activity;sid:84145088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.177.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281987/; classtype:trojan-activity;sid:84145087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.226.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281986/; classtype:trojan-activity;sid:84145086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.172.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281985/; classtype:trojan-activity;sid:84145085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281984/; classtype:trojan-activity;sid:84145084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.37.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281983/; classtype:trojan-activity;sid:84145083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.237.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281982/; classtype:trojan-activity;sid:84145082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281981/; classtype:trojan-activity;sid:84145081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.252.248.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281980/; classtype:trojan-activity;sid:84145080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.236.245.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281979/; classtype:trojan-activity;sid:84145079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.238.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281978/; classtype:trojan-activity;sid:84145078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.146.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281977/; classtype:trojan-activity;sid:84145077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.243.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281976/; classtype:trojan-activity;sid:84145076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.94.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281973/; classtype:trojan-activity;sid:84145073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281974/; classtype:trojan-activity;sid:84145074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281975/; classtype:trojan-activity;sid:84145075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.69.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281972/; classtype:trojan-activity;sid:84145072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.46.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281971/; classtype:trojan-activity;sid:84145071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.235.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281969/; classtype:trojan-activity;sid:84145069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.247.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281970/; classtype:trojan-activity;sid:84145070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.27.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281968/; classtype:trojan-activity;sid:84145068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.83.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281967/; classtype:trojan-activity;sid:84145067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.21.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281966/; classtype:trojan-activity;sid:84145066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281965/; classtype:trojan-activity;sid:84145065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.252.77.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281964/; classtype:trojan-activity;sid:84145064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.124.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281961/; classtype:trojan-activity;sid:84145061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"186.216.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281962/; classtype:trojan-activity;sid:84145062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.77.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281963/; classtype:trojan-activity;sid:84145063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281960/; classtype:trojan-activity;sid:84145060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.170.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281959/; classtype:trojan-activity;sid:84145059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.176.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281958/; classtype:trojan-activity;sid:84145058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281957/; classtype:trojan-activity;sid:84145057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.168.225.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281956/; classtype:trojan-activity;sid:84145056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.118.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281955/; classtype:trojan-activity;sid:84145055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281954/; classtype:trojan-activity;sid:84145054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.235.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281952/; classtype:trojan-activity;sid:84145052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.249.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281953/; classtype:trojan-activity;sid:84145053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.69.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281951/; classtype:trojan-activity;sid:84145051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.247.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281950/; classtype:trojan-activity;sid:84145050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.46.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281949/; classtype:trojan-activity;sid:84145049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tytlyinfotech/wepark-network/blob/main/backend/routes/quote.route.js"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281948/; classtype:trojan-activity;sid:84145048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.173.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281947/; classtype:trojan-activity;sid:84145047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.83.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281946/; classtype:trojan-activity;sid:84145046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.10.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281945/; classtype:trojan-activity;sid:84145045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.196.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281944/; classtype:trojan-activity;sid:84145044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.39.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281943/; classtype:trojan-activity;sid:84145043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.239.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281942/; classtype:trojan-activity;sid:84145042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281941/; classtype:trojan-activity;sid:84145041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281940/; classtype:trojan-activity;sid:84145040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281938/; classtype:trojan-activity;sid:84145038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281939/; classtype:trojan-activity;sid:84145039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gotocheckout"; depth:13; endswith; nocase; http.host; content:"xpvrk.strategies.mvpstrat.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281937/; classtype:trojan-activity;sid:84145037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281935/; classtype:trojan-activity;sid:84145035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.70.181.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281936/; classtype:trojan-activity;sid:84145036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.201.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281928/; classtype:trojan-activity;sid:84145028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.109.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281929/; classtype:trojan-activity;sid:84145029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281930/; classtype:trojan-activity;sid:84145030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281931/; classtype:trojan-activity;sid:84145031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281932/; classtype:trojan-activity;sid:84145032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281933/; classtype:trojan-activity;sid:84145033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281934/; classtype:trojan-activity;sid:84145034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.196.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281927/; classtype:trojan-activity;sid:84145027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281926/; classtype:trojan-activity;sid:84145026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrmips"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281907/; classtype:trojan-activity;sid:84145007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281908/; classtype:trojan-activity;sid:84145008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281909/; classtype:trojan-activity;sid:84145009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281910/; classtype:trojan-activity;sid:84145010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281911/; classtype:trojan-activity;sid:84145011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrppc"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281912/; classtype:trojan-activity;sid:84145012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281913/; classtype:trojan-activity;sid:84145013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281914/; classtype:trojan-activity;sid:84145014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm"; depth:5; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281915/; classtype:trojan-activity;sid:84145015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281916/; classtype:trojan-activity;sid:84145016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281917/; classtype:trojan-activity;sid:84145017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281918/; classtype:trojan-activity;sid:84145018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281919/; classtype:trojan-activity;sid:84145019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281920/; classtype:trojan-activity;sid:84145020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281921/; classtype:trojan-activity;sid:84145021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smips"; depth:6; endswith; nocase; http.host; content:"154.216.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281922/; classtype:trojan-activity;sid:84145022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281923/; classtype:trojan-activity;sid:84145023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281924/; classtype:trojan-activity;sid:84145024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281925/; classtype:trojan-activity;sid:84145025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281895/; classtype:trojan-activity;sid:84144995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281896/; classtype:trojan-activity;sid:84144996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281897/; classtype:trojan-activity;sid:84144997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281898/; classtype:trojan-activity;sid:84144998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281899/; classtype:trojan-activity;sid:84144999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281900/; classtype:trojan-activity;sid:84145000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281901/; classtype:trojan-activity;sid:84145001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.ppc"; depth:10; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281902/; classtype:trojan-activity;sid:84145002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281903/; classtype:trojan-activity;sid:84145003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281904/; classtype:trojan-activity;sid:84145004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281905/; classtype:trojan-activity;sid:84145005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281906/; classtype:trojan-activity;sid:84145006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/igzllwjixwncstuxcwkhp6ko9ufyupikhi"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281891/; classtype:trojan-activity;sid:84144991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281892/; classtype:trojan-activity;sid:84144992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281893/; classtype:trojan-activity;sid:84144993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm5"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281894/; classtype:trojan-activity;sid:84144994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281888/; classtype:trojan-activity;sid:84144988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281889/; classtype:trojan-activity;sid:84144989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hkyzuewvrd9hlhdjbahx5xkikvkoppgvd5"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281890/; classtype:trojan-activity;sid:84144990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fur4ywvopxsxh9rdtd13tcmijrwgvw8ggj"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281883/; classtype:trojan-activity;sid:84144983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281884/; classtype:trojan-activity;sid:84144984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281885/; classtype:trojan-activity;sid:84144985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281886/; classtype:trojan-activity;sid:84144986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.179.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281887/; classtype:trojan-activity;sid:84144987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281879/; classtype:trojan-activity;sid:84144979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281880/; classtype:trojan-activity;sid:84144980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fbfzut0krc5nhmtgkcwubt4838xssmbh33"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281881/; classtype:trojan-activity;sid:84144981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281882/; classtype:trojan-activity;sid:84144982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281875/; classtype:trojan-activity;sid:84144975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm5"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281876/; classtype:trojan-activity;sid:84144976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nniewcfjerfizyu1asbtgtsejprqdjfkc0"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281877/; classtype:trojan-activity;sid:84144977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281878/; classtype:trojan-activity;sid:84144978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281869/; classtype:trojan-activity;sid:84144969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281870/; classtype:trojan-activity;sid:84144970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281871/; classtype:trojan-activity;sid:84144971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281872/; classtype:trojan-activity;sid:84144972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gudr9a2j5ryf6yp82wjmep9bdwoauxpwti"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281873/; classtype:trojan-activity;sid:84144973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281874/; classtype:trojan-activity;sid:84144974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mpsl"; depth:11; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281854/; classtype:trojan-activity;sid:84144954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281855/; classtype:trojan-activity;sid:84144955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281856/; classtype:trojan-activity;sid:84144956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281857/; classtype:trojan-activity;sid:84144957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281858/; classtype:trojan-activity;sid:84144958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281859/; classtype:trojan-activity;sid:84144959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281860/; classtype:trojan-activity;sid:84144960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281861/; classtype:trojan-activity;sid:84144961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281862/; classtype:trojan-activity;sid:84144962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/6t3ceailty3thsmdpjyuwlfmmth2e6g62t"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281863/; classtype:trojan-activity;sid:84144963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281864/; classtype:trojan-activity;sid:84144964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1ubfpoapeqpmb0ineqy3tyebryniffb9jz"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281865/; classtype:trojan-activity;sid:84144965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"91.149.233.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281866/; classtype:trojan-activity;sid:84144966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"37.114.41.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281867/; classtype:trojan-activity;sid:84144967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281868/; classtype:trojan-activity;sid:84144968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281843/; classtype:trojan-activity;sid:84144943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gomips"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281844/; classtype:trojan-activity;sid:84144944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i2jngheiqplla85uguycz6cfgj8m4whgv8"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281845/; classtype:trojan-activity;sid:84144945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281846/; classtype:trojan-activity;sid:84144946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281847/; classtype:trojan-activity;sid:84144947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hzz5w3walb34jsuengmhxqfgjsjaevigih"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281848/; classtype:trojan-activity;sid:84144948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1i95jaoueajwv6rkqkmrd4hxp8ghc3gg1j"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281849/; classtype:trojan-activity;sid:84144949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281850/; classtype:trojan-activity;sid:84144950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281851/; classtype:trojan-activity;sid:84144951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm6"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281852/; classtype:trojan-activity;sid:84144952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xvmwbbkro5e7btmayjo0j3qn9wl8eaa9dd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281853/; classtype:trojan-activity;sid:84144953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5n"; depth:12; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281835/; classtype:trojan-activity;sid:84144935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281836/; classtype:trojan-activity;sid:84144936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281837/; classtype:trojan-activity;sid:84144937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gppc"; depth:5; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281838/; classtype:trojan-activity;sid:84144938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smpsl"; depth:6; endswith; nocase; http.host; content:"154.216.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281839/; classtype:trojan-activity;sid:84144939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281840/; classtype:trojan-activity;sid:84144940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281841/; classtype:trojan-activity;sid:84144941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281842/; classtype:trojan-activity;sid:84144942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ounec8ipseghxnitfzjqjc3lhuxkzx24bn"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281828/; classtype:trojan-activity;sid:84144928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281829/; classtype:trojan-activity;sid:84144929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281830/; classtype:trojan-activity;sid:84144930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ugsuphsrqyyncrgrirvmeuft48khgw6tzd"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281831/; classtype:trojan-activity;sid:84144931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281832/; classtype:trojan-activity;sid:84144932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"176.124.222.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281833/; classtype:trojan-activity;sid:84144933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"154.7.253.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281834/; classtype:trojan-activity;sid:84144934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wxgzxffsj7ai1hidxc6sfao1pojjmqcbse"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281826/; classtype:trojan-activity;sid:84144926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281827/; classtype:trojan-activity;sid:84144927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281810/; classtype:trojan-activity;sid:84144910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281811/; classtype:trojan-activity;sid:84144911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281812/; classtype:trojan-activity;sid:84144912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281813/; classtype:trojan-activity;sid:84144913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281814/; classtype:trojan-activity;sid:84144914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281815/; classtype:trojan-activity;sid:84144915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281816/; classtype:trojan-activity;sid:84144916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c934nl5ujemy0jlgy0bqcl2uh1xjtuojbw"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281817/; classtype:trojan-activity;sid:84144917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm7"; depth:6; endswith; nocase; http.host; content:"154.216.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281818/; classtype:trojan-activity;sid:84144918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281819/; classtype:trojan-activity;sid:84144919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281820/; classtype:trojan-activity;sid:84144920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281821/; classtype:trojan-activity;sid:84144921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281822/; classtype:trojan-activity;sid:84144922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm6"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281823/; classtype:trojan-activity;sid:84144923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wn3whhsfo6hjxynbfkxa62txkas15ueloj"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281824/; classtype:trojan-activity;sid:84144924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wojdeiuzbefslxjha7xlm44icqeondtbic"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281825/; classtype:trojan-activity;sid:84144925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm6"; depth:6; endswith; nocase; http.host; content:"154.216.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281800/; classtype:trojan-activity;sid:84144900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm"; depth:5; endswith; nocase; http.host; content:"154.216.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281801/; classtype:trojan-activity;sid:84144901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281802/; classtype:trojan-activity;sid:84144902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrsh4"; depth:6; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281803/; classtype:trojan-activity;sid:84144903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrarm7"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281804/; classtype:trojan-activity;sid:84144904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281805/; classtype:trojan-activity;sid:84144905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm5"; depth:6; endswith; nocase; http.host; content:"154.216.17.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281806/; classtype:trojan-activity;sid:84144906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"154.216.17.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281807/; classtype:trojan-activity;sid:84144907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"31.172.87.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281808/; classtype:trojan-activity;sid:84144908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm7"; depth:7; endswith; nocase; http.host; content:"154.216.17.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281809/; classtype:trojan-activity;sid:84144909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"199.231.191.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281799/; classtype:trojan-activity;sid:84144899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/z9bhzl7dhaqdiwqwuy4h8ontbeuwhuektn"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281797/; classtype:trojan-activity;sid:84144897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/95npljk0dnsmleigvwluhcxxsmqajiybw1"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281798/; classtype:trojan-activity;sid:84144898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ey5y3k3imj403uiifjvhngaw1ns9b0dmb2"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281795/; classtype:trojan-activity;sid:84144895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xzd7nbtgcezvecil2u52a3jpvfmd5gnl5r"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281796/; classtype:trojan-activity;sid:84144896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/un1ygtjbniyjqsyfddqehstavmg3nxgrvg"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281794/; classtype:trojan-activity;sid:84144894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sbhziim26ykluh3yrdpambgaef5tikufvv"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281789/; classtype:trojan-activity;sid:84144889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h5tlfwakdmr6fgajo7wzvg1uf5xlyt23sq"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281790/; classtype:trojan-activity;sid:84144890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vuynq1il0aomh7rqdxmfcsrna1hgmzr95x"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281791/; classtype:trojan-activity;sid:84144891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iz1ua0xcimhzd4yxci4wyspfbbrcuj9ipf"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281792/; classtype:trojan-activity;sid:84144892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qx035jbhbwrncf1u1fdqa0rsgehggaip4s"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281793/; classtype:trojan-activity;sid:84144893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.208.10.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281788/; classtype:trojan-activity;sid:84144888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.230.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281787/; classtype:trojan-activity;sid:84144887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.176.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281785/; classtype:trojan-activity;sid:84144885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.54.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281786/; classtype:trojan-activity;sid:84144886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281784/; classtype:trojan-activity;sid:84144884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.168.225.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281783/; classtype:trojan-activity;sid:84144883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281781/; classtype:trojan-activity;sid:84144881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.239.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281782/; classtype:trojan-activity;sid:84144882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.185.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281780/; classtype:trojan-activity;sid:84144880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281779/; classtype:trojan-activity;sid:84144879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281778/; classtype:trojan-activity;sid:84144878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281777/; classtype:trojan-activity;sid:84144877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281775/; classtype:trojan-activity;sid:84144875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281776/; classtype:trojan-activity;sid:84144876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281774/; classtype:trojan-activity;sid:84144874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281772/; classtype:trojan-activity;sid:84144872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281773/; classtype:trojan-activity;sid:84144873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.50.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281771/; classtype:trojan-activity;sid:84144871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.129.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281770/; classtype:trojan-activity;sid:84144870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.113.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281769/; classtype:trojan-activity;sid:84144869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281767/; classtype:trojan-activity;sid:84144867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.201.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281768/; classtype:trojan-activity;sid:84144868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281766/; classtype:trojan-activity;sid:84144866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.139.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281764/; classtype:trojan-activity;sid:84144864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.185.228.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281765/; classtype:trojan-activity;sid:84144865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.26.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281763/; classtype:trojan-activity;sid:84144863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.239.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281762/; classtype:trojan-activity;sid:84144862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/encryptor.exe"; depth:14; endswith; nocase; http.host; content:"165.227.174.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281761/; classtype:trojan-activity;sid:84144861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.54.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281757/; classtype:trojan-activity;sid:84144857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.exe"; depth:8; endswith; nocase; http.host; content:"165.227.174.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281758/; classtype:trojan-activity;sid:84144858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/src/release/bot.exe"; depth:20; endswith; nocase; http.host; content:"165.227.174.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281759/; classtype:trojan-activity;sid:84144859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/src/release/encryptor.exe"; depth:26; endswith; nocase; http.host; content:"165.227.174.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281760/; classtype:trojan-activity;sid:84144860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281756/; classtype:trojan-activity;sid:84144856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.38.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281755/; classtype:trojan-activity;sid:84144855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.78.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281754/; classtype:trojan-activity;sid:84144854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281753/; classtype:trojan-activity;sid:84144853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.174.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281752/; classtype:trojan-activity;sid:84144852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281751/; classtype:trojan-activity;sid:84144851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.12.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281750/; classtype:trojan-activity;sid:84144850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/711/givemebestloverwhotrulylovemewithanllmyheartsheisgood.tif"; depth:62; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281749/; classtype:trojan-activity;sid:84144849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.10.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281748/; classtype:trojan-activity;sid:84144848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.29.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281747/; classtype:trojan-activity;sid:84144847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.195.238.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281746/; classtype:trojan-activity;sid:84144846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281745/; classtype:trojan-activity;sid:84144845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/455/seethemagicalthingswithgreatthingswithgoodnewsme.tif"; depth:57; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281744/; classtype:trojan-activity;sid:84144844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.129.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281743/; classtype:trojan-activity;sid:84144843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.239.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281742/; classtype:trojan-activity;sid:84144842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.50.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281741/; classtype:trojan-activity;sid:84144841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.211.69.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281740/; classtype:trojan-activity;sid:84144840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcace648038981df/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281739/; classtype:trojan-activity;sid:84144839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcace648038981df/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281738/; classtype:trojan-activity;sid:84144838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcace648038981df/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"95.215.204.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281736/; classtype:trojan-activity;sid:84144836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcace648038981df/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281737/; classtype:trojan-activity;sid:84144837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcace648038981df/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281733/; classtype:trojan-activity;sid:84144833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcace648038981df/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281734/; classtype:trojan-activity;sid:84144834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcace648038981df/nss3.dll"; depth:26; endswith; nocase; http.host; content:"95.215.204.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281735/; classtype:trojan-activity;sid:84144835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.239.91.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281732/; classtype:trojan-activity;sid:84144832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.156.143.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281731/; classtype:trojan-activity;sid:84144831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281729/; classtype:trojan-activity;sid:84144829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shs"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281730/; classtype:trojan-activity;sid:84144830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281726/; classtype:trojan-activity;sid:84144826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opt"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281727/; classtype:trojan-activity;sid:84144827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281728/; classtype:trojan-activity;sid:84144828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oo7n0s.txt"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281725/; classtype:trojan-activity;sid:84144825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.147.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281724/; classtype:trojan-activity;sid:84144824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivexzj.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281721/; classtype:trojan-activity;sid:84144821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igjq09.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281722/; classtype:trojan-activity;sid:84144822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7djxb3.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281723/; classtype:trojan-activity;sid:84144823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5jyzwv.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281720/; classtype:trojan-activity;sid:84144820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7uwuq1.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281719/; classtype:trojan-activity;sid:84144819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7god79.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281716/; classtype:trojan-activity;sid:84144816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acg3ql.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281717/; classtype:trojan-activity;sid:84144817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrrao1.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281718/; classtype:trojan-activity;sid:84144818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lki6w8.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281715/; classtype:trojan-activity;sid:84144815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281704/; classtype:trojan-activity;sid:84144804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281705/; classtype:trojan-activity;sid:84144805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281706/; classtype:trojan-activity;sid:84144806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281707/; classtype:trojan-activity;sid:84144807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/ppc"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281708/; classtype:trojan-activity;sid:84144808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281709/; classtype:trojan-activity;sid:84144809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.76.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281710/; classtype:trojan-activity;sid:84144810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281711/; classtype:trojan-activity;sid:84144811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/vc/seethegoodthingswhicgivenyoubest.hta"; depth:44; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281712/; classtype:trojan-activity;sid:84144812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"147.45.42.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281713/; classtype:trojan-activity;sid:84144813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/spc"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281682/; classtype:trojan-activity;sid:84144782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281683/; classtype:trojan-activity;sid:84144783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281684/; classtype:trojan-activity;sid:84144784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281685/; classtype:trojan-activity;sid:84144785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wg.sh"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281686/; classtype:trojan-activity;sid:84144786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281687/; classtype:trojan-activity;sid:84144787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281688/; classtype:trojan-activity;sid:84144788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/sh4"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281689/; classtype:trojan-activity;sid:84144789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281690/; classtype:trojan-activity;sid:84144790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/x86"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281691/; classtype:trojan-activity;sid:84144791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281692/; classtype:trojan-activity;sid:84144792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281693/; classtype:trojan-activity;sid:84144793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wag"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281694/; classtype:trojan-activity;sid:84144794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmr"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281695/; classtype:trojan-activity;sid:84144795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/m68k"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281696/; classtype:trojan-activity;sid:84144796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281697/; classtype:trojan-activity;sid:84144797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281698/; classtype:trojan-activity;sid:84144798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281699/; classtype:trojan-activity;sid:84144799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281700/; classtype:trojan-activity;sid:84144800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281701/; classtype:trojan-activity;sid:84144801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281702/; classtype:trojan-activity;sid:84144802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdt"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281703/; classtype:trojan-activity;sid:84144803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281681/; classtype:trojan-activity;sid:84144781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281680/; classtype:trojan-activity;sid:84144780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.174.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281679/; classtype:trojan-activity;sid:84144779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281643/; classtype:trojan-activity;sid:84144743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281644/; classtype:trojan-activity;sid:84144744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm7"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281645/; classtype:trojan-activity;sid:84144745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281646/; classtype:trojan-activity;sid:84144746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/ppc"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281647/; classtype:trojan-activity;sid:84144747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281648/; classtype:trojan-activity;sid:84144748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281649/; classtype:trojan-activity;sid:84144749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/sh4"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281650/; classtype:trojan-activity;sid:84144750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281651/; classtype:trojan-activity;sid:84144751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281652/; classtype:trojan-activity;sid:84144752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/mips"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281653/; classtype:trojan-activity;sid:84144753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm7"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281654/; classtype:trojan-activity;sid:84144754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/x86"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281655/; classtype:trojan-activity;sid:84144755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281656/; classtype:trojan-activity;sid:84144756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mag"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281657/; classtype:trojan-activity;sid:84144757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/mips"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281658/; classtype:trojan-activity;sid:84144758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm6"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281659/; classtype:trojan-activity;sid:84144759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.119.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281660/; classtype:trojan-activity;sid:84144760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281661/; classtype:trojan-activity;sid:84144761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li/"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281662/; classtype:trojan-activity;sid:84144762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281663/; classtype:trojan-activity;sid:84144763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/mpsl"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281664/; classtype:trojan-activity;sid:84144764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281665/; classtype:trojan-activity;sid:84144765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/m68k"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281666/; classtype:trojan-activity;sid:84144766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281667/; classtype:trojan-activity;sid:84144767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/mpsl"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281668/; classtype:trojan-activity;sid:84144768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281669/; classtype:trojan-activity;sid:84144769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281670/; classtype:trojan-activity;sid:84144770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm5"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281671/; classtype:trojan-activity;sid:84144771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm6"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281672/; classtype:trojan-activity;sid:84144772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281673/; classtype:trojan-activity;sid:84144773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281674/; classtype:trojan-activity;sid:84144774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281675/; classtype:trojan-activity;sid:84144775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm7/"; depth:9; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281676/; classtype:trojan-activity;sid:84144776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/spc"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281677/; classtype:trojan-activity;sid:84144777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm5"; depth:8; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281678/; classtype:trojan-activity;sid:84144778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpsl"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281634/; classtype:trojan-activity;sid:84144734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm5"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281635/; classtype:trojan-activity;sid:84144735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmips"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281636/; classtype:trojan-activity;sid:84144736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm5"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281637/; classtype:trojan-activity;sid:84144737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/create.py"; depth:10; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281638/; classtype:trojan-activity;sid:84144738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281639/; classtype:trojan-activity;sid:84144739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm4"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281640/; classtype:trojan-activity;sid:84144740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm7"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281641/; classtype:trojan-activity;sid:84144741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tppc"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281642/; classtype:trojan-activity;sid:84144742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281613/; classtype:trojan-activity;sid:84144713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281614/; classtype:trojan-activity;sid:84144714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281615/; classtype:trojan-activity;sid:84144715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281616/; classtype:trojan-activity;sid:84144716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281617/; classtype:trojan-activity;sid:84144717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281618/; classtype:trojan-activity;sid:84144718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281619/; classtype:trojan-activity;sid:84144719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asd"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281620/; classtype:trojan-activity;sid:84144720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7/"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281621/; classtype:trojan-activity;sid:84144721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281622/; classtype:trojan-activity;sid:84144722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281623/; classtype:trojan-activity;sid:84144723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281624/; classtype:trojan-activity;sid:84144724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281625/; classtype:trojan-activity;sid:84144725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281626/; classtype:trojan-activity;sid:84144726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281627/; classtype:trojan-activity;sid:84144727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281628/; classtype:trojan-activity;sid:84144728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281629/; classtype:trojan-activity;sid:84144729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmips"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281630/; classtype:trojan-activity;sid:84144730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.87.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281631/; classtype:trojan-activity;sid:84144731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm6"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281632/; classtype:trojan-activity;sid:84144732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281633/; classtype:trojan-activity;sid:84144733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boatnet.mpsl"; depth:13; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281612/; classtype:trojan-activity;sid:84144712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan"; depth:6; endswith; nocase; http.host; content:"8.219.63.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281611/; classtype:trojan-activity;sid:84144711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.bin"; depth:8; endswith; nocase; http.host; content:"8.219.63.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281610/; classtype:trojan-activity;sid:84144710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.197.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281609/; classtype:trojan-activity;sid:84144709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syn/api-ms-win-core-util-l1-1-0.dll"; depth:36; endswith; nocase; http.host; content:"45.95.214.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281607/; classtype:trojan-activity;sid:84144707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0.jpg"; depth:6; endswith; nocase; http.host; content:"49.235.166.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281608/; classtype:trojan-activity;sid:84144708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bso7pc4leiemwdv.ps1"; depth:20; endswith; nocase; http.host; content:"84.247.147.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281604/; classtype:trojan-activity;sid:84144704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y12kaj.lzh"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281605/; classtype:trojan-activity;sid:84144705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cleanborg/quote_4847_general_techs_llc.rar"; depth:43; endswith; nocase; http.host; content:"websutility.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281606/; classtype:trojan-activity;sid:84144706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syntax.dll"; depth:11; endswith; nocase; http.host; content:"45.95.214.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281601/; classtype:trojan-activity;sid:84144701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s18/rmpaezelariwqvixpgtx.zip"; depth:29; endswith; nocase; http.host; content:"small.fileditchstuff.me"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281602/; classtype:trojan-activity;sid:84144702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0311/x1zadjlpndvykembsf6i.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281603/; classtype:trojan-activity;sid:84144703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.85.196.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281600/; classtype:trojan-activity;sid:84144700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secondarybackup.exe"; depth:20; endswith; nocase; http.host; content:"213.252.247.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281599/; classtype:trojan-activity;sid:84144699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281598/; classtype:trojan-activity;sid:84144698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281597/; classtype:trojan-activity;sid:84144697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281596/; classtype:trojan-activity;sid:84144696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281595/; classtype:trojan-activity;sid:84144695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281594/; classtype:trojan-activity;sid:84144694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/27.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281593/; classtype:trojan-activity;sid:84144693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281592/; classtype:trojan-activity;sid:84144692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281591/; classtype:trojan-activity;sid:84144691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281590/; classtype:trojan-activity;sid:84144690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281588/; classtype:trojan-activity;sid:84144688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281589/; classtype:trojan-activity;sid:84144689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281587/; classtype:trojan-activity;sid:84144687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281586/; classtype:trojan-activity;sid:84144686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thanksforusingourwebsite/serv/downloads/248364651.exe"; depth:54; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281585/; classtype:trojan-activity;sid:84144685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68-new.txt"; depth:11; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281584/; classtype:trojan-activity;sid:84144684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281583/; classtype:trojan-activity;sid:84144683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281582/; classtype:trojan-activity;sid:84144682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281581/; classtype:trojan-activity;sid:84144681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281580/; classtype:trojan-activity;sid:84144680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.exe"; depth:7; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281579/; classtype:trojan-activity;sid:84144679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maxz/update/client/client.exe.zip"; depth:34; endswith; nocase; http.host; content:"103.174.191.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maxz/update/client/dsetup.dll.zip"; depth:34; endswith; nocase; http.host; content:"103.174.191.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yg-maxz.exe"; depth:12; endswith; nocase; http.host; content:"yulgangweb.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281576/; classtype:trojan-activity;sid:84144676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.17.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281575/; classtype:trojan-activity;sid:84144675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"154.216.17.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281574/; classtype:trojan-activity;sid:84144674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"154.216.17.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281573/; classtype:trojan-activity;sid:84144673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.38.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281572/; classtype:trojan-activity;sid:84144672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"154.216.17.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281571/; classtype:trojan-activity;sid:84144671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clean"; depth:6; endswith; nocase; http.host; content:"154.216.17.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281569/; classtype:trojan-activity;sid:84144669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1x18ggpfz6_exwdkczo0j1scpwguwda9a|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281570/; classtype:trojan-activity;sid:84144670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.i686"; depth:15; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281565/; classtype:trojan-activity;sid:84144665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.25.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281566/; classtype:trojan-activity;sid:84144666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.mpsl"; depth:15; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281567/; classtype:trojan-activity;sid:84144667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.arm"; depth:14; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281568/; classtype:trojan-activity;sid:84144668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.29.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281564/; classtype:trojan-activity;sid:84144664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.arm6"; depth:15; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281558/; classtype:trojan-activity;sid:84144658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.spc"; depth:14; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281559/; classtype:trojan-activity;sid:84144659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.m68k"; depth:15; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281560/; classtype:trojan-activity;sid:84144660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.sh4"; depth:14; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281561/; classtype:trojan-activity;sid:84144661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.arm5"; depth:15; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281562/; classtype:trojan-activity;sid:84144662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.arm7"; depth:15; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281563/; classtype:trojan-activity;sid:84144663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281557/; classtype:trojan-activity;sid:84144657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.32.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281556/; classtype:trojan-activity;sid:84144656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.101.51.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281555/; classtype:trojan-activity;sid:84144655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.5.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281553/; classtype:trojan-activity;sid:84144653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.176.107.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281554/; classtype:trojan-activity;sid:84144654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.223.129.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281552/; classtype:trojan-activity;sid:84144652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.47.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281551/; classtype:trojan-activity;sid:84144651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.205.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281550/; classtype:trojan-activity;sid:84144650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.230.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281549/; classtype:trojan-activity;sid:84144649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.239.91.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281548/; classtype:trojan-activity;sid:84144648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.44.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281547/; classtype:trojan-activity;sid:84144647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.208.10.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281546/; classtype:trojan-activity;sid:84144646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.168.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281545/; classtype:trojan-activity;sid:84144645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.244.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281544/; classtype:trojan-activity;sid:84144644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.119.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281543/; classtype:trojan-activity;sid:84144643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.250.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281542/; classtype:trojan-activity;sid:84144642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.109.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281541/; classtype:trojan-activity;sid:84144641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.25.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281540/; classtype:trojan-activity;sid:84144640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.57.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281538/; classtype:trojan-activity;sid:84144638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281539/; classtype:trojan-activity;sid:84144639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.0.90"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281537/; classtype:trojan-activity;sid:84144637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.31.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281536/; classtype:trojan-activity;sid:84144636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.205.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281535/; classtype:trojan-activity;sid:84144635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.85.196.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281534/; classtype:trojan-activity;sid:84144634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.11.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281533/; classtype:trojan-activity;sid:84144633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.26.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281532/; classtype:trojan-activity;sid:84144632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.95.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281531/; classtype:trojan-activity;sid:84144631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.167.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281530/; classtype:trojan-activity;sid:84144630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.97.200.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281529/; classtype:trojan-activity;sid:84144629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.121.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281528/; classtype:trojan-activity;sid:84144628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.63.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281527/; classtype:trojan-activity;sid:84144627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.157.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281526/; classtype:trojan-activity;sid:84144626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.0.90"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281524/; classtype:trojan-activity;sid:84144624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.176.107.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281525/; classtype:trojan-activity;sid:84144625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.44.194"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281523/; classtype:trojan-activity;sid:84144623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.37.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281522/; classtype:trojan-activity;sid:84144622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.57.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281520/; classtype:trojan-activity;sid:84144620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.109.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281521/; classtype:trojan-activity;sid:84144621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281519/; classtype:trojan-activity;sid:84144619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281518/; classtype:trojan-activity;sid:84144618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.161.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281517/; classtype:trojan-activity;sid:84144617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281516/; classtype:trojan-activity;sid:84144616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.31.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281515/; classtype:trojan-activity;sid:84144615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.11.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281514/; classtype:trojan-activity;sid:84144614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.162.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281513/; classtype:trojan-activity;sid:84144613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.83.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281511/; classtype:trojan-activity;sid:84144611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.152.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281512/; classtype:trojan-activity;sid:84144612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.150.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281510/; classtype:trojan-activity;sid:84144610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.22.21.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281509/; classtype:trojan-activity;sid:84144609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.170.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281508/; classtype:trojan-activity;sid:84144608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281507/; classtype:trojan-activity;sid:84144607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.62.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281506/; classtype:trojan-activity;sid:84144606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.78.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281501/; classtype:trojan-activity;sid:84144601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.216.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281502/; classtype:trojan-activity;sid:84144602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.97.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281503/; classtype:trojan-activity;sid:84144603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.73.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281504/; classtype:trojan-activity;sid:84144604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.140.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281505/; classtype:trojan-activity;sid:84144605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.77.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281500/; classtype:trojan-activity;sid:84144600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.211.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281499/; classtype:trojan-activity;sid:84144599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.5.10.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281498/; classtype:trojan-activity;sid:84144598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.37.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281497/; classtype:trojan-activity;sid:84144597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/camp.x86"; depth:14; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281495/; classtype:trojan-activity;sid:84144595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.156.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281496/; classtype:trojan-activity;sid:84144596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.12.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281494/; classtype:trojan-activity;sid:84144594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.230.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281493/; classtype:trojan-activity;sid:84144593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.174.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281492/; classtype:trojan-activity;sid:84144592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.39.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281491/; classtype:trojan-activity;sid:84144591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.104.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281490/; classtype:trojan-activity;sid:84144590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.108.89.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281489/; classtype:trojan-activity;sid:84144589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.76.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281488/; classtype:trojan-activity;sid:84144588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.234.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281487/; classtype:trojan-activity;sid:84144587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.105.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281486/; classtype:trojan-activity;sid:84144586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281484/; classtype:trojan-activity;sid:84144584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.156.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281485/; classtype:trojan-activity;sid:84144585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.216.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281483/; classtype:trojan-activity;sid:84144583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.199.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281482/; classtype:trojan-activity;sid:84144582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281481/; classtype:trojan-activity;sid:84144581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.87.33.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281480/; classtype:trojan-activity;sid:84144580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.110.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281479/; classtype:trojan-activity;sid:84144579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.55.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281478/; classtype:trojan-activity;sid:84144578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.214.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281476/; classtype:trojan-activity;sid:84144576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.113.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281477/; classtype:trojan-activity;sid:84144577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.113.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281475/; classtype:trojan-activity;sid:84144575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.117.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281474/; classtype:trojan-activity;sid:84144574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.140.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281473/; classtype:trojan-activity;sid:84144573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281472/; classtype:trojan-activity;sid:84144572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.205.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281471/; classtype:trojan-activity;sid:84144571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.18.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281470/; classtype:trojan-activity;sid:84144570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.55.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281469/; classtype:trojan-activity;sid:84144569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.176.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281468/; classtype:trojan-activity;sid:84144568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.156.50.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281465/; classtype:trojan-activity;sid:84144565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.221.46.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281466/; classtype:trojan-activity;sid:84144566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.85.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281467/; classtype:trojan-activity;sid:84144567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.x86"; depth:12; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281462/; classtype:trojan-activity;sid:84144562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.spc"; depth:12; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281463/; classtype:trojan-activity;sid:84144563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281464/; classtype:trojan-activity;sid:84144564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.128.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281461/; classtype:trojan-activity;sid:84144561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281460/; classtype:trojan-activity;sid:84144560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281451/; classtype:trojan-activity;sid:84144551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281452/; classtype:trojan-activity;sid:84144552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mips"; depth:13; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281453/; classtype:trojan-activity;sid:84144553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281454/; classtype:trojan-activity;sid:84144554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281455/; classtype:trojan-activity;sid:84144555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm"; depth:12; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281456/; classtype:trojan-activity;sid:84144556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281457/; classtype:trojan-activity;sid:84144557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281458/; classtype:trojan-activity;sid:84144558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281459/; classtype:trojan-activity;sid:84144559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281449/; classtype:trojan-activity;sid:84144549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281450/; classtype:trojan-activity;sid:84144550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281447/; classtype:trojan-activity;sid:84144547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281448/; classtype:trojan-activity;sid:84144548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.126.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281446/; classtype:trojan-activity;sid:84144546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.110.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281445/; classtype:trojan-activity;sid:84144545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281444/; classtype:trojan-activity;sid:84144544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.216.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281442/; classtype:trojan-activity;sid:84144542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.50.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281443/; classtype:trojan-activity;sid:84144543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281441/; classtype:trojan-activity;sid:84144541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.6.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281440/; classtype:trojan-activity;sid:84144540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.166.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281438/; classtype:trojan-activity;sid:84144538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.199.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281439/; classtype:trojan-activity;sid:84144539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281437/; classtype:trojan-activity;sid:84144537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.36.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281436/; classtype:trojan-activity;sid:84144536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.113.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281435/; classtype:trojan-activity;sid:84144535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.170.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281434/; classtype:trojan-activity;sid:84144534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.51.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281433/; classtype:trojan-activity;sid:84144533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.113.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281432/; classtype:trojan-activity;sid:84144532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.97.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281431/; classtype:trojan-activity;sid:84144531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.214.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281430/; classtype:trojan-activity;sid:84144530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.11.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281429/; classtype:trojan-activity;sid:84144529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.24.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281428/; classtype:trojan-activity;sid:84144528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281427/; classtype:trojan-activity;sid:84144527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.102.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281426/; classtype:trojan-activity;sid:84144526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.102.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281424/; classtype:trojan-activity;sid:84144524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.8.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281425/; classtype:trojan-activity;sid:84144525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.216.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281423/; classtype:trojan-activity;sid:84144523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.84.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281422/; classtype:trojan-activity;sid:84144522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.6.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281421/; classtype:trojan-activity;sid:84144521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.164.60.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281419/; classtype:trojan-activity;sid:84144519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.40.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281420/; classtype:trojan-activity;sid:84144520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.68.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281418/; classtype:trojan-activity;sid:84144518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.210.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281417/; classtype:trojan-activity;sid:84144517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irc/bot666"; depth:11; endswith; nocase; http.host; content:"94.156.104.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281416/; classtype:trojan-activity;sid:84144516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.194.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281414/; classtype:trojan-activity;sid:84144514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"46.100.63.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281415/; classtype:trojan-activity;sid:84144515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281412/; classtype:trojan-activity;sid:84144512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281413/; classtype:trojan-activity;sid:84144513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.174.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281411/; classtype:trojan-activity;sid:84144511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.143.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281410/; classtype:trojan-activity;sid:84144510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281409/; classtype:trojan-activity;sid:84144509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.51.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281408/; classtype:trojan-activity;sid:84144508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.38.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281407/; classtype:trojan-activity;sid:84144507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.97.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281406/; classtype:trojan-activity;sid:84144506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.24.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281405/; classtype:trojan-activity;sid:84144505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.82.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281404/; classtype:trojan-activity;sid:84144504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.150.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281403/; classtype:trojan-activity;sid:84144503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.162.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281402/; classtype:trojan-activity;sid:84144502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281401/; classtype:trojan-activity;sid:84144501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.20.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281399/; classtype:trojan-activity;sid:84144499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.108.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281400/; classtype:trojan-activity;sid:84144500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281397/; classtype:trojan-activity;sid:84144497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"37.230.62.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281398/; classtype:trojan-activity;sid:84144498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.170.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281396/; classtype:trojan-activity;sid:84144496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.223.160.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281395/; classtype:trojan-activity;sid:84144495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.102.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281394/; classtype:trojan-activity;sid:84144494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.50.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281393/; classtype:trojan-activity;sid:84144493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.152.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281392/; classtype:trojan-activity;sid:84144492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.41.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281391/; classtype:trojan-activity;sid:84144491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.221.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281390/; classtype:trojan-activity;sid:84144490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.247.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281389/; classtype:trojan-activity;sid:84144489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281386/; classtype:trojan-activity;sid:84144486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.135.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281387/; classtype:trojan-activity;sid:84144487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.3.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281388/; classtype:trojan-activity;sid:84144488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.76.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281385/; classtype:trojan-activity;sid:84144485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.161.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281384/; classtype:trojan-activity;sid:84144484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.168.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281383/; classtype:trojan-activity;sid:84144483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.5.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281381/; classtype:trojan-activity;sid:84144481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.42.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281382/; classtype:trojan-activity;sid:84144482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.68.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281380/; classtype:trojan-activity;sid:84144480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.90.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281379/; classtype:trojan-activity;sid:84144479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.59.8.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281378/; classtype:trojan-activity;sid:84144478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281377/; classtype:trojan-activity;sid:84144477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.138.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281376/; classtype:trojan-activity;sid:84144476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.74.151.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281375/; classtype:trojan-activity;sid:84144475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.204.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281374/; classtype:trojan-activity;sid:84144474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.66.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281373/; classtype:trojan-activity;sid:84144473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.205.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281371/; classtype:trojan-activity;sid:84144471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281372/; classtype:trojan-activity;sid:84144472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.121.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281370/; classtype:trojan-activity;sid:84144470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.164.60.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281369/; classtype:trojan-activity;sid:84144469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281368/; classtype:trojan-activity;sid:84144468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.162.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281367/; classtype:trojan-activity;sid:84144467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.183.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281366/; classtype:trojan-activity;sid:84144466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.217.151.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281365/; classtype:trojan-activity;sid:84144465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.225.52.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281364/; classtype:trojan-activity;sid:84144464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.60.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281363/; classtype:trojan-activity;sid:84144463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.225.52.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281362/; classtype:trojan-activity;sid:84144462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281360/; classtype:trojan-activity;sid:84144460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.31.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281361/; classtype:trojan-activity;sid:84144461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.28.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281359/; classtype:trojan-activity;sid:84144459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.108.30.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281358/; classtype:trojan-activity;sid:84144458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.135.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281357/; classtype:trojan-activity;sid:84144457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.132.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281356/; classtype:trojan-activity;sid:84144456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.118.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281355/; classtype:trojan-activity;sid:84144455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281354/; classtype:trojan-activity;sid:84144454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.66.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281353/; classtype:trojan-activity;sid:84144453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.182.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281352/; classtype:trojan-activity;sid:84144452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.22.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281351/; classtype:trojan-activity;sid:84144451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.113.164.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281350/; classtype:trojan-activity;sid:84144450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.90.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281349/; classtype:trojan-activity;sid:84144449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281348/; classtype:trojan-activity;sid:84144448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.75.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281347/; classtype:trojan-activity;sid:84144447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.66.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281346/; classtype:trojan-activity;sid:84144446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281345/; classtype:trojan-activity;sid:84144445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.91.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281344/; classtype:trojan-activity;sid:84144444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.243.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281343/; classtype:trojan-activity;sid:84144443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.110.124.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281342/; classtype:trojan-activity;sid:84144442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.205.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281340/; classtype:trojan-activity;sid:84144440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.179.230.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281341/; classtype:trojan-activity;sid:84144441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.32.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281339/; classtype:trojan-activity;sid:84144439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.39.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281337/; classtype:trojan-activity;sid:84144437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.101.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281338/; classtype:trojan-activity;sid:84144438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.28.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281336/; classtype:trojan-activity;sid:84144436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.28.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281335/; classtype:trojan-activity;sid:84144435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.178.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281334/; classtype:trojan-activity;sid:84144434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.60.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281333/; classtype:trojan-activity;sid:84144433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.234.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281332/; classtype:trojan-activity;sid:84144432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.28.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281331/; classtype:trojan-activity;sid:84144431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.22.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281330/; classtype:trojan-activity;sid:84144430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.11.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281329/; classtype:trojan-activity;sid:84144429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.220.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281328/; classtype:trojan-activity;sid:84144428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281327/; classtype:trojan-activity;sid:84144427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.196.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281326/; classtype:trojan-activity;sid:84144426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.167.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281325/; classtype:trojan-activity;sid:84144425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.161.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281324/; classtype:trojan-activity;sid:84144424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.67.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281323/; classtype:trojan-activity;sid:84144423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.91.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281322/; classtype:trojan-activity;sid:84144422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.27.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281320/; classtype:trojan-activity;sid:84144420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.20.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281321/; classtype:trojan-activity;sid:84144421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.126.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281319/; classtype:trojan-activity;sid:84144419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.129.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281318/; classtype:trojan-activity;sid:84144418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281317/; classtype:trojan-activity;sid:84144417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.147.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281316/; classtype:trojan-activity;sid:84144416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.24.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281314/; classtype:trojan-activity;sid:84144414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.25.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281315/; classtype:trojan-activity;sid:84144415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.190.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281313/; classtype:trojan-activity;sid:84144413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.52.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281312/; classtype:trojan-activity;sid:84144412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.205.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281311/; classtype:trojan-activity;sid:84144411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.18.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281309/; classtype:trojan-activity;sid:84144409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281310/; classtype:trojan-activity;sid:84144410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.220.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281308/; classtype:trojan-activity;sid:84144408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.242.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281307/; classtype:trojan-activity;sid:84144407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.190.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281304/; classtype:trojan-activity;sid:84144404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.169.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281305/; classtype:trojan-activity;sid:84144405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.217.151.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281306/; classtype:trojan-activity;sid:84144406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281303/; classtype:trojan-activity;sid:84144403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.40.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281299/; classtype:trojan-activity;sid:84144399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.187.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281300/; classtype:trojan-activity;sid:84144400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.164.116.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281301/; classtype:trojan-activity;sid:84144401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.225.70.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281302/; classtype:trojan-activity;sid:84144402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.99.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281297/; classtype:trojan-activity;sid:84144397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.254.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281298/; classtype:trojan-activity;sid:84144398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.29.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281296/; classtype:trojan-activity;sid:84144396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.254.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281295/; classtype:trojan-activity;sid:84144395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281293/; classtype:trojan-activity;sid:84144393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.84.213.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281294/; classtype:trojan-activity;sid:84144394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.147.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281292/; classtype:trojan-activity;sid:84144392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281291/; classtype:trojan-activity;sid:84144391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.225.92.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281290/; classtype:trojan-activity;sid:84144390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.255.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281289/; classtype:trojan-activity;sid:84144389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.157.251.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281288/; classtype:trojan-activity;sid:84144388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.110.7.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281287/; classtype:trojan-activity;sid:84144387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.173.231.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281286/; classtype:trojan-activity;sid:84144386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281285/; classtype:trojan-activity;sid:84144385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.190.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281284/; classtype:trojan-activity;sid:84144384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.18.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281283/; classtype:trojan-activity;sid:84144383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.254.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281282/; classtype:trojan-activity;sid:84144382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.104.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281281/; classtype:trojan-activity;sid:84144381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.122.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281280/; classtype:trojan-activity;sid:84144380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.239.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281279/; classtype:trojan-activity;sid:84144379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nok/x86"; depth:8; endswith; nocase; http.host; content:"87.121.112.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281278/; classtype:trojan-activity;sid:84144378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.244.122.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281277/; classtype:trojan-activity;sid:84144377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281276/; classtype:trojan-activity;sid:84144376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.112.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281275/; classtype:trojan-activity;sid:84144375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.169.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281274/; classtype:trojan-activity;sid:84144374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281273/; classtype:trojan-activity;sid:84144373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.107.158.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281272/; classtype:trojan-activity;sid:84144372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.110.7.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281271/; classtype:trojan-activity;sid:84144371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.199.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281270/; classtype:trojan-activity;sid:84144370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.25.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281269/; classtype:trojan-activity;sid:84144369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.239.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281268/; classtype:trojan-activity;sid:84144368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.128.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281267/; classtype:trojan-activity;sid:84144367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281266/; classtype:trojan-activity;sid:84144366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.156.200.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281264/; classtype:trojan-activity;sid:84144364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.173.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281265/; classtype:trojan-activity;sid:84144365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.78.197.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281263/; classtype:trojan-activity;sid:84144363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.128.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281262/; classtype:trojan-activity;sid:84144362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.25.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281261/; classtype:trojan-activity;sid:84144361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.190.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281260/; classtype:trojan-activity;sid:84144360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.132.113.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281259/; classtype:trojan-activity;sid:84144359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.247.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281257/; classtype:trojan-activity;sid:84144357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.153.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281258/; classtype:trojan-activity;sid:84144358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.161.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281256/; classtype:trojan-activity;sid:84144356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.251.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281255/; classtype:trojan-activity;sid:84144355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.233.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281254/; classtype:trojan-activity;sid:84144354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.158.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281253/; classtype:trojan-activity;sid:84144353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.214.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281252/; classtype:trojan-activity;sid:84144352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.232.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281251/; classtype:trojan-activity;sid:84144351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.19.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281250/; classtype:trojan-activity;sid:84144350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.128.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281249/; classtype:trojan-activity;sid:84144349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281248/; classtype:trojan-activity;sid:84144348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281247/; classtype:trojan-activity;sid:84144347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.11.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281246/; classtype:trojan-activity;sid:84144346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.28.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281245/; classtype:trojan-activity;sid:84144345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.190.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281244/; classtype:trojan-activity;sid:84144344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.207.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281243/; classtype:trojan-activity;sid:84144343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.203.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281242/; classtype:trojan-activity;sid:84144342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.78.197.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281241/; classtype:trojan-activity;sid:84144341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.102.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281240/; classtype:trojan-activity;sid:84144340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.232.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281239/; classtype:trojan-activity;sid:84144339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.103.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281237/; classtype:trojan-activity;sid:84144337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.51.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281238/; classtype:trojan-activity;sid:84144338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.138.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281236/; classtype:trojan-activity;sid:84144336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.251.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281235/; classtype:trojan-activity;sid:84144335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.213.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281234/; classtype:trojan-activity;sid:84144334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.68.226"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281233/; classtype:trojan-activity;sid:84144333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.214.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281232/; classtype:trojan-activity;sid:84144332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.116.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281231/; classtype:trojan-activity;sid:84144331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.158.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281230/; classtype:trojan-activity;sid:84144330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.140.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281229/; classtype:trojan-activity;sid:84144329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.115.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281228/; classtype:trojan-activity;sid:84144328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.179.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281227/; classtype:trojan-activity;sid:84144327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.115.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281226/; classtype:trojan-activity;sid:84144326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.233.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281225/; classtype:trojan-activity;sid:84144325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281224/; classtype:trojan-activity;sid:84144324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/sparc"; depth:9; endswith; nocase; http.host; content:"91.211.251.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281223/; classtype:trojan-activity;sid:84144323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.92.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281222/; classtype:trojan-activity;sid:84144322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.83.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281221/; classtype:trojan-activity;sid:84144321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.81.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281220/; classtype:trojan-activity;sid:84144320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.116.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281219/; classtype:trojan-activity;sid:84144319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.103.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281218/; classtype:trojan-activity;sid:84144318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281217/; classtype:trojan-activity;sid:84144317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.112.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281216/; classtype:trojan-activity;sid:84144316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.68.226"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281215/; classtype:trojan-activity;sid:84144315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281214/; classtype:trojan-activity;sid:84144314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.119.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281213/; classtype:trojan-activity;sid:84144313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.83.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281212/; classtype:trojan-activity;sid:84144312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.116.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281211/; classtype:trojan-activity;sid:84144311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.102.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281210/; classtype:trojan-activity;sid:84144310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.38.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281209/; classtype:trojan-activity;sid:84144309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281208/; classtype:trojan-activity;sid:84144308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.240.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281207/; classtype:trojan-activity;sid:84144307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.116.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281206/; classtype:trojan-activity;sid:84144306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.144.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281204/; classtype:trojan-activity;sid:84144304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.156.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281205/; classtype:trojan-activity;sid:84144305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.234.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281203/; classtype:trojan-activity;sid:84144303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281202/; classtype:trojan-activity;sid:84144302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281201/; classtype:trojan-activity;sid:84144301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.36.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281200/; classtype:trojan-activity;sid:84144300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281199/; classtype:trojan-activity;sid:84144299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.119.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281198/; classtype:trojan-activity;sid:84144298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.252.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281197/; classtype:trojan-activity;sid:84144297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.234.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281196/; classtype:trojan-activity;sid:84144296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.51.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281195/; classtype:trojan-activity;sid:84144295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.44.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281194/; classtype:trojan-activity;sid:84144294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.172.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281193/; classtype:trojan-activity;sid:84144293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281192/; classtype:trojan-activity;sid:84144292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.196.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281191/; classtype:trojan-activity;sid:84144291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.80.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281190/; classtype:trojan-activity;sid:84144290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281189/; classtype:trojan-activity;sid:84144289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281188/; classtype:trojan-activity;sid:84144288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.184.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281187/; classtype:trojan-activity;sid:84144287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.138.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281186/; classtype:trojan-activity;sid:84144286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.141.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281185/; classtype:trojan-activity;sid:84144285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281184/; classtype:trojan-activity;sid:84144284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.250.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281183/; classtype:trojan-activity;sid:84144283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.128.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281182/; classtype:trojan-activity;sid:84144282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.83.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281181/; classtype:trojan-activity;sid:84144281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.118.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281180/; classtype:trojan-activity;sid:84144280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.144.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281179/; classtype:trojan-activity;sid:84144279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.19.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281178/; classtype:trojan-activity;sid:84144278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.204.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281177/; classtype:trojan-activity;sid:84144277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.166.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281176/; classtype:trojan-activity;sid:84144276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.192.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281175/; classtype:trojan-activity;sid:84144275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.208.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281174/; classtype:trojan-activity;sid:84144274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.49.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281173/; classtype:trojan-activity;sid:84144273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.27.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281171/; classtype:trojan-activity;sid:84144271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281172/; classtype:trojan-activity;sid:84144272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.123.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281170/; classtype:trojan-activity;sid:84144270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.64.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281169/; classtype:trojan-activity;sid:84144269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.44.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281168/; classtype:trojan-activity;sid:84144268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.160.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281167/; classtype:trojan-activity;sid:84144267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.156.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281165/; classtype:trojan-activity;sid:84144265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281166/; classtype:trojan-activity;sid:84144266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.19.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281164/; classtype:trojan-activity;sid:84144264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.81.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281163/; classtype:trojan-activity;sid:84144263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.97.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281161/; classtype:trojan-activity;sid:84144261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.118.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281162/; classtype:trojan-activity;sid:84144262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281160/; classtype:trojan-activity;sid:84144260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.106.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281159/; classtype:trojan-activity;sid:84144259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.64.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281157/; classtype:trojan-activity;sid:84144257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.89.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281158/; classtype:trojan-activity;sid:84144258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.204.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281156/; classtype:trojan-activity;sid:84144256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.e"; depth:4; endswith; nocase; http.host; content:"hawai5stars.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281155/; classtype:trojan-activity;sid:84144255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropbeast.exe"; depth:14; endswith; nocase; http.host; content:"yaipool.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281154/; classtype:trojan-activity;sid:84144254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.49.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281153/; classtype:trojan-activity;sid:84144253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281152/; classtype:trojan-activity;sid:84144252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i.msi"; depth:6; endswith; nocase; http.host; content:"185.245.107.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281151/; classtype:trojan-activity;sid:84144251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.223.129.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281150/; classtype:trojan-activity;sid:84144250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.e"; depth:4; endswith; nocase; http.host; content:"185.245.107.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281149/; classtype:trojan-activity;sid:84144249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.123.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281147/; classtype:trojan-activity;sid:84144247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.115.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281146/; classtype:trojan-activity;sid:84144246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.184.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281145/; classtype:trojan-activity;sid:84144245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.221.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281144/; classtype:trojan-activity;sid:84144244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.19.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281143/; classtype:trojan-activity;sid:84144243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/mips"; depth:7; endswith; nocase; http.host; content:"45.88.91.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281142/; classtype:trojan-activity;sid:84144242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/mipsel"; depth:9; endswith; nocase; http.host; content:"45.88.91.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281141/; classtype:trojan-activity;sid:84144241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.147.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281140/; classtype:trojan-activity;sid:84144240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loads_11_7.rar"; depth:15; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281139/; classtype:trojan-activity;sid:84144239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loaddetails.exe"; depth:16; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281136/; classtype:trojan-activity;sid:84144236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromesetup.exe"; depth:16; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281137/; classtype:trojan-activity;sid:84144237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loads_11_7_.zip"; depth:16; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281138/; classtype:trojan-activity;sid:84144238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.225.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281133/; classtype:trojan-activity;sid:84144233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/details.exe"; depth:12; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281134/; classtype:trojan-activity;sid:84144234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vs.exe"; depth:7; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281135/; classtype:trojan-activity;sid:84144235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.106.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281131/; classtype:trojan-activity;sid:84144231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.97.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281132/; classtype:trojan-activity;sid:84144232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.246.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281129/; classtype:trojan-activity;sid:84144229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.144.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281130/; classtype:trojan-activity;sid:84144230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.95"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281128/; classtype:trojan-activity;sid:84144228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.25.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281127/; classtype:trojan-activity;sid:84144227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.92.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281126/; classtype:trojan-activity;sid:84144226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.131.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281125/; classtype:trojan-activity;sid:84144225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281124/; classtype:trojan-activity;sid:84144224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.235.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281123/; classtype:trojan-activity;sid:84144223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.221.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281122/; classtype:trojan-activity;sid:84144222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.115.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281121/; classtype:trojan-activity;sid:84144221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.222.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281120/; classtype:trojan-activity;sid:84144220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.101.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281119/; classtype:trojan-activity;sid:84144219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.246.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281118/; classtype:trojan-activity;sid:84144218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.113.226.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281117/; classtype:trojan-activity;sid:84144217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.7.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281116/; classtype:trojan-activity;sid:84144216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281115/; classtype:trojan-activity;sid:84144215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.4.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281114/; classtype:trojan-activity;sid:84144214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.191.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281113/; classtype:trojan-activity;sid:84144213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.109.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281112/; classtype:trojan-activity;sid:84144212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281111/; classtype:trojan-activity;sid:84144211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281110/; classtype:trojan-activity;sid:84144210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.144.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281109/; classtype:trojan-activity;sid:84144209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.173.231.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281107/; classtype:trojan-activity;sid:84144207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.108.89.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281108/; classtype:trojan-activity;sid:84144208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.92.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281106/; classtype:trojan-activity;sid:84144206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281105/; classtype:trojan-activity;sid:84144205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.221.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281104/; classtype:trojan-activity;sid:84144204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/m68k"; depth:14; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281101/; classtype:trojan-activity;sid:84144201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/powerpc"; depth:17; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281102/; classtype:trojan-activity;sid:84144202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/arm"; depth:13; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281103/; classtype:trojan-activity;sid:84144203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.131.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281100/; classtype:trojan-activity;sid:84144200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/arm5"; depth:14; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281098/; classtype:trojan-activity;sid:84144198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/i686"; depth:14; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281099/; classtype:trojan-activity;sid:84144199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/sh4"; depth:13; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281094/; classtype:trojan-activity;sid:84144194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/sparc"; depth:15; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281095/; classtype:trojan-activity;sid:84144195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/x86_64"; depth:16; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281096/; classtype:trojan-activity;sid:84144196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/mipsel"; depth:16; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281097/; classtype:trojan-activity;sid:84144197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.23.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281093/; classtype:trojan-activity;sid:84144193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.18.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281092/; classtype:trojan-activity;sid:84144192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.25.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281091/; classtype:trojan-activity;sid:84144191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.19.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281090/; classtype:trojan-activity;sid:84144190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281089/; classtype:trojan-activity;sid:84144189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.235.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281088/; classtype:trojan-activity;sid:84144188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281087/; classtype:trojan-activity;sid:84144187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281086/; classtype:trojan-activity;sid:84144186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.155.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281084/; classtype:trojan-activity;sid:84144184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.234.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281083/; classtype:trojan-activity;sid:84144183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.95"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281082/; classtype:trojan-activity;sid:84144182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.108.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281081/; classtype:trojan-activity;sid:84144181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.109.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281080/; classtype:trojan-activity;sid:84144180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/way-of/great/dest/best.txt"; depth:27; endswith; nocase; http.host; content:"mr-aws.b-cdn.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281079/; classtype:trojan-activity;sid:84144179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backups/cuverif.txt"; depth:20; endswith; nocase; http.host; content:"makemygreatgain.b-cdn.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281078/; classtype:trojan-activity;sid:84144178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.117.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281077/; classtype:trojan-activity;sid:84144177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.12.13.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281076/; classtype:trojan-activity;sid:84144176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.39.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281075/; classtype:trojan-activity;sid:84144175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almighty/mips"; depth:14; endswith; nocase; http.host; content:"89.116.21.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281073/; classtype:trojan-activity;sid:84144173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281074/; classtype:trojan-activity;sid:84144174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.96.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281071/; classtype:trojan-activity;sid:84144171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.96.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281072/; classtype:trojan-activity;sid:84144172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.243.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281070/; classtype:trojan-activity;sid:84144170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.194.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281069/; classtype:trojan-activity;sid:84144169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.60.225.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281068/; classtype:trojan-activity;sid:84144168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.204.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281066/; classtype:trojan-activity;sid:84144166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281067/; classtype:trojan-activity;sid:84144167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.202.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281065/; classtype:trojan-activity;sid:84144165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.108.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281063/; classtype:trojan-activity;sid:84144163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.221.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281064/; classtype:trojan-activity;sid:84144164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.90.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281062/; classtype:trojan-activity;sid:84144162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0.jpg"; depth:6; endswith; nocase; http.host; content:"101.35.233.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281061/; classtype:trojan-activity;sid:84144161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.99.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281060/; classtype:trojan-activity;sid:84144160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.191.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281059/; classtype:trojan-activity;sid:84144159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.3.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281058/; classtype:trojan-activity;sid:84144158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.27.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281057/; classtype:trojan-activity;sid:84144157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.213.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281056/; classtype:trojan-activity;sid:84144156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.203.126.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281055/; classtype:trojan-activity;sid:84144155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.141.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281054/; classtype:trojan-activity;sid:84144154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.178.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281053/; classtype:trojan-activity;sid:84144153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.155.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281052/; classtype:trojan-activity;sid:84144152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281051/; classtype:trojan-activity;sid:84144151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.129.18.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281050/; classtype:trojan-activity;sid:84144150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.141.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281049/; classtype:trojan-activity;sid:84144149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281048/; classtype:trojan-activity;sid:84144148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app.ocx"; depth:8; endswith; nocase; http.host; content:"170.75.168.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281047/; classtype:trojan-activity;sid:84144147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.85.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281046/; classtype:trojan-activity;sid:84144146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281045/; classtype:trojan-activity;sid:84144145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.234.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281044/; classtype:trojan-activity;sid:84144144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.54.48"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281043/; classtype:trojan-activity;sid:84144143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.46.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281042/; classtype:trojan-activity;sid:84144142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.243.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281041/; classtype:trojan-activity;sid:84144141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.90.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281040/; classtype:trojan-activity;sid:84144140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w"; depth:2; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281038/; classtype:trojan-activity;sid:84144138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm6"; depth:6; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281039/; classtype:trojan-activity;sid:84144139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.109.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281037/; classtype:trojan-activity;sid:84144137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.83.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281036/; classtype:trojan-activity;sid:84144136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.212.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281035/; classtype:trojan-activity;sid:84144135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281034/; classtype:trojan-activity;sid:84144134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"girlsgifs.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281033/; classtype:trojan-activity;sid:84144133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.3.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281031/; classtype:trojan-activity;sid:84144131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.219.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281032/; classtype:trojan-activity;sid:84144132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.208.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281030/; classtype:trojan-activity;sid:84144130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.51.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281029/; classtype:trojan-activity;sid:84144129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.73.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281028/; classtype:trojan-activity;sid:84144128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.208.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281027/; classtype:trojan-activity;sid:84144127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.152.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281026/; classtype:trojan-activity;sid:84144126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.122.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281025/; classtype:trojan-activity;sid:84144125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.136.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281024/; classtype:trojan-activity;sid:84144124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.3.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281023/; classtype:trojan-activity;sid:84144123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.109.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281022/; classtype:trojan-activity;sid:84144122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.125.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281021/; classtype:trojan-activity;sid:84144121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.54.48"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281020/; classtype:trojan-activity;sid:84144120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.221.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281019/; classtype:trojan-activity;sid:84144119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.24.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281018/; classtype:trojan-activity;sid:84144118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.217.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281017/; classtype:trojan-activity;sid:84144117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.182.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281016/; classtype:trojan-activity;sid:84144116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.204.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281015/; classtype:trojan-activity;sid:84144115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.35.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281012/; classtype:trojan-activity;sid:84144112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.139.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281013/; classtype:trojan-activity;sid:84144113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.16.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281014/; classtype:trojan-activity;sid:84144114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.70.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281009/; classtype:trojan-activity;sid:84144109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.109.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281010/; classtype:trojan-activity;sid:84144110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.215.222.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281011/; classtype:trojan-activity;sid:84144111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281005/; classtype:trojan-activity;sid:84144105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.95.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281006/; classtype:trojan-activity;sid:84144106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.88.140.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281007/; classtype:trojan-activity;sid:84144107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.43.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281008/; classtype:trojan-activity;sid:84144108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.159.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281004/; classtype:trojan-activity;sid:84144104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.94.34.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281003/; classtype:trojan-activity;sid:84144103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281002/; classtype:trojan-activity;sid:84144102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.183.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281001/; classtype:trojan-activity;sid:84144101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.210.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281000/; classtype:trojan-activity;sid:84144100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.190.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280999/; classtype:trojan-activity;sid:84144099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.11.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280998/; classtype:trojan-activity;sid:84144098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.12.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280997/; classtype:trojan-activity;sid:84144097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.114.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280995/; classtype:trojan-activity;sid:84144095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.48.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280996/; classtype:trojan-activity;sid:84144096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280994/; classtype:trojan-activity;sid:84144094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280993/; classtype:trojan-activity;sid:84144093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.51.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280992/; classtype:trojan-activity;sid:84144092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/2d424qwn"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280990/; classtype:trojan-activity;sid:84144090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280991/; classtype:trojan-activity;sid:84144091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.122.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280989/; classtype:trojan-activity;sid:84144089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.249.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280988/; classtype:trojan-activity;sid:84144088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.136.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280987/; classtype:trojan-activity;sid:84144087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.240.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280986/; classtype:trojan-activity;sid:84144086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.231.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280985/; classtype:trojan-activity;sid:84144085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280984/; classtype:trojan-activity;sid:84144084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.83.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280983/; classtype:trojan-activity;sid:84144083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.117.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280982/; classtype:trojan-activity;sid:84144082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.14.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280981/; classtype:trojan-activity;sid:84144081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.60.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280980/; classtype:trojan-activity;sid:84144080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.125.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280979/; classtype:trojan-activity;sid:84144079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.139.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280978/; classtype:trojan-activity;sid:84144078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.114.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280977/; classtype:trojan-activity;sid:84144077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280976/; classtype:trojan-activity;sid:84144076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.58.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280975/; classtype:trojan-activity;sid:84144075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280974/; classtype:trojan-activity;sid:84144074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.132.132.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280973/; classtype:trojan-activity;sid:84144073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.136.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280971/; classtype:trojan-activity;sid:84144071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.10.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280972/; classtype:trojan-activity;sid:84144072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.4.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280970/; classtype:trojan-activity;sid:84144070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.67.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280969/; classtype:trojan-activity;sid:84144069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.25.237.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280967/; classtype:trojan-activity;sid:84144067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.164.241.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280968/; classtype:trojan-activity;sid:84144068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.106.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280966/; classtype:trojan-activity;sid:84144066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.177.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280965/; classtype:trojan-activity;sid:84144065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.150.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280963/; classtype:trojan-activity;sid:84144063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.250.57.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280964/; classtype:trojan-activity;sid:84144064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.4.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280962/; classtype:trojan-activity;sid:84144062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.132.132.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280961/; classtype:trojan-activity;sid:84144061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280960/; classtype:trojan-activity;sid:84144060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.163.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280959/; classtype:trojan-activity;sid:84144059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.135.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280958/; classtype:trojan-activity;sid:84144058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.10.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280957/; classtype:trojan-activity;sid:84144057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.177.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280956/; classtype:trojan-activity;sid:84144056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.4.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280954/; classtype:trojan-activity;sid:84144054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.177.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280955/; classtype:trojan-activity;sid:84144055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.56.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280953/; classtype:trojan-activity;sid:84144053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.150.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280952/; classtype:trojan-activity;sid:84144052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.53.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280951/; classtype:trojan-activity;sid:84144051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280950/; classtype:trojan-activity;sid:84144050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.96.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280949/; classtype:trojan-activity;sid:84144049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.62.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280948/; classtype:trojan-activity;sid:84144048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.103.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280947/; classtype:trojan-activity;sid:84144047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.135.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280946/; classtype:trojan-activity;sid:84144046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.161.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280945/; classtype:trojan-activity;sid:84144045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.60.222.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280944/; classtype:trojan-activity;sid:84144044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280943/; classtype:trojan-activity;sid:84144043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.14.217"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280942/; classtype:trojan-activity;sid:84144042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.48.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280941/; classtype:trojan-activity;sid:84144041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.53.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280940/; classtype:trojan-activity;sid:84144040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280939/; classtype:trojan-activity;sid:84144039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.212.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280938/; classtype:trojan-activity;sid:84144038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280937/; classtype:trojan-activity;sid:84144037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.143.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280936/; classtype:trojan-activity;sid:84144036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.47.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280935/; classtype:trojan-activity;sid:84144035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.251.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280934/; classtype:trojan-activity;sid:84144034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.56.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280933/; classtype:trojan-activity;sid:84144033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.5.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280932/; classtype:trojan-activity;sid:84144032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280930/; classtype:trojan-activity;sid:84144030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.62.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280931/; classtype:trojan-activity;sid:84144031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.120.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280929/; classtype:trojan-activity;sid:84144029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.11.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280928/; classtype:trojan-activity;sid:84144028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.103.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280927/; classtype:trojan-activity;sid:84144027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280926/; classtype:trojan-activity;sid:84144026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.48.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280925/; classtype:trojan-activity;sid:84144025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.3.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280924/; classtype:trojan-activity;sid:84144024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.150.95.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280923/; classtype:trojan-activity;sid:84144023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280922/; classtype:trojan-activity;sid:84144022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ev.exe"; depth:7; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280921/; classtype:trojan-activity;sid:84144021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.165.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280920/; classtype:trojan-activity;sid:84144020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280919/; classtype:trojan-activity;sid:84144019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.98.50.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280918/; classtype:trojan-activity;sid:84144018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.161.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280917/; classtype:trojan-activity;sid:84144017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.81.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280916/; classtype:trojan-activity;sid:84144016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280915/; classtype:trojan-activity;sid:84144015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280914/; classtype:trojan-activity;sid:84144014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280913/; classtype:trojan-activity;sid:84144013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.23.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280912/; classtype:trojan-activity;sid:84144012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.51.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280911/; classtype:trojan-activity;sid:84144011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.223.134.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280910/; classtype:trojan-activity;sid:84144010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280909/; classtype:trojan-activity;sid:84144009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.210.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280908/; classtype:trojan-activity;sid:84144008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.232.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280907/; classtype:trojan-activity;sid:84144007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280906/; classtype:trojan-activity;sid:84144006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.236.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280905/; classtype:trojan-activity;sid:84144005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280903/; classtype:trojan-activity;sid:84144003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.93.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280904/; classtype:trojan-activity;sid:84144004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.84.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280902/; classtype:trojan-activity;sid:84144002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.157.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280901/; classtype:trojan-activity;sid:84144001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.23.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280900/; classtype:trojan-activity;sid:84144000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280898/; classtype:trojan-activity;sid:84143998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.130.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280899/; classtype:trojan-activity;sid:84143999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.223.134.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280897/; classtype:trojan-activity;sid:84143997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.32.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280896/; classtype:trojan-activity;sid:84143996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.5.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280895/; classtype:trojan-activity;sid:84143995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.99.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280894/; classtype:trojan-activity;sid:84143994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.99.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280893/; classtype:trojan-activity;sid:84143993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.207.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280892/; classtype:trojan-activity;sid:84143992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.237.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280890/; classtype:trojan-activity;sid:84143990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.72.31.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280889/; classtype:trojan-activity;sid:84143989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280888/; classtype:trojan-activity;sid:84143988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.47.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280887/; classtype:trojan-activity;sid:84143987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.85.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280886/; classtype:trojan-activity;sid:84143986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.26.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280884/; classtype:trojan-activity;sid:84143984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.199.225.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280885/; classtype:trojan-activity;sid:84143985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.28.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280883/; classtype:trojan-activity;sid:84143983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.111.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280882/; classtype:trojan-activity;sid:84143982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.191.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280881/; classtype:trojan-activity;sid:84143981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.228.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280880/; classtype:trojan-activity;sid:84143980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.117.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280879/; classtype:trojan-activity;sid:84143979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280878/; classtype:trojan-activity;sid:84143978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.34.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280877/; classtype:trojan-activity;sid:84143977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.181.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280875/; classtype:trojan-activity;sid:84143975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.214.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280876/; classtype:trojan-activity;sid:84143976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280872/; classtype:trojan-activity;sid:84143972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.147.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280873/; classtype:trojan-activity;sid:84143973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.159.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280874/; classtype:trojan-activity;sid:84143974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280871/; classtype:trojan-activity;sid:84143971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.210.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280870/; classtype:trojan-activity;sid:84143970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280869/; classtype:trojan-activity;sid:84143969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280868/; classtype:trojan-activity;sid:84143968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.30.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280867/; classtype:trojan-activity;sid:84143967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280865/; classtype:trojan-activity;sid:84143965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280866/; classtype:trojan-activity;sid:84143966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.153.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280864/; classtype:trojan-activity;sid:84143964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.32.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280863/; classtype:trojan-activity;sid:84143963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.59.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280862/; classtype:trojan-activity;sid:84143962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.240.64.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280861/; classtype:trojan-activity;sid:84143961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.94.183.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280860/; classtype:trojan-activity;sid:84143960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.119.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280859/; classtype:trojan-activity;sid:84143959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.130.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280858/; classtype:trojan-activity;sid:84143958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.130.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280857/; classtype:trojan-activity;sid:84143957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.253.100.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280856/; classtype:trojan-activity;sid:84143956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.72.31.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280855/; classtype:trojan-activity;sid:84143955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.233.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280854/; classtype:trojan-activity;sid:84143954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280853/; classtype:trojan-activity;sid:84143953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.95.163.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280852/; classtype:trojan-activity;sid:84143952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.240.64.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280851/; classtype:trojan-activity;sid:84143951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.18.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280850/; classtype:trojan-activity;sid:84143950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.20.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280849/; classtype:trojan-activity;sid:84143949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.12.43.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280848/; classtype:trojan-activity;sid:84143948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.183.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280847/; classtype:trojan-activity;sid:84143947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.223.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280846/; classtype:trojan-activity;sid:84143946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.169.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280845/; classtype:trojan-activity;sid:84143945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.59.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280844/; classtype:trojan-activity;sid:84143944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.233.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280843/; classtype:trojan-activity;sid:84143943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.94.183.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280842/; classtype:trojan-activity;sid:84143942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.235.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280841/; classtype:trojan-activity;sid:84143941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.246.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280840/; classtype:trojan-activity;sid:84143940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.80.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280839/; classtype:trojan-activity;sid:84143939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280838/; classtype:trojan-activity;sid:84143938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.112.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280837/; classtype:trojan-activity;sid:84143937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.168.225.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280836/; classtype:trojan-activity;sid:84143936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.146.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280835/; classtype:trojan-activity;sid:84143935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.5.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280834/; classtype:trojan-activity;sid:84143934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.185.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280833/; classtype:trojan-activity;sid:84143933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.3.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280832/; classtype:trojan-activity;sid:84143932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.93.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280831/; classtype:trojan-activity;sid:84143931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.223.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280830/; classtype:trojan-activity;sid:84143930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.179.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280829/; classtype:trojan-activity;sid:84143929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.201.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280828/; classtype:trojan-activity;sid:84143928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280827/; classtype:trojan-activity;sid:84143927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.190.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280826/; classtype:trojan-activity;sid:84143926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.174.71.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280825/; classtype:trojan-activity;sid:84143925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"88.247.163.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280824/; classtype:trojan-activity;sid:84143924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.66.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280823/; classtype:trojan-activity;sid:84143923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.80.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280822/; classtype:trojan-activity;sid:84143922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asd.exe"; depth:8; endswith; nocase; http.host; content:"213.252.247.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280821/; classtype:trojan-activity;sid:84143921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.177.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280820/; classtype:trojan-activity;sid:84143920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.240.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280819/; classtype:trojan-activity;sid:84143919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.166.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280818/; classtype:trojan-activity;sid:84143918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.93.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280817/; classtype:trojan-activity;sid:84143917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.201.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280815/; classtype:trojan-activity;sid:84143915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.207.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280816/; classtype:trojan-activity;sid:84143916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.190.102.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280814/; classtype:trojan-activity;sid:84143914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280813/; classtype:trojan-activity;sid:84143913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.31.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280812/; classtype:trojan-activity;sid:84143912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.76.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280811/; classtype:trojan-activity;sid:84143911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.139.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280810/; classtype:trojan-activity;sid:84143910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.251.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280809/; classtype:trojan-activity;sid:84143909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280808/; classtype:trojan-activity;sid:84143908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.185.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280806/; classtype:trojan-activity;sid:84143906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.66.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280807/; classtype:trojan-activity;sid:84143907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.240.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280805/; classtype:trojan-activity;sid:84143905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280804/; classtype:trojan-activity;sid:84143904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.78.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280803/; classtype:trojan-activity;sid:84143903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.194.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280802/; classtype:trojan-activity;sid:84143902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.126.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280801/; classtype:trojan-activity;sid:84143901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.6.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280800/; classtype:trojan-activity;sid:84143900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280799/; classtype:trojan-activity;sid:84143899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280798/; classtype:trojan-activity;sid:84143898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.33.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280796/; classtype:trojan-activity;sid:84143896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr0niums/repo/refs/heads/main/nvidia.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280797/; classtype:trojan-activity;sid:84143897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.190.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280795/; classtype:trojan-activity;sid:84143895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.226.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280794/; classtype:trojan-activity;sid:84143894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.134.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280793/; classtype:trojan-activity;sid:84143893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.249.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280792/; classtype:trojan-activity;sid:84143892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.206.62.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280791/; classtype:trojan-activity;sid:84143891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280790/; classtype:trojan-activity;sid:84143890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.48.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280789/; classtype:trojan-activity;sid:84143889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280788/; classtype:trojan-activity;sid:84143888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.65.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280787/; classtype:trojan-activity;sid:84143887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rama12a3/ps/main/manger.docx"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280786/; classtype:trojan-activity;sid:84143886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.78.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280785/; classtype:trojan-activity;sid:84143885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280784/; classtype:trojan-activity;sid:84143884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.54.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280783/; classtype:trojan-activity;sid:84143883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.213.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280782/; classtype:trojan-activity;sid:84143882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.90.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280781/; classtype:trojan-activity;sid:84143881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.226.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280780/; classtype:trojan-activity;sid:84143880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.111.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280778/; classtype:trojan-activity;sid:84143878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.207.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280777/; classtype:trojan-activity;sid:84143877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.55.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280776/; classtype:trojan-activity;sid:84143876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280774/; classtype:trojan-activity;sid:84143874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.190.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280775/; classtype:trojan-activity;sid:84143875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.121.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280771/; classtype:trojan-activity;sid:84143871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simone0108/a/refs/heads/main/greenfield.docx"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280772/; classtype:trojan-activity;sid:84143872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.72.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280773/; classtype:trojan-activity;sid:84143873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdone914/as1/main/photobox.docx"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280770/; classtype:trojan-activity;sid:84143870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.182.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280769/; classtype:trojan-activity;sid:84143869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.252.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280768/; classtype:trojan-activity;sid:84143868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.6.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280767/; classtype:trojan-activity;sid:84143867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.89.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280766/; classtype:trojan-activity;sid:84143866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.250.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280765/; classtype:trojan-activity;sid:84143865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.231.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280764/; classtype:trojan-activity;sid:84143864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.76.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280763/; classtype:trojan-activity;sid:84143863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woord02/nigga/refs/heads/main/majesticexec.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280762/; classtype:trojan-activity;sid:84143862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.165.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280761/; classtype:trojan-activity;sid:84143861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.131.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280760/; classtype:trojan-activity;sid:84143860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.182.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280758/; classtype:trojan-activity;sid:84143858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.27.13.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280759/; classtype:trojan-activity;sid:84143859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.31.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280757/; classtype:trojan-activity;sid:84143857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.58.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280755/; classtype:trojan-activity;sid:84143855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.40.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280756/; classtype:trojan-activity;sid:84143856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.190.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280754/; classtype:trojan-activity;sid:84143854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.204.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280753/; classtype:trojan-activity;sid:84143853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/boy.txt"; depth:12; endswith; nocase; http.host; content:"191.96.224.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280752/; classtype:trojan-activity;sid:84143852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yvrm.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280751/; classtype:trojan-activity;sid:84143851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/217/cammirr.txt"; depth:16; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280749/; classtype:trojan-activity;sid:84143849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/711/fshfh.txt"; depth:14; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280750/; classtype:trojan-activity;sid:84143850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/mbkbds.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280748/; classtype:trojan-activity;sid:84143848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeememebiggg.txt"; depth:17; endswith; nocase; http.host; content:"87.120.113.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280739/; classtype:trojan-activity;sid:84143839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/455/wc/seethebestthingsfromtheloverwithgreatthignsu.hta"; depth:56; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280740/; classtype:trojan-activity;sid:84143840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/zf3dxapdnla4lnl.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280741/; classtype:trojan-activity;sid:84143841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79/wrdcf.txt"; depth:13; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280742/; classtype:trojan-activity;sid:84143842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//splarm7"; depth:9; endswith; nocase; http.host; content:"pqahzam.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280743/; classtype:trojan-activity;sid:84143843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//dlr.arm7"; depth:10; endswith; nocase; http.host; content:"pqahzam.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280744/; classtype:trojan-activity;sid:84143844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//splarm6"; depth:9; endswith; nocase; http.host; content:"pqahzam.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280745/; classtype:trojan-activity;sid:84143845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//dlr.ppc"; depth:9; endswith; nocase; http.host; content:"pqahzam.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280746/; classtype:trojan-activity;sid:84143846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//dlr.m68k"; depth:10; endswith; nocase; http.host; content:"pqahzam.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280747/; classtype:trojan-activity;sid:84143847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.17.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280737/; classtype:trojan-activity;sid:84143837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olk/swssl.txt"; depth:14; endswith; nocase; http.host; content:"pus.rollerswpush.eu"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280738/; classtype:trojan-activity;sid:84143838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/af.exe"; depth:7; endswith; nocase; http.host; content:"112.74.185.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280736/; classtype:trojan-activity;sid:84143836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/en7nq8lm3v7yww0.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280734/; classtype:trojan-activity;sid:84143834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10.hta"; depth:7; endswith; nocase; http.host; content:"154.12.33.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280735/; classtype:trojan-activity;sid:84143835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm5"; depth:12; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280733/; classtype:trojan-activity;sid:84143833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"216.9.226.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280732/; classtype:trojan-activity;sid:84143832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.sparc"; depth:12; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280731/; classtype:trojan-activity;sid:84143831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simone0108/a/raw/refs/heads/main/greenfield.docx"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280730/; classtype:trojan-activity;sid:84143830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.mips"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280724/; classtype:trojan-activity;sid:84143824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm6"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280725/; classtype:trojan-activity;sid:84143825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.sh4"; depth:10; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280726/; classtype:trojan-activity;sid:84143826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x86"; depth:10; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280727/; classtype:trojan-activity;sid:84143827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280728/; classtype:trojan-activity;sid:84143828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm4"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280729/; classtype:trojan-activity;sid:84143829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm7"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280716/; classtype:trojan-activity;sid:84143816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.arm5"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280717/; classtype:trojan-activity;sid:84143817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdone914/as1/raw/main/photobox.docx|3f|raw=true"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280718/; classtype:trojan-activity;sid:84143818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280719/; classtype:trojan-activity;sid:84143819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.mpsl"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280720/; classtype:trojan-activity;sid:84143820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.ppc"; depth:10; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280721/; classtype:trojan-activity;sid:84143821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.m68k"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280722/; classtype:trojan-activity;sid:84143822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.i586"; depth:11; endswith; nocase; http.host; content:"163.172.49.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280723/; classtype:trojan-activity;sid:84143823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igz.arm5"; depth:9; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280712/; classtype:trojan-activity;sid:84143812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/main/arm7"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280713/; classtype:trojan-activity;sid:84143813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//aaa"; depth:5; endswith; nocase; http.host; content:"pqahzam.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280714/; classtype:trojan-activity;sid:84143814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"45.202.35.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280715/; classtype:trojan-activity;sid:84143815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rxr3r/nothing/raw/main/windows.docx|3f|raw=true"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280710/; classtype:trojan-activity;sid:84143810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rama12a3/ps/raw/main/manger.docx|3f|raw=true"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280711/; classtype:trojan-activity;sid:84143811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.rar"; depth:12; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280709/; classtype:trojan-activity;sid:84143809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfs.exe"; depth:8; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280708/; classtype:trojan-activity;sid:84143808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/https.exe"; depth:10; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280705/; classtype:trojan-activity;sid:84143805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/024749876411"; depth:17; endswith; nocase; http.host; content:"paste.fo"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280706/; classtype:trojan-activity;sid:84143806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rda26675/a/main/tk7.docx|3f|raw=true"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280707/; classtype:trojan-activity;sid:84143807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asold1/11/main/5"; depth:17; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280700/; classtype:trojan-activity;sid:84143800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x64.bin"; depth:8; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280701/; classtype:trojan-activity;sid:84143801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asold1/11/main/4"; depth:17; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280702/; classtype:trojan-activity;sid:84143802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asold1/11/main/2"; depth:17; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280703/; classtype:trojan-activity;sid:84143803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asold1/11/main/3"; depth:17; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280704/; classtype:trojan-activity;sid:84143804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asold1/11/main/1"; depth:17; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280698/; classtype:trojan-activity;sid:84143798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86.bin"; depth:8; endswith; nocase; http.host; content:"103.43.18.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280699/; classtype:trojan-activity;sid:84143799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nulrih.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280696/; classtype:trojan-activity;sid:84143796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugd/d9e1c3_f75082db4b394ade83d25a07d6cffc8d.txt"; depth:48; endswith; nocase; http.host; content:"d9e1c3dd-1fee-48c1-9089-09a70580408e.usrfiles.com"; depth:49; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280697/; classtype:trojan-activity;sid:84143797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/130/smpllel.txt"; depth:16; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280691/; classtype:trojan-activity;sid:84143791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irzn0b.rar"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280692/; classtype:trojan-activity;sid:84143792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nw9onk.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280693/; classtype:trojan-activity;sid:84143793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1eeqby.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280694/; classtype:trojan-activity;sid:84143794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iz3lne.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280695/; classtype:trojan-activity;sid:84143795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/130/uh/seethebestpartentirelifewithmygirlfriendonentirelifethings.hta"; depth:70; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280686/; classtype:trojan-activity;sid:84143786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/nikkerkhan/5qkmxx/c193c8cd66ad1405f4a0ebc7293d71d0f287eb98/files/all.txt"; depth:91; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280687/; classtype:trojan-activity;sid:84143787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/711/ce/batterygetbackwithgoodmovemententirelovegoodforrealitytogetmeack.hta"; depth:76; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280688/; classtype:trojan-activity;sid:84143788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resoo.exe"; depth:10; endswith; nocase; http.host; content:"ggrtrew.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280689/; classtype:trojan-activity;sid:84143789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugd/d9e1c3_2876f2a9f8ad45d084ca6956bb42f653.txt"; depth:48; endswith; nocase; http.host; content:"d9e1c3dd-1fee-48c1-9089-09a70580408e.usrfiles.com"; depth:49; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280690/; classtype:trojan-activity;sid:84143790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consoleapp2.exe"; depth:16; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280685/; classtype:trojan-activity;sid:84143785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugd/d9e1c3_19830a6c88a241afb553beb7a3e2c941.txt"; depth:48; endswith; nocase; http.host; content:"d9e1c3dd-1fee-48c1-9089-09a70580408e.usrfiles.com"; depth:49; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280684/; classtype:trojan-activity;sid:84143784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/177wm9.zip"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280683/; classtype:trojan-activity;sid:84143783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbr99k.dll"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280682/; classtype:trojan-activity;sid:84143782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.79.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280681/; classtype:trojan-activity;sid:84143781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.150.92.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280678/; classtype:trojan-activity;sid:84143778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.150.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280679/; classtype:trojan-activity;sid:84143779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.242.54.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280676/; classtype:trojan-activity;sid:84143776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.43.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280677/; classtype:trojan-activity;sid:84143777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.73.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280675/; classtype:trojan-activity;sid:84143775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.29.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280674/; classtype:trojan-activity;sid:84143774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.165.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280673/; classtype:trojan-activity;sid:84143773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.210.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280672/; classtype:trojan-activity;sid:84143772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.5.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280671/; classtype:trojan-activity;sid:84143771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.210.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280670/; classtype:trojan-activity;sid:84143770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"213.242.6.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280669/; classtype:trojan-activity;sid:84143769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.85.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280667/; classtype:trojan-activity;sid:84143767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.167.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280668/; classtype:trojan-activity;sid:84143768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.68.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280666/; classtype:trojan-activity;sid:84143766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280665/; classtype:trojan-activity;sid:84143765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.129.103.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280664/; classtype:trojan-activity;sid:84143764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.89.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280663/; classtype:trojan-activity;sid:84143763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.139.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280662/; classtype:trojan-activity;sid:84143762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.27.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280661/; classtype:trojan-activity;sid:84143761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.117.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280660/; classtype:trojan-activity;sid:84143760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280659/; classtype:trojan-activity;sid:84143759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280658/; classtype:trojan-activity;sid:84143758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.81.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280657/; classtype:trojan-activity;sid:84143757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280655/; classtype:trojan-activity;sid:84143755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.146.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280656/; classtype:trojan-activity;sid:84143756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.58.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280652/; classtype:trojan-activity;sid:84143752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280653/; classtype:trojan-activity;sid:84143753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.233.156.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280654/; classtype:trojan-activity;sid:84143754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.204.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280651/; classtype:trojan-activity;sid:84143751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.114.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280650/; classtype:trojan-activity;sid:84143750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.49.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280649/; classtype:trojan-activity;sid:84143749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.61.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280648/; classtype:trojan-activity;sid:84143748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280647/; classtype:trojan-activity;sid:84143747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.178.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280646/; classtype:trojan-activity;sid:84143746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"92.249.48.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280645/; classtype:trojan-activity;sid:84143745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.166.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280644/; classtype:trojan-activity;sid:84143744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.5.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280643/; classtype:trojan-activity;sid:84143743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.212.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280642/; classtype:trojan-activity;sid:84143742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280641/; classtype:trojan-activity;sid:84143741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.31.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280640/; classtype:trojan-activity;sid:84143740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.168.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280639/; classtype:trojan-activity;sid:84143739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280638/; classtype:trojan-activity;sid:84143738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.powerpc"; depth:18; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280635/; classtype:trojan-activity;sid:84143735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.arm6"; depth:15; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280636/; classtype:trojan-activity;sid:84143736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.sparc"; depth:16; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280637/; classtype:trojan-activity;sid:84143737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.arm5"; depth:15; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280627/; classtype:trojan-activity;sid:84143727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.sh4"; depth:14; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280628/; classtype:trojan-activity;sid:84143728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.arc"; depth:14; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280629/; classtype:trojan-activity;sid:84143729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.m68k"; depth:15; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280630/; classtype:trojan-activity;sid:84143730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.mips"; depth:15; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280631/; classtype:trojan-activity;sid:84143731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.arm"; depth:14; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280632/; classtype:trojan-activity;sid:84143732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.arm7"; depth:15; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280633/; classtype:trojan-activity;sid:84143733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.mipsel"; depth:17; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280634/; classtype:trojan-activity;sid:84143734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.49.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280626/; classtype:trojan-activity;sid:84143726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.209.92.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280625/; classtype:trojan-activity;sid:84143725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280624/; classtype:trojan-activity;sid:84143724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.114.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280623/; classtype:trojan-activity;sid:84143723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.sh4"; depth:14; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280621/; classtype:trojan-activity;sid:84143721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.188.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280622/; classtype:trojan-activity;sid:84143722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280620/; classtype:trojan-activity;sid:84143720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280619/; classtype:trojan-activity;sid:84143719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.ppc"; depth:14; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280614/; classtype:trojan-activity;sid:84143714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm7"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280615/; classtype:trojan-activity;sid:84143715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.i686"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280616/; classtype:trojan-activity;sid:84143716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.182.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280617/; classtype:trojan-activity;sid:84143717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm4"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280618/; classtype:trojan-activity;sid:84143718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sparc"; depth:13; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280613/; classtype:trojan-activity;sid:84143713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sh4"; depth:11; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280599/; classtype:trojan-activity;sid:84143699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm6"; depth:12; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280600/; classtype:trojan-activity;sid:84143700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arc"; depth:11; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280601/; classtype:trojan-activity;sid:84143701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mips"; depth:12; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280602/; classtype:trojan-activity;sid:84143702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280603/; classtype:trojan-activity;sid:84143703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280604/; classtype:trojan-activity;sid:84143704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mipsel"; depth:14; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280605/; classtype:trojan-activity;sid:84143705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.m68k"; depth:12; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280606/; classtype:trojan-activity;sid:84143706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.powerpc"; depth:15; endswith; nocase; http.host; content:"103.149.87.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280607/; classtype:trojan-activity;sid:84143707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mpsl"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280608/; classtype:trojan-activity;sid:84143708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.x86"; depth:14; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280609/; classtype:trojan-activity;sid:84143709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.sparc"; depth:16; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280610/; classtype:trojan-activity;sid:84143710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.m68k"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280611/; classtype:trojan-activity;sid:84143711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.i586"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280612/; classtype:trojan-activity;sid:84143712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm6"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280598/; classtype:trojan-activity;sid:84143698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm5"; depth:15; endswith; nocase; http.host; content:"93.123.85.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280597/; classtype:trojan-activity;sid:84143697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.201.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280595/; classtype:trojan-activity;sid:84143695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.176.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280594/; classtype:trojan-activity;sid:84143694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.250.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280593/; classtype:trojan-activity;sid:84143693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.188.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280592/; classtype:trojan-activity;sid:84143692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.182.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280589/; classtype:trojan-activity;sid:84143689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.34.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280590/; classtype:trojan-activity;sid:84143690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.102.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280591/; classtype:trojan-activity;sid:84143691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.98.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280588/; classtype:trojan-activity;sid:84143688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.217.246.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280587/; classtype:trojan-activity;sid:84143687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.159.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280586/; classtype:trojan-activity;sid:84143686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.147.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280584/; classtype:trojan-activity;sid:84143684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280585/; classtype:trojan-activity;sid:84143685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.51.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280583/; classtype:trojan-activity;sid:84143683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.210.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280582/; classtype:trojan-activity;sid:84143682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280581/; classtype:trojan-activity;sid:84143681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.183.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280580/; classtype:trojan-activity;sid:84143680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280578/; classtype:trojan-activity;sid:84143678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280579/; classtype:trojan-activity;sid:84143679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280577/; classtype:trojan-activity;sid:84143677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280575/; classtype:trojan-activity;sid:84143675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280576/; classtype:trojan-activity;sid:84143676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280574/; classtype:trojan-activity;sid:84143674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.216.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280573/; classtype:trojan-activity;sid:84143673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.154.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280572/; classtype:trojan-activity;sid:84143672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280571/; classtype:trojan-activity;sid:84143671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280570/; classtype:trojan-activity;sid:84143670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280568/; classtype:trojan-activity;sid:84143668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280569/; classtype:trojan-activity;sid:84143669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280564/; classtype:trojan-activity;sid:84143664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280565/; classtype:trojan-activity;sid:84143665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280566/; classtype:trojan-activity;sid:84143666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280567/; classtype:trojan-activity;sid:84143667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280561/; classtype:trojan-activity;sid:84143661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280562/; classtype:trojan-activity;sid:84143662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280563/; classtype:trojan-activity;sid:84143663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"byte-main-cnc.n-e.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280560/; classtype:trojan-activity;sid:84143660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main.exe"; depth:9; endswith; nocase; http.host; content:"121.36.224.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280559/; classtype:trojan-activity;sid:84143659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.127.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280558/; classtype:trojan-activity;sid:84143658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.197.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280557/; classtype:trojan-activity;sid:84143657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.17.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280556/; classtype:trojan-activity;sid:84143656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.21.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280555/; classtype:trojan-activity;sid:84143655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.189.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280554/; classtype:trojan-activity;sid:84143654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.127.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280553/; classtype:trojan-activity;sid:84143653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280552/; classtype:trojan-activity;sid:84143652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280551/; classtype:trojan-activity;sid:84143651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i/web/i"; depth:8; endswith; nocase; http.host; content:"149.56.81.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280550/; classtype:trojan-activity;sid:84143650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.197.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280549/; classtype:trojan-activity;sid:84143649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/josho.x86"; depth:17; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280548/; classtype:trojan-activity;sid:84143648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.122.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280547/; classtype:trojan-activity;sid:84143647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.146.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280546/; classtype:trojan-activity;sid:84143646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.52.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280545/; classtype:trojan-activity;sid:84143645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.50.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280544/; classtype:trojan-activity;sid:84143644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280543/; classtype:trojan-activity;sid:84143643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280539/; classtype:trojan-activity;sid:84143639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280540/; classtype:trojan-activity;sid:84143640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280541/; classtype:trojan-activity;sid:84143641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280542/; classtype:trojan-activity;sid:84143642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.88.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280538/; classtype:trojan-activity;sid:84143638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.74.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280537/; classtype:trojan-activity;sid:84143637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.121.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280536/; classtype:trojan-activity;sid:84143636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.22.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280534/; classtype:trojan-activity;sid:84143634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.81.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280535/; classtype:trojan-activity;sid:84143635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.0.144"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280533/; classtype:trojan-activity;sid:84143633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.86.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280532/; classtype:trojan-activity;sid:84143632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.189.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280531/; classtype:trojan-activity;sid:84143631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.52.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280530/; classtype:trojan-activity;sid:84143630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280528/; classtype:trojan-activity;sid:84143628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280529/; classtype:trojan-activity;sid:84143629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280526/; classtype:trojan-activity;sid:84143626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280527/; classtype:trojan-activity;sid:84143627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.10.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280525/; classtype:trojan-activity;sid:84143625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280524/; classtype:trojan-activity;sid:84143624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.202.35.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280523/; classtype:trojan-activity;sid:84143623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.75.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280522/; classtype:trojan-activity;sid:84143622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.80.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280521/; classtype:trojan-activity;sid:84143621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.101.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280520/; classtype:trojan-activity;sid:84143620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280517/; classtype:trojan-activity;sid:84143617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280518/; classtype:trojan-activity;sid:84143618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280519/; classtype:trojan-activity;sid:84143619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280516/; classtype:trojan-activity;sid:84143616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.166.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280515/; classtype:trojan-activity;sid:84143615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.74.162.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280514/; classtype:trojan-activity;sid:84143614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"154.216.16.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280513/; classtype:trojan-activity;sid:84143613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.68.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280510/; classtype:trojan-activity;sid:84143610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280511/; classtype:trojan-activity;sid:84143611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280512/; classtype:trojan-activity;sid:84143612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280506/; classtype:trojan-activity;sid:84143606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280507/; classtype:trojan-activity;sid:84143607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280508/; classtype:trojan-activity;sid:84143608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280509/; classtype:trojan-activity;sid:84143609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.25.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280505/; classtype:trojan-activity;sid:84143605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280500/; classtype:trojan-activity;sid:84143600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280501/; classtype:trojan-activity;sid:84143601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280502/; classtype:trojan-activity;sid:84143602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280503/; classtype:trojan-activity;sid:84143603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280504/; classtype:trojan-activity;sid:84143604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.33.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280499/; classtype:trojan-activity;sid:84143599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loads.exe"; depth:10; endswith; nocase; http.host; content:"185.208.156.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280497/; classtype:trojan-activity;sid:84143597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.129.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280498/; classtype:trojan-activity;sid:84143598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.38.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280496/; classtype:trojan-activity;sid:84143596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.75.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280495/; classtype:trojan-activity;sid:84143595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280494/; classtype:trojan-activity;sid:84143594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.213.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280493/; classtype:trojan-activity;sid:84143593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280492/; classtype:trojan-activity;sid:84143592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.142.119.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280491/; classtype:trojan-activity;sid:84143591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.13.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280489/; classtype:trojan-activity;sid:84143589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.42.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280490/; classtype:trojan-activity;sid:84143590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.19.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280488/; classtype:trojan-activity;sid:84143588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.121.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280487/; classtype:trojan-activity;sid:84143587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.180.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280486/; classtype:trojan-activity;sid:84143586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.7.165.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280485/; classtype:trojan-activity;sid:84143585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.202.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280484/; classtype:trojan-activity;sid:84143584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.226.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280483/; classtype:trojan-activity;sid:84143583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.226.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280482/; classtype:trojan-activity;sid:84143582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.160.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280481/; classtype:trojan-activity;sid:84143581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.101.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280480/; classtype:trojan-activity;sid:84143580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.174.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280478/; classtype:trojan-activity;sid:84143578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngrok.exe"; depth:10; endswith; nocase; http.host; content:"176.111.174.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280479/; classtype:trojan-activity;sid:84143579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/8qp3nhvw"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280476/; classtype:trojan-activity;sid:84143576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.208.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280477/; classtype:trojan-activity;sid:84143577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/9gnnxh5h"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280456/; classtype:trojan-activity;sid:84143556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/wztnj3hi"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280457/; classtype:trojan-activity;sid:84143557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/y9pvlxcr"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280458/; classtype:trojan-activity;sid:84143558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xmykas1g"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280459/; classtype:trojan-activity;sid:84143559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/hbuej1rs"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280460/; classtype:trojan-activity;sid:84143560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ng1.bat"; depth:8; endswith; nocase; http.host; content:"176.111.174.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280461/; classtype:trojan-activity;sid:84143561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/pqqzfend"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280462/; classtype:trojan-activity;sid:84143562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ng2.bat"; depth:8; endswith; nocase; http.host; content:"176.111.174.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280463/; classtype:trojan-activity;sid:84143563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/z5pyzbtj"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280464/; classtype:trojan-activity;sid:84143564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/u2wpicru"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280465/; classtype:trojan-activity;sid:84143565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/uwytgz4q"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280466/; classtype:trojan-activity;sid:84143566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/be52bvvz"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280467/; classtype:trojan-activity;sid:84143567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bxbx8g7g"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280468/; classtype:trojan-activity;sid:84143568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/3x5jnzbv"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280469/; classtype:trojan-activity;sid:84143569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/nuslnjch"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280470/; classtype:trojan-activity;sid:84143570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ynjiak1f"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280471/; classtype:trojan-activity;sid:84143571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/igpkzh8v"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280472/; classtype:trojan-activity;sid:84143572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/j2b4x0rb"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280473/; classtype:trojan-activity;sid:84143573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/t2u2vjn5"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280474/; classtype:trojan-activity;sid:84143574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vmmanagedsetup.exe"; depth:19; endswith; nocase; http.host; content:"176.111.174.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280475/; classtype:trojan-activity;sid:84143575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/tjrtlkms"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280454/; classtype:trojan-activity;sid:84143554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/q2frtjeh"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280455/; classtype:trojan-activity;sid:84143555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.3.254"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280453/; classtype:trojan-activity;sid:84143553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.174.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280452/; classtype:trojan-activity;sid:84143552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.166.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280451/; classtype:trojan-activity;sid:84143551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.210.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280450/; classtype:trojan-activity;sid:84143550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"2.187.118.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280449/; classtype:trojan-activity;sid:84143549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"93.123.85.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280448/; classtype:trojan-activity;sid:84143548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.33.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280447/; classtype:trojan-activity;sid:84143547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.157.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280446/; classtype:trojan-activity;sid:84143546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.81.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280445/; classtype:trojan-activity;sid:84143545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.165.69.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280444/; classtype:trojan-activity;sid:84143544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280443/; classtype:trojan-activity;sid:84143543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.225.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280442/; classtype:trojan-activity;sid:84143542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.216.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280441/; classtype:trojan-activity;sid:84143541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.96.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280440/; classtype:trojan-activity;sid:84143540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.81.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280439/; classtype:trojan-activity;sid:84143539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.59.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280438/; classtype:trojan-activity;sid:84143538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.80.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280437/; classtype:trojan-activity;sid:84143537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.225.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280436/; classtype:trojan-activity;sid:84143536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.157.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280435/; classtype:trojan-activity;sid:84143535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.198.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280434/; classtype:trojan-activity;sid:84143534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botpilled/rbot"; depth:15; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280433/; classtype:trojan-activity;sid:84143533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.182.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280432/; classtype:trojan-activity;sid:84143532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.185.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280431/; classtype:trojan-activity;sid:84143531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.83.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280430/; classtype:trojan-activity;sid:84143530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280429/; classtype:trojan-activity;sid:84143529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.235.219.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280428/; classtype:trojan-activity;sid:84143528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.i586"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280427/; classtype:trojan-activity;sid:84143527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mpsl"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280422/; classtype:trojan-activity;sid:84143522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.i686"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280423/; classtype:trojan-activity;sid:84143523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280424/; classtype:trojan-activity;sid:84143524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.sh4"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280425/; classtype:trojan-activity;sid:84143525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.x86"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280426/; classtype:trojan-activity;sid:84143526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm7"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280420/; classtype:trojan-activity;sid:84143520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm6"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280421/; classtype:trojan-activity;sid:84143521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.sparc"; depth:16; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280419/; classtype:trojan-activity;sid:84143519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.m68k"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280417/; classtype:trojan-activity;sid:84143517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.ppc"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280418/; classtype:trojan-activity;sid:84143518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280414/; classtype:trojan-activity;sid:84143514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm4"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280415/; classtype:trojan-activity;sid:84143515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm5"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280416/; classtype:trojan-activity;sid:84143516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.59.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280413/; classtype:trojan-activity;sid:84143513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.127.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280412/; classtype:trojan-activity;sid:84143512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.210.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280411/; classtype:trojan-activity;sid:84143511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280410/; classtype:trojan-activity;sid:84143510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.121.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280409/; classtype:trojan-activity;sid:84143509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.arm"; depth:17; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280408/; classtype:trojan-activity;sid:84143508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.x86_64"; depth:20; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280407/; classtype:trojan-activity;sid:84143507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.arm5"; depth:18; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280406/; classtype:trojan-activity;sid:84143506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.sh4"; depth:17; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280405/; classtype:trojan-activity;sid:84143505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.m68k"; depth:18; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280395/; classtype:trojan-activity;sid:84143495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.arc"; depth:17; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280396/; classtype:trojan-activity;sid:84143496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.ppc"; depth:17; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280397/; classtype:trojan-activity;sid:84143497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.spc"; depth:17; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280398/; classtype:trojan-activity;sid:84143498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.arm7"; depth:18; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280399/; classtype:trojan-activity;sid:84143499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.mips"; depth:18; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280400/; classtype:trojan-activity;sid:84143500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.mpsl"; depth:18; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280401/; classtype:trojan-activity;sid:84143501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/debug.dbg"; depth:19; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280402/; classtype:trojan-activity;sid:84143502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.arm6"; depth:18; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280403/; classtype:trojan-activity;sid:84143503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.182.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280404/; classtype:trojan-activity;sid:84143504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.44.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280394/; classtype:trojan-activity;sid:84143494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.143.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280393/; classtype:trojan-activity;sid:84143493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280392/; classtype:trojan-activity;sid:84143492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280391/; classtype:trojan-activity;sid:84143491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.240.18.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280390/; classtype:trojan-activity;sid:84143490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.176.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280389/; classtype:trojan-activity;sid:84143489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.212.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280388/; classtype:trojan-activity;sid:84143488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.48.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280387/; classtype:trojan-activity;sid:84143487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.44.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280386/; classtype:trojan-activity;sid:84143486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.205.176.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280385/; classtype:trojan-activity;sid:84143485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.35.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280384/; classtype:trojan-activity;sid:84143484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.62.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280383/; classtype:trojan-activity;sid:84143483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.142.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280382/; classtype:trojan-activity;sid:84143482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.115.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280381/; classtype:trojan-activity;sid:84143481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.108.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280379/; classtype:trojan-activity;sid:84143479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.199.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280380/; classtype:trojan-activity;sid:84143480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.159.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280378/; classtype:trojan-activity;sid:84143478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/update1.bat"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280373/; classtype:trojan-activity;sid:84143473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/document1.zip"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280374/; classtype:trojan-activity;sid:84143474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/bb.tyu"; depth:31; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280375/; classtype:trojan-activity;sid:84143475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/document2.zip"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280376/; classtype:trojan-activity;sid:84143476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptt2k5/ltl203/blob/main/lpl.zip"; depth:32; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280377/; classtype:trojan-activity;sid:84143477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.23.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280372/; classtype:trojan-activity;sid:84143472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.220.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280371/; classtype:trojan-activity;sid:84143471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.254.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280370/; classtype:trojan-activity;sid:84143470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.232.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280369/; classtype:trojan-activity;sid:84143469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.23.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280368/; classtype:trojan-activity;sid:84143468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.234.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280367/; classtype:trojan-activity;sid:84143467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.233.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280366/; classtype:trojan-activity;sid:84143466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280365/; classtype:trojan-activity;sid:84143465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.251.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280364/; classtype:trojan-activity;sid:84143464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.24.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280363/; classtype:trojan-activity;sid:84143463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.19.245"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280362/; classtype:trojan-activity;sid:84143462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.115.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280361/; classtype:trojan-activity;sid:84143461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280360/; classtype:trojan-activity;sid:84143460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.44.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280359/; classtype:trojan-activity;sid:84143459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280358/; classtype:trojan-activity;sid:84143458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.136.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280357/; classtype:trojan-activity;sid:84143457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.159.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280356/; classtype:trojan-activity;sid:84143456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.67.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280355/; classtype:trojan-activity;sid:84143455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.254.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280353/; classtype:trojan-activity;sid:84143453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280354/; classtype:trojan-activity;sid:84143454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.150.75.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280352/; classtype:trojan-activity;sid:84143452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.142.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280351/; classtype:trojan-activity;sid:84143451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.220.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280350/; classtype:trojan-activity;sid:84143450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.113.176.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280349/; classtype:trojan-activity;sid:84143449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280337/; classtype:trojan-activity;sid:84143437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280338/; classtype:trojan-activity;sid:84143438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280339/; classtype:trojan-activity;sid:84143439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280340/; classtype:trojan-activity;sid:84143440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280341/; classtype:trojan-activity;sid:84143441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280342/; classtype:trojan-activity;sid:84143442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280343/; classtype:trojan-activity;sid:84143443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280344/; classtype:trojan-activity;sid:84143444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280345/; classtype:trojan-activity;sid:84143445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280346/; classtype:trojan-activity;sid:84143446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280347/; classtype:trojan-activity;sid:84143447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280348/; classtype:trojan-activity;sid:84143448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.5.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280336/; classtype:trojan-activity;sid:84143436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.73.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280334/; classtype:trojan-activity;sid:84143434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.239.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280335/; classtype:trojan-activity;sid:84143435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.241.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280333/; classtype:trojan-activity;sid:84143433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.23.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280332/; classtype:trojan-activity;sid:84143432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.10.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280331/; classtype:trojan-activity;sid:84143431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.136.125.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280330/; classtype:trojan-activity;sid:84143430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280329/; classtype:trojan-activity;sid:84143429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.232.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280328/; classtype:trojan-activity;sid:84143428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.120.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280326/; classtype:trojan-activity;sid:84143426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.146.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280327/; classtype:trojan-activity;sid:84143427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280324/; classtype:trojan-activity;sid:84143424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.24.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280325/; classtype:trojan-activity;sid:84143425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280323/; classtype:trojan-activity;sid:84143423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280322/; classtype:trojan-activity;sid:84143422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280321/; classtype:trojan-activity;sid:84143421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.62.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280320/; classtype:trojan-activity;sid:84143420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.0.144"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280319/; classtype:trojan-activity;sid:84143419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.101.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280318/; classtype:trojan-activity;sid:84143418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"198.23.197.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280317/; classtype:trojan-activity;sid:84143417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.113.176.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280316/; classtype:trojan-activity;sid:84143416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.5.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280315/; classtype:trojan-activity;sid:84143415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.70.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280313/; classtype:trojan-activity;sid:84143413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.239.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280314/; classtype:trojan-activity;sid:84143414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.139.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280312/; classtype:trojan-activity;sid:84143412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.73.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280311/; classtype:trojan-activity;sid:84143411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.241.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280310/; classtype:trojan-activity;sid:84143410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.146.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280309/; classtype:trojan-activity;sid:84143409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.127.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280308/; classtype:trojan-activity;sid:84143408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.65.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280305/; classtype:trojan-activity;sid:84143405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.96.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280306/; classtype:trojan-activity;sid:84143406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.239.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280307/; classtype:trojan-activity;sid:84143407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280302/; classtype:trojan-activity;sid:84143402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.82.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280303/; classtype:trojan-activity;sid:84143403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mapper.exe"; depth:11; endswith; nocase; http.host; content:"kaleidoscopic-seahorse-ca2964.netlify.app"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280304/; classtype:trojan-activity;sid:84143404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.121.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280301/; classtype:trojan-activity;sid:84143401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/4.png"; depth:8; endswith; nocase; http.host; content:"185.147.124.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280300/; classtype:trojan-activity;sid:84143400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.152.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280299/; classtype:trojan-activity;sid:84143399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.73.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280298/; classtype:trojan-activity;sid:84143398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.207.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280297/; classtype:trojan-activity;sid:84143397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.205.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280296/; classtype:trojan-activity;sid:84143396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.205.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280295/; classtype:trojan-activity;sid:84143395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.204.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280293/; classtype:trojan-activity;sid:84143393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.73.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280294/; classtype:trojan-activity;sid:84143394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.174.117.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280292/; classtype:trojan-activity;sid:84143392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.101.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280290/; classtype:trojan-activity;sid:84143390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.185.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280291/; classtype:trojan-activity;sid:84143391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.146.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280289/; classtype:trojan-activity;sid:84143389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.87.34.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280287/; classtype:trojan-activity;sid:84143387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.134.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280288/; classtype:trojan-activity;sid:84143388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280285/; classtype:trojan-activity;sid:84143385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.112.100.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280286/; classtype:trojan-activity;sid:84143386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.69.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280283/; classtype:trojan-activity;sid:84143383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.24.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280284/; classtype:trojan-activity;sid:84143384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.167.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280282/; classtype:trojan-activity;sid:84143382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.154.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280281/; classtype:trojan-activity;sid:84143381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.175.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280280/; classtype:trojan-activity;sid:84143380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"166.143.139.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280279/; classtype:trojan-activity;sid:84143379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.167.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280278/; classtype:trojan-activity;sid:84143378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.185.53.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280277/; classtype:trojan-activity;sid:84143377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280276/; classtype:trojan-activity;sid:84143376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.183.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280275/; classtype:trojan-activity;sid:84143375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.248.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280274/; classtype:trojan-activity;sid:84143374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.159.232.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280273/; classtype:trojan-activity;sid:84143373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.70.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280272/; classtype:trojan-activity;sid:84143372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.179.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280271/; classtype:trojan-activity;sid:84143371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.220.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280270/; classtype:trojan-activity;sid:84143370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.82.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280269/; classtype:trojan-activity;sid:84143369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.120.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280268/; classtype:trojan-activity;sid:84143368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.99.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280267/; classtype:trojan-activity;sid:84143367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.192.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280266/; classtype:trojan-activity;sid:84143366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.239.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280265/; classtype:trojan-activity;sid:84143365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.109.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280264/; classtype:trojan-activity;sid:84143364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.28.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280263/; classtype:trojan-activity;sid:84143363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.78.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280262/; classtype:trojan-activity;sid:84143362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.11.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280260/; classtype:trojan-activity;sid:84143360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.128.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280261/; classtype:trojan-activity;sid:84143361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.207.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280259/; classtype:trojan-activity;sid:84143359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/chrome.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280254/; classtype:trojan-activity;sid:84143354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/chrome.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280255/; classtype:trojan-activity;sid:84143355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/zhark.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280256/; classtype:trojan-activity;sid:84143356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/zhark.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280257/; classtype:trojan-activity;sid:84143357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/chrome.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280258/; classtype:trojan-activity;sid:84143358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/zhark.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280253/; classtype:trojan-activity;sid:84143353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/remcos_a.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280252/; classtype:trojan-activity;sid:84143352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/remcos_a.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280251/; classtype:trojan-activity;sid:84143351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/remcos_a.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280249/; classtype:trojan-activity;sid:84143349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.73.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280250/; classtype:trojan-activity;sid:84143350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/build.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280247/; classtype:trojan-activity;sid:84143347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.137.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280248/; classtype:trojan-activity;sid:84143348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/build.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280240/; classtype:trojan-activity;sid:84143340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/buildd.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280241/; classtype:trojan-activity;sid:84143341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/buildd.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280242/; classtype:trojan-activity;sid:84143342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/buildd.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280243/; classtype:trojan-activity;sid:84143343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/3e3ev3.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280244/; classtype:trojan-activity;sid:84143344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/3e3ev3.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280245/; classtype:trojan-activity;sid:84143345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/3e3ev3.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280246/; classtype:trojan-activity;sid:84143346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/build.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280239/; classtype:trojan-activity;sid:84143339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.205.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280238/; classtype:trojan-activity;sid:84143338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.205.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280237/; classtype:trojan-activity;sid:84143337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.179.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280236/; classtype:trojan-activity;sid:84143336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.202.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280235/; classtype:trojan-activity;sid:84143335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.179.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280234/; classtype:trojan-activity;sid:84143334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.85.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280233/; classtype:trojan-activity;sid:84143333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.245.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280232/; classtype:trojan-activity;sid:84143332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.134.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280231/; classtype:trojan-activity;sid:84143331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280230/; classtype:trojan-activity;sid:84143330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.150.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280229/; classtype:trojan-activity;sid:84143329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.99.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280228/; classtype:trojan-activity;sid:84143328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contrato-prime.pdf"; depth:19; endswith; nocase; http.host; content:"contrato-prime.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280226/; classtype:trojan-activity;sid:84143326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.192.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280227/; classtype:trojan-activity;sid:84143327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.88.170.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280225/; classtype:trojan-activity;sid:84143325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.31.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280224/; classtype:trojan-activity;sid:84143324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.21.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280223/; classtype:trojan-activity;sid:84143323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.251.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280222/; classtype:trojan-activity;sid:84143322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"176.96.227.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280221/; classtype:trojan-activity;sid:84143321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"142.54.181.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280220/; classtype:trojan-activity;sid:84143320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"198.44.249.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280219/; classtype:trojan-activity;sid:84143319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.222.67.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280213/; classtype:trojan-activity;sid:84143313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"123.57.75.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280214/; classtype:trojan-activity;sid:84143314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.40.45.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280215/; classtype:trojan-activity;sid:84143315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"202.131.82.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280216/; classtype:trojan-activity;sid:84143316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.4.36.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280217/; classtype:trojan-activity;sid:84143317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.204.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280218/; classtype:trojan-activity;sid:84143318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"123.207.196.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280211/; classtype:trojan-activity;sid:84143311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.40.52.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280212/; classtype:trojan-activity;sid:84143312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.100.108.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280210/; classtype:trojan-activity;sid:84143310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.223.186.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280204/; classtype:trojan-activity;sid:84143304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.24.38.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280205/; classtype:trojan-activity;sid:84143305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.196.189.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280206/; classtype:trojan-activity;sid:84143306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.25.147.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280207/; classtype:trojan-activity;sid:84143307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"119.91.231.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280208/; classtype:trojan-activity;sid:84143308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.50.163.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280209/; classtype:trojan-activity;sid:84143309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"119.91.201.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280194/; classtype:trojan-activity;sid:84143294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.41.18.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280195/; classtype:trojan-activity;sid:84143295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"132.232.107.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280196/; classtype:trojan-activity;sid:84143296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.196.92.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280197/; classtype:trojan-activity;sid:84143297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.53.104.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280198/; classtype:trojan-activity;sid:84143298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.221.127.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280199/; classtype:trojan-activity;sid:84143299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"167.71.207.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280200/; classtype:trojan-activity;sid:84143300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"112.124.39.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280201/; classtype:trojan-activity;sid:84143301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"150.158.115.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280202/; classtype:trojan-activity;sid:84143302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.89.124.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280203/; classtype:trojan-activity;sid:84143303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.90.244.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280192/; classtype:trojan-activity;sid:84143292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"140.143.142.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280193/; classtype:trojan-activity;sid:84143293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"165.140.240.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280191/; classtype:trojan-activity;sid:84143291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.14.123.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280188/; classtype:trojan-activity;sid:84143288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.109.122.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280189/; classtype:trojan-activity;sid:84143289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.109.122.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280190/; classtype:trojan-activity;sid:84143290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.242.50.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280187/; classtype:trojan-activity;sid:84143287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"42.193.19.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280182/; classtype:trojan-activity;sid:84143282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"49.233.211.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280183/; classtype:trojan-activity;sid:84143283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"42.193.53.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280184/; classtype:trojan-activity;sid:84143284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.52.181.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280185/; classtype:trojan-activity;sid:84143285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.64.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280186/; classtype:trojan-activity;sid:84143286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"40.124.112.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280179/; classtype:trojan-activity;sid:84143279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"107.151.251.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280180/; classtype:trojan-activity;sid:84143280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.136.40.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280181/; classtype:trojan-activity;sid:84143281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.200.180.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280168/; classtype:trojan-activity;sid:84143268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.149.128.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280169/; classtype:trojan-activity;sid:84143269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.217.7.79"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280170/; classtype:trojan-activity;sid:84143270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.95.210.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280171/; classtype:trojan-activity;sid:84143271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"49.235.151.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280172/; classtype:trojan-activity;sid:84143272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.138.34.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280173/; classtype:trojan-activity;sid:84143273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"111.231.21.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280174/; classtype:trojan-activity;sid:84143274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"49.232.143.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280175/; classtype:trojan-activity;sid:84143275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.96.67.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280176/; classtype:trojan-activity;sid:84143276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.62.173.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280177/; classtype:trojan-activity;sid:84143277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.115.237.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280178/; classtype:trojan-activity;sid:84143278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.13.255.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280166/; classtype:trojan-activity;sid:84143266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.141.118.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280167/; classtype:trojan-activity;sid:84143267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.130.147.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280165/; classtype:trojan-activity;sid:84143265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.113.96.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280160/; classtype:trojan-activity;sid:84143260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.92.195.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280161/; classtype:trojan-activity;sid:84143261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.94.6.24"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280162/; classtype:trojan-activity;sid:84143262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.133.177.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280163/; classtype:trojan-activity;sid:84143263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.152.212.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280164/; classtype:trojan-activity;sid:84143264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.130.18.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280150/; classtype:trojan-activity;sid:84143250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.100.70.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280151/; classtype:trojan-activity;sid:84143251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.134.34.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280152/; classtype:trojan-activity;sid:84143252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.238.103.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280153/; classtype:trojan-activity;sid:84143253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"60.205.58.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280154/; classtype:trojan-activity;sid:84143254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"60.205.58.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280155/; classtype:trojan-activity;sid:84143255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.108.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280156/; classtype:trojan-activity;sid:84143256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.138.20.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280157/; classtype:trojan-activity;sid:84143257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.77.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280158/; classtype:trojan-activity;sid:84143258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.103.79.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280159/; classtype:trojan-activity;sid:84143259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.49.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280148/; classtype:trojan-activity;sid:84143248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.14.226.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280149/; classtype:trojan-activity;sid:84143249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.103.236.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280145/; classtype:trojan-activity;sid:84143245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.14.226.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280146/; classtype:trojan-activity;sid:84143246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.156.151.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280147/; classtype:trojan-activity;sid:84143247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.207.49.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280144/; classtype:trojan-activity;sid:84143244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"82.156.5.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280143/; classtype:trojan-activity;sid:84143243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/ws2/:excellent2024/:stars_1/stars"; depth:37; endswith; nocase; http.host; content:"my.cloudme.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280141/; classtype:trojan-activity;sid:84143241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.220.211.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280142/; classtype:trojan-activity;sid:84143242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/ws2/:excellent2024/:stars/stars.txt"; depth:39; endswith; nocase; http.host; content:"my.cloudme.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280137/; classtype:trojan-activity;sid:84143237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280138/; classtype:trojan-activity;sid:84143238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"82.157.184.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280139/; classtype:trojan-activity;sid:84143239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.58.126.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280140/; classtype:trojan-activity;sid:84143240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.34.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280136/; classtype:trojan-activity;sid:84143236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280135/; classtype:trojan-activity;sid:84143235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.147.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280134/; classtype:trojan-activity;sid:84143234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.134.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280133/; classtype:trojan-activity;sid:84143233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.29.129.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280132/; classtype:trojan-activity;sid:84143232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280131/; classtype:trojan-activity;sid:84143231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.166.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280130/; classtype:trojan-activity;sid:84143230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.245.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280128/; classtype:trojan-activity;sid:84143228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.137.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280129/; classtype:trojan-activity;sid:84143229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.51.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280126/; classtype:trojan-activity;sid:84143226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.250.57.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280127/; classtype:trojan-activity;sid:84143227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280125/; classtype:trojan-activity;sid:84143225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.205.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280124/; classtype:trojan-activity;sid:84143224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.20.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280123/; classtype:trojan-activity;sid:84143223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.93.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280122/; classtype:trojan-activity;sid:84143222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.107.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280121/; classtype:trojan-activity;sid:84143221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.164.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280120/; classtype:trojan-activity;sid:84143220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.179.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280119/; classtype:trojan-activity;sid:84143219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.196.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280118/; classtype:trojan-activity;sid:84143218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.90.244.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280117/; classtype:trojan-activity;sid:84143217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.147.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280116/; classtype:trojan-activity;sid:84143216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.29.129.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280115/; classtype:trojan-activity;sid:84143215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.97.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280113/; classtype:trojan-activity;sid:84143213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.147.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280114/; classtype:trojan-activity;sid:84143214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280112/; classtype:trojan-activity;sid:84143212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.150.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280111/; classtype:trojan-activity;sid:84143211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.2.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280110/; classtype:trojan-activity;sid:84143210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280109/; classtype:trojan-activity;sid:84143209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280108/; classtype:trojan-activity;sid:84143208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.144.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280107/; classtype:trojan-activity;sid:84143207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//18.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280106/; classtype:trojan-activity;sid:84143206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//22.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280102/; classtype:trojan-activity;sid:84143202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//16.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280103/; classtype:trojan-activity;sid:84143203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//1.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280104/; classtype:trojan-activity;sid:84143204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//11.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280105/; classtype:trojan-activity;sid:84143205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//17.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280101/; classtype:trojan-activity;sid:84143201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//10.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280100/; classtype:trojan-activity;sid:84143200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//21.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280099/; classtype:trojan-activity;sid:84143199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//19.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280097/; classtype:trojan-activity;sid:84143197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//12.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280098/; classtype:trojan-activity;sid:84143198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//14.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280096/; classtype:trojan-activity;sid:84143196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//13.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280094/; classtype:trojan-activity;sid:84143194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//15.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280095/; classtype:trojan-activity;sid:84143195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//20.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280092/; classtype:trojan-activity;sid:84143192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//0.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280093/; classtype:trojan-activity;sid:84143193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280091/; classtype:trojan-activity;sid:84143191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280090/; classtype:trojan-activity;sid:84143190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/27.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280083/; classtype:trojan-activity;sid:84143183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280084/; classtype:trojan-activity;sid:84143184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280085/; classtype:trojan-activity;sid:84143185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280086/; classtype:trojan-activity;sid:84143186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280087/; classtype:trojan-activity;sid:84143187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280088/; classtype:trojan-activity;sid:84143188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280089/; classtype:trojan-activity;sid:84143189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.252.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280082/; classtype:trojan-activity;sid:84143182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.181.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280081/; classtype:trojan-activity;sid:84143181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280080/; classtype:trojan-activity;sid:84143180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280078/; classtype:trojan-activity;sid:84143178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/39.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280079/; classtype:trojan-activity;sid:84143179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280067/; classtype:trojan-activity;sid:84143167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280068/; classtype:trojan-activity;sid:84143168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280069/; classtype:trojan-activity;sid:84143169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280070/; classtype:trojan-activity;sid:84143170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280071/; classtype:trojan-activity;sid:84143171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280072/; classtype:trojan-activity;sid:84143172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280073/; classtype:trojan-activity;sid:84143173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280074/; classtype:trojan-activity;sid:84143174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280075/; classtype:trojan-activity;sid:84143175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280076/; classtype:trojan-activity;sid:84143176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280077/; classtype:trojan-activity;sid:84143177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280058/; classtype:trojan-activity;sid:84143158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/39.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280059/; classtype:trojan-activity;sid:84143159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280060/; classtype:trojan-activity;sid:84143160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280061/; classtype:trojan-activity;sid:84143161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280062/; classtype:trojan-activity;sid:84143162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280063/; classtype:trojan-activity;sid:84143163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280064/; classtype:trojan-activity;sid:84143164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280065/; classtype:trojan-activity;sid:84143165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280066/; classtype:trojan-activity;sid:84143166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280034/; classtype:trojan-activity;sid:84143134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280035/; classtype:trojan-activity;sid:84143135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280036/; classtype:trojan-activity;sid:84143136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280037/; classtype:trojan-activity;sid:84143137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280038/; classtype:trojan-activity;sid:84143138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280039/; classtype:trojan-activity;sid:84143139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280040/; classtype:trojan-activity;sid:84143140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280041/; classtype:trojan-activity;sid:84143141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280042/; classtype:trojan-activity;sid:84143142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280043/; classtype:trojan-activity;sid:84143143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280044/; classtype:trojan-activity;sid:84143144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280045/; classtype:trojan-activity;sid:84143145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280046/; classtype:trojan-activity;sid:84143146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280047/; classtype:trojan-activity;sid:84143147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280048/; classtype:trojan-activity;sid:84143148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280049/; classtype:trojan-activity;sid:84143149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280050/; classtype:trojan-activity;sid:84143150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280051/; classtype:trojan-activity;sid:84143151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280052/; classtype:trojan-activity;sid:84143152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280053/; classtype:trojan-activity;sid:84143153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280054/; classtype:trojan-activity;sid:84143154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280055/; classtype:trojan-activity;sid:84143155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280056/; classtype:trojan-activity;sid:84143156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280057/; classtype:trojan-activity;sid:84143157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/101204.zip"; depth:11; endswith; nocase; http.host; content:"sextadoc.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280033/; classtype:trojan-activity;sid:84143133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280032/; classtype:trojan-activity;sid:84143132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280030/; classtype:trojan-activity;sid:84143130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280031/; classtype:trojan-activity;sid:84143131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280029/; classtype:trojan-activity;sid:84143129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//4.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280027/; classtype:trojan-activity;sid:84143127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280028/; classtype:trojan-activity;sid:84143128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280026/; classtype:trojan-activity;sid:84143126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//35.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280024/; classtype:trojan-activity;sid:84143124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280025/; classtype:trojan-activity;sid:84143125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280023/; classtype:trojan-activity;sid:84143123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280021/; classtype:trojan-activity;sid:84143121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//31.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280022/; classtype:trojan-activity;sid:84143122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280020/; classtype:trojan-activity;sid:84143120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//3.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280018/; classtype:trojan-activity;sid:84143118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280019/; classtype:trojan-activity;sid:84143119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280015/; classtype:trojan-activity;sid:84143115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280016/; classtype:trojan-activity;sid:84143116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280017/; classtype:trojan-activity;sid:84143117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280013/; classtype:trojan-activity;sid:84143113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28.msi"; depth:7; endswith; nocase; http.host; content:"twomicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280014/; classtype:trojan-activity;sid:84143114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280010/; classtype:trojan-activity;sid:84143110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//39.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280011/; classtype:trojan-activity;sid:84143111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/27.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280012/; classtype:trojan-activity;sid:84143112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280009/; classtype:trojan-activity;sid:84143109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280006/; classtype:trojan-activity;sid:84143106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280007/; classtype:trojan-activity;sid:84143107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//36.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280008/; classtype:trojan-activity;sid:84143108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280004/; classtype:trojan-activity;sid:84143104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280005/; classtype:trojan-activity;sid:84143105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280003/; classtype:trojan-activity;sid:84143103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//32.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280001/; classtype:trojan-activity;sid:84143101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/27.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280002/; classtype:trojan-activity;sid:84143102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//29.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280000/; classtype:trojan-activity;sid:84143100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279999/; classtype:trojan-activity;sid:84143099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279997/; classtype:trojan-activity;sid:84143097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//6.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279998/; classtype:trojan-activity;sid:84143098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279996/; classtype:trojan-activity;sid:84143096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279995/; classtype:trojan-activity;sid:84143095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//7.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279994/; classtype:trojan-activity;sid:84143094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279993/; classtype:trojan-activity;sid:84143093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279990/; classtype:trojan-activity;sid:84143090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//23.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279991/; classtype:trojan-activity;sid:84143091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//5.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279992/; classtype:trojan-activity;sid:84143092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//27.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279988/; classtype:trojan-activity;sid:84143088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279989/; classtype:trojan-activity;sid:84143089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//33.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279987/; classtype:trojan-activity;sid:84143087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279985/; classtype:trojan-activity;sid:84143085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279986/; classtype:trojan-activity;sid:84143086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.msi"; depth:7; endswith; nocase; http.host; content:"sextamsi.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279983/; classtype:trojan-activity;sid:84143083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.msi"; depth:7; endswith; nocase; http.host; content:"twomicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279984/; classtype:trojan-activity;sid:84143084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279979/; classtype:trojan-activity;sid:84143079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279980/; classtype:trojan-activity;sid:84143080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//34.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279981/; classtype:trojan-activity;sid:84143081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//8.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279982/; classtype:trojan-activity;sid:84143082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//37.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279977/; classtype:trojan-activity;sid:84143077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279978/; classtype:trojan-activity;sid:84143078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//9.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279975/; classtype:trojan-activity;sid:84143075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279976/; classtype:trojan-activity;sid:84143076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//26.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279973/; classtype:trojan-activity;sid:84143073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279974/; classtype:trojan-activity;sid:84143074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279971/; classtype:trojan-activity;sid:84143071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279972/; classtype:trojan-activity;sid:84143072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279970/; classtype:trojan-activity;sid:84143070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279968/; classtype:trojan-activity;sid:84143068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//24.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279969/; classtype:trojan-activity;sid:84143069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279967/; classtype:trojan-activity;sid:84143067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//30.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279966/; classtype:trojan-activity;sid:84143066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279965/; classtype:trojan-activity;sid:84143065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279964/; classtype:trojan-activity;sid:84143064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//38.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279963/; classtype:trojan-activity;sid:84143063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//25.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279962/; classtype:trojan-activity;sid:84143062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279960/; classtype:trojan-activity;sid:84143060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279961/; classtype:trojan-activity;sid:84143061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279959/; classtype:trojan-activity;sid:84143059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.dll"; depth:7; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279958/; classtype:trojan-activity;sid:84143058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279957/; classtype:trojan-activity;sid:84143057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279956/; classtype:trojan-activity;sid:84143056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279955/; classtype:trojan-activity;sid:84143055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279954/; classtype:trojan-activity;sid:84143054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279953/; classtype:trojan-activity;sid:84143053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//28.dll"; depth:8; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279952/; classtype:trojan-activity;sid:84143052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279951/; classtype:trojan-activity;sid:84143051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.msi"; depth:7; endswith; nocase; http.host; content:"sextamsi.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279950/; classtype:trojan-activity;sid:84143050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.245.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279949/; classtype:trojan-activity;sid:84143049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corajoso.exe"; depth:13; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279948/; classtype:trojan-activity;sid:84143048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juicy.exe"; depth:10; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279946/; classtype:trojan-activity;sid:84143046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corajoso.exe"; depth:13; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279947/; classtype:trojan-activity;sid:84143047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279944/; classtype:trojan-activity;sid:84143044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279945/; classtype:trojan-activity;sid:84143045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279942/; classtype:trojan-activity;sid:84143042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forte.exe"; depth:10; endswith; nocase; http.host; content:"onemicro.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279943/; classtype:trojan-activity;sid:84143043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.dll"; depth:7; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279941/; classtype:trojan-activity;sid:84143041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279940/; classtype:trojan-activity;sid:84143040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279939/; classtype:trojan-activity;sid:84143039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279938/; classtype:trojan-activity;sid:84143038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279937/; classtype:trojan-activity;sid:84143037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279936/; classtype:trojan-activity;sid:84143036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.dll"; depth:6; endswith; nocase; http.host; content:"quartaone.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279933/; classtype:trojan-activity;sid:84143033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.dll"; depth:6; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279934/; classtype:trojan-activity;sid:84143034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/39.dll"; depth:7; endswith; nocase; http.host; content:"sextadll.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279935/; classtype:trojan-activity;sid:84143035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.143.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279931/; classtype:trojan-activity;sid:84143031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.214.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279932/; classtype:trojan-activity;sid:84143032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.53.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279930/; classtype:trojan-activity;sid:84143030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.145.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279929/; classtype:trojan-activity;sid:84143029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.189.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279928/; classtype:trojan-activity;sid:84143028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.97.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279927/; classtype:trojan-activity;sid:84143027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.239.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279926/; classtype:trojan-activity;sid:84143026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.150.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279925/; classtype:trojan-activity;sid:84143025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279923/; classtype:trojan-activity;sid:84143023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.147.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279924/; classtype:trojan-activity;sid:84143024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.186.132.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279922/; classtype:trojan-activity;sid:84143022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.67.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279921/; classtype:trojan-activity;sid:84143021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.196.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279920/; classtype:trojan-activity;sid:84143020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.129.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279919/; classtype:trojan-activity;sid:84143019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.157.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279917/; classtype:trojan-activity;sid:84143017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.75.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279918/; classtype:trojan-activity;sid:84143018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.207.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279916/; classtype:trojan-activity;sid:84143016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.235.219.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279915/; classtype:trojan-activity;sid:84143015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.177.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279914/; classtype:trojan-activity;sid:84143014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.99.219"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279913/; classtype:trojan-activity;sid:84143013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.181.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279912/; classtype:trojan-activity;sid:84143012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.75.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279911/; classtype:trojan-activity;sid:84143011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.20.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279910/; classtype:trojan-activity;sid:84143010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279909/; classtype:trojan-activity;sid:84143009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.127.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279908/; classtype:trojan-activity;sid:84143008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.88.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279907/; classtype:trojan-activity;sid:84143007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.51.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279906/; classtype:trojan-activity;sid:84143006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.171.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279905/; classtype:trojan-activity;sid:84143005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.242.89.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279904/; classtype:trojan-activity;sid:84143004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.238.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279902/; classtype:trojan-activity;sid:84143002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.239.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279903/; classtype:trojan-activity;sid:84143003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.130.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279901/; classtype:trojan-activity;sid:84143001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c4ff1f7c1a7004e/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279899/; classtype:trojan-activity;sid:84142999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c4ff1f7c1a7004e/nss3.dll"; depth:26; endswith; nocase; http.host; content:"95.215.204.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279900/; classtype:trojan-activity;sid:84143000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c4ff1f7c1a7004e/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279895/; classtype:trojan-activity;sid:84142995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c4ff1f7c1a7004e/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279896/; classtype:trojan-activity;sid:84142996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c4ff1f7c1a7004e/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279897/; classtype:trojan-activity;sid:84142997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c4ff1f7c1a7004e/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279898/; classtype:trojan-activity;sid:84142998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c4ff1f7c1a7004e/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"95.215.204.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279894/; classtype:trojan-activity;sid:84142994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79/ni/greatthingswithmegreatloverherehavewithmegreat.hta"; depth:57; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279893/; classtype:trojan-activity;sid:84142993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79/seethebestthingswithgreatmagicalthingswithherlover.tif"; depth:58; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279892/; classtype:trojan-activity;sid:84142992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.132.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279891/; classtype:trojan-activity;sid:84142991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.50.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279890/; classtype:trojan-activity;sid:84142990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112/seethebestthingstogetmewithgreatthingsonhere.tif"; depth:53; endswith; nocase; http.host; content:"107.172.61.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279889/; classtype:trojan-activity;sid:84142989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279888/; classtype:trojan-activity;sid:84142988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.100.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279887/; classtype:trojan-activity;sid:84142987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.157.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279886/; classtype:trojan-activity;sid:84142986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.190.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279885/; classtype:trojan-activity;sid:84142985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279884/; classtype:trojan-activity;sid:84142984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.193.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279882/; classtype:trojan-activity;sid:84142982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.195.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279883/; classtype:trojan-activity;sid:84142983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.85.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279881/; classtype:trojan-activity;sid:84142981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279880/; classtype:trojan-activity;sid:84142980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.241.48.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279879/; classtype:trojan-activity;sid:84142979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.171.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279878/; classtype:trojan-activity;sid:84142978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.129.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279877/; classtype:trojan-activity;sid:84142977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ojr903.txt"; depth:11; endswith; nocase; http.host; content:"pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279876/; classtype:trojan-activity;sid:84142976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.4.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279875/; classtype:trojan-activity;sid:84142975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.130.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279874/; classtype:trojan-activity;sid:84142974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.58.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279873/; classtype:trojan-activity;sid:84142973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.228.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279872/; classtype:trojan-activity;sid:84142972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279870/; classtype:trojan-activity;sid:84142970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.183.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279871/; classtype:trojan-activity;sid:84142971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.8.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279869/; classtype:trojan-activity;sid:84142969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.171.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279867/; classtype:trojan-activity;sid:84142967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.130.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279868/; classtype:trojan-activity;sid:84142968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.88.80"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279866/; classtype:trojan-activity;sid:84142966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.209.129.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279865/; classtype:trojan-activity;sid:84142965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"test.downsexv.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279864/; classtype:trojan-activity;sid:84142964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.168.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279863/; classtype:trojan-activity;sid:84142963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/fnp9f9mqtyqfbxt/download"; depth:27; endswith; nocase; http.host; content:"i0004.clarodrive.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279862/; classtype:trojan-activity;sid:84142962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/3yh8gdte.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279861/; classtype:trojan-activity;sid:84142961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.dll"; depth:7; endswith; nocase; http.host; content:"joindll.b-cdn.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279857/; classtype:trojan-activity;sid:84142957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/hewiafhcorxzpixfho7r9/1oficio-nro-190-auto-admisorio-demanda-laboral-agradecemos-confirmar-recibido-esm.tar.uue.tar.001|3f|rlkey=57dq7uejag7ga1mse0uaz9g24|7c|26|7c|st=0067beft|7c|26|7c|dl=0"; depth:197; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279858/; classtype:trojan-activity;sid:84142958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22.msi"; depth:7; endswith; nocase; http.host; content:"joinmsi.b-cdn.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279859/; classtype:trojan-activity;sid:84142959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/moda59w4ikbv4731d6kz3/2oficio-nro-190-auto-admisorio-demanda-laboral-agradecemos-confirmar-recibido-esm.tar.uue.tar.001|3f|rlkey=fei6xsuh6s3ji870ijfeyqjps|7c|26|7c|st=egeiuua1|7c|26|7c|dl=0"; depth:197; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279860/; classtype:trojan-activity;sid:84142960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/6nteyex7.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279851/; classtype:trojan-activity;sid:84142951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/jb4w5s2l.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279852/; classtype:trojan-activity;sid:84142952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.33.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279853/; classtype:trojan-activity;sid:84142953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/j4vzzuai.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279854/; classtype:trojan-activity;sid:84142954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279855/; classtype:trojan-activity;sid:84142955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279856/; classtype:trojan-activity;sid:84142956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1rulmjavtbi3gqkps2udzol4jxgtynw1t|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279850/; classtype:trojan-activity;sid:84142950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.4.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279849/; classtype:trojan-activity;sid:84142949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/freecam.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279847/; classtype:trojan-activity;sid:84142947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sxqnmytm.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279848/; classtype:trojan-activity;sid:84142948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/set-up.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279846/; classtype:trojan-activity;sid:84142946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steam/random.exe|3f|9i"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279845/; classtype:trojan-activity;sid:84142945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mine/random.exe|3f|y"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279844/; classtype:trojan-activity;sid:84142944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279843/; classtype:trojan-activity;sid:84142943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sxqnmytm.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279842/; classtype:trojan-activity;sid:84142942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/set-up.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279840/; classtype:trojan-activity;sid:84142940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/document.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279841/; classtype:trojan-activity;sid:84142941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/freecam.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279839/; classtype:trojan-activity;sid:84142939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/freecam.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279838/; classtype:trojan-activity;sid:84142938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sxqnmytm.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279837/; classtype:trojan-activity;sid:84142937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/set-up.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279836/; classtype:trojan-activity;sid:84142936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.64.233.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279834/; classtype:trojan-activity;sid:84142934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.214.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279833/; classtype:trojan-activity;sid:84142933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/document.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279832/; classtype:trojan-activity;sid:84142932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/250925"; depth:7; endswith; nocase; http.host; content:"iplogger.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279831/; classtype:trojan-activity;sid:84142931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.173.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279830/; classtype:trojan-activity;sid:84142930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.57.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279829/; classtype:trojan-activity;sid:84142929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.101.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279827/; classtype:trojan-activity;sid:84142927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.251.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279828/; classtype:trojan-activity;sid:84142928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.211.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279826/; classtype:trojan-activity;sid:84142926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.4.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279825/; classtype:trojan-activity;sid:84142925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.85.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279824/; classtype:trojan-activity;sid:84142924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.166.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279823/; classtype:trojan-activity;sid:84142923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.130.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279822/; classtype:trojan-activity;sid:84142922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279821/; classtype:trojan-activity;sid:84142921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.73.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279820/; classtype:trojan-activity;sid:84142920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.35.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279818/; classtype:trojan-activity;sid:84142918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.187.75.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279819/; classtype:trojan-activity;sid:84142919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279816/; classtype:trojan-activity;sid:84142916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.128.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279817/; classtype:trojan-activity;sid:84142917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.17.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279815/; classtype:trojan-activity;sid:84142915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.70.181.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279814/; classtype:trojan-activity;sid:84142914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.219.18.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279813/; classtype:trojan-activity;sid:84142913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.19.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279812/; classtype:trojan-activity;sid:84142912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.9.46.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279811/; classtype:trojan-activity;sid:84142911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.5.11.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279810/; classtype:trojan-activity;sid:84142910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.115.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279809/; classtype:trojan-activity;sid:84142909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.87.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279808/; classtype:trojan-activity;sid:84142908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.183.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279807/; classtype:trojan-activity;sid:84142907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.94.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279806/; classtype:trojan-activity;sid:84142906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.189.149.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279805/; classtype:trojan-activity;sid:84142905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.133.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279804/; classtype:trojan-activity;sid:84142904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.139.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279802/; classtype:trojan-activity;sid:84142902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.15.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279803/; classtype:trojan-activity;sid:84142903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279801/; classtype:trojan-activity;sid:84142901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.166.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279800/; classtype:trojan-activity;sid:84142900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.90.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279799/; classtype:trojan-activity;sid:84142899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279798/; classtype:trojan-activity;sid:84142898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.101.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279797/; classtype:trojan-activity;sid:84142897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.35.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279796/; classtype:trojan-activity;sid:84142896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.88.80"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279794/; classtype:trojan-activity;sid:84142894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.173.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279795/; classtype:trojan-activity;sid:84142895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/./fax3672/../bab.zip"; depth:21; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279793/; classtype:trojan-activity;sid:84142893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.77.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279792/; classtype:trojan-activity;sid:84142892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.33.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279791/; classtype:trojan-activity;sid:84142891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.231.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279790/; classtype:trojan-activity;sid:84142890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279789/; classtype:trojan-activity;sid:84142889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.166.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279788/; classtype:trojan-activity;sid:84142888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.63.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279787/; classtype:trojan-activity;sid:84142887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279785/; classtype:trojan-activity;sid:84142885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/./fax3672/../dxjs.zip"; depth:22; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279786/; classtype:trojan-activity;sid:84142886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279783/; classtype:trojan-activity;sid:84142883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/./fax3672/../dxjs2.zip"; depth:23; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279784/; classtype:trojan-activity;sid:84142884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.117.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279782/; classtype:trojan-activity;sid:84142882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279781/; classtype:trojan-activity;sid:84142881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.251.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279780/; classtype:trojan-activity;sid:84142880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.68.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279779/; classtype:trojan-activity;sid:84142879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.147.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279777/; classtype:trojan-activity;sid:84142877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.106.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279778/; classtype:trojan-activity;sid:84142878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.172.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279776/; classtype:trojan-activity;sid:84142876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.239.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279775/; classtype:trojan-activity;sid:84142875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.90.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279774/; classtype:trojan-activity;sid:84142874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.40.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279773/; classtype:trojan-activity;sid:84142873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.69.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279772/; classtype:trojan-activity;sid:84142872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.76.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279771/; classtype:trojan-activity;sid:84142871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.216.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279770/; classtype:trojan-activity;sid:84142870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.185.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279769/; classtype:trojan-activity;sid:84142869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lespim"; depth:12; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279767/; classtype:trojan-activity;sid:84142867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spim"; depth:10; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279768/; classtype:trojan-activity;sid:84142868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/686i"; depth:10; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279765/; classtype:trojan-activity;sid:84142865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k86m"; depth:10; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279766/; classtype:trojan-activity;sid:84142866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.245.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279764/; classtype:trojan-activity;sid:84142864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.68.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279763/; classtype:trojan-activity;sid:84142863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.99.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279762/; classtype:trojan-activity;sid:84142862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.238.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279761/; classtype:trojan-activity;sid:84142861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.237.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279760/; classtype:trojan-activity;sid:84142860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.42.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279759/; classtype:trojan-activity;sid:84142859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.185.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279758/; classtype:trojan-activity;sid:84142858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.113.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279757/; classtype:trojan-activity;sid:84142857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.90.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279756/; classtype:trojan-activity;sid:84142856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.113.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279754/; classtype:trojan-activity;sid:84142854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.231.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279755/; classtype:trojan-activity;sid:84142855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279753/; classtype:trojan-activity;sid:84142853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279752/; classtype:trojan-activity;sid:84142852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.29.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279751/; classtype:trojan-activity;sid:84142851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.156.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279750/; classtype:trojan-activity;sid:84142850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.106.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279749/; classtype:trojan-activity;sid:84142849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.arm6"; depth:10; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279748/; classtype:trojan-activity;sid:84142848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.arm7"; depth:10; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279746/; classtype:trojan-activity;sid:84142846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.arm5"; depth:10; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279747/; classtype:trojan-activity;sid:84142847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.arm"; depth:9; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279741/; classtype:trojan-activity;sid:84142841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.spc"; depth:9; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279742/; classtype:trojan-activity;sid:84142842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.x86"; depth:9; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279743/; classtype:trojan-activity;sid:84142843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.mips"; depth:10; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279744/; classtype:trojan-activity;sid:84142844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.m68k"; depth:10; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279745/; classtype:trojan-activity;sid:84142845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.sh4"; depth:9; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279739/; classtype:trojan-activity;sid:84142839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//igz.mpsl"; depth:10; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279740/; classtype:trojan-activity;sid:84142840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.232.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279738/; classtype:trojan-activity;sid:84142838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.m68k"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279737/; classtype:trojan-activity;sid:84142837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm7"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279736/; classtype:trojan-activity;sid:84142836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm4"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279730/; classtype:trojan-activity;sid:84142830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i586"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279731/; classtype:trojan-activity;sid:84142831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.sparc"; depth:18; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279732/; classtype:trojan-activity;sid:84142832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.x86"; depth:16; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279733/; classtype:trojan-activity;sid:84142833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm5"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279734/; classtype:trojan-activity;sid:84142834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.ppc"; depth:16; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279735/; classtype:trojan-activity;sid:84142835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mipsel"; depth:19; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279726/; classtype:trojan-activity;sid:84142826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.arm6"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279727/; classtype:trojan-activity;sid:84142827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.mips"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279728/; classtype:trojan-activity;sid:84142828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dead/yakuza.i686"; depth:17; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279729/; classtype:trojan-activity;sid:84142829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279724/; classtype:trojan-activity;sid:84142824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.92.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279725/; classtype:trojan-activity;sid:84142825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279722/; classtype:trojan-activity;sid:84142822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279723/; classtype:trojan-activity;sid:84142823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279720/; classtype:trojan-activity;sid:84142820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279721/; classtype:trojan-activity;sid:84142821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.122.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279714/; classtype:trojan-activity;sid:84142814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279715/; classtype:trojan-activity;sid:84142815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279716/; classtype:trojan-activity;sid:84142816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279717/; classtype:trojan-activity;sid:84142817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279718/; classtype:trojan-activity;sid:84142818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279719/; classtype:trojan-activity;sid:84142819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.146.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279713/; classtype:trojan-activity;sid:84142813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.39.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279712/; classtype:trojan-activity;sid:84142812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.26.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279711/; classtype:trojan-activity;sid:84142811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lum.exe"; depth:8; endswith; nocase; http.host; content:"husktools.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279709/; classtype:trojan-activity;sid:84142809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kfkn/xloaderprotected.exe"; depth:26; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279710/; classtype:trojan-activity;sid:84142810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.196.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279708/; classtype:trojan-activity;sid:84142808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279707/; classtype:trojan-activity;sid:84142807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.33.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279706/; classtype:trojan-activity;sid:84142806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.76.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279705/; classtype:trojan-activity;sid:84142805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.231.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279704/; classtype:trojan-activity;sid:84142804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279703/; classtype:trojan-activity;sid:84142803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.1.32"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279702/; classtype:trojan-activity;sid:84142802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.99.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279701/; classtype:trojan-activity;sid:84142801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.113.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279700/; classtype:trojan-activity;sid:84142800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.8.131.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279699/; classtype:trojan-activity;sid:84142799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.232.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279698/; classtype:trojan-activity;sid:84142798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.220.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279697/; classtype:trojan-activity;sid:84142797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.105.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279696/; classtype:trojan-activity;sid:84142796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.29.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279695/; classtype:trojan-activity;sid:84142795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.109.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279694/; classtype:trojan-activity;sid:84142794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.113.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279693/; classtype:trojan-activity;sid:84142793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279692/; classtype:trojan-activity;sid:84142792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.18.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279691/; classtype:trojan-activity;sid:84142791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.212.176.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279690/; classtype:trojan-activity;sid:84142790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.39.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279689/; classtype:trojan-activity;sid:84142789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.196.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279688/; classtype:trojan-activity;sid:84142788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.186.132.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279687/; classtype:trojan-activity;sid:84142787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279686/; classtype:trojan-activity;sid:84142786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.193.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279685/; classtype:trojan-activity;sid:84142785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/15306544/pohtent.exe"; depth:24; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279684/; classtype:trojan-activity;sid:84142784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.35.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279683/; classtype:trojan-activity;sid:84142783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.150.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279682/; classtype:trojan-activity;sid:84142782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.10.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279681/; classtype:trojan-activity;sid:84142781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.206.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279680/; classtype:trojan-activity;sid:84142780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279679/; classtype:trojan-activity;sid:84142779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279678/; classtype:trojan-activity;sid:84142778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279677/; classtype:trojan-activity;sid:84142777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279676/; classtype:trojan-activity;sid:84142776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.233.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279674/; classtype:trojan-activity;sid:84142774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.164.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279675/; classtype:trojan-activity;sid:84142775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279673/; classtype:trojan-activity;sid:84142773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.200.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279672/; classtype:trojan-activity;sid:84142772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.164.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279671/; classtype:trojan-activity;sid:84142771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.196.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279670/; classtype:trojan-activity;sid:84142770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.109.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279669/; classtype:trojan-activity;sid:84142769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.184.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279668/; classtype:trojan-activity;sid:84142768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.4.224.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279667/; classtype:trojan-activity;sid:84142767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279666/; classtype:trojan-activity;sid:84142766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279665/; classtype:trojan-activity;sid:84142765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.212.176.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279664/; classtype:trojan-activity;sid:84142764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.113.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279663/; classtype:trojan-activity;sid:84142763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.95.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279662/; classtype:trojan-activity;sid:84142762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.233.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279661/; classtype:trojan-activity;sid:84142761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.206.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279660/; classtype:trojan-activity;sid:84142760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.231.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279659/; classtype:trojan-activity;sid:84142759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.215.222.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279657/; classtype:trojan-activity;sid:84142757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.206.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279658/; classtype:trojan-activity;sid:84142758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.10.136"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279656/; classtype:trojan-activity;sid:84142756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.231.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279655/; classtype:trojan-activity;sid:84142755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.93.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279653/; classtype:trojan-activity;sid:84142753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.140.238.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279654/; classtype:trojan-activity;sid:84142754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.193.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279652/; classtype:trojan-activity;sid:84142752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.127.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279649/; classtype:trojan-activity;sid:84142749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.143.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279650/; classtype:trojan-activity;sid:84142750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279651/; classtype:trojan-activity;sid:84142751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.20.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279647/; classtype:trojan-activity;sid:84142747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279648/; classtype:trojan-activity;sid:84142748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.204.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279646/; classtype:trojan-activity;sid:84142746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.216.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279645/; classtype:trojan-activity;sid:84142745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.215.222.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279644/; classtype:trojan-activity;sid:84142744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.35.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279643/; classtype:trojan-activity;sid:84142743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.120.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279642/; classtype:trojan-activity;sid:84142742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.196.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279641/; classtype:trojan-activity;sid:84142741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.137.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279638/; classtype:trojan-activity;sid:84142738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.20.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279639/; classtype:trojan-activity;sid:84142739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.163.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279640/; classtype:trojan-activity;sid:84142740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.164.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279637/; classtype:trojan-activity;sid:84142737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.76.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279636/; classtype:trojan-activity;sid:84142736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.211.201.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279635/; classtype:trojan-activity;sid:84142735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.184.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279634/; classtype:trojan-activity;sid:84142734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279632/; classtype:trojan-activity;sid:84142732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.247.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279633/; classtype:trojan-activity;sid:84142733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.21.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279631/; classtype:trojan-activity;sid:84142731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.250.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279630/; classtype:trojan-activity;sid:84142730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.243.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279629/; classtype:trojan-activity;sid:84142729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.121.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279628/; classtype:trojan-activity;sid:84142728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.231.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279627/; classtype:trojan-activity;sid:84142727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.140.238.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279626/; classtype:trojan-activity;sid:84142726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.210.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279625/; classtype:trojan-activity;sid:84142725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.190.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279624/; classtype:trojan-activity;sid:84142724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.79.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279623/; classtype:trojan-activity;sid:84142723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.209.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279622/; classtype:trojan-activity;sid:84142722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.200.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279621/; classtype:trojan-activity;sid:84142721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.4.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279620/; classtype:trojan-activity;sid:84142720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.169.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279619/; classtype:trojan-activity;sid:84142719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.79.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279618/; classtype:trojan-activity;sid:84142718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.189.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279617/; classtype:trojan-activity;sid:84142717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.193.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279615/; classtype:trojan-activity;sid:84142715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.24.36.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279616/; classtype:trojan-activity;sid:84142716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.24.36.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279614/; classtype:trojan-activity;sid:84142714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.96.86.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279613/; classtype:trojan-activity;sid:84142713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.240.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279612/; classtype:trojan-activity;sid:84142712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.70.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279611/; classtype:trojan-activity;sid:84142711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279610/; classtype:trojan-activity;sid:84142710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.54.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279608/; classtype:trojan-activity;sid:84142708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279609/; classtype:trojan-activity;sid:84142709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.159.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279607/; classtype:trojan-activity;sid:84142707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.221.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279606/; classtype:trojan-activity;sid:84142706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.30.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279605/; classtype:trojan-activity;sid:84142705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.73.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279604/; classtype:trojan-activity;sid:84142704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.76.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279603/; classtype:trojan-activity;sid:84142703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.112.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279602/; classtype:trojan-activity;sid:84142702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.92.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279601/; classtype:trojan-activity;sid:84142701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.71.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279600/; classtype:trojan-activity;sid:84142700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.73.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279599/; classtype:trojan-activity;sid:84142699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.166.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279598/; classtype:trojan-activity;sid:84142698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.170.24.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279597/; classtype:trojan-activity;sid:84142697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.140.92.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279596/; classtype:trojan-activity;sid:84142696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.193.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279595/; classtype:trojan-activity;sid:84142695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.154.46.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279594/; classtype:trojan-activity;sid:84142694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.228.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279593/; classtype:trojan-activity;sid:84142693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.221.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279592/; classtype:trojan-activity;sid:84142692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.247.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279590/; classtype:trojan-activity;sid:84142690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.99.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279591/; classtype:trojan-activity;sid:84142691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.243.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279589/; classtype:trojan-activity;sid:84142689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.221.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279588/; classtype:trojan-activity;sid:84142688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.111.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279587/; classtype:trojan-activity;sid:84142687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.189.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279585/; classtype:trojan-activity;sid:84142685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.36.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279586/; classtype:trojan-activity;sid:84142686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.3.43"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279584/; classtype:trojan-activity;sid:84142684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/15303357/latest.exe"; depth:23; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279583/; classtype:trojan-activity;sid:84142683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.108.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279582/; classtype:trojan-activity;sid:84142682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279581/; classtype:trojan-activity;sid:84142681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.2.127.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279580/; classtype:trojan-activity;sid:84142680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.160.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279579/; classtype:trojan-activity;sid:84142679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279578/; classtype:trojan-activity;sid:84142678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.96.86.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279577/; classtype:trojan-activity;sid:84142677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279576/; classtype:trojan-activity;sid:84142676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.115.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279575/; classtype:trojan-activity;sid:84142675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.161.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279574/; classtype:trojan-activity;sid:84142674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.35.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279573/; classtype:trojan-activity;sid:84142673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.176.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279572/; classtype:trojan-activity;sid:84142672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.134.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279571/; classtype:trojan-activity;sid:84142671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.19.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279570/; classtype:trojan-activity;sid:84142670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.56.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279569/; classtype:trojan-activity;sid:84142669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279568/; classtype:trojan-activity;sid:84142668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.111.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279567/; classtype:trojan-activity;sid:84142667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.56.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279566/; classtype:trojan-activity;sid:84142666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.253.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279565/; classtype:trojan-activity;sid:84142665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.212.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279564/; classtype:trojan-activity;sid:84142664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.177.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279563/; classtype:trojan-activity;sid:84142663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.201.136.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279562/; classtype:trojan-activity;sid:84142662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.45.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279561/; classtype:trojan-activity;sid:84142661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.62.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279560/; classtype:trojan-activity;sid:84142660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.20.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279559/; classtype:trojan-activity;sid:84142659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.160.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279558/; classtype:trojan-activity;sid:84142658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.18.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279557/; classtype:trojan-activity;sid:84142657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.23.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279556/; classtype:trojan-activity;sid:84142656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.241.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279555/; classtype:trojan-activity;sid:84142655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.159.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279554/; classtype:trojan-activity;sid:84142654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.60.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279553/; classtype:trojan-activity;sid:84142653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.139.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279552/; classtype:trojan-activity;sid:84142652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.122.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279551/; classtype:trojan-activity;sid:84142651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.44.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279550/; classtype:trojan-activity;sid:84142650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.205.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279549/; classtype:trojan-activity;sid:84142649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.11.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279548/; classtype:trojan-activity;sid:84142648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/buildd.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279547/; classtype:trojan-activity;sid:84142647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279546/; classtype:trojan-activity;sid:84142646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.221.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279545/; classtype:trojan-activity;sid:84142645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.99.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279544/; classtype:trojan-activity;sid:84142644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.23.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279543/; classtype:trojan-activity;sid:84142643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.0.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279542/; classtype:trojan-activity;sid:84142642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.172.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279541/; classtype:trojan-activity;sid:84142641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.35.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279539/; classtype:trojan-activity;sid:84142639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.20.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279540/; classtype:trojan-activity;sid:84142640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.225.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279538/; classtype:trojan-activity;sid:84142638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/15303022/dl1.exe"; depth:20; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279537/; classtype:trojan-activity;sid:84142637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/15302079/user2.exe"; depth:22; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279536/; classtype:trojan-activity;sid:84142636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.53.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279535/; classtype:trojan-activity;sid:84142635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.189.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279534/; classtype:trojan-activity;sid:84142634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.40.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279533/; classtype:trojan-activity;sid:84142633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.62.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279532/; classtype:trojan-activity;sid:84142632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.164.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279531/; classtype:trojan-activity;sid:84142631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279530/; classtype:trojan-activity;sid:84142630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279529/; classtype:trojan-activity;sid:84142629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.205.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279528/; classtype:trojan-activity;sid:84142628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.23.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279527/; classtype:trojan-activity;sid:84142627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.219.98.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279526/; classtype:trojan-activity;sid:84142626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279525/; classtype:trojan-activity;sid:84142625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.60.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279524/; classtype:trojan-activity;sid:84142624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279523/; classtype:trojan-activity;sid:84142623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279522/; classtype:trojan-activity;sid:84142622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279521/; classtype:trojan-activity;sid:84142621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.159.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279519/; classtype:trojan-activity;sid:84142619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.225.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279520/; classtype:trojan-activity;sid:84142620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279518/; classtype:trojan-activity;sid:84142618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.247.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279517/; classtype:trojan-activity;sid:84142617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.126.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279516/; classtype:trojan-activity;sid:84142616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.212.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279515/; classtype:trojan-activity;sid:84142615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.53.219.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279514/; classtype:trojan-activity;sid:84142614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.217.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279513/; classtype:trojan-activity;sid:84142613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.44.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279512/; classtype:trojan-activity;sid:84142612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.158.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279511/; classtype:trojan-activity;sid:84142611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.44.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279510/; classtype:trojan-activity;sid:84142610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279509/; classtype:trojan-activity;sid:84142609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279508/; classtype:trojan-activity;sid:84142608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.133.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279507/; classtype:trojan-activity;sid:84142607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.180.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279506/; classtype:trojan-activity;sid:84142606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.165.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279505/; classtype:trojan-activity;sid:84142605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.219.98.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279504/; classtype:trojan-activity;sid:84142604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279503/; classtype:trojan-activity;sid:84142603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.10.199.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279502/; classtype:trojan-activity;sid:84142602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.250.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279501/; classtype:trojan-activity;sid:84142601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279500/; classtype:trojan-activity;sid:84142600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.227.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279499/; classtype:trojan-activity;sid:84142599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.57.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279498/; classtype:trojan-activity;sid:84142598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"150.241.103.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279497/; classtype:trojan-activity;sid:84142597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.69.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279496/; classtype:trojan-activity;sid:84142596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279495/; classtype:trojan-activity;sid:84142595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279494/; classtype:trojan-activity;sid:84142594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.60.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279493/; classtype:trojan-activity;sid:84142593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.26.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279492/; classtype:trojan-activity;sid:84142592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.248.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279491/; classtype:trojan-activity;sid:84142591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.53.219.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279490/; classtype:trojan-activity;sid:84142590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.217.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279489/; classtype:trojan-activity;sid:84142589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/remcos_a.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279488/; classtype:trojan-activity;sid:84142588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.126.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279487/; classtype:trojan-activity;sid:84142587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.17.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279486/; classtype:trojan-activity;sid:84142586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.72.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279485/; classtype:trojan-activity;sid:84142585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279484/; classtype:trojan-activity;sid:84142584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.190.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279483/; classtype:trojan-activity;sid:84142583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279482/; classtype:trojan-activity;sid:84142582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.180.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279481/; classtype:trojan-activity;sid:84142581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279480/; classtype:trojan-activity;sid:84142580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.165.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279479/; classtype:trojan-activity;sid:84142579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.247.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279478/; classtype:trojan-activity;sid:84142578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.31.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279477/; classtype:trojan-activity;sid:84142577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.50.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279476/; classtype:trojan-activity;sid:84142576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.227.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279475/; classtype:trojan-activity;sid:84142575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.72.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279474/; classtype:trojan-activity;sid:84142574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.187.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279473/; classtype:trojan-activity;sid:84142573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.231.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279472/; classtype:trojan-activity;sid:84142572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279470/; classtype:trojan-activity;sid:84142570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279471/; classtype:trojan-activity;sid:84142571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.49.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279469/; classtype:trojan-activity;sid:84142569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.83.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279468/; classtype:trojan-activity;sid:84142568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.21.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279467/; classtype:trojan-activity;sid:84142567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279466/; classtype:trojan-activity;sid:84142566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.49.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279465/; classtype:trojan-activity;sid:84142565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.43.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279464/; classtype:trojan-activity;sid:84142564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.49.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279463/; classtype:trojan-activity;sid:84142563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279462/; classtype:trojan-activity;sid:84142562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.124.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279461/; classtype:trojan-activity;sid:84142561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.50.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279459/; classtype:trojan-activity;sid:84142559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.186.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279460/; classtype:trojan-activity;sid:84142560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.57.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279458/; classtype:trojan-activity;sid:84142558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.175.24.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279457/; classtype:trojan-activity;sid:84142557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.172.42.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279455/; classtype:trojan-activity;sid:84142555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.124.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279456/; classtype:trojan-activity;sid:84142556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.4.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279453/; classtype:trojan-activity;sid:84142553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.111.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279454/; classtype:trojan-activity;sid:84142554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279452/; classtype:trojan-activity;sid:84142552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.73.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279450/; classtype:trojan-activity;sid:84142550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.5.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279451/; classtype:trojan-activity;sid:84142551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.68.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279449/; classtype:trojan-activity;sid:84142549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.20.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279448/; classtype:trojan-activity;sid:84142548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.49.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279447/; classtype:trojan-activity;sid:84142547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.31.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279446/; classtype:trojan-activity;sid:84142546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.95.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279445/; classtype:trojan-activity;sid:84142545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.213.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279444/; classtype:trojan-activity;sid:84142544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279442/; classtype:trojan-activity;sid:84142542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.25.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279443/; classtype:trojan-activity;sid:84142543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.120.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279441/; classtype:trojan-activity;sid:84142541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.107"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279440/; classtype:trojan-activity;sid:84142540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.20.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279439/; classtype:trojan-activity;sid:84142539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.49.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279438/; classtype:trojan-activity;sid:84142538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.111.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279437/; classtype:trojan-activity;sid:84142537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.102.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279436/; classtype:trojan-activity;sid:84142536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.229.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279435/; classtype:trojan-activity;sid:84142535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.124.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279434/; classtype:trojan-activity;sid:84142534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.71.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279433/; classtype:trojan-activity;sid:84142533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.7.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279432/; classtype:trojan-activity;sid:84142532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.85.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279431/; classtype:trojan-activity;sid:84142531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.243.171.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279430/; classtype:trojan-activity;sid:84142530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279428/; classtype:trojan-activity;sid:84142528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.238.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279429/; classtype:trojan-activity;sid:84142529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.155.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279427/; classtype:trojan-activity;sid:84142527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.231.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279426/; classtype:trojan-activity;sid:84142526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.11.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279425/; classtype:trojan-activity;sid:84142525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.242.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279424/; classtype:trojan-activity;sid:84142524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.77.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279423/; classtype:trojan-activity;sid:84142523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.243.134.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279422/; classtype:trojan-activity;sid:84142522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.107.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279421/; classtype:trojan-activity;sid:84142521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.198.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279420/; classtype:trojan-activity;sid:84142520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.186.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279419/; classtype:trojan-activity;sid:84142519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.183.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279418/; classtype:trojan-activity;sid:84142518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.102.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279417/; classtype:trojan-activity;sid:84142517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.73.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279416/; classtype:trojan-activity;sid:84142516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.111.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279415/; classtype:trojan-activity;sid:84142515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.229.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279414/; classtype:trojan-activity;sid:84142514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.243.171.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279413/; classtype:trojan-activity;sid:84142513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.80.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279412/; classtype:trojan-activity;sid:84142512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.101.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279411/; classtype:trojan-activity;sid:84142511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.82.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279410/; classtype:trojan-activity;sid:84142510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.213.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279409/; classtype:trojan-activity;sid:84142509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279408/; classtype:trojan-activity;sid:84142508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.1.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279407/; classtype:trojan-activity;sid:84142507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.223.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279406/; classtype:trojan-activity;sid:84142506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.59.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279405/; classtype:trojan-activity;sid:84142505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.237.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279404/; classtype:trojan-activity;sid:84142504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.103.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279403/; classtype:trojan-activity;sid:84142503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.129.18.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279402/; classtype:trojan-activity;sid:84142502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279401/; classtype:trojan-activity;sid:84142501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.246.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279400/; classtype:trojan-activity;sid:84142500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279399/; classtype:trojan-activity;sid:84142499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279398/; classtype:trojan-activity;sid:84142498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.229.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279397/; classtype:trojan-activity;sid:84142497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/build.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279396/; classtype:trojan-activity;sid:84142496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.40.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279395/; classtype:trojan-activity;sid:84142495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.182.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279394/; classtype:trojan-activity;sid:84142494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.93.137.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279393/; classtype:trojan-activity;sid:84142493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.65.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279391/; classtype:trojan-activity;sid:84142491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.224.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279392/; classtype:trojan-activity;sid:84142492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.213.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279390/; classtype:trojan-activity;sid:84142490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.176.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279389/; classtype:trojan-activity;sid:84142489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279388/; classtype:trojan-activity;sid:84142488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.243.134.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279387/; classtype:trojan-activity;sid:84142487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.113.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279386/; classtype:trojan-activity;sid:84142486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.16.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279385/; classtype:trojan-activity;sid:84142485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.117.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279384/; classtype:trojan-activity;sid:84142484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.120.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279383/; classtype:trojan-activity;sid:84142483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.119.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279382/; classtype:trojan-activity;sid:84142482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.181.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279381/; classtype:trojan-activity;sid:84142481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.108.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279380/; classtype:trojan-activity;sid:84142480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.103.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279379/; classtype:trojan-activity;sid:84142479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.229.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279378/; classtype:trojan-activity;sid:84142478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279377/; classtype:trojan-activity;sid:84142477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.205.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279376/; classtype:trojan-activity;sid:84142476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.61.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279375/; classtype:trojan-activity;sid:84142475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.121.161.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279374/; classtype:trojan-activity;sid:84142474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.113.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279372/; classtype:trojan-activity;sid:84142472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.199.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279373/; classtype:trojan-activity;sid:84142473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.168.236.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279371/; classtype:trojan-activity;sid:84142471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279370/; classtype:trojan-activity;sid:84142470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.224.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279369/; classtype:trojan-activity;sid:84142469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.65.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279368/; classtype:trojan-activity;sid:84142468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.72.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279367/; classtype:trojan-activity;sid:84142467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.173.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279366/; classtype:trojan-activity;sid:84142466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279365/; classtype:trojan-activity;sid:84142465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.203.68.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279364/; classtype:trojan-activity;sid:84142464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.16.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279363/; classtype:trojan-activity;sid:84142463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.176.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279362/; classtype:trojan-activity;sid:84142462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.232.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279360/; classtype:trojan-activity;sid:84142460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.176.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279361/; classtype:trojan-activity;sid:84142461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.162.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279359/; classtype:trojan-activity;sid:84142459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.5.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279358/; classtype:trojan-activity;sid:84142458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.119.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279357/; classtype:trojan-activity;sid:84142457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.56.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279356/; classtype:trojan-activity;sid:84142456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.61.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279355/; classtype:trojan-activity;sid:84142455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.131.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279354/; classtype:trojan-activity;sid:84142454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.58.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279352/; classtype:trojan-activity;sid:84142452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.103.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279351/; classtype:trojan-activity;sid:84142451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.168.236.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279350/; classtype:trojan-activity;sid:84142450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.216.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279348/; classtype:trojan-activity;sid:84142448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.176.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279349/; classtype:trojan-activity;sid:84142449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.173.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279347/; classtype:trojan-activity;sid:84142447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.162.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279346/; classtype:trojan-activity;sid:84142446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.207.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279345/; classtype:trojan-activity;sid:84142445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.213.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279344/; classtype:trojan-activity;sid:84142444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.107.132.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279343/; classtype:trojan-activity;sid:84142443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.95.242.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279342/; classtype:trojan-activity;sid:84142442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.188.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279341/; classtype:trojan-activity;sid:84142441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.244.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279340/; classtype:trojan-activity;sid:84142440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.196.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279339/; classtype:trojan-activity;sid:84142439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.27.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279338/; classtype:trojan-activity;sid:84142438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.232.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279337/; classtype:trojan-activity;sid:84142437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.15.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279336/; classtype:trojan-activity;sid:84142436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.112.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279335/; classtype:trojan-activity;sid:84142435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279334/; classtype:trojan-activity;sid:84142434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.56.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279333/; classtype:trojan-activity;sid:84142433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.111.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279332/; classtype:trojan-activity;sid:84142432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.210.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279331/; classtype:trojan-activity;sid:84142431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.190.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279330/; classtype:trojan-activity;sid:84142430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.134.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279329/; classtype:trojan-activity;sid:84142429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.64.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279328/; classtype:trojan-activity;sid:84142428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.229.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279327/; classtype:trojan-activity;sid:84142427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.80.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279326/; classtype:trojan-activity;sid:84142426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279324/; classtype:trojan-activity;sid:84142424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279325/; classtype:trojan-activity;sid:84142425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.237.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279323/; classtype:trojan-activity;sid:84142423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.10.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279322/; classtype:trojan-activity;sid:84142422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279321/; classtype:trojan-activity;sid:84142421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279319/; classtype:trojan-activity;sid:84142419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.183.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279320/; classtype:trojan-activity;sid:84142420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279318/; classtype:trojan-activity;sid:84142418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.103.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279317/; classtype:trojan-activity;sid:84142417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.188.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279316/; classtype:trojan-activity;sid:84142416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279315/; classtype:trojan-activity;sid:84142415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.197.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279314/; classtype:trojan-activity;sid:84142414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.92.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279313/; classtype:trojan-activity;sid:84142413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.241.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279312/; classtype:trojan-activity;sid:84142412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.107.132.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279311/; classtype:trojan-activity;sid:84142411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.213.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279310/; classtype:trojan-activity;sid:84142410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.114.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279309/; classtype:trojan-activity;sid:84142409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.53.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279308/; classtype:trojan-activity;sid:84142408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.162.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279306/; classtype:trojan-activity;sid:84142406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.239.120.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279307/; classtype:trojan-activity;sid:84142407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279305/; classtype:trojan-activity;sid:84142405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279304/; classtype:trojan-activity;sid:84142404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.1.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279303/; classtype:trojan-activity;sid:84142403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279302/; classtype:trojan-activity;sid:84142402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/zhark.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279301/; classtype:trojan-activity;sid:84142401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.112.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279300/; classtype:trojan-activity;sid:84142400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.197.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279299/; classtype:trojan-activity;sid:84142399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.183.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279298/; classtype:trojan-activity;sid:84142398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279297/; classtype:trojan-activity;sid:84142397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.21.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279296/; classtype:trojan-activity;sid:84142396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.112.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279295/; classtype:trojan-activity;sid:84142395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279294/; classtype:trojan-activity;sid:84142394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.120.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279293/; classtype:trojan-activity;sid:84142393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.192.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279292/; classtype:trojan-activity;sid:84142392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.179.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279291/; classtype:trojan-activity;sid:84142391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.164.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279290/; classtype:trojan-activity;sid:84142390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.8.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279289/; classtype:trojan-activity;sid:84142389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.222.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279288/; classtype:trojan-activity;sid:84142388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.228.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279287/; classtype:trojan-activity;sid:84142387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.9.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279284/; classtype:trojan-activity;sid:84142384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279285/; classtype:trojan-activity;sid:84142385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.152.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279286/; classtype:trojan-activity;sid:84142386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.68.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279283/; classtype:trojan-activity;sid:84142383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.148.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279282/; classtype:trojan-activity;sid:84142382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.166.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279281/; classtype:trojan-activity;sid:84142381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.156.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279278/; classtype:trojan-activity;sid:84142378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.52.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279279/; classtype:trojan-activity;sid:84142379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.119.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279280/; classtype:trojan-activity;sid:84142380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279277/; classtype:trojan-activity;sid:84142377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.112.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279276/; classtype:trojan-activity;sid:84142376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.120.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279275/; classtype:trojan-activity;sid:84142375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.56.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279274/; classtype:trojan-activity;sid:84142374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.29.129.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279273/; classtype:trojan-activity;sid:84142373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.27.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279272/; classtype:trojan-activity;sid:84142372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279271/; classtype:trojan-activity;sid:84142371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.19.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279270/; classtype:trojan-activity;sid:84142370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.176.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279269/; classtype:trojan-activity;sid:84142369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.182.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279267/; classtype:trojan-activity;sid:84142367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.209.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279268/; classtype:trojan-activity;sid:84142368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.32.18"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279266/; classtype:trojan-activity;sid:84142366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.217.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279265/; classtype:trojan-activity;sid:84142365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/3e3ev3.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279264/; classtype:trojan-activity;sid:84142364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.130.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279263/; classtype:trojan-activity;sid:84142363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.86.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279262/; classtype:trojan-activity;sid:84142362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.56.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279261/; classtype:trojan-activity;sid:84142361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.73.248.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279260/; classtype:trojan-activity;sid:84142360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.19.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279259/; classtype:trojan-activity;sid:84142359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.11.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279258/; classtype:trojan-activity;sid:84142358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.81.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279257/; classtype:trojan-activity;sid:84142357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"157.10.12.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279256/; classtype:trojan-activity;sid:84142356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.156.50.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279254/; classtype:trojan-activity;sid:84142354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.134.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279255/; classtype:trojan-activity;sid:84142355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.106.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279253/; classtype:trojan-activity;sid:84142353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.85.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279252/; classtype:trojan-activity;sid:84142352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.173.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279251/; classtype:trojan-activity;sid:84142351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279250/; classtype:trojan-activity;sid:84142350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.12.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279249/; classtype:trojan-activity;sid:84142349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.131.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279248/; classtype:trojan-activity;sid:84142348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.171.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279247/; classtype:trojan-activity;sid:84142347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279246/; classtype:trojan-activity;sid:84142346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.253.206.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279245/; classtype:trojan-activity;sid:84142345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.39.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279244/; classtype:trojan-activity;sid:84142344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.238.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279243/; classtype:trojan-activity;sid:84142343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.46.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279241/; classtype:trojan-activity;sid:84142341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279242/; classtype:trojan-activity;sid:84142342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.120.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279240/; classtype:trojan-activity;sid:84142340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.80.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279239/; classtype:trojan-activity;sid:84142339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.245.224.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279238/; classtype:trojan-activity;sid:84142338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.130.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279237/; classtype:trojan-activity;sid:84142337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.198.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279236/; classtype:trojan-activity;sid:84142336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.174.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279235/; classtype:trojan-activity;sid:84142335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.125.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279234/; classtype:trojan-activity;sid:84142334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.178.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279233/; classtype:trojan-activity;sid:84142333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.12.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279232/; classtype:trojan-activity;sid:84142332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279231/; classtype:trojan-activity;sid:84142331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.37.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279229/; classtype:trojan-activity;sid:84142329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.102.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279230/; classtype:trojan-activity;sid:84142330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.208.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279228/; classtype:trojan-activity;sid:84142328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279227/; classtype:trojan-activity;sid:84142327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.173.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279226/; classtype:trojan-activity;sid:84142326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.149.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279225/; classtype:trojan-activity;sid:84142325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.22.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279224/; classtype:trojan-activity;sid:84142324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.76.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279223/; classtype:trojan-activity;sid:84142323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.16.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279222/; classtype:trojan-activity;sid:84142322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.187.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279220/; classtype:trojan-activity;sid:84142320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.204.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279221/; classtype:trojan-activity;sid:84142321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.44.242.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279219/; classtype:trojan-activity;sid:84142319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.76.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279218/; classtype:trojan-activity;sid:84142318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.18.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279217/; classtype:trojan-activity;sid:84142317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.245.224.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279216/; classtype:trojan-activity;sid:84142316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279214/; classtype:trojan-activity;sid:84142314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.247.244.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279215/; classtype:trojan-activity;sid:84142315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.52.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279213/; classtype:trojan-activity;sid:84142313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/ff75pegxp6/build.exe"; depth:25; endswith; nocase; http.host; content:"transfer.adminforge.de"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279212/; classtype:trojan-activity;sid:84142312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279211/; classtype:trojan-activity;sid:84142311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.64.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279210/; classtype:trojan-activity;sid:84142310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.85.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279209/; classtype:trojan-activity;sid:84142309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.149.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279208/; classtype:trojan-activity;sid:84142308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.168.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279207/; classtype:trojan-activity;sid:84142307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.223.160.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279206/; classtype:trojan-activity;sid:84142306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279205/; classtype:trojan-activity;sid:84142305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.182.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279204/; classtype:trojan-activity;sid:84142304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.44.242.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279203/; classtype:trojan-activity;sid:84142303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.225.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279202/; classtype:trojan-activity;sid:84142302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.204.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279200/; classtype:trojan-activity;sid:84142300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.246.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279201/; classtype:trojan-activity;sid:84142301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.229.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279199/; classtype:trojan-activity;sid:84142299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279198/; classtype:trojan-activity;sid:84142298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279197/; classtype:trojan-activity;sid:84142297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279196/; classtype:trojan-activity;sid:84142296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.108.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279195/; classtype:trojan-activity;sid:84142295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.48.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279194/; classtype:trojan-activity;sid:84142294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.209.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279193/; classtype:trojan-activity;sid:84142293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.182.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279192/; classtype:trojan-activity;sid:84142292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279191/; classtype:trojan-activity;sid:84142291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.64.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279190/; classtype:trojan-activity;sid:84142290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.225.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279189/; classtype:trojan-activity;sid:84142289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279188/; classtype:trojan-activity;sid:84142288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.122.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279187/; classtype:trojan-activity;sid:84142287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.252.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279186/; classtype:trojan-activity;sid:84142286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.254.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279185/; classtype:trojan-activity;sid:84142285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/chrome.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279184/; classtype:trojan-activity;sid:84142284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.134.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279183/; classtype:trojan-activity;sid:84142283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.186.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279182/; classtype:trojan-activity;sid:84142282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.182.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279181/; classtype:trojan-activity;sid:84142281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.173.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279180/; classtype:trojan-activity;sid:84142280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.85.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279179/; classtype:trojan-activity;sid:84142279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.53.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279178/; classtype:trojan-activity;sid:84142278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.132.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279177/; classtype:trojan-activity;sid:84142277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.74.13.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279176/; classtype:trojan-activity;sid:84142276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.65.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279175/; classtype:trojan-activity;sid:84142275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.44.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279174/; classtype:trojan-activity;sid:84142274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.166.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279173/; classtype:trojan-activity;sid:84142273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.195.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279172/; classtype:trojan-activity;sid:84142272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279171/; classtype:trojan-activity;sid:84142271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.103.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279170/; classtype:trojan-activity;sid:84142270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.3.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279169/; classtype:trojan-activity;sid:84142269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.197.34.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279168/; classtype:trojan-activity;sid:84142268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.154.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279167/; classtype:trojan-activity;sid:84142267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.211.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279166/; classtype:trojan-activity;sid:84142266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.85.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279165/; classtype:trojan-activity;sid:84142265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.104.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279163/; classtype:trojan-activity;sid:84142263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.110.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279164/; classtype:trojan-activity;sid:84142264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279161/; classtype:trojan-activity;sid:84142261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm7"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279162/; classtype:trojan-activity;sid:84142262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279155/; classtype:trojan-activity;sid:84142255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279156/; classtype:trojan-activity;sid:84142256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279157/; classtype:trojan-activity;sid:84142257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279158/; classtype:trojan-activity;sid:84142258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279159/; classtype:trojan-activity;sid:84142259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i686"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279160/; classtype:trojan-activity;sid:84142260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.m68k"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279144/; classtype:trojan-activity;sid:84142244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm6"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279145/; classtype:trojan-activity;sid:84142245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.i586"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279146/; classtype:trojan-activity;sid:84142246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279147/; classtype:trojan-activity;sid:84142247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279148/; classtype:trojan-activity;sid:84142248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm5"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279149/; classtype:trojan-activity;sid:84142249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279150/; classtype:trojan-activity;sid:84142250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.x86"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279151/; classtype:trojan-activity;sid:84142251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279152/; classtype:trojan-activity;sid:84142252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.ppc"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279153/; classtype:trojan-activity;sid:84142253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279154/; classtype:trojan-activity;sid:84142254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279131/; classtype:trojan-activity;sid:84142231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; depth:38; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279132/; classtype:trojan-activity;sid:84142232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279133/; classtype:trojan-activity;sid:84142233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mips"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279134/; classtype:trojan-activity;sid:84142234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.arm4"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279135/; classtype:trojan-activity;sid:84142235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279136/; classtype:trojan-activity;sid:84142236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279137/; classtype:trojan-activity;sid:84142237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279138/; classtype:trojan-activity;sid:84142238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279139/; classtype:trojan-activity;sid:84142239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279140/; classtype:trojan-activity;sid:84142240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.mpsl"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279141/; classtype:trojan-activity;sid:84142241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279142/; classtype:trojan-activity;sid:84142242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfrep.sparc"; depth:14; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279143/; classtype:trojan-activity;sid:84142243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.220.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279130/; classtype:trojan-activity;sid:84142230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.249.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279129/; classtype:trojan-activity;sid:84142229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.40.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279127/; classtype:trojan-activity;sid:84142227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.207.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279128/; classtype:trojan-activity;sid:84142228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.208.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279126/; classtype:trojan-activity;sid:84142226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.114.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279125/; classtype:trojan-activity;sid:84142225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.170.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279124/; classtype:trojan-activity;sid:84142224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.198.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279123/; classtype:trojan-activity;sid:84142223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.249.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279122/; classtype:trojan-activity;sid:84142222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.74.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279120/; classtype:trojan-activity;sid:84142220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.86.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279121/; classtype:trojan-activity;sid:84142221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.3.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279119/; classtype:trojan-activity;sid:84142219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.199.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279118/; classtype:trojan-activity;sid:84142218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.116.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279117/; classtype:trojan-activity;sid:84142217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279116/; classtype:trojan-activity;sid:84142216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.116.122.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279115/; classtype:trojan-activity;sid:84142215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.211.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279113/; classtype:trojan-activity;sid:84142213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.161.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279114/; classtype:trojan-activity;sid:84142214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279112/; classtype:trojan-activity;sid:84142212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.240.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279111/; classtype:trojan-activity;sid:84142211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.81.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279110/; classtype:trojan-activity;sid:84142210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.131.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279109/; classtype:trojan-activity;sid:84142209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"177.154.80.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279108/; classtype:trojan-activity;sid:84142208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279107/; classtype:trojan-activity;sid:84142207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.11.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279106/; classtype:trojan-activity;sid:84142206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.128.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279104/; classtype:trojan-activity;sid:84142204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.236.245.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279105/; classtype:trojan-activity;sid:84142205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.236.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279103/; classtype:trojan-activity;sid:84142203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279102/; classtype:trojan-activity;sid:84142202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279101/; classtype:trojan-activity;sid:84142201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.242.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279100/; classtype:trojan-activity;sid:84142200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.207.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279099/; classtype:trojan-activity;sid:84142199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.249.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279098/; classtype:trojan-activity;sid:84142198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.220.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279097/; classtype:trojan-activity;sid:84142197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.247.87.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279096/; classtype:trojan-activity;sid:84142196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.99.99.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279095/; classtype:trojan-activity;sid:84142195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279094/; classtype:trojan-activity;sid:84142194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279091/; classtype:trojan-activity;sid:84142191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279092/; classtype:trojan-activity;sid:84142192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279093/; classtype:trojan-activity;sid:84142193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.74.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279086/; classtype:trojan-activity;sid:84142186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279087/; classtype:trojan-activity;sid:84142187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279088/; classtype:trojan-activity;sid:84142188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279089/; classtype:trojan-activity;sid:84142189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279090/; classtype:trojan-activity;sid:84142190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279083/; classtype:trojan-activity;sid:84142183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279084/; classtype:trojan-activity;sid:84142184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"45.124.95.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279085/; classtype:trojan-activity;sid:84142185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.131.174"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279082/; classtype:trojan-activity;sid:84142182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.223.218.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279081/; classtype:trojan-activity;sid:84142181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.87.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279080/; classtype:trojan-activity;sid:84142180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279079/; classtype:trojan-activity;sid:84142179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.105.59.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279078/; classtype:trojan-activity;sid:84142178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.247.87.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279077/; classtype:trojan-activity;sid:84142177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.122.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279076/; classtype:trojan-activity;sid:84142176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.81.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279075/; classtype:trojan-activity;sid:84142175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.236.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279074/; classtype:trojan-activity;sid:84142174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279073/; classtype:trojan-activity;sid:84142173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.116.122.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279072/; classtype:trojan-activity;sid:84142172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.194.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279071/; classtype:trojan-activity;sid:84142171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.104.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279070/; classtype:trojan-activity;sid:84142170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279069/; classtype:trojan-activity;sid:84142169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.59.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279068/; classtype:trojan-activity;sid:84142168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.31.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279067/; classtype:trojan-activity;sid:84142167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.182.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279066/; classtype:trojan-activity;sid:84142166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"62.105.59.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279065/; classtype:trojan-activity;sid:84142165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.25.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279064/; classtype:trojan-activity;sid:84142164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.145.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279063/; classtype:trojan-activity;sid:84142163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.119.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279062/; classtype:trojan-activity;sid:84142162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.122.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279060/; classtype:trojan-activity;sid:84142160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.2.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279061/; classtype:trojan-activity;sid:84142161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.243.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279059/; classtype:trojan-activity;sid:84142159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.145.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279058/; classtype:trojan-activity;sid:84142158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.242.6.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279057/; classtype:trojan-activity;sid:84142157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.59.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279056/; classtype:trojan-activity;sid:84142156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.146.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279054/; classtype:trojan-activity;sid:84142154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279055/; classtype:trojan-activity;sid:84142155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.198.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279053/; classtype:trojan-activity;sid:84142153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.128.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279051/; classtype:trojan-activity;sid:84142151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.86.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279052/; classtype:trojan-activity;sid:84142152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.120.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279050/; classtype:trojan-activity;sid:84142150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.62.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279049/; classtype:trojan-activity;sid:84142149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.81.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279046/; classtype:trojan-activity;sid:84142146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.189.192.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279047/; classtype:trojan-activity;sid:84142147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.115.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279048/; classtype:trojan-activity;sid:84142148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279045/; classtype:trojan-activity;sid:84142145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.33.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279044/; classtype:trojan-activity;sid:84142144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279042/; classtype:trojan-activity;sid:84142142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.16.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279043/; classtype:trojan-activity;sid:84142143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.243.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279041/; classtype:trojan-activity;sid:84142141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279040/; classtype:trojan-activity;sid:84142140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.2.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279039/; classtype:trojan-activity;sid:84142139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.130.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279038/; classtype:trojan-activity;sid:84142138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.232.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279037/; classtype:trojan-activity;sid:84142137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.101.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279036/; classtype:trojan-activity;sid:84142136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.242.6.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279035/; classtype:trojan-activity;sid:84142135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.208.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279034/; classtype:trojan-activity;sid:84142134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.102.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279033/; classtype:trojan-activity;sid:84142133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.246.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279032/; classtype:trojan-activity;sid:84142132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.146.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279031/; classtype:trojan-activity;sid:84142131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.128.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279030/; classtype:trojan-activity;sid:84142130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.44.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279029/; classtype:trojan-activity;sid:84142129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.185.197.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279028/; classtype:trojan-activity;sid:84142128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.93.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279027/; classtype:trojan-activity;sid:84142127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.65.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279026/; classtype:trojan-activity;sid:84142126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279025/; classtype:trojan-activity;sid:84142125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.127.2.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279024/; classtype:trojan-activity;sid:84142124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.183.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279023/; classtype:trojan-activity;sid:84142123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.92.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279022/; classtype:trojan-activity;sid:84142122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279021/; classtype:trojan-activity;sid:84142121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.57.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279020/; classtype:trojan-activity;sid:84142120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.132.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279019/; classtype:trojan-activity;sid:84142119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.83.180.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279018/; classtype:trojan-activity;sid:84142118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.188.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279017/; classtype:trojan-activity;sid:84142117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.196.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279016/; classtype:trojan-activity;sid:84142116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.209.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279015/; classtype:trojan-activity;sid:84142115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.33.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279014/; classtype:trojan-activity;sid:84142114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.9.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279013/; classtype:trojan-activity;sid:84142113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.217.246.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279012/; classtype:trojan-activity;sid:84142112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279011/; classtype:trojan-activity;sid:84142111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/217/seethebestthingswithgoodnewsgivenmegreatways.tif"; depth:53; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279010/; classtype:trojan-activity;sid:84142110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.218.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279009/; classtype:trojan-activity;sid:84142109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.65.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279008/; classtype:trojan-activity;sid:84142108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.185.197.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279007/; classtype:trojan-activity;sid:84142107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.134.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279006/; classtype:trojan-activity;sid:84142106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.44.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279005/; classtype:trojan-activity;sid:84142105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.138.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279004/; classtype:trojan-activity;sid:84142104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.9.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279002/; classtype:trojan-activity;sid:84142102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.57.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279003/; classtype:trojan-activity;sid:84142103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.83.180.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279001/; classtype:trojan-activity;sid:84142101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.191.82.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279000/; classtype:trojan-activity;sid:84142100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278999/; classtype:trojan-activity;sid:84142099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.170.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278997/; classtype:trojan-activity;sid:84142097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.115.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278998/; classtype:trojan-activity;sid:84142098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278996/; classtype:trojan-activity;sid:84142096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.103.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278995/; classtype:trojan-activity;sid:84142095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23403268524597.dll"; depth:19; endswith; nocase; http.host; content:"94.159.113.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278994/; classtype:trojan-activity;sid:84142094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.243.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278993/; classtype:trojan-activity;sid:84142093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.101.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278992/; classtype:trojan-activity;sid:84142092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.21.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278990/; classtype:trojan-activity;sid:84142090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.45.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278991/; classtype:trojan-activity;sid:84142091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.46.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278989/; classtype:trojan-activity;sid:84142089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.227.109.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278988/; classtype:trojan-activity;sid:84142088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.180.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278987/; classtype:trojan-activity;sid:84142087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.163.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278986/; classtype:trojan-activity;sid:84142086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.163.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278985/; classtype:trojan-activity;sid:84142085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/199381765131946.dll"; depth:20; endswith; nocase; http.host; content:"94.159.113.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278984/; classtype:trojan-activity;sid:84142084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.122.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278983/; classtype:trojan-activity;sid:84142083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.179.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278982/; classtype:trojan-activity;sid:84142082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rom.bin"; depth:8; endswith; nocase; http.host; content:"iw.achulapo.ru.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278981/; classtype:trojan-activity;sid:84142081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.141.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278980/; classtype:trojan-activity;sid:84142080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.82.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278979/; classtype:trojan-activity;sid:84142079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.14.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278978/; classtype:trojan-activity;sid:84142078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278977/; classtype:trojan-activity;sid:84142077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278976/; classtype:trojan-activity;sid:84142076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.45.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278975/; classtype:trojan-activity;sid:84142075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.ini"; depth:6; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278973/; classtype:trojan-activity;sid:84142073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb.exe"; depth:8; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278974/; classtype:trojan-activity;sid:84142074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2.exe"; depth:7; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278969/; classtype:trojan-activity;sid:84142069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.bin"; depth:6; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278970/; classtype:trojan-activity;sid:84142070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.exe"; depth:7; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278971/; classtype:trojan-activity;sid:84142071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3.exe"; depth:7; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278972/; classtype:trojan-activity;sid:84142072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calc.bin"; depth:9; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278965/; classtype:trojan-activity;sid:84142065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278966/; classtype:trojan-activity;sid:84142066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.138.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278967/; classtype:trojan-activity;sid:84142067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trial.zip"; depth:10; endswith; nocase; http.host; content:"193.117.208.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278968/; classtype:trojan-activity;sid:84142068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nohup.out"; depth:10; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278962/; classtype:trojan-activity;sid:84142062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/py.txt"; depth:7; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278963/; classtype:trojan-activity;sid:84142063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.c"; depth:6; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278964/; classtype:trojan-activity;sid:84142064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278957/; classtype:trojan-activity;sid:84142057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.164.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278958/; classtype:trojan-activity;sid:84142058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/st.exe"; depth:7; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278959/; classtype:trojan-activity;sid:84142059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.209.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278960/; classtype:trojan-activity;sid:84142060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sam.exe"; depth:8; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278961/; classtype:trojan-activity;sid:84142061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.wds"; depth:10; endswith; nocase; http.host; content:"downsexv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278956/; classtype:trojan-activity;sid:84142056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.17.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278955/; classtype:trojan-activity;sid:84142055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278954/; classtype:trojan-activity;sid:84142054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.115.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278953/; classtype:trojan-activity;sid:84142053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/299cef131201faea/hack.exe"; depth:31; endswith; nocase; http.host; content:"anonsharing.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278952/; classtype:trojan-activity;sid:84142052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/217/wc/wecreatdbestthingswithgreatthingsentiretimeeverywheregoodhappy.hta"; depth:74; endswith; nocase; http.host; content:"192.3.193.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278951/; classtype:trojan-activity;sid:84142051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/s.rar"; depth:9; endswith; nocase; http.host; content:"61.75.156.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278950/; classtype:trojan-activity;sid:84142050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/4577.txt"; depth:12; endswith; nocase; http.host; content:"61.75.156.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278949/; classtype:trojan-activity;sid:84142049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/statup.sh"; depth:13; endswith; nocase; http.host; content:"61.75.156.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278947/; classtype:trojan-activity;sid:84142047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/mg.txt"; depth:10; endswith; nocase; http.host; content:"61.75.156.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278948/; classtype:trojan-activity;sid:84142048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.38.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278946/; classtype:trojan-activity;sid:84142046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.14.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278945/; classtype:trojan-activity;sid:84142045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.122.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278944/; classtype:trojan-activity;sid:84142044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.52.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278943/; classtype:trojan-activity;sid:84142043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.186.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278942/; classtype:trojan-activity;sid:84142042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.15.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278941/; classtype:trojan-activity;sid:84142041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278940/; classtype:trojan-activity;sid:84142040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.76.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278939/; classtype:trojan-activity;sid:84142039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.36.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278938/; classtype:trojan-activity;sid:84142038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.234.178.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278937/; classtype:trojan-activity;sid:84142037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.52.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278936/; classtype:trojan-activity;sid:84142036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278935/; classtype:trojan-activity;sid:84142035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.89.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278934/; classtype:trojan-activity;sid:84142034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.137.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278933/; classtype:trojan-activity;sid:84142033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.164.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278932/; classtype:trojan-activity;sid:84142032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.180.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278931/; classtype:trojan-activity;sid:84142031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.38.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278929/; classtype:trojan-activity;sid:84142029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.137.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278930/; classtype:trojan-activity;sid:84142030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwo.exe"; depth:8; endswith; nocase; http.host; content:"31.13.224.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278927/; classtype:trojan-activity;sid:84142027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lum.exe"; depth:8; endswith; nocase; http.host; content:"31.13.224.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278928/; classtype:trojan-activity;sid:84142028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.24.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278926/; classtype:trojan-activity;sid:84142026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.5.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278925/; classtype:trojan-activity;sid:84142025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.103.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278924/; classtype:trojan-activity;sid:84142024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.185.197.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278923/; classtype:trojan-activity;sid:84142023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.119.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278921/; classtype:trojan-activity;sid:84142021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.38.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278922/; classtype:trojan-activity;sid:84142022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278920/; classtype:trojan-activity;sid:84142020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.253.135.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278919/; classtype:trojan-activity;sid:84142019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278918/; classtype:trojan-activity;sid:84142018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.240.25.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278917/; classtype:trojan-activity;sid:84142017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.24.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278916/; classtype:trojan-activity;sid:84142016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.18.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278915/; classtype:trojan-activity;sid:84142015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.101.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278914/; classtype:trojan-activity;sid:84142014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idja/xktzvdeodajlmvn.exe"; depth:25; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278913/; classtype:trojan-activity;sid:84142013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b4b68059f902c42/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"95.215.204.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278911/; classtype:trojan-activity;sid:84142011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b4b68059f902c42/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278912/; classtype:trojan-activity;sid:84142012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b4b68059f902c42/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278909/; classtype:trojan-activity;sid:84142009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b4b68059f902c42/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278910/; classtype:trojan-activity;sid:84142010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b4b68059f902c42/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278906/; classtype:trojan-activity;sid:84142006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b4b68059f902c42/nss3.dll"; depth:26; endswith; nocase; http.host; content:"95.215.204.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278907/; classtype:trojan-activity;sid:84142007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b4b68059f902c42/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278908/; classtype:trojan-activity;sid:84142008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.12.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278905/; classtype:trojan-activity;sid:84142005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.251.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278904/; classtype:trojan-activity;sid:84142004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.124.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278903/; classtype:trojan-activity;sid:84142003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278902/; classtype:trojan-activity;sid:84142002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.txt"; depth:6; endswith; nocase; http.host; content:"154.8.139.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278901/; classtype:trojan-activity;sid:84142001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pop/petsd.txt"; depth:14; endswith; nocase; http.host; content:"gig.energymaxgrp.eu"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278900/; classtype:trojan-activity;sid:84142000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.txt"; depth:6; endswith; nocase; http.host; content:"154.8.139.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278899/; classtype:trojan-activity;sid:84141999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.109.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278898/; classtype:trojan-activity;sid:84141998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.253.135.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278897/; classtype:trojan-activity;sid:84141997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278887/; classtype:trojan-activity;sid:84141987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278888/; classtype:trojan-activity;sid:84141988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278889/; classtype:trojan-activity;sid:84141989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh"; depth:10; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278890/; classtype:trojan-activity;sid:84141990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278891/; classtype:trojan-activity;sid:84141991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278892/; classtype:trojan-activity;sid:84141992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278893/; classtype:trojan-activity;sid:84141993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278894/; classtype:trojan-activity;sid:84141994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278895/; classtype:trojan-activity;sid:84141995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278896/; classtype:trojan-activity;sid:84141996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278884/; classtype:trojan-activity;sid:84141984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278885/; classtype:trojan-activity;sid:84141985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278886/; classtype:trojan-activity;sid:84141986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278883/; classtype:trojan-activity;sid:84141983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.85.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278882/; classtype:trojan-activity;sid:84141982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm4"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278871/; classtype:trojan-activity;sid:84141971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sparc"; depth:13; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278872/; classtype:trojan-activity;sid:84141972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mips"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278873/; classtype:trojan-activity;sid:84141973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.m68k"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278874/; classtype:trojan-activity;sid:84141974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.ppc"; depth:11; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278875/; classtype:trojan-activity;sid:84141975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i586"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278876/; classtype:trojan-activity;sid:84141976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.sh"; depth:10; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278877/; classtype:trojan-activity;sid:84141977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278878/; classtype:trojan-activity;sid:84141978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.x86"; depth:11; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278879/; classtype:trojan-activity;sid:84141979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.mipsel"; depth:14; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278880/; classtype:trojan-activity;sid:84141980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm5"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278881/; classtype:trojan-activity;sid:84141981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.sh"; depth:7; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278870/; classtype:trojan-activity;sid:84141970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.35.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278869/; classtype:trojan-activity;sid:84141969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.246.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278868/; classtype:trojan-activity;sid:84141968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.181.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278867/; classtype:trojan-activity;sid:84141967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zrctpkmfwtgy5mahx8ka46ao5sdhfg6caw"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278866/; classtype:trojan-activity;sid:84141966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf95f9e2c9dd170d/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278865/; classtype:trojan-activity;sid:84141965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf95f9e2c9dd170d/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278864/; classtype:trojan-activity;sid:84141964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/7uuhotwn3znyjn3mag0rksfbuslhfkcsnd"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278851/; classtype:trojan-activity;sid:84141951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pcw4s4vd4bpbgjdkcwy2uurflanrvkm2ny"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278852/; classtype:trojan-activity;sid:84141952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ewamygiubxqspkht5n14xeseqymjalols5"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278853/; classtype:trojan-activity;sid:84141953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xx9i12zo46hzszkc1q7bjvo0sch5hvii40"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278854/; classtype:trojan-activity;sid:84141954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zwyn7ni7l3imnm1yiexbw13kgeabjpfrxl"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278855/; classtype:trojan-activity;sid:84141955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/blfzfwaqxrbairebizdakonutdcc39pq0w"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278856/; classtype:trojan-activity;sid:84141956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k0mamtanyyl15pesxexmqosq7bchf69l5c"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278857/; classtype:trojan-activity;sid:84141957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/j4eg2aavftrixsrssg6prpxp0w4lbtxsup"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278858/; classtype:trojan-activity;sid:84141958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xljklfqzgc2rda9wxpbinj3ssyrfnthbwe"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278859/; classtype:trojan-activity;sid:84141959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/w7sl9z5iffcejqubeqzrobcvczctisnuvx"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278860/; classtype:trojan-activity;sid:84141960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/z8hil2yzrmkalzqb1wymmjss7jxvnfkgjd"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278861/; classtype:trojan-activity;sid:84141961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278862/; classtype:trojan-activity;sid:84141962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fodwbuybd8b5iwvybqka4s7utpgtx3msvi"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278863/; classtype:trojan-activity;sid:84141963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dexcel.exe"; depth:11; endswith; nocase; http.host; content:"ggrtrew.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278850/; classtype:trojan-activity;sid:84141950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1st/1st.zip"; depth:12; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278849/; classtype:trojan-activity;sid:84141949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2nd.zip"; depth:8; endswith; nocase; http.host; content:"all-filehub.oss-ap-southeast-1.aliyuncs.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278848/; classtype:trojan-activity;sid:84141948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sep.zip"; depth:8; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278847/; classtype:trojan-activity;sid:84141947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updated%20file/getup.zip"; depth:25; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278846/; classtype:trojan-activity;sid:84141946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31st.zip"; depth:9; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278845/; classtype:trojan-activity;sid:84141945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/3yh8gdte.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278844/; classtype:trojan-activity;sid:84141944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drivers.zip"; depth:12; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278843/; classtype:trojan-activity;sid:84141943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updated%20file/para.zip"; depth:24; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278842/; classtype:trojan-activity;sid:84141942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easy.zip"; depth:9; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278841/; classtype:trojan-activity;sid:84141941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2nd-new-build3.txt"; depth:19; endswith; nocase; http.host; content:"all-filehub.oss-ap-southeast-1.aliyuncs.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278839/; classtype:trojan-activity;sid:84141939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278840/; classtype:trojan-activity;sid:84141940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2nd.txt"; depth:8; endswith; nocase; http.host; content:"all-filehub.oss-ap-southeast-1.aliyuncs.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278838/; classtype:trojan-activity;sid:84141938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.txt"; depth:6; endswith; nocase; http.host; content:"154.8.139.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278836/; classtype:trojan-activity;sid:84141936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pop/petsd.txt"; depth:14; endswith; nocase; http.host; content:"gig.energymaxgrp.eu"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278837/; classtype:trojan-activity;sid:84141937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build-v2-31st.txt"; depth:18; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278834/; classtype:trojan-activity;sid:84141934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yjclpwacayybmdenyrlnarext174.bin"; depth:33; endswith; nocase; http.host; content:"212.162.149.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278835/; classtype:trojan-activity;sid:84141935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/jb4w5s2l.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278826/; classtype:trojan-activity;sid:84141926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updated%20file/getup.txt"; depth:25; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278827/; classtype:trojan-activity;sid:84141927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/6nteyex7.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278828/; classtype:trojan-activity;sid:84141928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1st/1st-baba.txt"; depth:17; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278829/; classtype:trojan-activity;sid:84141929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updated%20file/para.txt"; depth:24; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278830/; classtype:trojan-activity;sid:84141930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drivers-v1.txt"; depth:15; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278831/; classtype:trojan-activity;sid:84141931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updated%20file/paracms.txt"; depth:27; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278832/; classtype:trojan-activity;sid:84141932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easy-v1.txt"; depth:12; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278833/; classtype:trojan-activity;sid:84141933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.234.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278825/; classtype:trojan-activity;sid:84141925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.14.217"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278824/; classtype:trojan-activity;sid:84141924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arc"; depth:40; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278821/; classtype:trojan-activity;sid:84141921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.i686"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278822/; classtype:trojan-activity;sid:84141922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiroz3x.sh"; depth:11; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278823/; classtype:trojan-activity;sid:84141923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.m68k"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278819/; classtype:trojan-activity;sid:84141919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.sh4"; depth:40; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278820/; classtype:trojan-activity;sid:84141920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278818/; classtype:trojan-activity;sid:84141918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.106.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278817/; classtype:trojan-activity;sid:84141917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.74.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278816/; classtype:trojan-activity;sid:84141916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.x86"; depth:40; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278814/; classtype:trojan-activity;sid:84141914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.spc"; depth:40; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278815/; classtype:trojan-activity;sid:84141915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/hh0r0zx00x.ppc"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278812/; classtype:trojan-activity;sid:84141912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.x86_64"; depth:43; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278813/; classtype:trojan-activity;sid:84141913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm7"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278811/; classtype:trojan-activity;sid:84141911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.mpsl"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278809/; classtype:trojan-activity;sid:84141909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.mips"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278810/; classtype:trojan-activity;sid:84141910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.101.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278808/; classtype:trojan-activity;sid:84141908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm6"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278807/; classtype:trojan-activity;sid:84141907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm5"; depth:41; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278806/; classtype:trojan-activity;sid:84141906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.85.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278805/; classtype:trojan-activity;sid:84141905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm"; depth:40; endswith; nocase; http.host; content:"45.13.227.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278804/; classtype:trojan-activity;sid:84141904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.48.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278803/; classtype:trojan-activity;sid:84141903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278802/; classtype:trojan-activity;sid:84141902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.234.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278801/; classtype:trojan-activity;sid:84141901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278800/; classtype:trojan-activity;sid:84141900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.59.106.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278799/; classtype:trojan-activity;sid:84141899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.92.247.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278798/; classtype:trojan-activity;sid:84141898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.233.189.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278797/; classtype:trojan-activity;sid:84141897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.213.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278796/; classtype:trojan-activity;sid:84141896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.74.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278795/; classtype:trojan-activity;sid:84141895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278794/; classtype:trojan-activity;sid:84141894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.88.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278793/; classtype:trojan-activity;sid:84141893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.214.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278791/; classtype:trojan-activity;sid:84141891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.76.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278792/; classtype:trojan-activity;sid:84141892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.245.2.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278790/; classtype:trojan-activity;sid:84141890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278789/; classtype:trojan-activity;sid:84141889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.153.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278788/; classtype:trojan-activity;sid:84141888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getsetup3rd.zip"; depth:16; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278787/; classtype:trojan-activity;sid:84141887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getsetup3rd.txt"; depth:16; endswith; nocase; http.host; content:"zip-store.oss-ap-southeast-1.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278786/; classtype:trojan-activity;sid:84141886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getsetup3rd.txt"; depth:16; endswith; nocase; http.host; content:"trx11.b-cdn.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278785/; classtype:trojan-activity;sid:84141885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v4setup.txt"; depth:12; endswith; nocase; http.host; content:"pub-d6448def2aba44ce96071bebcc1ce641.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278782/; classtype:trojan-activity;sid:84141882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perceive3.txt"; depth:14; endswith; nocase; http.host; content:"gochop.b-cdn.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278783/; classtype:trojan-activity;sid:84141883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1st/jm.txt"; depth:11; endswith; nocase; http.host; content:"steppingfrpage.b-cdn.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278784/; classtype:trojan-activity;sid:84141884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soapthis.zip"; depth:13; endswith; nocase; http.host; content:"sdsdfzipo.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278781/; classtype:trojan-activity;sid:84141881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getsetup3rd.zip"; depth:16; endswith; nocase; http.host; content:"pub-d6448def2aba44ce96071bebcc1ce641.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278780/; classtype:trojan-activity;sid:84141880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.45.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278778/; classtype:trojan-activity;sid:84141878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirakaz.zip"; depth:12; endswith; nocase; http.host; content:"deco-properties.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278779/; classtype:trojan-activity;sid:84141879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278775/; classtype:trojan-activity;sid:84141875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newadv.zip"; depth:11; endswith; nocase; http.host; content:"cnnctzov1.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278776/; classtype:trojan-activity;sid:84141876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemfilenew.zip"; depth:18; endswith; nocase; http.host; content:"newsystem-checkz.b-cdn.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278777/; classtype:trojan-activity;sid:84141877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.107.158.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278774/; classtype:trojan-activity;sid:84141874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/15283339/dler214.exe"; depth:24; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278770/; classtype:trojan-activity;sid:84141870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baks/cuverif.txt"; depth:17; endswith; nocase; http.host; content:"bukfjs17hds.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278771/; classtype:trojan-activity;sid:84141871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxt/jm.txt"; depth:11; endswith; nocase; http.host; content:"cnnctzov1.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278772/; classtype:trojan-activity;sid:84141872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/humansetup-v2.txt"; depth:18; endswith; nocase; http.host; content:"newsystem-checkt.b-cdn.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278773/; classtype:trojan-activity;sid:84141873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"jqpc.strategies.mvpstrat.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278769/; classtype:trojan-activity;sid:84141869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.19.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278768/; classtype:trojan-activity;sid:84141868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.25.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278767/; classtype:trojan-activity;sid:84141867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278766/; classtype:trojan-activity;sid:84141866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.223.160.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278765/; classtype:trojan-activity;sid:84141865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.141.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278764/; classtype:trojan-activity;sid:84141864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278763/; classtype:trojan-activity;sid:84141863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.153.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278762/; classtype:trojan-activity;sid:84141862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278761/; classtype:trojan-activity;sid:84141861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.14.57.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278760/; classtype:trojan-activity;sid:84141860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.19.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278759/; classtype:trojan-activity;sid:84141859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.156.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278758/; classtype:trojan-activity;sid:84141858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.131.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278757/; classtype:trojan-activity;sid:84141857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zdhgw211.bin"; depth:13; endswith; nocase; http.host; content:"212.162.149.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278756/; classtype:trojan-activity;sid:84141856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akpvdemivexbx168.bin"; depth:21; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278754/; classtype:trojan-activity;sid:84141854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnnkmxenjbqye47.bin"; depth:20; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278755/; classtype:trojan-activity;sid:84141855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.61.55.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278753/; classtype:trojan-activity;sid:84141853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278752/; classtype:trojan-activity;sid:84141852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.72.30.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278751/; classtype:trojan-activity;sid:84141851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.188.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278749/; classtype:trojan-activity;sid:84141849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.250.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278750/; classtype:trojan-activity;sid:84141850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.223.160.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278748/; classtype:trojan-activity;sid:84141848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.62.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278747/; classtype:trojan-activity;sid:84141847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.64.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278746/; classtype:trojan-activity;sid:84141846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/duncanadvancement.exe"; depth:28; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278745/; classtype:trojan-activity;sid:84141845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.255.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278744/; classtype:trojan-activity;sid:84141844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.147.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278743/; classtype:trojan-activity;sid:84141843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.232.212.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278742/; classtype:trojan-activity;sid:84141842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.25.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278741/; classtype:trojan-activity;sid:84141841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.62.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278740/; classtype:trojan-activity;sid:84141840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.240.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278739/; classtype:trojan-activity;sid:84141839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/7uuhotwn3znyjn3mag0rksfbuslhfkcsnd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278738/; classtype:trojan-activity;sid:84141838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.219.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278737/; classtype:trojan-activity;sid:84141837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ewamygiubxqspkht5n14xeseqymjalols5"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278723/; classtype:trojan-activity;sid:84141823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xljklfqzgc2rda9wxpbinj3ssyrfnthbwe"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278724/; classtype:trojan-activity;sid:84141824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/w7sl9z5iffcejqubeqzrobcvczctisnuvx"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278725/; classtype:trojan-activity;sid:84141825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4cqwpov0dckqzuda6r2ybvpx4tufzlhnaj"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278726/; classtype:trojan-activity;sid:84141826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/z8hil2yzrmkalzqb1wymmjss7jxvnfkgjd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278727/; classtype:trojan-activity;sid:84141827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zrctpkmfwtgy5mahx8ka46ao5sdhfg6caw"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278728/; classtype:trojan-activity;sid:84141828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xx9i12zo46hzszkc1q7bjvo0sch5hvii40"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278729/; classtype:trojan-activity;sid:84141829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k0mamtanyyl15pesxexmqosq7bchf69l5c"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278730/; classtype:trojan-activity;sid:84141830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/blfzfwaqxrbairebizdakonutdcc39pq0w"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278731/; classtype:trojan-activity;sid:84141831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zwyn7ni7l3imnm1yiexbw13kgeabjpfrxl"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278732/; classtype:trojan-activity;sid:84141832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fodwbuybd8b5iwvybqka4s7utpgtx3msvi"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278733/; classtype:trojan-activity;sid:84141833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/j4eg2aavftrixsrssg6prpxp0w4lbtxsup"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278734/; classtype:trojan-activity;sid:84141834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pcw4s4vd4bpbgjdkcwy2uurflanrvkm2ny"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278735/; classtype:trojan-activity;sid:84141835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.156.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278736/; classtype:trojan-activity;sid:84141836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.218.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278722/; classtype:trojan-activity;sid:84141822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.188.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278721/; classtype:trojan-activity;sid:84141821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defz/defd.zip"; depth:14; endswith; nocase; http.host; content:"fotoplaza-sciencehive.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278720/; classtype:trojan-activity;sid:84141820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defz/defc.zip"; depth:14; endswith; nocase; http.host; content:"fotoplaza-sciencehive.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278718/; classtype:trojan-activity;sid:84141818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defz/defb.zip"; depth:14; endswith; nocase; http.host; content:"fotoplaza-sciencehive.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278719/; classtype:trojan-activity;sid:84141819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.208.230.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278717/; classtype:trojan-activity;sid:84141817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.37.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278715/; classtype:trojan-activity;sid:84141815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.240.139.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278716/; classtype:trojan-activity;sid:84141816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.5.147.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278712/; classtype:trojan-activity;sid:84141812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.51.173.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278713/; classtype:trojan-activity;sid:84141813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.190.25.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278714/; classtype:trojan-activity;sid:84141814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.9.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278711/; classtype:trojan-activity;sid:84141811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.200.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278710/; classtype:trojan-activity;sid:84141810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.96.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278709/; classtype:trojan-activity;sid:84141809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.93.175.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278707/; classtype:trojan-activity;sid:84141807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.198.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278708/; classtype:trojan-activity;sid:84141808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.150.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278706/; classtype:trojan-activity;sid:84141806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.93.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278705/; classtype:trojan-activity;sid:84141805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.155.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278704/; classtype:trojan-activity;sid:84141804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.45.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278703/; classtype:trojan-activity;sid:84141803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.250.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278702/; classtype:trojan-activity;sid:84141802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.189.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278701/; classtype:trojan-activity;sid:84141801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.145.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278700/; classtype:trojan-activity;sid:84141800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winpeas.bat"; depth:12; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278699/; classtype:trojan-activity;sid:84141799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa7tvl58p96nhpkuh37f.bin"; depth:25; endswith; nocase; http.host; content:"cdn1.pixel-story.shop"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278698/; classtype:trojan-activity;sid:84141798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winpeasx64.exe"; depth:15; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278697/; classtype:trojan-activity;sid:84141797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound-v2.5.8.zip"; depth:22; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278696/; classtype:trojan-activity;sid:84141796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/777/km1ohr7.exe"; depth:16; endswith; nocase; http.host; content:"mxbook17.cfd"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278695/; classtype:trojan-activity;sid:84141795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound.exe"; depth:15; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278694/; classtype:trojan-activity;sid:84141794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimikatz.exe"; depth:13; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278693/; classtype:trojan-activity;sid:84141793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rubeus.exe"; depth:11; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278690/; classtype:trojan-activity;sid:84141790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound.ps1"; depth:15; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278691/; classtype:trojan-activity;sid:84141791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/responder.exe"; depth:14; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278692/; classtype:trojan-activity;sid:84141792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x64.bin"; depth:14; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278682/; classtype:trojan-activity;sid:84141782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enc"; depth:4; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278683/; classtype:trojan-activity;sid:84141783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.net.http.dll"; depth:20; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278684/; classtype:trojan-activity;sid:84141784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.console.dll"; depth:19; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278685/; classtype:trojan-activity;sid:84141785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debugview.zip"; depth:14; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278686/; classtype:trojan-activity;sid:84141786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound.pdb"; depth:15; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278687/; classtype:trojan-activity;sid:84141787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/www"; depth:4; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278688/; classtype:trojan-activity;sid:84141788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/locker.exe"; depth:11; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278689/; classtype:trojan-activity;sid:84141789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lock.exe"; depth:9; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278680/; classtype:trojan-activity;sid:84141780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.diagnostics.tracing.dll"; depth:31; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278681/; classtype:trojan-activity;sid:84141781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inerr.ps1"; depth:10; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278679/; classtype:trojan-activity;sid:84141779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound.exe.config"; depth:22; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278676/; classtype:trojan-activity;sid:84141776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerview.ps1"; depth:14; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278677/; classtype:trojan-activity;sid:84141777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klist.txt"; depth:10; endswith; nocase; http.host; content:"80.76.51.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278678/; classtype:trojan-activity;sid:84141778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sk.exe"; depth:7; endswith; nocase; http.host; content:"ricjenbony.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278675/; classtype:trojan-activity;sid:84141775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rip.exe"; depth:8; endswith; nocase; http.host; content:"ricjenbony.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278674/; classtype:trojan-activity;sid:84141774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stager.woff"; depth:12; endswith; nocase; http.host; content:"185.247.224.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278673/; classtype:trojan-activity;sid:84141773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stager.woff"; depth:12; endswith; nocase; http.host; content:"185.247.224.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278672/; classtype:trojan-activity;sid:84141772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa7tvl58p96nhpkuh37f.bin"; depth:25; endswith; nocase; http.host; content:"cdn4.creative-habitat.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278671/; classtype:trojan-activity;sid:84141771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/configuredinstallerexe.exe"; depth:27; endswith; nocase; http.host; content:"ricjenbony.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278670/; classtype:trojan-activity;sid:84141770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; depth:97; endswith; nocase; http.host; content:"disk.accord1key.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/beacon.exe"; depth:16; endswith; nocase; http.host; content:"thegibson.co.za"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278668/; classtype:trojan-activity;sid:84141768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xc.exe"; depth:7; endswith; nocase; http.host; content:"ricjenbony.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278665/; classtype:trojan-activity;sid:84141765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pekemum.exe"; depth:12; endswith; nocase; http.host; content:"ricjenbony.xyz"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278666/; classtype:trojan-activity;sid:84141766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defz/defa.zip"; depth:14; endswith; nocase; http.host; content:"fotoplaza-sciencehive.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278667/; classtype:trojan-activity;sid:84141767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsijkens8e/raw"; depth:15; endswith; nocase; http.host; content:"tech-tribune.online"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278664/; classtype:trojan-activity;sid:84141764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr_cp_sh"; depth:10; endswith; nocase; http.host; content:"cdn2.creative-habitat.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278663/; classtype:trojan-activity;sid:84141763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278659/; classtype:trojan-activity;sid:84141759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278660/; classtype:trojan-activity;sid:84141760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g9jvjfd73/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"moviecentral-petparade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278661/; classtype:trojan-activity;sid:84141761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g9jvjfd73/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"moviecentral-petparade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278662/; classtype:trojan-activity;sid:84141762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g9jvjfd73/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"moviecentral-petparade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278657/; classtype:trojan-activity;sid:84141757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g9jvjfd73/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"moviecentral-petparade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278658/; classtype:trojan-activity;sid:84141758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.229.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278656/; classtype:trojan-activity;sid:84141756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.116.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278655/; classtype:trojan-activity;sid:84141755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.169.234.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278654/; classtype:trojan-activity;sid:84141754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.108.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278653/; classtype:trojan-activity;sid:84141753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.138.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278652/; classtype:trojan-activity;sid:84141752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.249.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278651/; classtype:trojan-activity;sid:84141751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.173.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278650/; classtype:trojan-activity;sid:84141750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.53.148.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278649/; classtype:trojan-activity;sid:84141749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sxqnmytm.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278648/; classtype:trojan-activity;sid:84141748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.189.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278647/; classtype:trojan-activity;sid:84141747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.84.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278646/; classtype:trojan-activity;sid:84141746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.155.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278645/; classtype:trojan-activity;sid:84141745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278643/; classtype:trojan-activity;sid:84141743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.45.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278644/; classtype:trojan-activity;sid:84141744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.145.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278642/; classtype:trojan-activity;sid:84141742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.235.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278641/; classtype:trojan-activity;sid:84141741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.232.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278640/; classtype:trojan-activity;sid:84141740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.128.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278639/; classtype:trojan-activity;sid:84141739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wpf4j3zu2hm2okerofyz0rjvxjfgm6bgsq"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278626/; classtype:trojan-activity;sid:84141726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fqeoom3x8lrwxw1wgkpq7amodrpioppb3f"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278627/; classtype:trojan-activity;sid:84141727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/5cttclhbvajil9nbsk6njudqnukuhlgvem"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278628/; classtype:trojan-activity;sid:84141728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/slxap23tlnmdotejaydtswauowl8awe0ay"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278629/; classtype:trojan-activity;sid:84141729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bupeocjfprtkqzelmm94bchijhgdl3bbl5"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278630/; classtype:trojan-activity;sid:84141730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/8restadmbcmeurufqpyytoyhfmyodtgdgz"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278631/; classtype:trojan-activity;sid:84141731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/b2ndqmgigxgmym7gpynk40tpihn8srgeuw"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278632/; classtype:trojan-activity;sid:84141732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/f5okq3rjsakuhtvplg2yrcyucbytqq9hkg"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278633/; classtype:trojan-activity;sid:84141733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/uaazsaxso87kkfnzrcia1xnbvjhesxa4fx"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278634/; classtype:trojan-activity;sid:84141734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/q2coitynz9jjimihqulckzocogf1iqj2tw"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278635/; classtype:trojan-activity;sid:84141735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/efheub2iqproigh3xr2y4kcjtxny8udeex"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278636/; classtype:trojan-activity;sid:84141736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mjn62ma381jsnwxqmwq7h88nqy12gs09pc"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278637/; classtype:trojan-activity;sid:84141737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdkvkfom7ztkd3mttuscdcpxvtx5yflchk"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278638/; classtype:trojan-activity;sid:84141738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.114.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278625/; classtype:trojan-activity;sid:84141725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.252.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278624/; classtype:trojan-activity;sid:84141724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/liawmxcpz55e9bghimszlchkwdwj8bjguo"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278623/; classtype:trojan-activity;sid:84141723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.9.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278622/; classtype:trojan-activity;sid:84141722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278621/; classtype:trojan-activity;sid:84141721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.125.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278620/; classtype:trojan-activity;sid:84141720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.137.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278619/; classtype:trojan-activity;sid:84141719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.164.231.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278618/; classtype:trojan-activity;sid:84141718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.29.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278617/; classtype:trojan-activity;sid:84141717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.86.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278616/; classtype:trojan-activity;sid:84141716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.4.162.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278615/; classtype:trojan-activity;sid:84141715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.235.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278614/; classtype:trojan-activity;sid:84141714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278613/; classtype:trojan-activity;sid:84141713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.183.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278612/; classtype:trojan-activity;sid:84141712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.187.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278611/; classtype:trojan-activity;sid:84141711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278610/; classtype:trojan-activity;sid:84141710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.55.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278609/; classtype:trojan-activity;sid:84141709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.246.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278608/; classtype:trojan-activity;sid:84141708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.97.113.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278607/; classtype:trojan-activity;sid:84141707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.255.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278606/; classtype:trojan-activity;sid:84141706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.14.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278605/; classtype:trojan-activity;sid:84141705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.96.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278604/; classtype:trojan-activity;sid:84141704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.139.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278603/; classtype:trojan-activity;sid:84141703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.57.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278602/; classtype:trojan-activity;sid:84141702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278601/; classtype:trojan-activity;sid:84141701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.184.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278600/; classtype:trojan-activity;sid:84141700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278599/; classtype:trojan-activity;sid:84141699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.86.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278598/; classtype:trojan-activity;sid:84141698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.100.172.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278597/; classtype:trojan-activity;sid:84141697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.205.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278596/; classtype:trojan-activity;sid:84141696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.246.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278595/; classtype:trojan-activity;sid:84141695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.140.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278594/; classtype:trojan-activity;sid:84141694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.14.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278593/; classtype:trojan-activity;sid:84141693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278592/; classtype:trojan-activity;sid:84141692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278591/; classtype:trojan-activity;sid:84141691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.184.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278590/; classtype:trojan-activity;sid:84141690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.62.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278589/; classtype:trojan-activity;sid:84141689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.231.49.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278588/; classtype:trojan-activity;sid:84141688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.56.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278587/; classtype:trojan-activity;sid:84141687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.51.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278586/; classtype:trojan-activity;sid:84141686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/refs/heads/main/jerniuiopu.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278584/; classtype:trojan-activity;sid:84141684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278585/; classtype:trojan-activity;sid:84141685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itschangat/test/refs/heads/main/server.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278583/; classtype:trojan-activity;sid:84141683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.156.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278582/; classtype:trojan-activity;sid:84141682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe%e6%b3%a8%e5%85%a5shellcode.rar"; depth:34; endswith; nocase; http.host; content:"27.102.130.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278581/; classtype:trojan-activity;sid:84141681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setnotif01/anythingorderpro.zip"; depth:32; endswith; nocase; http.host; content:"31.58.137.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278580/; classtype:trojan-activity;sid:84141680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/felikzig/wdt/refs/heads/main/collosalloader.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278579/; classtype:trojan-activity;sid:84141679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kami32x/osiris/refs/heads/main/2klz.zip"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278577/; classtype:trojan-activity;sid:84141677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setnotif03/pieceuncommonpro.zip"; depth:32; endswith; nocase; http.host; content:"31.58.137.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278572/; classtype:trojan-activity;sid:84141672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realgamer007/loaders/main/dxwebsetup.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278574/; classtype:trojan-activity;sid:84141674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/endity123/fivem-spoofer/main/reaper%20cfx%20spoofer%20v2.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278575/; classtype:trojan-activity;sid:84141675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setnotif02/hourprojections.zip"; depth:31; endswith; nocase; http.host; content:"31.58.137.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278564/; classtype:trojan-activity;sid:84141664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g5xh/script/refs/heads/main/1.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278565/; classtype:trojan-activity;sid:84141665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unix-cmd/dev/main/discord.zip"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278566/; classtype:trojan-activity;sid:84141666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setnotif03/vbtknfzvyd.vdf"; depth:26; endswith; nocase; http.host; content:"31.58.137.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278568/; classtype:trojan-activity;sid:84141668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setnotif03/slldrblnmls.vdf"; depth:27; endswith; nocase; http.host; content:"31.58.137.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278569/; classtype:trojan-activity;sid:84141669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cavxsy/crazy.spoofer/refs/heads/main/loader.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278570/; classtype:trojan-activity;sid:84141670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.bin"; depth:12; endswith; nocase; http.host; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278571/; classtype:trojan-activity;sid:84141671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.96.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278563/; classtype:trojan-activity;sid:84141663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odin.exe"; depth:9; endswith; nocase; http.host; content:"bcommo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278562/; classtype:trojan-activity;sid:84141662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setnotif04/fastreducepro.zip"; depth:29; endswith; nocase; http.host; content:"31.58.137.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278561/; classtype:trojan-activity;sid:84141661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skibidisigmer/fncleanerv2/releases/download/cleanerv2/cleanerv2.exe"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278559/; classtype:trojan-activity;sid:84141659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sleepysnz/skibidi/archive/refs/heads/main.zip"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278560/; classtype:trojan-activity;sid:84141660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/jerniuiopu.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278555/; classtype:trojan-activity;sid:84141655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.pdf"; depth:8; endswith; nocase; http.host; content:"152.67.4.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278556/; classtype:trojan-activity;sid:84141656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g5xh/script/raw/refs/heads/main/1.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278557/; classtype:trojan-activity;sid:84141657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/hbfgjhhesfd.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278554/; classtype:trojan-activity;sid:84141654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newdownload.exe"; depth:16; endswith; nocase; http.host; content:"152.67.4.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278552/; classtype:trojan-activity;sid:84141652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"152.67.4.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278553/; classtype:trojan-activity;sid:84141653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e5%8d%a1%e5%af%86%e7%94%9f%e6%88%90%e5%99%a8.exe"; depth:50; endswith; nocase; http.host; content:"47.113.120.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278551/; classtype:trojan-activity;sid:84141651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sxqnmytm.exe"; depth:13; endswith; nocase; http.host; content:"sosipisos.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278550/; classtype:trojan-activity;sid:84141650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/40904.exe"; depth:19; endswith; nocase; http.host; content:"originaldll.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278549/; classtype:trojan-activity;sid:84141649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfj38chcw/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"93.123.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278546/; classtype:trojan-activity;sid:84141646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfj38chcw/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"93.123.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278547/; classtype:trojan-activity;sid:84141647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfj38chcw/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"93.123.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278548/; classtype:trojan-activity;sid:84141648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfj38chcw/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"93.123.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278545/; classtype:trojan-activity;sid:84141645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ndshog3cwa/plugins/cred.dll"; depth:29; endswith; nocase; http.host; content:"45.93.20.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278543/; classtype:trojan-activity;sid:84141643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itschangat/test/raw/refs/heads/main/server.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278544/; classtype:trojan-activity;sid:84141644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ndshog3cwa/plugins/clip.dll"; depth:29; endswith; nocase; http.host; content:"45.93.20.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278542/; classtype:trojan-activity;sid:84141642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nfjxzzz8jn/plugins/cred.dll"; depth:28; endswith; nocase; http.host; content:"dukastotranza.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278540/; classtype:trojan-activity;sid:84141640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nfjxzzz8jn/plugins/clip.dll"; depth:28; endswith; nocase; http.host; content:"dukastotranza.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278541/; classtype:trojan-activity;sid:84141641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.162.157.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278539/; classtype:trojan-activity;sid:84141639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.68.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278538/; classtype:trojan-activity;sid:84141638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.64.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278537/; classtype:trojan-activity;sid:84141637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.229.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278536/; classtype:trojan-activity;sid:84141636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.110.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278535/; classtype:trojan-activity;sid:84141635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.65.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278534/; classtype:trojan-activity;sid:84141634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278533/; classtype:trojan-activity;sid:84141633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.145.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278532/; classtype:trojan-activity;sid:84141632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.18.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278531/; classtype:trojan-activity;sid:84141631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.239.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278530/; classtype:trojan-activity;sid:84141630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278529/; classtype:trojan-activity;sid:84141629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.230.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278528/; classtype:trojan-activity;sid:84141628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.165.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278527/; classtype:trojan-activity;sid:84141627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.182.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278526/; classtype:trojan-activity;sid:84141626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.162.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278525/; classtype:trojan-activity;sid:84141625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.208.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278524/; classtype:trojan-activity;sid:84141624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278523/; classtype:trojan-activity;sid:84141623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.17.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278522/; classtype:trojan-activity;sid:84141622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.162.157.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278521/; classtype:trojan-activity;sid:84141621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.110.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278520/; classtype:trojan-activity;sid:84141620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.232.187.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278519/; classtype:trojan-activity;sid:84141619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.220.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278518/; classtype:trojan-activity;sid:84141618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.247.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278517/; classtype:trojan-activity;sid:84141617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.165.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278516/; classtype:trojan-activity;sid:84141616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.220.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278515/; classtype:trojan-activity;sid:84141615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.160.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278514/; classtype:trojan-activity;sid:84141614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.159.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278513/; classtype:trojan-activity;sid:84141613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278512/; classtype:trojan-activity;sid:84141612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.225.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278511/; classtype:trojan-activity;sid:84141611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278510/; classtype:trojan-activity;sid:84141610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.213.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278509/; classtype:trojan-activity;sid:84141609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.68.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278507/; classtype:trojan-activity;sid:84141607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.17.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278508/; classtype:trojan-activity;sid:84141608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.96.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278506/; classtype:trojan-activity;sid:84141606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.247.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278505/; classtype:trojan-activity;sid:84141605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.240.25.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278504/; classtype:trojan-activity;sid:84141604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.40.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278503/; classtype:trojan-activity;sid:84141603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.51.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278502/; classtype:trojan-activity;sid:84141602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.30.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278501/; classtype:trojan-activity;sid:84141601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.138.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278500/; classtype:trojan-activity;sid:84141600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.149.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278499/; classtype:trojan-activity;sid:84141599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.92.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278497/; classtype:trojan-activity;sid:84141597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.217.245.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278498/; classtype:trojan-activity;sid:84141598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.48.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278496/; classtype:trojan-activity;sid:84141596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.123.102.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278495/; classtype:trojan-activity;sid:84141595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.47.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278494/; classtype:trojan-activity;sid:84141594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.182.130.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278493/; classtype:trojan-activity;sid:84141593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.108.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278492/; classtype:trojan-activity;sid:84141592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278491/; classtype:trojan-activity;sid:84141591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.81.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278489/; classtype:trojan-activity;sid:84141589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.220.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278490/; classtype:trojan-activity;sid:84141590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.185.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278488/; classtype:trojan-activity;sid:84141588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.130.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278487/; classtype:trojan-activity;sid:84141587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278486/; classtype:trojan-activity;sid:84141586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.22.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278485/; classtype:trojan-activity;sid:84141585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.185.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278484/; classtype:trojan-activity;sid:84141584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.176.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278483/; classtype:trojan-activity;sid:84141583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278482/; classtype:trojan-activity;sid:84141582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.120.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278481/; classtype:trojan-activity;sid:84141581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.60.235.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278480/; classtype:trojan-activity;sid:84141580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.249.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278479/; classtype:trojan-activity;sid:84141579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278478/; classtype:trojan-activity;sid:84141578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.203.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278476/; classtype:trojan-activity;sid:84141576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.30.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278477/; classtype:trojan-activity;sid:84141577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.35.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278475/; classtype:trojan-activity;sid:84141575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.67.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278474/; classtype:trojan-activity;sid:84141574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.93.44.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278473/; classtype:trojan-activity;sid:84141573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.9.61"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278470/; classtype:trojan-activity;sid:84141570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.73.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278471/; classtype:trojan-activity;sid:84141571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.130.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278472/; classtype:trojan-activity;sid:84141572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.177.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278469/; classtype:trojan-activity;sid:84141569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.143.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278468/; classtype:trojan-activity;sid:84141568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.255.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278467/; classtype:trojan-activity;sid:84141567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"31.58.137.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278464/; classtype:trojan-activity;sid:84141564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"31.58.137.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278465/; classtype:trojan-activity;sid:84141565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/nss3.dll"; depth:26; endswith; nocase; http.host; content:"31.58.137.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278466/; classtype:trojan-activity;sid:84141566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"31.58.137.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278461/; classtype:trojan-activity;sid:84141561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"31.58.137.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278462/; classtype:trojan-activity;sid:84141562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"31.58.137.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278463/; classtype:trojan-activity;sid:84141563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2938eb1cc484fea4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"83.222.191.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278453/; classtype:trojan-activity;sid:84141553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2938eb1cc484fea4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"83.222.191.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278454/; classtype:trojan-activity;sid:84141554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2938eb1cc484fea4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"83.222.191.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278455/; classtype:trojan-activity;sid:84141555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2938eb1cc484fea4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"83.222.191.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278456/; classtype:trojan-activity;sid:84141556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2938eb1cc484fea4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"83.222.191.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278457/; classtype:trojan-activity;sid:84141557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2938eb1cc484fea4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"83.222.191.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278458/; classtype:trojan-activity;sid:84141558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2938eb1cc484fea4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"83.222.191.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278459/; classtype:trojan-activity;sid:84141559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"31.58.137.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278460/; classtype:trojan-activity;sid:84141560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.176.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278452/; classtype:trojan-activity;sid:84141552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/vcruntime140.dll|3f|z"; depth:39; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278451/; classtype:trojan-activity;sid:84141551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278450/; classtype:trojan-activity;sid:84141550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.123.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278449/; classtype:trojan-activity;sid:84141549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.120.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278448/; classtype:trojan-activity;sid:84141548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.214.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278447/; classtype:trojan-activity;sid:84141547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.43.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278446/; classtype:trojan-activity;sid:84141546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.89.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278445/; classtype:trojan-activity;sid:84141545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278443/; classtype:trojan-activity;sid:84141543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.135.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278444/; classtype:trojan-activity;sid:84141544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xworr.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278441/; classtype:trojan-activity;sid:84141541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/t.txt"; depth:8; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278442/; classtype:trojan-activity;sid:84141542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/jamah00.txt"; depth:23; endswith; nocase; http.host; content:"aarzoomarine.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278440/; classtype:trojan-activity;sid:84141540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/ujs.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278439/; classtype:trojan-activity;sid:84141539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yhvnc.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278438/; classtype:trojan-activity;sid:84141538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/l.txt"; depth:8; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278436/; classtype:trojan-activity;sid:84141536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/krabbit.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278437/; classtype:trojan-activity;sid:84141537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yprevhvnc.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278432/; classtype:trojan-activity;sid:84141532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/rxwrm.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278433/; classtype:trojan-activity;sid:84141533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/hvnc.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278434/; classtype:trojan-activity;sid:84141534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/kek.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278435/; classtype:trojan-activity;sid:84141535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/hmbk.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278426/; classtype:trojan-activity;sid:84141526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/hnvc1nm.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278427/; classtype:trojan-activity;sid:84141527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/ybitra.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278428/; classtype:trojan-activity;sid:84141528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/phvnc.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278429/; classtype:trojan-activity;sid:84141529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/hjustvsv.txt"; depth:15; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278430/; classtype:trojan-activity;sid:84141530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/pbitsd.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278431/; classtype:trojan-activity;sid:84141531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwormsds.txt"; depth:15; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278422/; classtype:trojan-activity;sid:84141522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yremcom.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278423/; classtype:trojan-activity;sid:84141523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/ymbk.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278424/; classtype:trojan-activity;sid:84141524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/uremc.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278425/; classtype:trojan-activity;sid:84141525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/sxr.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278416/; classtype:trojan-activity;sid:84141516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/ujsat.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278417/; classtype:trojan-activity;sid:84141517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/jajyqg.wav"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278418/; classtype:trojan-activity;sid:84141518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/vhufuopbuwb.mp3"; depth:18; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278419/; classtype:trojan-activity;sid:84141519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/pxlmgtxtcdc.pdf"; depth:18; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278420/; classtype:trojan-activity;sid:84141520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/rfatzbts.vdf"; depth:15; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278421/; classtype:trojan-activity;sid:84141521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/fjoqbcq.dat"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278410/; classtype:trojan-activity;sid:84141510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/pt.txt"; depth:9; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278411/; classtype:trojan-activity;sid:84141511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/lhblsqn.wav"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278412/; classtype:trojan-activity;sid:84141512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/p.txt"; depth:8; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278413/; classtype:trojan-activity;sid:84141513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/nblemitx.dat"; depth:15; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278414/; classtype:trojan-activity;sid:84141514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/qhntibmhlon.vdf"; depth:18; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278415/; classtype:trojan-activity;sid:84141515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/kcrrjrrxov.vdf"; depth:17; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278408/; classtype:trojan-activity;sid:84141508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/ymwqmw.dat"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278409/; classtype:trojan-activity;sid:84141509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwo.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278403/; classtype:trojan-activity;sid:84141503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/wcpxe.dat"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278404/; classtype:trojan-activity;sid:84141504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/tjust.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278405/; classtype:trojan-activity;sid:84141505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/rpcvshk.mp3"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278406/; classtype:trojan-activity;sid:84141506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xw.txt"; depth:9; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278407/; classtype:trojan-activity;sid:84141507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/kjxwormgf.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278396/; classtype:trojan-activity;sid:84141496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/oph.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278397/; classtype:trojan-activity;sid:84141497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/qomxl.pdf"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278398/; classtype:trojan-activity;sid:84141498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yjust.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278399/; classtype:trojan-activity;sid:84141499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yxwrm.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278400/; classtype:trojan-activity;sid:84141500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/prev-hvnc.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278401/; classtype:trojan-activity;sid:84141501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/vsymss.vdf"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278402/; classtype:trojan-activity;sid:84141502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/n.txt"; depth:8; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278395/; classtype:trojan-activity;sid:84141495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/mbkbds.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278394/; classtype:trojan-activity;sid:84141494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/jvenom.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278393/; classtype:trojan-activity;sid:84141493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.102.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278392/; classtype:trojan-activity;sid:84141492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yvrm.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278391/; classtype:trojan-activity;sid:84141491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwom.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278388/; classtype:trojan-activity;sid:84141488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/w2h.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278389/; classtype:trojan-activity;sid:84141489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yhboks.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278390/; classtype:trojan-activity;sid:84141490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/phv.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278383/; classtype:trojan-activity;sid:84141483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/uodymrbikkh.pdf"; depth:18; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278384/; classtype:trojan-activity;sid:84141484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/zaoxm.wav"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278385/; classtype:trojan-activity;sid:84141485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/xwi.txt"; depth:10; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278386/; classtype:trojan-activity;sid:84141486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/yjpoman.vdf"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278387/; classtype:trojan-activity;sid:84141487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inv/r80knbgvs09axhj.zip"; depth:24; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278382/; classtype:trojan-activity;sid:84141482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.254.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278381/; classtype:trojan-activity;sid:84141481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vb/hup.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278379/; classtype:trojan-activity;sid:84141479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.txt"; depth:6; endswith; nocase; http.host; content:"electjimhenderson.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278380/; classtype:trojan-activity;sid:84141480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/swssl.txt"; depth:13; endswith; nocase; http.host; content:"pus.rollerswpush.eu"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278378/; classtype:trojan-activity;sid:84141478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/arucaftqdi.mp4"; depth:17; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278377/; classtype:trojan-activity;sid:84141477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.211.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278375/; classtype:trojan-activity;sid:84141475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zx/kpeukkkcxw.bmp"; depth:18; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278376/; classtype:trojan-activity;sid:84141476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vb/hup.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278374/; classtype:trojan-activity;sid:84141474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89999999999999/7777777/downloads/pe.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278373/; classtype:trojan-activity;sid:84141473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/license.txt"; depth:18; endswith; nocase; http.host; content:"ankaraspotesya.com.tr"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278370/; classtype:trojan-activity;sid:84141470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/license1.txt"; depth:18; endswith; nocase; http.host; content:"ankaraspotesya.com.tr"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278371/; classtype:trojan-activity;sid:84141471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nov/110424x2.txt"; depth:17; endswith; nocase; http.host; content:"solcambell.softdatagen.free.hr"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278372/; classtype:trojan-activity;sid:84141472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.224.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278369/; classtype:trojan-activity;sid:84141469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.172.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278366/; classtype:trojan-activity;sid:84141466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/q1229733"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278367/; classtype:trojan-activity;sid:84141467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.186.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278368/; classtype:trojan-activity;sid:84141468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.231.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278364/; classtype:trojan-activity;sid:84141464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.67.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278365/; classtype:trojan-activity;sid:84141465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/akin.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278363/; classtype:trojan-activity;sid:84141463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1vxworm.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278360/; classtype:trojan-activity;sid:84141460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1spe.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278359/; classtype:trojan-activity;sid:84141459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1phvnc.txt"; depth:13; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278357/; classtype:trojan-activity;sid:84141457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1remcosnd.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278358/; classtype:trojan-activity;sid:84141458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1vcf.txt"; depth:11; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278356/; classtype:trojan-activity;sid:84141456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1pphvns.txt"; depth:14; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278352/; classtype:trojan-activity;sid:84141452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1venommrs.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278353/; classtype:trojan-activity;sid:84141453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1prevhnvc.txt"; depth:16; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278354/; classtype:trojan-activity;sid:84141454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/1hxnc.txt"; depth:12; endswith; nocase; http.host; content:"winyardbuilding.nz"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278355/; classtype:trojan-activity;sid:84141455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.109.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278351/; classtype:trojan-activity;sid:84141451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zxd-qvxvvo25gmv9m6xlhdvhxrza0jee"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278350/; classtype:trojan-activity;sid:84141450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vvveedoooo.txt"; depth:15; endswith; nocase; http.host; content:"45.149.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278349/; classtype:trojan-activity;sid:84141449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caldeireiro.js"; depth:15; endswith; nocase; http.host; content:"87.120.113.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278348/; classtype:trojan-activity;sid:84141448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tok/onstraints.vbs"; depth:19; endswith; nocase; http.host; content:"xls.energymaxgrp.eu"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278347/; classtype:trojan-activity;sid:84141447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.210.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278345/; classtype:trojan-activity;sid:84141445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278346/; classtype:trojan-activity;sid:84141446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/sv5cw"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278344/; classtype:trojan-activity;sid:84141444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.189.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278342/; classtype:trojan-activity;sid:84141442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.61.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278343/; classtype:trojan-activity;sid:84141443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dajhdha.txt"; depth:12; endswith; nocase; http.host; content:"103.20.102.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278341/; classtype:trojan-activity;sid:84141441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.hta"; depth:11; endswith; nocase; http.host; content:"secure.cloudtechnologiesusa.com"; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278340/; classtype:trojan-activity;sid:84141440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/comehomeconstraints.vbs"; depth:24; endswith; nocase; http.host; content:"87.120.113.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278338/; classtype:trojan-activity;sid:84141438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/americassssss.txt"; depth:18; endswith; nocase; http.host; content:"87.120.113.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278339/; classtype:trojan-activity;sid:84141439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34/we/givenmebestthignswithgoodnewforentirerlifethingstobe.hta"; depth:63; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278335/; classtype:trojan-activity;sid:84141435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/envs/ds3.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278336/; classtype:trojan-activity;sid:84141436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsxj/lungs.txt"; depth:15; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278337/; classtype:trojan-activity;sid:84141437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/ac/pef3.txt"; depth:33; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278330/; classtype:trojan-activity;sid:84141430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.11.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278331/; classtype:trojan-activity;sid:84141431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65/hb/creatednewthingsformee.hta"; depth:33; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278332/; classtype:trojan-activity;sid:84141432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/americana.txt"; depth:14; endswith; nocase; http.host; content:"45.149.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278333/; classtype:trojan-activity;sid:84141433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34/we/givenmebestthignswithgoodnewforentirerlifethingstobe.hta"; depth:63; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278334/; classtype:trojan-activity;sid:84141434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idja/po-54752454235.hta"; depth:24; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278329/; classtype:trojan-activity;sid:84141429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.123.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278328/; classtype:trojan-activity;sid:84141428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.168.88.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278326/; classtype:trojan-activity;sid:84141426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112/wf/goodthingsforentireprocessgetmebackwithgoodnewsthings.hta"; depth:65; endswith; nocase; http.host; content:"107.172.61.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278327/; classtype:trojan-activity;sid:84141427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tigerhulk3.exe"; depth:15; endswith; nocase; http.host; content:"45.141.26.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278324/; classtype:trojan-activity;sid:84141424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/derbylite.pif"; depth:14; endswith; nocase; http.host; content:"apslline.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278325/; classtype:trojan-activity;sid:84141425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/pag0l"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278320/; classtype:trojan-activity;sid:84141420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.68.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278321/; classtype:trojan-activity;sid:84141421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ierj/foreignnn.txt"; depth:20; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278322/; classtype:trojan-activity;sid:84141422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/cassel.txt"; depth:14; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278323/; classtype:trojan-activity;sid:84141423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278319/; classtype:trojan-activity;sid:84141419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/660/createdbestthingswithgoodnewswithgreatfriendship.hta"; depth:57; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278316/; classtype:trojan-activity;sid:84141416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sgfdm.exe"; depth:10; endswith; nocase; http.host; content:"fallaeltro.es"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278317/; classtype:trojan-activity;sid:84141417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/svc.exe"; depth:17; endswith; nocase; http.host; content:"bestmagazineforanimalsunicum.ru"; depth:31; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278318/; classtype:trojan-activity;sid:84141418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.228.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278314/; classtype:trojan-activity;sid:84141414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278315/; classtype:trojan-activity;sid:84141415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/loader.bin"; depth:15; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278312/; classtype:trojan-activity;sid:84141412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osupdater.exe"; depth:14; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278313/; classtype:trojan-activity;sid:84141413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1uyhqwrnxclkbj3j63ll1t2stvggxbst0|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278311/; classtype:trojan-activity;sid:84141411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si.exe"; depth:7; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278310/; classtype:trojan-activity;sid:84141410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/skinchanger.exe"; depth:19; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278307/; classtype:trojan-activity;sid:84141407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34/seeagoodpicturewithgreatthignswithmegood.tif"; depth:48; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278308/; classtype:trojan-activity;sid:84141408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/aimstar-ring3.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278309/; classtype:trojan-activity;sid:84141409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278305/; classtype:trojan-activity;sid:84141405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.248.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278306/; classtype:trojan-activity;sid:84141406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.54.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278304/; classtype:trojan-activity;sid:84141404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.44.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278303/; classtype:trojan-activity;sid:84141403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.198.9.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278302/; classtype:trojan-activity;sid:84141402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.73.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278301/; classtype:trojan-activity;sid:84141401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278300/; classtype:trojan-activity;sid:84141400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.137.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278299/; classtype:trojan-activity;sid:84141399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278298/; classtype:trojan-activity;sid:84141398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.171.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278296/; classtype:trojan-activity;sid:84141396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.142.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278297/; classtype:trojan-activity;sid:84141397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.35.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278295/; classtype:trojan-activity;sid:84141395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.43.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278294/; classtype:trojan-activity;sid:84141394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.172.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278292/; classtype:trojan-activity;sid:84141392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.127.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278293/; classtype:trojan-activity;sid:84141393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278291/; classtype:trojan-activity;sid:84141391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.107.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278290/; classtype:trojan-activity;sid:84141390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.61.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278289/; classtype:trojan-activity;sid:84141389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.233.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278288/; classtype:trojan-activity;sid:84141388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.217.151.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278287/; classtype:trojan-activity;sid:84141387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.60.228.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278286/; classtype:trojan-activity;sid:84141386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278285/; classtype:trojan-activity;sid:84141385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.230.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278284/; classtype:trojan-activity;sid:84141384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.228.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278283/; classtype:trojan-activity;sid:84141383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.210.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278282/; classtype:trojan-activity;sid:84141382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.246.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278281/; classtype:trojan-activity;sid:84141381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.189.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278280/; classtype:trojan-activity;sid:84141380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.116.223.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278279/; classtype:trojan-activity;sid:84141379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.50.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278278/; classtype:trojan-activity;sid:84141378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.54.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278277/; classtype:trojan-activity;sid:84141377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278276/; classtype:trojan-activity;sid:84141376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68-n.exe"; depth:9; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278275/; classtype:trojan-activity;sid:84141375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xhunxl.exe"; depth:11; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278274/; classtype:trojan-activity;sid:84141374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1.exe"; depth:7; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278272/; classtype:trojan-activity;sid:84141372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/3absi"; depth:12; endswith; nocase; http.host; content:"microsoft-analyse.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278273/; classtype:trojan-activity;sid:84141373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2.exe"; depth:7; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278271/; classtype:trojan-activity;sid:84141371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sam.exe"; depth:8; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278267/; classtype:trojan-activity;sid:84141367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/file.exe"; depth:15; endswith; nocase; http.host; content:"microsoft-analyse.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278268/; classtype:trojan-activity;sid:84141368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffmpeg.txt"; depth:11; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278269/; classtype:trojan-activity;sid:84141369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellcode.txt"; depth:14; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278270/; classtype:trojan-activity;sid:84141370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3.exe"; depth:7; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278265/; classtype:trojan-activity;sid:84141365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278266/; classtype:trojan-activity;sid:84141366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.bin"; depth:6; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278261/; classtype:trojan-activity;sid:84141361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278262/; classtype:trojan-activity;sid:84141362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calc.bin"; depth:9; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278263/; classtype:trojan-activity;sid:84141363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/st.exe"; depth:7; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278264/; classtype:trojan-activity;sid:84141364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdk.txt"; depth:8; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278260/; classtype:trojan-activity;sid:84141360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/zebsi"; depth:12; endswith; nocase; http.host; content:"microsoft-analyse.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278254/; classtype:trojan-activity;sid:84141354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nohup.out"; depth:10; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278255/; classtype:trojan-activity;sid:84141355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.wds"; depth:10; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278256/; classtype:trojan-activity;sid:84141356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/py.txt"; depth:7; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278257/; classtype:trojan-activity;sid:84141357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.c"; depth:6; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278258/; classtype:trojan-activity;sid:84141358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javasdk.txt"; depth:12; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278259/; classtype:trojan-activity;sid:84141359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.127.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278253/; classtype:trojan-activity;sid:84141353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/103sk0/donnnnnluciii.txt"; depth:25; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278252/; classtype:trojan-activity;sid:84141352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r2p2q/freaky.txt"; depth:17; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278251/; classtype:trojan-activity;sid:84141351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.16.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278250/; classtype:trojan-activity;sid:84141350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.44.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278248/; classtype:trojan-activity;sid:84141348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.164.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278249/; classtype:trojan-activity;sid:84141349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.233.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278247/; classtype:trojan-activity;sid:84141347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.138.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278246/; classtype:trojan-activity;sid:84141346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rb8qh/freaky.txt"; depth:17; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278245/; classtype:trojan-activity;sid:84141345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfm5v/fore.txt"; depth:15; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278244/; classtype:trojan-activity;sid:84141344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.11.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278243/; classtype:trojan-activity;sid:84141343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.101.213.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278242/; classtype:trojan-activity;sid:84141342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.137.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278241/; classtype:trojan-activity;sid:84141341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278239/; classtype:trojan-activity;sid:84141339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xldnu/freaky.txt"; depth:17; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278240/; classtype:trojan-activity;sid:84141340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/127bh9/fore.txt"; depth:16; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278238/; classtype:trojan-activity;sid:84141338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/seethebestthingswithmegreatwithentirelifewithgoodthings.tif"; depth:63; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278237/; classtype:trojan-activity;sid:84141337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/cd/createdbestthingswithentirelifewithgoodfeaturesareonhere.hta"; depth:67; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278236/; classtype:trojan-activity;sid:84141336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.248.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278235/; classtype:trojan-activity;sid:84141335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.240.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278234/; classtype:trojan-activity;sid:84141334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.6.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278233/; classtype:trojan-activity;sid:84141333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.2.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278231/; classtype:trojan-activity;sid:84141331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.96.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278232/; classtype:trojan-activity;sid:84141332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.168.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278230/; classtype:trojan-activity;sid:84141330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.200.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278229/; classtype:trojan-activity;sid:84141329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.151.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278228/; classtype:trojan-activity;sid:84141328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.246.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278227/; classtype:trojan-activity;sid:84141327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.85.162.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278226/; classtype:trojan-activity;sid:84141326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.171.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278225/; classtype:trojan-activity;sid:84141325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278224/; classtype:trojan-activity;sid:84141324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.162.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278223/; classtype:trojan-activity;sid:84141323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.128.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278221/; classtype:trojan-activity;sid:84141321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.2.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278222/; classtype:trojan-activity;sid:84141322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.108.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278220/; classtype:trojan-activity;sid:84141320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.2.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278219/; classtype:trojan-activity;sid:84141319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.50.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278218/; classtype:trojan-activity;sid:84141318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.116.223.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278217/; classtype:trojan-activity;sid:84141317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.108.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278216/; classtype:trojan-activity;sid:84141316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.196.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278215/; classtype:trojan-activity;sid:84141315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.239.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278214/; classtype:trojan-activity;sid:84141314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.168.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278213/; classtype:trojan-activity;sid:84141313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.112.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278212/; classtype:trojan-activity;sid:84141312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.51.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278211/; classtype:trojan-activity;sid:84141311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.96.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278210/; classtype:trojan-activity;sid:84141310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.113.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278209/; classtype:trojan-activity;sid:84141309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.209.154.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278208/; classtype:trojan-activity;sid:84141308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oqjospqyrt98.bin"; depth:17; endswith; nocase; http.host; content:"93.123.109.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278207/; classtype:trojan-activity;sid:84141307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.126.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278206/; classtype:trojan-activity;sid:84141306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spim"; depth:5; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278205/; classtype:trojan-activity;sid:84141305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.242.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278204/; classtype:trojan-activity;sid:84141304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.53.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278203/; classtype:trojan-activity;sid:84141303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.128.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278202/; classtype:trojan-activity;sid:84141302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.253.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278201/; classtype:trojan-activity;sid:84141301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.157.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278200/; classtype:trojan-activity;sid:84141300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.19.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278198/; classtype:trojan-activity;sid:84141298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278199/; classtype:trojan-activity;sid:84141299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"87.20.230.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278195/; classtype:trojan-activity;sid:84141295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.7.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278196/; classtype:trojan-activity;sid:84141296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.21.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278197/; classtype:trojan-activity;sid:84141297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpsvcbase.dll"; depth:14; endswith; nocase; http.host; content:"asdoijzxlncxzc.icu"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278194/; classtype:trojan-activity;sid:84141294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm7"; depth:10; endswith; nocase; http.host; content:"45.140.192.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278190/; classtype:trojan-activity;sid:84141290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.44.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278191/; classtype:trojan-activity;sid:84141291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.198.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278192/; classtype:trojan-activity;sid:84141292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igz.arm7"; depth:9; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278193/; classtype:trojan-activity;sid:84141293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwo.exe"; depth:8; endswith; nocase; http.host; content:"31.13.224.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278187/; classtype:trojan-activity;sid:84141287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.89.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278188/; classtype:trojan-activity;sid:84141288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.222.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278189/; classtype:trojan-activity;sid:84141289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm7/"; depth:9; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278186/; classtype:trojan-activity;sid:84141286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/creal.exe"; depth:19; endswith; nocase; http.host; content:"d.dovip.win"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278184/; classtype:trojan-activity;sid:84141284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/builded.exe"; depth:21; endswith; nocase; http.host; content:"d.dovip.win"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278182/; classtype:trojan-activity;sid:84141282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/scan.exe"; depth:18; endswith; nocase; http.host; content:"d.dovip.win"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278181/; classtype:trojan-activity;sid:84141281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/555.exe"; depth:8; endswith; nocase; http.host; content:"asdoijzxlncxzc.icu"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278179/; classtype:trojan-activity;sid:84141279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adobeflash.msi"; depth:15; endswith; nocase; http.host; content:"aliempregoraiz.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278180/; classtype:trojan-activity;sid:84141280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/555.exe"; depth:8; endswith; nocase; http.host; content:"202.61.85.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278178/; classtype:trojan-activity;sid:84141278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.17.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278176/; classtype:trojan-activity;sid:84141276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/2wrdqm9u"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278177/; classtype:trojan-activity;sid:84141277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/up.bat"; depth:7; endswith; nocase; http.host; content:"evendextoxmonkey.store"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278175/; classtype:trojan-activity;sid:84141275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kbw64"; depth:6; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278174/; classtype:trojan-activity;sid:84141274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.89.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278172/; classtype:trojan-activity;sid:84141272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.117.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278173/; classtype:trojan-activity;sid:84141273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.116.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278171/; classtype:trojan-activity;sid:84141271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.27.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278170/; classtype:trojan-activity;sid:84141270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.174.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278169/; classtype:trojan-activity;sid:84141269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.78.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278168/; classtype:trojan-activity;sid:84141268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.239.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278167/; classtype:trojan-activity;sid:84141267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.154.80.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278166/; classtype:trojan-activity;sid:84141266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.209.154.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278165/; classtype:trojan-activity;sid:84141265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.177.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278164/; classtype:trojan-activity;sid:84141264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.40.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278163/; classtype:trojan-activity;sid:84141263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.217.245.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278162/; classtype:trojan-activity;sid:84141262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.207.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278161/; classtype:trojan-activity;sid:84141261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.53.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278160/; classtype:trojan-activity;sid:84141260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"198.163.192.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278159/; classtype:trojan-activity;sid:84141259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278158/; classtype:trojan-activity;sid:84141258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278157/; classtype:trojan-activity;sid:84141257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.35.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278156/; classtype:trojan-activity;sid:84141256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.166.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278155/; classtype:trojan-activity;sid:84141255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.122.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278154/; classtype:trojan-activity;sid:84141254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.44.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278153/; classtype:trojan-activity;sid:84141253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.185.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278152/; classtype:trojan-activity;sid:84141252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.174.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278151/; classtype:trojan-activity;sid:84141251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.143.134.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278150/; classtype:trojan-activity;sid:84141250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.194.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278147/; classtype:trojan-activity;sid:84141247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.62.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278148/; classtype:trojan-activity;sid:84141248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.9.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278149/; classtype:trojan-activity;sid:84141249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.81.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278146/; classtype:trojan-activity;sid:84141246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.89.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278145/; classtype:trojan-activity;sid:84141245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.117.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278144/; classtype:trojan-activity;sid:84141244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.116.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278143/; classtype:trojan-activity;sid:84141243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.37.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278142/; classtype:trojan-activity;sid:84141242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.53.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278141/; classtype:trojan-activity;sid:84141241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.174.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278140/; classtype:trojan-activity;sid:84141240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.1.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278139/; classtype:trojan-activity;sid:84141239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.33.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278138/; classtype:trojan-activity;sid:84141238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278137/; classtype:trojan-activity;sid:84141237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.39.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278135/; classtype:trojan-activity;sid:84141235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278136/; classtype:trojan-activity;sid:84141236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/awcgxvpm.exe"; depth:18; endswith; nocase; http.host; content:"lobfile.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278134/; classtype:trojan-activity;sid:84141234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.81.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278133/; classtype:trojan-activity;sid:84141233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.116.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278132/; classtype:trojan-activity;sid:84141232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278131/; classtype:trojan-activity;sid:84141231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.10.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278130/; classtype:trojan-activity;sid:84141230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.166.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278129/; classtype:trojan-activity;sid:84141229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.78.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278127/; classtype:trojan-activity;sid:84141227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.65.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278128/; classtype:trojan-activity;sid:84141228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.89.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278126/; classtype:trojan-activity;sid:84141226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.40.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278125/; classtype:trojan-activity;sid:84141225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.190.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278124/; classtype:trojan-activity;sid:84141224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278123/; classtype:trojan-activity;sid:84141223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.102.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278122/; classtype:trojan-activity;sid:84141222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.132.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278121/; classtype:trojan-activity;sid:84141221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.89.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278120/; classtype:trojan-activity;sid:84141220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.215.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278119/; classtype:trojan-activity;sid:84141219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.136.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278118/; classtype:trojan-activity;sid:84141218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.174.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278117/; classtype:trojan-activity;sid:84141217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278116/; classtype:trojan-activity;sid:84141216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.154.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278115/; classtype:trojan-activity;sid:84141215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.81.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278114/; classtype:trojan-activity;sid:84141214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.228.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278113/; classtype:trojan-activity;sid:84141213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.27.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278111/; classtype:trojan-activity;sid:84141211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.112.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278112/; classtype:trojan-activity;sid:84141212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.4.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278110/; classtype:trojan-activity;sid:84141210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278109/; classtype:trojan-activity;sid:84141209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.59.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278108/; classtype:trojan-activity;sid:84141208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.208.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278107/; classtype:trojan-activity;sid:84141207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.39.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278106/; classtype:trojan-activity;sid:84141206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.118.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278105/; classtype:trojan-activity;sid:84141205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.160.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278104/; classtype:trojan-activity;sid:84141204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.249.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278103/; classtype:trojan-activity;sid:84141203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.33.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278102/; classtype:trojan-activity;sid:84141202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278101/; classtype:trojan-activity;sid:84141201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.107.158.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278100/; classtype:trojan-activity;sid:84141200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278099/; classtype:trojan-activity;sid:84141199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.48.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278098/; classtype:trojan-activity;sid:84141198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.3.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278097/; classtype:trojan-activity;sid:84141197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.23.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278095/; classtype:trojan-activity;sid:84141195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.51.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278096/; classtype:trojan-activity;sid:84141196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.143.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278093/; classtype:trojan-activity;sid:84141193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.136.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278094/; classtype:trojan-activity;sid:84141194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.234.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278092/; classtype:trojan-activity;sid:84141192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.243.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278091/; classtype:trojan-activity;sid:84141191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.93.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278090/; classtype:trojan-activity;sid:84141190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.111.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278089/; classtype:trojan-activity;sid:84141189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.62.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278088/; classtype:trojan-activity;sid:84141188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.93.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278087/; classtype:trojan-activity;sid:84141187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.216.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278086/; classtype:trojan-activity;sid:84141186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.249.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278085/; classtype:trojan-activity;sid:84141185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.11.104"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278084/; classtype:trojan-activity;sid:84141184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.118.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278081/; classtype:trojan-activity;sid:84141181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.88.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278082/; classtype:trojan-activity;sid:84141182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.139.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278083/; classtype:trojan-activity;sid:84141183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.249.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278080/; classtype:trojan-activity;sid:84141180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.50.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278079/; classtype:trojan-activity;sid:84141179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.135.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278078/; classtype:trojan-activity;sid:84141178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.239.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278077/; classtype:trojan-activity;sid:84141177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.67.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278076/; classtype:trojan-activity;sid:84141176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278075/; classtype:trojan-activity;sid:84141175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.158.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278074/; classtype:trojan-activity;sid:84141174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278073/; classtype:trojan-activity;sid:84141173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.47.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278072/; classtype:trojan-activity;sid:84141172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.215.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278071/; classtype:trojan-activity;sid:84141171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.9.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278070/; classtype:trojan-activity;sid:84141170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.178.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278069/; classtype:trojan-activity;sid:84141169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.61.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278068/; classtype:trojan-activity;sid:84141168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.240.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278067/; classtype:trojan-activity;sid:84141167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.118.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278066/; classtype:trojan-activity;sid:84141166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.28.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278065/; classtype:trojan-activity;sid:84141165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.44.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278064/; classtype:trojan-activity;sid:84141164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.158.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278062/; classtype:trojan-activity;sid:84141162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.177.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278063/; classtype:trojan-activity;sid:84141163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.114.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278060/; classtype:trojan-activity;sid:84141160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.232.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278061/; classtype:trojan-activity;sid:84141161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.163.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278059/; classtype:trojan-activity;sid:84141159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.92.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278058/; classtype:trojan-activity;sid:84141158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.239.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278057/; classtype:trojan-activity;sid:84141157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.59.120.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278056/; classtype:trojan-activity;sid:84141156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278055/; classtype:trojan-activity;sid:84141155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lum.exe"; depth:8; endswith; nocase; http.host; content:"31.13.224.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278053/; classtype:trojan-activity;sid:84141153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.217.245.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278054/; classtype:trojan-activity;sid:84141154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.61.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278051/; classtype:trojan-activity;sid:84141151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.28.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278052/; classtype:trojan-activity;sid:84141152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278050/; classtype:trojan-activity;sid:84141150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.44.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278048/; classtype:trojan-activity;sid:84141148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.243.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278049/; classtype:trojan-activity;sid:84141149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.136.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278046/; classtype:trojan-activity;sid:84141146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.234.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278047/; classtype:trojan-activity;sid:84141147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/j4vzzuai.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278044/; classtype:trojan-activity;sid:84141144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.182.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278045/; classtype:trojan-activity;sid:84141145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278042/; classtype:trojan-activity;sid:84141142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.229.134.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278043/; classtype:trojan-activity;sid:84141143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.88.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278041/; classtype:trojan-activity;sid:84141141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.99.181"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278040/; classtype:trojan-activity;sid:84141140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278039/; classtype:trojan-activity;sid:84141139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.254.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278038/; classtype:trojan-activity;sid:84141138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.22.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278037/; classtype:trojan-activity;sid:84141137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.131.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278036/; classtype:trojan-activity;sid:84141136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278035/; classtype:trojan-activity;sid:84141135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.183.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278034/; classtype:trojan-activity;sid:84141134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.32.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278033/; classtype:trojan-activity;sid:84141133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.112.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278032/; classtype:trojan-activity;sid:84141132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.232.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278031/; classtype:trojan-activity;sid:84141131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278030/; classtype:trojan-activity;sid:84141130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.86.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278029/; classtype:trojan-activity;sid:84141129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.99.181"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278028/; classtype:trojan-activity;sid:84141128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.93.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278027/; classtype:trojan-activity;sid:84141127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.11.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278026/; classtype:trojan-activity;sid:84141126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.135.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278025/; classtype:trojan-activity;sid:84141125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.171.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278024/; classtype:trojan-activity;sid:84141124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.110.7.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278023/; classtype:trojan-activity;sid:84141123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.50.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278022/; classtype:trojan-activity;sid:84141122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.50.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278021/; classtype:trojan-activity;sid:84141121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.136.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278020/; classtype:trojan-activity;sid:84141120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.229.134.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278019/; classtype:trojan-activity;sid:84141119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.182.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278018/; classtype:trojan-activity;sid:84141118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.246.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278017/; classtype:trojan-activity;sid:84141117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.171.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278016/; classtype:trojan-activity;sid:84141116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.103.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278015/; classtype:trojan-activity;sid:84141115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278014/; classtype:trojan-activity;sid:84141114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.1.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278013/; classtype:trojan-activity;sid:84141113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.83.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278012/; classtype:trojan-activity;sid:84141112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.86.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278011/; classtype:trojan-activity;sid:84141111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.232.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278010/; classtype:trojan-activity;sid:84141110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.31.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278009/; classtype:trojan-activity;sid:84141109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278008/; classtype:trojan-activity;sid:84141108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.113.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278007/; classtype:trojan-activity;sid:84141107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.154.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278006/; classtype:trojan-activity;sid:84141106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.164.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278005/; classtype:trojan-activity;sid:84141105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.103.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278004/; classtype:trojan-activity;sid:84141104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.40.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278003/; classtype:trojan-activity;sid:84141103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.105.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278002/; classtype:trojan-activity;sid:84141102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.41.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278001/; classtype:trojan-activity;sid:84141101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.171.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278000/; classtype:trojan-activity;sid:84141100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.27.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277999/; classtype:trojan-activity;sid:84141099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.9.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277998/; classtype:trojan-activity;sid:84141098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.254.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277997/; classtype:trojan-activity;sid:84141097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277996/; classtype:trojan-activity;sid:84141096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.128.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277995/; classtype:trojan-activity;sid:84141095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.78.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277994/; classtype:trojan-activity;sid:84141094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.19.245"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277993/; classtype:trojan-activity;sid:84141093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.191.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277992/; classtype:trojan-activity;sid:84141092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.234.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277991/; classtype:trojan-activity;sid:84141091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.159.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277990/; classtype:trojan-activity;sid:84141090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.243.138.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277989/; classtype:trojan-activity;sid:84141089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.1.239.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277987/; classtype:trojan-activity;sid:84141087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.172.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277988/; classtype:trojan-activity;sid:84141088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.24.36.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277986/; classtype:trojan-activity;sid:84141086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.31.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277985/; classtype:trojan-activity;sid:84141085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.116.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277984/; classtype:trojan-activity;sid:84141084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.29.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277983/; classtype:trojan-activity;sid:84141083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.30.16.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277982/; classtype:trojan-activity;sid:84141082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277981/; classtype:trojan-activity;sid:84141081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.179.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277980/; classtype:trojan-activity;sid:84141080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.48.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277979/; classtype:trojan-activity;sid:84141079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.200.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277977/; classtype:trojan-activity;sid:84141077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.9.137"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277978/; classtype:trojan-activity;sid:84141078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.189.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277976/; classtype:trojan-activity;sid:84141076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.154.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277975/; classtype:trojan-activity;sid:84141075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.230.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277974/; classtype:trojan-activity;sid:84141074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277973/; classtype:trojan-activity;sid:84141073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277972/; classtype:trojan-activity;sid:84141072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.177.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277971/; classtype:trojan-activity;sid:84141071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277970/; classtype:trojan-activity;sid:84141070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.91.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277969/; classtype:trojan-activity;sid:84141069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.161.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277968/; classtype:trojan-activity;sid:84141068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"115.57.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277967/; classtype:trojan-activity;sid:84141067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.200.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277965/; classtype:trojan-activity;sid:84141065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.105.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277966/; classtype:trojan-activity;sid:84141066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.178.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277964/; classtype:trojan-activity;sid:84141064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.8.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277963/; classtype:trojan-activity;sid:84141063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.227.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277961/; classtype:trojan-activity;sid:84141061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.40.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277962/; classtype:trojan-activity;sid:84141062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.175.180.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277960/; classtype:trojan-activity;sid:84141060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277959/; classtype:trojan-activity;sid:84141059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.202.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277958/; classtype:trojan-activity;sid:84141058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.118.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277957/; classtype:trojan-activity;sid:84141057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.95.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277955/; classtype:trojan-activity;sid:84141055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.56.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277956/; classtype:trojan-activity;sid:84141056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.128.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277954/; classtype:trojan-activity;sid:84141054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.29.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277953/; classtype:trojan-activity;sid:84141053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.25.237.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277952/; classtype:trojan-activity;sid:84141052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.166.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277951/; classtype:trojan-activity;sid:84141051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277950/; classtype:trojan-activity;sid:84141050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.13.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277949/; classtype:trojan-activity;sid:84141049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.145.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277948/; classtype:trojan-activity;sid:84141048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.91.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277947/; classtype:trojan-activity;sid:84141047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.97.47.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277946/; classtype:trojan-activity;sid:84141046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.48.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277945/; classtype:trojan-activity;sid:84141045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.118.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277944/; classtype:trojan-activity;sid:84141044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.220.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277943/; classtype:trojan-activity;sid:84141043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.179.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277942/; classtype:trojan-activity;sid:84141042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277941/; classtype:trojan-activity;sid:84141041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277940/; classtype:trojan-activity;sid:84141040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.200.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277939/; classtype:trojan-activity;sid:84141039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.185.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277938/; classtype:trojan-activity;sid:84141038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277937/; classtype:trojan-activity;sid:84141037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277935/; classtype:trojan-activity;sid:84141035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.40.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277936/; classtype:trojan-activity;sid:84141036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.188.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277934/; classtype:trojan-activity;sid:84141034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.227.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277933/; classtype:trojan-activity;sid:84141033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.56.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277932/; classtype:trojan-activity;sid:84141032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.110.19.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277931/; classtype:trojan-activity;sid:84141031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.190.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277930/; classtype:trojan-activity;sid:84141030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.166.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277927/; classtype:trojan-activity;sid:84141027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.130.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277928/; classtype:trojan-activity;sid:84141028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277929/; classtype:trojan-activity;sid:84141029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.95.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277926/; classtype:trojan-activity;sid:84141026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277925/; classtype:trojan-activity;sid:84141025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.13.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277924/; classtype:trojan-activity;sid:84141024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.185.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277923/; classtype:trojan-activity;sid:84141023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.97.47.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277922/; classtype:trojan-activity;sid:84141022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277921/; classtype:trojan-activity;sid:84141021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277920/; classtype:trojan-activity;sid:84141020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.29.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277919/; classtype:trojan-activity;sid:84141019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.118.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277918/; classtype:trojan-activity;sid:84141018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.129.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277917/; classtype:trojan-activity;sid:84141017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277914/; classtype:trojan-activity;sid:84141014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.67.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277915/; classtype:trojan-activity;sid:84141015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.17.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277916/; classtype:trojan-activity;sid:84141016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.189.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277913/; classtype:trojan-activity;sid:84141013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277912/; classtype:trojan-activity;sid:84141012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.40.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277911/; classtype:trojan-activity;sid:84141011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.248.225.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277910/; classtype:trojan-activity;sid:84141010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.115.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277909/; classtype:trojan-activity;sid:84141009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.26.247"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277908/; classtype:trojan-activity;sid:84141008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.189.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277907/; classtype:trojan-activity;sid:84141007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.46.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277906/; classtype:trojan-activity;sid:84141006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.9.61"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277905/; classtype:trojan-activity;sid:84141005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.51.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277904/; classtype:trojan-activity;sid:84141004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.180.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277903/; classtype:trojan-activity;sid:84141003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.171.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277902/; classtype:trojan-activity;sid:84141002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277901/; classtype:trojan-activity;sid:84141001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.76.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277900/; classtype:trojan-activity;sid:84141000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.142.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277899/; classtype:trojan-activity;sid:84140999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.45.56.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277898/; classtype:trojan-activity;sid:84140998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.17.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277897/; classtype:trojan-activity;sid:84140997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.201.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277896/; classtype:trojan-activity;sid:84140996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.180.189.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277895/; classtype:trojan-activity;sid:84140995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.142.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277893/; classtype:trojan-activity;sid:84140993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.226.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277894/; classtype:trojan-activity;sid:84140994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277892/; classtype:trojan-activity;sid:84140992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.41.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277891/; classtype:trojan-activity;sid:84140991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.134.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277890/; classtype:trojan-activity;sid:84140990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.73.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277889/; classtype:trojan-activity;sid:84140989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.255.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277888/; classtype:trojan-activity;sid:84140988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.47.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277887/; classtype:trojan-activity;sid:84140987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.58.126.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277886/; classtype:trojan-activity;sid:84140986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.243.138.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277885/; classtype:trojan-activity;sid:84140985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.105.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277884/; classtype:trojan-activity;sid:84140984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.189.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277883/; classtype:trojan-activity;sid:84140983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.17.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277882/; classtype:trojan-activity;sid:84140982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.250.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277881/; classtype:trojan-activity;sid:84140981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.90.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277880/; classtype:trojan-activity;sid:84140980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.155.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277879/; classtype:trojan-activity;sid:84140979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.10.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277878/; classtype:trojan-activity;sid:84140978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.243.138.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277877/; classtype:trojan-activity;sid:84140977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.237.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277875/; classtype:trojan-activity;sid:84140975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.19.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277876/; classtype:trojan-activity;sid:84140976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.145.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277874/; classtype:trojan-activity;sid:84140974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277873/; classtype:trojan-activity;sid:84140973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.104.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277872/; classtype:trojan-activity;sid:84140972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.58.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277871/; classtype:trojan-activity;sid:84140971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.76.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277870/; classtype:trojan-activity;sid:84140970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.79.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277869/; classtype:trojan-activity;sid:84140969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.79.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277868/; classtype:trojan-activity;sid:84140968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.94.161"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277867/; classtype:trojan-activity;sid:84140967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.47.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277866/; classtype:trojan-activity;sid:84140966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277865/; classtype:trojan-activity;sid:84140965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.227.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277864/; classtype:trojan-activity;sid:84140964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/socialinformationonline/love/downloads/statement-963462.exe"; depth:60; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277863/; classtype:trojan-activity;sid:84140963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.70.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277862/; classtype:trojan-activity;sid:84140962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.100.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277861/; classtype:trojan-activity;sid:84140961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.17.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277860/; classtype:trojan-activity;sid:84140960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-6909162.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277859/; classtype:trojan-activity;sid:84140959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/bill.exe"; depth:29; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277852/; classtype:trojan-activity;sid:84140952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/document.exe"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277853/; classtype:trojan-activity;sid:84140953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/neo.exe"; depth:28; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277854/; classtype:trojan-activity;sid:84140954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/document98052.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277855/; classtype:trojan-activity;sid:84140955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/amazon_zoom_invitation.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277856/; classtype:trojan-activity;sid:84140956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/new_statement95814.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277857/; classtype:trojan-activity;sid:84140957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/amazon.exe"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277858/; classtype:trojan-activity;sid:84140958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom.exe"; depth:29; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277851/; classtype:trojan-activity;sid:84140951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-0563087.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277850/; classtype:trojan-activity;sid:84140950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-9336516.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277848/; classtype:trojan-activity;sid:84140948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-9218206.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277849/; classtype:trojan-activity;sid:84140949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-9526772.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277847/; classtype:trojan-activity;sid:84140947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-4622103.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277842/; classtype:trojan-activity;sid:84140942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-8123742.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277843/; classtype:trojan-activity;sid:84140943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-4429321.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277844/; classtype:trojan-activity;sid:84140944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/mah.ps1"; depth:28; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277845/; classtype:trojan-activity;sid:84140945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-8818821.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277846/; classtype:trojan-activity;sid:84140946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-3842767.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277837/; classtype:trojan-activity;sid:84140937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-6341933.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277838/; classtype:trojan-activity;sid:84140938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-3132028.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277839/; classtype:trojan-activity;sid:84140939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/protection.exe"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277840/; classtype:trojan-activity;sid:84140940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/invoice7629094559.wsf"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277841/; classtype:trojan-activity;sid:84140941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-4539293.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277833/; classtype:trojan-activity;sid:84140933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-5437708.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277834/; classtype:trojan-activity;sid:84140934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-9380739.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277835/; classtype:trojan-activity;sid:84140935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-3132708.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277836/; classtype:trojan-activity;sid:84140936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-4626477.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277828/; classtype:trojan-activity;sid:84140928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-1102573.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277829/; classtype:trojan-activity;sid:84140929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-4244889.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277830/; classtype:trojan-activity;sid:84140930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-2670429.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277831/; classtype:trojan-activity;sid:84140931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-9971247.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277832/; classtype:trojan-activity;sid:84140932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-3211288.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277823/; classtype:trojan-activity;sid:84140923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/sendout.exe"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277824/; classtype:trojan-activity;sid:84140924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/neo.ps1"; depth:28; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277825/; classtype:trojan-activity;sid:84140925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-6991965.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277826/; classtype:trojan-activity;sid:84140926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/latest_release1735663.js"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277827/; classtype:trojan-activity;sid:84140927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/statement.exe"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277821/; classtype:trojan-activity;sid:84140921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-8207512.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277822/; classtype:trojan-activity;sid:84140922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/remittance.exe"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277820/; classtype:trojan-activity;sid:84140920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/new_document98504.exe"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277819/; classtype:trojan-activity;sid:84140919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-9021531.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277818/; classtype:trojan-activity;sid:84140918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-5459503.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277816/; classtype:trojan-activity;sid:84140916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-3913130.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277817/; classtype:trojan-activity;sid:84140917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-2744366.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277810/; classtype:trojan-activity;sid:84140910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/kas.ps1"; depth:28; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277811/; classtype:trojan-activity;sid:84140911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-6088959.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277812/; classtype:trojan-activity;sid:84140912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-6759516.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277813/; classtype:trojan-activity;sid:84140913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-8079963.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277814/; classtype:trojan-activity;sid:84140914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-2637840.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277815/; classtype:trojan-activity;sid:84140915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/nnn.ps1"; depth:28; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277801/; classtype:trojan-activity;sid:84140901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-0949554.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277802/; classtype:trojan-activity;sid:84140902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-7646514.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277803/; classtype:trojan-activity;sid:84140903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-1045746.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277804/; classtype:trojan-activity;sid:84140904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-6709876.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277805/; classtype:trojan-activity;sid:84140905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-2735884.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277806/; classtype:trojan-activity;sid:84140906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-0266218.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277807/; classtype:trojan-activity;sid:84140907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-1559597.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277808/; classtype:trojan-activity;sid:84140908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-0290370.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277809/; classtype:trojan-activity;sid:84140909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-6760745.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277793/; classtype:trojan-activity;sid:84140893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-9589376.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277794/; classtype:trojan-activity;sid:84140894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-4736069.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277795/; classtype:trojan-activity;sid:84140895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-8189993.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277796/; classtype:trojan-activity;sid:84140896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-3757484.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277797/; classtype:trojan-activity;sid:84140897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-1147964.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277798/; classtype:trojan-activity;sid:84140898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-6897686.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277799/; classtype:trojan-activity;sid:84140899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-2113340.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277800/; classtype:trojan-activity;sid:84140900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-7426909.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277784/; classtype:trojan-activity;sid:84140884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-0140613.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277785/; classtype:trojan-activity;sid:84140885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-4860238.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277786/; classtype:trojan-activity;sid:84140886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-1422267.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277787/; classtype:trojan-activity;sid:84140887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/binance_zoom-6564185.js"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277788/; classtype:trojan-activity;sid:84140888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-7659741.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277789/; classtype:trojan-activity;sid:84140889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/violation_report-0586033.js"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277790/; classtype:trojan-activity;sid:84140890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/zoom_invite-8277293.js"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277791/; classtype:trojan-activity;sid:84140891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz491/nj/downloads/reported_violation-4909410.js"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277792/; classtype:trojan-activity;sid:84140892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.199.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277782/; classtype:trojan-activity;sid:84140882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.90.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277783/; classtype:trojan-activity;sid:84140883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.11.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277781/; classtype:trojan-activity;sid:84140881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.48.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277780/; classtype:trojan-activity;sid:84140880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.83.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277779/; classtype:trojan-activity;sid:84140879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277778/; classtype:trojan-activity;sid:84140878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/cinsobh.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277775/; classtype:trojan-activity;sid:84140875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/kfmfhra.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277776/; classtype:trojan-activity;sid:84140876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/skkijai.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277777/; classtype:trojan-activity;sid:84140877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/badgipe.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277774/; classtype:trojan-activity;sid:84140874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/ikfdcad.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277773/; classtype:trojan-activity;sid:84140873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.19.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277771/; classtype:trojan-activity;sid:84140871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.79.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277772/; classtype:trojan-activity;sid:84140872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.104.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277770/; classtype:trojan-activity;sid:84140870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.237.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277769/; classtype:trojan-activity;sid:84140869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.215.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277768/; classtype:trojan-activity;sid:84140868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.24.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277767/; classtype:trojan-activity;sid:84140867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.10.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277766/; classtype:trojan-activity;sid:84140866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.8.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277765/; classtype:trojan-activity;sid:84140865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277764/; classtype:trojan-activity;sid:84140864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.99.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277763/; classtype:trojan-activity;sid:84140863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.61.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277762/; classtype:trojan-activity;sid:84140862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.74.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277761/; classtype:trojan-activity;sid:84140861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.219.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277760/; classtype:trojan-activity;sid:84140860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.108.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277759/; classtype:trojan-activity;sid:84140859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.99.189.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277758/; classtype:trojan-activity;sid:84140858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.105.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277757/; classtype:trojan-activity;sid:84140857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.55.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277756/; classtype:trojan-activity;sid:84140856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.245.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277755/; classtype:trojan-activity;sid:84140855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.146.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277754/; classtype:trojan-activity;sid:84140854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.226.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277753/; classtype:trojan-activity;sid:84140853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.79.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277752/; classtype:trojan-activity;sid:84140852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.183.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277751/; classtype:trojan-activity;sid:84140851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.221.44.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277749/; classtype:trojan-activity;sid:84140849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.91.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277750/; classtype:trojan-activity;sid:84140850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.166.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277748/; classtype:trojan-activity;sid:84140848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adposr.zip"; depth:11; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277747/; classtype:trojan-activity;sid:84140847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manman%20-%20copy.bat"; depth:22; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277746/; classtype:trojan-activity;sid:84140846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adposr/app/python/pot.py"; depth:25; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277743/; classtype:trojan-activity;sid:84140843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tope--pdf55.lnk"; depth:16; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277744/; classtype:trojan-activity;sid:84140844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.212.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277745/; classtype:trojan-activity;sid:84140845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pot.bat"; depth:8; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277742/; classtype:trojan-activity;sid:84140842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.27.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277741/; classtype:trojan-activity;sid:84140841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.235.219.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277740/; classtype:trojan-activity;sid:84140840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.124.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277739/; classtype:trojan-activity;sid:84140839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.167.27.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277737/; classtype:trojan-activity;sid:84140837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.196.171.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277738/; classtype:trojan-activity;sid:84140838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.158.161.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277736/; classtype:trojan-activity;sid:84140836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277735/; classtype:trojan-activity;sid:84140835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277734/; classtype:trojan-activity;sid:84140834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"chat2cams.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277733/; classtype:trojan-activity;sid:84140833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.126.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277732/; classtype:trojan-activity;sid:84140832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.121.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277731/; classtype:trojan-activity;sid:84140831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.19.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277730/; classtype:trojan-activity;sid:84140830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.107.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277729/; classtype:trojan-activity;sid:84140829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.99.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277728/; classtype:trojan-activity;sid:84140828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277727/; classtype:trojan-activity;sid:84140827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.41.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277724/; classtype:trojan-activity;sid:84140824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277725/; classtype:trojan-activity;sid:84140825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.245.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277726/; classtype:trojan-activity;sid:84140826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.126.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277723/; classtype:trojan-activity;sid:84140823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.198.225.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277721/; classtype:trojan-activity;sid:84140821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.171.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277722/; classtype:trojan-activity;sid:84140822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.205.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277720/; classtype:trojan-activity;sid:84140820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.108.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277719/; classtype:trojan-activity;sid:84140819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.57.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277718/; classtype:trojan-activity;sid:84140818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277717/; classtype:trojan-activity;sid:84140817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.152.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277716/; classtype:trojan-activity;sid:84140816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.200.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277715/; classtype:trojan-activity;sid:84140815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.198.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277714/; classtype:trojan-activity;sid:84140814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.74.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277712/; classtype:trojan-activity;sid:84140812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.155.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277713/; classtype:trojan-activity;sid:84140813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.72.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277711/; classtype:trojan-activity;sid:84140811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.53.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3277710/; classtype:trojan-activity;sid:84140810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.83.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277709/; classtype:trojan-activity;sid:84140809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.155.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277708/; classtype:trojan-activity;sid:84140808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.166.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277707/; classtype:trojan-activity;sid:84140807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277706/; classtype:trojan-activity;sid:84140806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.37.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277705/; classtype:trojan-activity;sid:84140805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.221.44.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277704/; classtype:trojan-activity;sid:84140804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.184.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277703/; classtype:trojan-activity;sid:84140803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.107.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277702/; classtype:trojan-activity;sid:84140802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277701/; classtype:trojan-activity;sid:84140801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.107.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277700/; classtype:trojan-activity;sid:84140800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.138.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277699/; classtype:trojan-activity;sid:84140799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.170.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277697/; classtype:trojan-activity;sid:84140797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.97.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277698/; classtype:trojan-activity;sid:84140798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.41.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277696/; classtype:trojan-activity;sid:84140796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.118.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277695/; classtype:trojan-activity;sid:84140795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.198.225.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277694/; classtype:trojan-activity;sid:84140794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.26.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277692/; classtype:trojan-activity;sid:84140792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.78.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277693/; classtype:trojan-activity;sid:84140793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.241.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277691/; classtype:trojan-activity;sid:84140791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.171.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277689/; classtype:trojan-activity;sid:84140789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.91.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277690/; classtype:trojan-activity;sid:84140790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.188.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277688/; classtype:trojan-activity;sid:84140788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.155.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277687/; classtype:trojan-activity;sid:84140787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.189.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277686/; classtype:trojan-activity;sid:84140786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.204.197.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277685/; classtype:trojan-activity;sid:84140785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.91.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277684/; classtype:trojan-activity;sid:84140784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.235.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277683/; classtype:trojan-activity;sid:84140783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277682/; classtype:trojan-activity;sid:84140782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277681/; classtype:trojan-activity;sid:84140781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.170.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277680/; classtype:trojan-activity;sid:84140780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.69.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277679/; classtype:trojan-activity;sid:84140779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.107.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277677/; classtype:trojan-activity;sid:84140777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.102.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277678/; classtype:trojan-activity;sid:84140778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277676/; classtype:trojan-activity;sid:84140776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.69.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277675/; classtype:trojan-activity;sid:84140775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.219.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277674/; classtype:trojan-activity;sid:84140774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.241.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277673/; classtype:trojan-activity;sid:84140773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.74.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277672/; classtype:trojan-activity;sid:84140772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.4.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277671/; classtype:trojan-activity;sid:84140771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.72.30.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277670/; classtype:trojan-activity;sid:84140770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.193.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277669/; classtype:trojan-activity;sid:84140769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.11.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277668/; classtype:trojan-activity;sid:84140768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.117.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277667/; classtype:trojan-activity;sid:84140767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277666/; classtype:trojan-activity;sid:84140766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.1.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277665/; classtype:trojan-activity;sid:84140765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.11.38"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277664/; classtype:trojan-activity;sid:84140764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.156.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277662/; classtype:trojan-activity;sid:84140762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.230.37.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277663/; classtype:trojan-activity;sid:84140763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.128.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277661/; classtype:trojan-activity;sid:84140761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.27.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277660/; classtype:trojan-activity;sid:84140760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.23.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277659/; classtype:trojan-activity;sid:84140759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.156.143.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277658/; classtype:trojan-activity;sid:84140758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.96.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277657/; classtype:trojan-activity;sid:84140757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.188.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277656/; classtype:trojan-activity;sid:84140756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.45.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277655/; classtype:trojan-activity;sid:84140755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.69.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277654/; classtype:trojan-activity;sid:84140754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.4.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277653/; classtype:trojan-activity;sid:84140753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.232.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277652/; classtype:trojan-activity;sid:84140752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.44.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277650/; classtype:trojan-activity;sid:84140750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277651/; classtype:trojan-activity;sid:84140751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277649/; classtype:trojan-activity;sid:84140749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.102.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277648/; classtype:trojan-activity;sid:84140748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.255.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277647/; classtype:trojan-activity;sid:84140747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.193.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277646/; classtype:trojan-activity;sid:84140746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.247.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277645/; classtype:trojan-activity;sid:84140745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.211.228.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277644/; classtype:trojan-activity;sid:84140744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.43.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277643/; classtype:trojan-activity;sid:84140743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.26.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277642/; classtype:trojan-activity;sid:84140742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.184.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277641/; classtype:trojan-activity;sid:84140741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.57.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277640/; classtype:trojan-activity;sid:84140740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.69.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277639/; classtype:trojan-activity;sid:84140739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.93.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277638/; classtype:trojan-activity;sid:84140738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.102.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277637/; classtype:trojan-activity;sid:84140737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.156.143.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277636/; classtype:trojan-activity;sid:84140736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.45.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277635/; classtype:trojan-activity;sid:84140735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.122.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277634/; classtype:trojan-activity;sid:84140734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.211.228.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277633/; classtype:trojan-activity;sid:84140733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.95.20.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277632/; classtype:trojan-activity;sid:84140732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.44.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277631/; classtype:trojan-activity;sid:84140731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.78.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277630/; classtype:trojan-activity;sid:84140730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.43.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277629/; classtype:trojan-activity;sid:84140729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.40.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277628/; classtype:trojan-activity;sid:84140728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.188.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277626/; classtype:trojan-activity;sid:84140726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.42.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277627/; classtype:trojan-activity;sid:84140727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.6.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277625/; classtype:trojan-activity;sid:84140725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.188.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277624/; classtype:trojan-activity;sid:84140724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277623/; classtype:trojan-activity;sid:84140723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.173.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277622/; classtype:trojan-activity;sid:84140722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.57.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277621/; classtype:trojan-activity;sid:84140721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.119.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277619/; classtype:trojan-activity;sid:84140719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.49.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277620/; classtype:trojan-activity;sid:84140720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.80.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277618/; classtype:trojan-activity;sid:84140718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.183.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277617/; classtype:trojan-activity;sid:84140717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277616/; classtype:trojan-activity;sid:84140716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.79.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277615/; classtype:trojan-activity;sid:84140715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.67.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277614/; classtype:trojan-activity;sid:84140714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.104.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277613/; classtype:trojan-activity;sid:84140713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.11.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277612/; classtype:trojan-activity;sid:84140712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"shfgf.strategies.mvpstrat.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277611/; classtype:trojan-activity;sid:84140711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.40.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277610/; classtype:trojan-activity;sid:84140710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.12.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277609/; classtype:trojan-activity;sid:84140709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.78.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277607/; classtype:trojan-activity;sid:84140707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.221.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277608/; classtype:trojan-activity;sid:84140708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.242.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277606/; classtype:trojan-activity;sid:84140706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.237.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277605/; classtype:trojan-activity;sid:84140705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.139.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277604/; classtype:trojan-activity;sid:84140704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.183.54.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277603/; classtype:trojan-activity;sid:84140703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.81.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277602/; classtype:trojan-activity;sid:84140702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.157.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277601/; classtype:trojan-activity;sid:84140701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277600/; classtype:trojan-activity;sid:84140700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.80.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277599/; classtype:trojan-activity;sid:84140699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.119.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277597/; classtype:trojan-activity;sid:84140697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.45.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277598/; classtype:trojan-activity;sid:84140698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277596/; classtype:trojan-activity;sid:84140696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.49.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277595/; classtype:trojan-activity;sid:84140695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.173.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277593/; classtype:trojan-activity;sid:84140693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.127.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277594/; classtype:trojan-activity;sid:84140694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.125.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277592/; classtype:trojan-activity;sid:84140692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.196.171.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277591/; classtype:trojan-activity;sid:84140691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.104.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277590/; classtype:trojan-activity;sid:84140690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.215.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277589/; classtype:trojan-activity;sid:84140689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.36.148.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277588/; classtype:trojan-activity;sid:84140688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.45.56.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277587/; classtype:trojan-activity;sid:84140687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.67.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277586/; classtype:trojan-activity;sid:84140686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.112.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277585/; classtype:trojan-activity;sid:84140685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.145.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277584/; classtype:trojan-activity;sid:84140684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.149.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277583/; classtype:trojan-activity;sid:84140683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.61.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277582/; classtype:trojan-activity;sid:84140682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277581/; classtype:trojan-activity;sid:84140681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.115.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277580/; classtype:trojan-activity;sid:84140680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.139.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277579/; classtype:trojan-activity;sid:84140679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277578/; classtype:trojan-activity;sid:84140678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.144.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277577/; classtype:trojan-activity;sid:84140677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.84.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277575/; classtype:trojan-activity;sid:84140675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.37.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277576/; classtype:trojan-activity;sid:84140676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.108.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277574/; classtype:trojan-activity;sid:84140674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.249.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277573/; classtype:trojan-activity;sid:84140673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.112.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277572/; classtype:trojan-activity;sid:84140672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.108.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277571/; classtype:trojan-activity;sid:84140671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.157.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277570/; classtype:trojan-activity;sid:84140670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.14.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277569/; classtype:trojan-activity;sid:84140669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.125.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277568/; classtype:trojan-activity;sid:84140668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.209.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277567/; classtype:trojan-activity;sid:84140667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.130.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277565/; classtype:trojan-activity;sid:84140665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277566/; classtype:trojan-activity;sid:84140666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.45.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277564/; classtype:trojan-activity;sid:84140664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.219.119.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277563/; classtype:trojan-activity;sid:84140663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.110.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277562/; classtype:trojan-activity;sid:84140662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.48.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277561/; classtype:trojan-activity;sid:84140661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.132.133.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277560/; classtype:trojan-activity;sid:84140660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_130.exe"; depth:15; endswith; nocase; http.host; content:"gosp.xaman.es"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277559/; classtype:trojan-activity;sid:84140659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.108.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277558/; classtype:trojan-activity;sid:84140658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.150.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277557/; classtype:trojan-activity;sid:84140657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.185.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277556/; classtype:trojan-activity;sid:84140656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"ibih.strategies.mvpstrat.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277555/; classtype:trojan-activity;sid:84140655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277554/; classtype:trojan-activity;sid:84140654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.175.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277553/; classtype:trojan-activity;sid:84140653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277552/; classtype:trojan-activity;sid:84140652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.180.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277551/; classtype:trojan-activity;sid:84140651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.121.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277549/; classtype:trojan-activity;sid:84140649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.64.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277550/; classtype:trojan-activity;sid:84140650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.221.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277548/; classtype:trojan-activity;sid:84140648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.209.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277547/; classtype:trojan-activity;sid:84140647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.225.105.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277544/; classtype:trojan-activity;sid:84140644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.1.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277545/; classtype:trojan-activity;sid:84140645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.70.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277546/; classtype:trojan-activity;sid:84140646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.46.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277543/; classtype:trojan-activity;sid:84140643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.98.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277542/; classtype:trojan-activity;sid:84140642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.37.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277541/; classtype:trojan-activity;sid:84140641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.108.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277540/; classtype:trojan-activity;sid:84140640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.150.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277539/; classtype:trojan-activity;sid:84140639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.39.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277537/; classtype:trojan-activity;sid:84140637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.83.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277538/; classtype:trojan-activity;sid:84140638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.1.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277536/; classtype:trojan-activity;sid:84140636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277535/; classtype:trojan-activity;sid:84140635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277534/; classtype:trojan-activity;sid:84140634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.97.201.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277533/; classtype:trojan-activity;sid:84140633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.221.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277532/; classtype:trojan-activity;sid:84140632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277531/; classtype:trojan-activity;sid:84140631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.151.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277530/; classtype:trojan-activity;sid:84140630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.35.76"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277529/; classtype:trojan-activity;sid:84140629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277528/; classtype:trojan-activity;sid:84140628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.184.1.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277527/; classtype:trojan-activity;sid:84140627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.203.68.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277526/; classtype:trojan-activity;sid:84140626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.196.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277525/; classtype:trojan-activity;sid:84140625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.14.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277524/; classtype:trojan-activity;sid:84140624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.39.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277523/; classtype:trojan-activity;sid:84140623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.247.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277522/; classtype:trojan-activity;sid:84140622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.126.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277521/; classtype:trojan-activity;sid:84140621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.184.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277520/; classtype:trojan-activity;sid:84140620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277519/; classtype:trojan-activity;sid:84140619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.31.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277518/; classtype:trojan-activity;sid:84140618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.234.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277517/; classtype:trojan-activity;sid:84140617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.7.103"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277516/; classtype:trojan-activity;sid:84140616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.74.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277514/; classtype:trojan-activity;sid:84140614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.26.82.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277515/; classtype:trojan-activity;sid:84140615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"69.254.95.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277513/; classtype:trojan-activity;sid:84140613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.200.177.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277512/; classtype:trojan-activity;sid:84140612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277511/; classtype:trojan-activity;sid:84140611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.182.130.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277510/; classtype:trojan-activity;sid:84140610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.83.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277509/; classtype:trojan-activity;sid:84140609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.119.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277507/; classtype:trojan-activity;sid:84140607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.97.201.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277508/; classtype:trojan-activity;sid:84140608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277506/; classtype:trojan-activity;sid:84140606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.248.82.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277505/; classtype:trojan-activity;sid:84140605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.233.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277504/; classtype:trojan-activity;sid:84140604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.1.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277503/; classtype:trojan-activity;sid:84140603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.196.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277502/; classtype:trojan-activity;sid:84140602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.80.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277501/; classtype:trojan-activity;sid:84140601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.247.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277500/; classtype:trojan-activity;sid:84140600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.26.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277499/; classtype:trojan-activity;sid:84140599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.20.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277498/; classtype:trojan-activity;sid:84140598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.151.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277497/; classtype:trojan-activity;sid:84140597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.240.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277496/; classtype:trojan-activity;sid:84140596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.53.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277495/; classtype:trojan-activity;sid:84140595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.210.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277494/; classtype:trojan-activity;sid:84140594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.208.110.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277493/; classtype:trojan-activity;sid:84140593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.114.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277492/; classtype:trojan-activity;sid:84140592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.176.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277491/; classtype:trojan-activity;sid:84140591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.245.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277490/; classtype:trojan-activity;sid:84140590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.153.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277489/; classtype:trojan-activity;sid:84140589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"198.163.192.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277488/; classtype:trojan-activity;sid:84140588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277486/; classtype:trojan-activity;sid:84140586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.96.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277487/; classtype:trojan-activity;sid:84140587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.239.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277485/; classtype:trojan-activity;sid:84140585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.6.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277484/; classtype:trojan-activity;sid:84140584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.145.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277483/; classtype:trojan-activity;sid:84140583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.151.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277482/; classtype:trojan-activity;sid:84140582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.176.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277481/; classtype:trojan-activity;sid:84140581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.95.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277479/; classtype:trojan-activity;sid:84140579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277480/; classtype:trojan-activity;sid:84140580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.231.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277477/; classtype:trojan-activity;sid:84140577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.208.110.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277478/; classtype:trojan-activity;sid:84140578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.164.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277476/; classtype:trojan-activity;sid:84140576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277475/; classtype:trojan-activity;sid:84140575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.210.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277474/; classtype:trojan-activity;sid:84140574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.38.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277473/; classtype:trojan-activity;sid:84140573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.13.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277472/; classtype:trojan-activity;sid:84140572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm"; depth:25; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277470/; classtype:trojan-activity;sid:84140570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm5"; depth:26; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277471/; classtype:trojan-activity;sid:84140571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.237.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277460/; classtype:trojan-activity;sid:84140560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm6"; depth:26; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277461/; classtype:trojan-activity;sid:84140561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86"; depth:25; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277462/; classtype:trojan-activity;sid:84140562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm7"; depth:26; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277463/; classtype:trojan-activity;sid:84140563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.spc"; depth:25; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277464/; classtype:trojan-activity;sid:84140564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.m68k"; depth:26; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277465/; classtype:trojan-activity;sid:84140565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.ppc"; depth:25; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277466/; classtype:trojan-activity;sid:84140566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mpsl"; depth:26; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277467/; classtype:trojan-activity;sid:84140567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.sh4"; depth:25; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277468/; classtype:trojan-activity;sid:84140568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mips"; depth:26; endswith; nocase; http.host; content:"selfrep.carteldesinaloa.ru"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277469/; classtype:trojan-activity;sid:84140569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.109.159.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277459/; classtype:trojan-activity;sid:84140559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.28.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277458/; classtype:trojan-activity;sid:84140558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.179.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277457/; classtype:trojan-activity;sid:84140557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.88.253.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277456/; classtype:trojan-activity;sid:84140556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.202.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277455/; classtype:trojan-activity;sid:84140555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.231.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277454/; classtype:trojan-activity;sid:84140554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.239.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277453/; classtype:trojan-activity;sid:84140553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.17.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277452/; classtype:trojan-activity;sid:84140552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.190.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277451/; classtype:trojan-activity;sid:84140551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.157.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277450/; classtype:trojan-activity;sid:84140550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.248.225.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277449/; classtype:trojan-activity;sid:84140549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wriww68k"; depth:10; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277447/; classtype:trojan-activity;sid:84140547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.224.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277448/; classtype:trojan-activity;sid:84140548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//dvwkja7"; depth:9; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277446/; classtype:trojan-activity;sid:84140546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vqsjh4"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277443/; classtype:trojan-activity;sid:84140543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//kjsusa6"; depth:9; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277444/; classtype:trojan-activity;sid:84140544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.12.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277445/; classtype:trojan-activity;sid:84140545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vkjqpc"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277437/; classtype:trojan-activity;sid:84140537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vsbeps"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277438/; classtype:trojan-activity;sid:84140538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wnbw86"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277439/; classtype:trojan-activity;sid:84140539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//jwwofba5"; depth:10; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277440/; classtype:trojan-activity;sid:84140540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wheiuwa4"; depth:10; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277441/; classtype:trojan-activity;sid:84140541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//qkehusl"; depth:9; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277442/; classtype:trojan-activity;sid:84140542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.9.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277436/; classtype:trojan-activity;sid:84140536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.208.110.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277435/; classtype:trojan-activity;sid:84140535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.179.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277433/; classtype:trojan-activity;sid:84140533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.7.165.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277434/; classtype:trojan-activity;sid:84140534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.92.254.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277432/; classtype:trojan-activity;sid:84140532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.38.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277431/; classtype:trojan-activity;sid:84140531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277428/; classtype:trojan-activity;sid:84140528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277429/; classtype:trojan-activity;sid:84140529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277430/; classtype:trojan-activity;sid:84140530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277427/; classtype:trojan-activity;sid:84140527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277420/; classtype:trojan-activity;sid:84140520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277421/; classtype:trojan-activity;sid:84140521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277422/; classtype:trojan-activity;sid:84140522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277423/; classtype:trojan-activity;sid:84140523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277424/; classtype:trojan-activity;sid:84140524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277425/; classtype:trojan-activity;sid:84140525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"ing-tb-deaktivierung.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277426/; classtype:trojan-activity;sid:84140526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.74.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277419/; classtype:trojan-activity;sid:84140519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.135.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277418/; classtype:trojan-activity;sid:84140518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.109.159.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277417/; classtype:trojan-activity;sid:84140517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.12.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277416/; classtype:trojan-activity;sid:84140516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.16.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277415/; classtype:trojan-activity;sid:84140515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.224.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277414/; classtype:trojan-activity;sid:84140514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.198.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277411/; classtype:trojan-activity;sid:84140511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink.sh"; depth:10; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277412/; classtype:trojan-activity;sid:84140512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.103.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277413/; classtype:trojan-activity;sid:84140513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277408/; classtype:trojan-activity;sid:84140508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277406/; classtype:trojan-activity;sid:84140506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277407/; classtype:trojan-activity;sid:84140507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277405/; classtype:trojan-activity;sid:84140505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277404/; classtype:trojan-activity;sid:84140504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277403/; classtype:trojan-activity;sid:84140503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.190.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277402/; classtype:trojan-activity;sid:84140502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.19.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277401/; classtype:trojan-activity;sid:84140501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.103.176.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277400/; classtype:trojan-activity;sid:84140500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277398/; classtype:trojan-activity;sid:84140498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277399/; classtype:trojan-activity;sid:84140499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277394/; classtype:trojan-activity;sid:84140494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277395/; classtype:trojan-activity;sid:84140495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.157.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277396/; classtype:trojan-activity;sid:84140496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.196.171.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277397/; classtype:trojan-activity;sid:84140497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm"; depth:12; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277393/; classtype:trojan-activity;sid:84140493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.spc"; depth:12; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277391/; classtype:trojan-activity;sid:84140491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277392/; classtype:trojan-activity;sid:84140492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277389/; classtype:trojan-activity;sid:84140489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.x86"; depth:12; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277390/; classtype:trojan-activity;sid:84140490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.96.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277388/; classtype:trojan-activity;sid:84140488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mips"; depth:13; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277386/; classtype:trojan-activity;sid:84140486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277387/; classtype:trojan-activity;sid:84140487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277384/; classtype:trojan-activity;sid:84140484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277385/; classtype:trojan-activity;sid:84140485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.134.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277383/; classtype:trojan-activity;sid:84140483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.131.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277382/; classtype:trojan-activity;sid:84140482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.40.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277381/; classtype:trojan-activity;sid:84140481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.121.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277380/; classtype:trojan-activity;sid:84140480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.228.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277378/; classtype:trojan-activity;sid:84140478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.18.68.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277379/; classtype:trojan-activity;sid:84140479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.19.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277377/; classtype:trojan-activity;sid:84140477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"137.59.195.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277376/; classtype:trojan-activity;sid:84140476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.138.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277375/; classtype:trojan-activity;sid:84140475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.240.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277374/; classtype:trojan-activity;sid:84140474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.22.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277373/; classtype:trojan-activity;sid:84140473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.13.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277371/; classtype:trojan-activity;sid:84140471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.47.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277372/; classtype:trojan-activity;sid:84140472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.232.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277370/; classtype:trojan-activity;sid:84140470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.198.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277369/; classtype:trojan-activity;sid:84140469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.135.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277368/; classtype:trojan-activity;sid:84140468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.16.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277367/; classtype:trojan-activity;sid:84140467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.240.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277366/; classtype:trojan-activity;sid:84140466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.16.159"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277365/; classtype:trojan-activity;sid:84140465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.74.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277364/; classtype:trojan-activity;sid:84140464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.220.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277363/; classtype:trojan-activity;sid:84140463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.19.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277362/; classtype:trojan-activity;sid:84140462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.15.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277360/; classtype:trojan-activity;sid:84140460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.76.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277361/; classtype:trojan-activity;sid:84140461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.6.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277359/; classtype:trojan-activity;sid:84140459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.196.171.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277357/; classtype:trojan-activity;sid:84140457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.15.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277358/; classtype:trojan-activity;sid:84140458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.176.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277356/; classtype:trojan-activity;sid:84140456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.34.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277355/; classtype:trojan-activity;sid:84140455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.179.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277354/; classtype:trojan-activity;sid:84140454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277353/; classtype:trojan-activity;sid:84140453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.82.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277352/; classtype:trojan-activity;sid:84140452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.150.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277351/; classtype:trojan-activity;sid:84140451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.134.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277350/; classtype:trojan-activity;sid:84140450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.209.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277349/; classtype:trojan-activity;sid:84140449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277348/; classtype:trojan-activity;sid:84140448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/set-up.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277347/; classtype:trojan-activity;sid:84140447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277342/; classtype:trojan-activity;sid:84140442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277343/; classtype:trojan-activity;sid:84140443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277344/; classtype:trojan-activity;sid:84140444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277345/; classtype:trojan-activity;sid:84140445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277346/; classtype:trojan-activity;sid:84140446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277338/; classtype:trojan-activity;sid:84140438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277339/; classtype:trojan-activity;sid:84140439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277340/; classtype:trojan-activity;sid:84140440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277341/; classtype:trojan-activity;sid:84140441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.228.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277337/; classtype:trojan-activity;sid:84140437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"154.216.19.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277336/; classtype:trojan-activity;sid:84140436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.122.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277335/; classtype:trojan-activity;sid:84140435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.252.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277334/; classtype:trojan-activity;sid:84140434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277332/; classtype:trojan-activity;sid:84140432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277333/; classtype:trojan-activity;sid:84140433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277327/; classtype:trojan-activity;sid:84140427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277328/; classtype:trojan-activity;sid:84140428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277329/; classtype:trojan-activity;sid:84140429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277330/; classtype:trojan-activity;sid:84140430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277331/; classtype:trojan-activity;sid:84140431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277316/; classtype:trojan-activity;sid:84140416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277317/; classtype:trojan-activity;sid:84140417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277318/; classtype:trojan-activity;sid:84140418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277319/; classtype:trojan-activity;sid:84140419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277320/; classtype:trojan-activity;sid:84140420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277321/; classtype:trojan-activity;sid:84140421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277322/; classtype:trojan-activity;sid:84140422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277323/; classtype:trojan-activity;sid:84140423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277324/; classtype:trojan-activity;sid:84140424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.133.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277325/; classtype:trojan-activity;sid:84140425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277326/; classtype:trojan-activity;sid:84140426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"154.216.19.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277315/; classtype:trojan-activity;sid:84140415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277313/; classtype:trojan-activity;sid:84140413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277314/; classtype:trojan-activity;sid:84140414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277311/; classtype:trojan-activity;sid:84140411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277312/; classtype:trojan-activity;sid:84140412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.21.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277310/; classtype:trojan-activity;sid:84140410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.245.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277309/; classtype:trojan-activity;sid:84140409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277308/; classtype:trojan-activity;sid:84140408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277307/; classtype:trojan-activity;sid:84140407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"154.216.16.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277305/; classtype:trojan-activity;sid:84140405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277306/; classtype:trojan-activity;sid:84140406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.8.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277304/; classtype:trojan-activity;sid:84140404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.13.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277303/; classtype:trojan-activity;sid:84140403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277302/; classtype:trojan-activity;sid:84140402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.215.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277301/; classtype:trojan-activity;sid:84140401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.16.159"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277300/; classtype:trojan-activity;sid:84140400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.34.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277299/; classtype:trojan-activity;sid:84140399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672a581b1849b/%e2%9d%89documentacion%20detalles%e2%9d%89_%e2%91%a0%e2%91%a0%e2%91%a6%e2%91%a4%e2%91%a6%e2%91%a5%e2%91%a4%e2%91%a4.zip"; depth:134; endswith; nocase; http.host; content:"infopublic67.online"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277297/; classtype:trojan-activity;sid:84140397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672a581b1849b/%e2%9d%89documentacion%20detalles%e2%9d%89_%e2%91%a0%e2%91%a0%e2%91%a6%e2%91%a4%e2%91%a6%e2%91%a5%e2%91%a4%e2%91%a4.zip"; depth:134; endswith; nocase; http.host; content:"www.infopublic67.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277298/; classtype:trojan-activity;sid:84140398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.76.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277296/; classtype:trojan-activity;sid:84140396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672a581b1849b/672a581b1861e.vbs"; depth:32; endswith; nocase; http.host; content:"www.infopublic67.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277292/; classtype:trojan-activity;sid:84140392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.105.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277293/; classtype:trojan-activity;sid:84140393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672a581b1849b/672a581b18621.vbs"; depth:32; endswith; nocase; http.host; content:"www.infopublic67.online"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277294/; classtype:trojan-activity;sid:84140394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672a581b1849b/672a581b18621.vbs"; depth:32; endswith; nocase; http.host; content:"infopublic67.online"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277295/; classtype:trojan-activity;sid:84140395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672a581b1849b/672a581b1861e.vbs"; depth:32; endswith; nocase; http.host; content:"infopublic67.online"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277291/; classtype:trojan-activity;sid:84140391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.252.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277290/; classtype:trojan-activity;sid:84140390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.220.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277289/; classtype:trojan-activity;sid:84140389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.232.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277288/; classtype:trojan-activity;sid:84140388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.219.119.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277287/; classtype:trojan-activity;sid:84140387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277286/; classtype:trojan-activity;sid:84140386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.133.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277285/; classtype:trojan-activity;sid:84140385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.122.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277284/; classtype:trojan-activity;sid:84140384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.209.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277283/; classtype:trojan-activity;sid:84140383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.18.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277282/; classtype:trojan-activity;sid:84140382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.47.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277281/; classtype:trojan-activity;sid:84140381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.181.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277280/; classtype:trojan-activity;sid:84140380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277269/; classtype:trojan-activity;sid:84140369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277270/; classtype:trojan-activity;sid:84140370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277271/; classtype:trojan-activity;sid:84140371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277272/; classtype:trojan-activity;sid:84140372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277273/; classtype:trojan-activity;sid:84140373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277274/; classtype:trojan-activity;sid:84140374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277275/; classtype:trojan-activity;sid:84140375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277276/; classtype:trojan-activity;sid:84140376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277277/; classtype:trojan-activity;sid:84140377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277278/; classtype:trojan-activity;sid:84140378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"guddimirai.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277279/; classtype:trojan-activity;sid:84140379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.215.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277268/; classtype:trojan-activity;sid:84140368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.250.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277267/; classtype:trojan-activity;sid:84140367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.61.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277266/; classtype:trojan-activity;sid:84140366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277261/; classtype:trojan-activity;sid:84140361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277262/; classtype:trojan-activity;sid:84140362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277263/; classtype:trojan-activity;sid:84140363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277264/; classtype:trojan-activity;sid:84140364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277265/; classtype:trojan-activity;sid:84140365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277258/; classtype:trojan-activity;sid:84140358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277259/; classtype:trojan-activity;sid:84140359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277260/; classtype:trojan-activity;sid:84140360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277257/; classtype:trojan-activity;sid:84140357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277255/; classtype:trojan-activity;sid:84140355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"144.172.73.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277256/; classtype:trojan-activity;sid:84140356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.31.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277254/; classtype:trojan-activity;sid:84140354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.211.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277253/; classtype:trojan-activity;sid:84140353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.119.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277252/; classtype:trojan-activity;sid:84140352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277251/; classtype:trojan-activity;sid:84140351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.0.142.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277250/; classtype:trojan-activity;sid:84140350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpsvcbase.dll"; depth:14; endswith; nocase; http.host; content:"202.61.85.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277249/; classtype:trojan-activity;sid:84140349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.81.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277248/; classtype:trojan-activity;sid:84140348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/freecam.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277247/; classtype:trojan-activity;sid:84140347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.29.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277244/; classtype:trojan-activity;sid:84140344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.142.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277245/; classtype:trojan-activity;sid:84140345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.185.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277246/; classtype:trojan-activity;sid:84140346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.102.189.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277243/; classtype:trojan-activity;sid:84140343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277242/; classtype:trojan-activity;sid:84140342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.47.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277241/; classtype:trojan-activity;sid:84140341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277240/; classtype:trojan-activity;sid:84140340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.183.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277239/; classtype:trojan-activity;sid:84140339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.69.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277238/; classtype:trojan-activity;sid:84140338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.208.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277237/; classtype:trojan-activity;sid:84140337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.206.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277236/; classtype:trojan-activity;sid:84140336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.44.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277232/; classtype:trojan-activity;sid:84140332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.213.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277233/; classtype:trojan-activity;sid:84140333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.195.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277234/; classtype:trojan-activity;sid:84140334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.40.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277235/; classtype:trojan-activity;sid:84140335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.247.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277231/; classtype:trojan-activity;sid:84140331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277230/; classtype:trojan-activity;sid:84140330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.168.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277229/; classtype:trojan-activity;sid:84140329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.182.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277228/; classtype:trojan-activity;sid:84140328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277227/; classtype:trojan-activity;sid:84140327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.59.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277226/; classtype:trojan-activity;sid:84140326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277225/; classtype:trojan-activity;sid:84140325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.19.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277224/; classtype:trojan-activity;sid:84140324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277223/; classtype:trojan-activity;sid:84140323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.102.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277222/; classtype:trojan-activity;sid:84140322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.72.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277221/; classtype:trojan-activity;sid:84140321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.168.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277220/; classtype:trojan-activity;sid:84140320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.206.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277219/; classtype:trojan-activity;sid:84140319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.52.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277218/; classtype:trojan-activity;sid:84140318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"192.119.100.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277217/; classtype:trojan-activity;sid:84140317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.190.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277216/; classtype:trojan-activity;sid:84140316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"5.59.106.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277215/; classtype:trojan-activity;sid:84140315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.181.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277214/; classtype:trojan-activity;sid:84140314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.7.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277213/; classtype:trojan-activity;sid:84140313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.46.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277212/; classtype:trojan-activity;sid:84140312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.221.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277210/; classtype:trojan-activity;sid:84140310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.222.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277211/; classtype:trojan-activity;sid:84140311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.247.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277209/; classtype:trojan-activity;sid:84140309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.59.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277208/; classtype:trojan-activity;sid:84140308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.72.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277207/; classtype:trojan-activity;sid:84140307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.117.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277206/; classtype:trojan-activity;sid:84140306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277205/; classtype:trojan-activity;sid:84140305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.126.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277204/; classtype:trojan-activity;sid:84140304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.46.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277203/; classtype:trojan-activity;sid:84140303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.90.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277201/; classtype:trojan-activity;sid:84140301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.228.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277202/; classtype:trojan-activity;sid:84140302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.190.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277200/; classtype:trojan-activity;sid:84140300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.222.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277199/; classtype:trojan-activity;sid:84140299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277198/; classtype:trojan-activity;sid:84140298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277197/; classtype:trojan-activity;sid:84140297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277196/; classtype:trojan-activity;sid:84140296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.115.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277195/; classtype:trojan-activity;sid:84140295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.170.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277194/; classtype:trojan-activity;sid:84140294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.250.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277193/; classtype:trojan-activity;sid:84140293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277192/; classtype:trojan-activity;sid:84140292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.112.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277191/; classtype:trojan-activity;sid:84140291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.90.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277190/; classtype:trojan-activity;sid:84140290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.16.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277189/; classtype:trojan-activity;sid:84140289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277188/; classtype:trojan-activity;sid:84140288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.86.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277187/; classtype:trojan-activity;sid:84140287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.59.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277186/; classtype:trojan-activity;sid:84140286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.212.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277185/; classtype:trojan-activity;sid:84140285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.124.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277184/; classtype:trojan-activity;sid:84140284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.240.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277183/; classtype:trojan-activity;sid:84140283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277182/; classtype:trojan-activity;sid:84140282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.154.80.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277181/; classtype:trojan-activity;sid:84140281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.18.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277180/; classtype:trojan-activity;sid:84140280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.170.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277179/; classtype:trojan-activity;sid:84140279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277178/; classtype:trojan-activity;sid:84140278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.250.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277177/; classtype:trojan-activity;sid:84140277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277176/; classtype:trojan-activity;sid:84140276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277175/; classtype:trojan-activity;sid:84140275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.223.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277174/; classtype:trojan-activity;sid:84140274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.120.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277173/; classtype:trojan-activity;sid:84140273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.163.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277172/; classtype:trojan-activity;sid:84140272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.254.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277171/; classtype:trojan-activity;sid:84140271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.107.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277169/; classtype:trojan-activity;sid:84140269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277170/; classtype:trojan-activity;sid:84140270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.211.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277168/; classtype:trojan-activity;sid:84140268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277166/; classtype:trojan-activity;sid:84140266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277167/; classtype:trojan-activity;sid:84140267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.119.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277164/; classtype:trojan-activity;sid:84140264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.48.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277165/; classtype:trojan-activity;sid:84140265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.124.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277163/; classtype:trojan-activity;sid:84140263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.6.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277162/; classtype:trojan-activity;sid:84140262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277161/; classtype:trojan-activity;sid:84140261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277158/; classtype:trojan-activity;sid:84140258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.91.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277159/; classtype:trojan-activity;sid:84140259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.28.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277160/; classtype:trojan-activity;sid:84140260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.97.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277157/; classtype:trojan-activity;sid:84140257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.11.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277156/; classtype:trojan-activity;sid:84140256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.12.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277155/; classtype:trojan-activity;sid:84140255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.229.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277154/; classtype:trojan-activity;sid:84140254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.188.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277153/; classtype:trojan-activity;sid:84140253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.100.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277152/; classtype:trojan-activity;sid:84140252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.133.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277151/; classtype:trojan-activity;sid:84140251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.226.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277150/; classtype:trojan-activity;sid:84140250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.156.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277149/; classtype:trojan-activity;sid:84140249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.128.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277148/; classtype:trojan-activity;sid:84140248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.195.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277147/; classtype:trojan-activity;sid:84140247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.120.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277146/; classtype:trojan-activity;sid:84140246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.61.48.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277145/; classtype:trojan-activity;sid:84140245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.75.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277143/; classtype:trojan-activity;sid:84140243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.142.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277144/; classtype:trojan-activity;sid:84140244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.208.52.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277142/; classtype:trojan-activity;sid:84140242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.95.163.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277141/; classtype:trojan-activity;sid:84140241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.100.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277140/; classtype:trojan-activity;sid:84140240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.208.52.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277139/; classtype:trojan-activity;sid:84140239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.96.17.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277138/; classtype:trojan-activity;sid:84140238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.175.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277137/; classtype:trojan-activity;sid:84140237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.125.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277136/; classtype:trojan-activity;sid:84140236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.86.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277135/; classtype:trojan-activity;sid:84140235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"dontseekme.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277134/; classtype:trojan-activity;sid:84140234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.76.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277133/; classtype:trojan-activity;sid:84140233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.128.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277132/; classtype:trojan-activity;sid:84140232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.83.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277131/; classtype:trojan-activity;sid:84140231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.133.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277130/; classtype:trojan-activity;sid:84140230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.208.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277129/; classtype:trojan-activity;sid:84140229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.67.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277128/; classtype:trojan-activity;sid:84140228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.208.52.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277127/; classtype:trojan-activity;sid:84140227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.171.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277126/; classtype:trojan-activity;sid:84140226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.142.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277125/; classtype:trojan-activity;sid:84140225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1111.txt"; depth:9; endswith; nocase; http.host; content:"118.25.85.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277124/; classtype:trojan-activity;sid:84140224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.200.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277123/; classtype:trojan-activity;sid:84140223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.26.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277122/; classtype:trojan-activity;sid:84140222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.244.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277121/; classtype:trojan-activity;sid:84140221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.118.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277120/; classtype:trojan-activity;sid:84140220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.133.37.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277119/; classtype:trojan-activity;sid:84140219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.22.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277118/; classtype:trojan-activity;sid:84140218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.122.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277117/; classtype:trojan-activity;sid:84140217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.83.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277116/; classtype:trojan-activity;sid:84140216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiwi.exe"; depth:9; endswith; nocase; http.host; content:"162.230.48.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277115/; classtype:trojan-activity;sid:84140215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.198.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277114/; classtype:trojan-activity;sid:84140214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.83.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277113/; classtype:trojan-activity;sid:84140213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.212.176.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277112/; classtype:trojan-activity;sid:84140212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.46.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277111/; classtype:trojan-activity;sid:84140211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.207.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277110/; classtype:trojan-activity;sid:84140210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.127.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277109/; classtype:trojan-activity;sid:84140209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.118.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277108/; classtype:trojan-activity;sid:84140208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.244.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277107/; classtype:trojan-activity;sid:84140207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.26.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277106/; classtype:trojan-activity;sid:84140206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.11.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277105/; classtype:trojan-activity;sid:84140205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.154.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277104/; classtype:trojan-activity;sid:84140204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.122.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277103/; classtype:trojan-activity;sid:84140203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwo.exe"; depth:8; endswith; nocase; http.host; content:"husktools.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277102/; classtype:trojan-activity;sid:84140202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277101/; classtype:trojan-activity;sid:84140201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.74.13.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277100/; classtype:trojan-activity;sid:84140200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new214.exe"; depth:11; endswith; nocase; http.host; content:"162.230.48.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277099/; classtype:trojan-activity;sid:84140199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.240.168.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277098/; classtype:trojan-activity;sid:84140198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.9.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277097/; classtype:trojan-activity;sid:84140197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.177.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277096/; classtype:trojan-activity;sid:84140196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277095/; classtype:trojan-activity;sid:84140195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.159.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277094/; classtype:trojan-activity;sid:84140194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.180.80.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277093/; classtype:trojan-activity;sid:84140193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.240.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277092/; classtype:trojan-activity;sid:84140192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.12.4.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277091/; classtype:trojan-activity;sid:84140191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.183.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277090/; classtype:trojan-activity;sid:84140190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.156.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277089/; classtype:trojan-activity;sid:84140189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.165.106.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277088/; classtype:trojan-activity;sid:84140188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277087/; classtype:trojan-activity;sid:84140187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.12.14"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277086/; classtype:trojan-activity;sid:84140186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.212.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277085/; classtype:trojan-activity;sid:84140185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.9.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277084/; classtype:trojan-activity;sid:84140184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.251.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277083/; classtype:trojan-activity;sid:84140183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277082/; classtype:trojan-activity;sid:84140182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"137.59.195.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277080/; classtype:trojan-activity;sid:84140180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277081/; classtype:trojan-activity;sid:84140181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.9.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277079/; classtype:trojan-activity;sid:84140179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.231.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277078/; classtype:trojan-activity;sid:84140178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.186.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277077/; classtype:trojan-activity;sid:84140177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.102.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277076/; classtype:trojan-activity;sid:84140176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277075/; classtype:trojan-activity;sid:84140175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.212.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277074/; classtype:trojan-activity;sid:84140174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277070/; classtype:trojan-activity;sid:84140170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.101.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277071/; classtype:trojan-activity;sid:84140171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.4.112.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277072/; classtype:trojan-activity;sid:84140172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.28.149"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277073/; classtype:trojan-activity;sid:84140173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.21.174.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277069/; classtype:trojan-activity;sid:84140169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.38.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277068/; classtype:trojan-activity;sid:84140168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.165.106.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277067/; classtype:trojan-activity;sid:84140167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.156.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277066/; classtype:trojan-activity;sid:84140166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.200.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277065/; classtype:trojan-activity;sid:84140165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.6.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277064/; classtype:trojan-activity;sid:84140164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277063/; classtype:trojan-activity;sid:84140163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.51.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277062/; classtype:trojan-activity;sid:84140162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.102.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277061/; classtype:trojan-activity;sid:84140161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.186.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277060/; classtype:trojan-activity;sid:84140160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.247.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277059/; classtype:trojan-activity;sid:84140159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.38.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277058/; classtype:trojan-activity;sid:84140158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.159.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277057/; classtype:trojan-activity;sid:84140157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.96.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277056/; classtype:trojan-activity;sid:84140156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277055/; classtype:trojan-activity;sid:84140155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.24.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277054/; classtype:trojan-activity;sid:84140154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.90.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277053/; classtype:trojan-activity;sid:84140153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.131.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277051/; classtype:trojan-activity;sid:84140151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277052/; classtype:trojan-activity;sid:84140152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.27.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277050/; classtype:trojan-activity;sid:84140150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.33.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277049/; classtype:trojan-activity;sid:84140149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.223.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277048/; classtype:trojan-activity;sid:84140148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.165.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277046/; classtype:trojan-activity;sid:84140146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.97.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277047/; classtype:trojan-activity;sid:84140147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.19.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277045/; classtype:trojan-activity;sid:84140145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.24.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277044/; classtype:trojan-activity;sid:84140144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.23.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277043/; classtype:trojan-activity;sid:84140143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.160.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277042/; classtype:trojan-activity;sid:84140142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.101.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277041/; classtype:trojan-activity;sid:84140141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.221.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277040/; classtype:trojan-activity;sid:84140140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.41.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277039/; classtype:trojan-activity;sid:84140139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.64.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277038/; classtype:trojan-activity;sid:84140138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.242.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277037/; classtype:trojan-activity;sid:84140137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277034/; classtype:trojan-activity;sid:84140134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.253.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277035/; classtype:trojan-activity;sid:84140135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277036/; classtype:trojan-activity;sid:84140136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.57.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277033/; classtype:trojan-activity;sid:84140133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.253.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277032/; classtype:trojan-activity;sid:84140132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.44.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277031/; classtype:trojan-activity;sid:84140131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.237.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277030/; classtype:trojan-activity;sid:84140130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.43.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277029/; classtype:trojan-activity;sid:84140129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.225.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277028/; classtype:trojan-activity;sid:84140128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.64.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277027/; classtype:trojan-activity;sid:84140127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dler214.exe"; depth:12; endswith; nocase; http.host; content:"162.230.48.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277026/; classtype:trojan-activity;sid:84140126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.160.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277025/; classtype:trojan-activity;sid:84140125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.247.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277024/; classtype:trojan-activity;sid:84140124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idek.exe"; depth:9; endswith; nocase; http.host; content:"162.230.48.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277023/; classtype:trojan-activity;sid:84140123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277022/; classtype:trojan-activity;sid:84140122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.253.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277021/; classtype:trojan-activity;sid:84140121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.193.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277020/; classtype:trojan-activity;sid:84140120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277019/; classtype:trojan-activity;sid:84140119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.248.28.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277018/; classtype:trojan-activity;sid:84140118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.231.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277017/; classtype:trojan-activity;sid:84140117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.162.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277016/; classtype:trojan-activity;sid:84140116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.212.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277015/; classtype:trojan-activity;sid:84140115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.119.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277014/; classtype:trojan-activity;sid:84140114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.26.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277013/; classtype:trojan-activity;sid:84140113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.93.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277012/; classtype:trojan-activity;sid:84140112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.117.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277011/; classtype:trojan-activity;sid:84140111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277010/; classtype:trojan-activity;sid:84140110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.193.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277009/; classtype:trojan-activity;sid:84140109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.222.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277008/; classtype:trojan-activity;sid:84140108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.117.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277007/; classtype:trojan-activity;sid:84140107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.138.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277006/; classtype:trojan-activity;sid:84140106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277005/; classtype:trojan-activity;sid:84140105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277004/; classtype:trojan-activity;sid:84140104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277001/; classtype:trojan-activity;sid:84140101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277002/; classtype:trojan-activity;sid:84140102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277003/; classtype:trojan-activity;sid:84140103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3277000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/eknejaipbckgrhnslrsjfxmvkq9qcty9fk"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3277000/; classtype:trojan-activity;sid:84140100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/coqkkyrjy7jrj6jedgpzwmkkn7n0rbjgqx"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276999/; classtype:trojan-activity;sid:84140099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/s0d31wnlhdzcld5ismas9vur6mb74ocaau"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276995/; classtype:trojan-activity;sid:84140095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tp4vhwpybymlx3vqngnjdldwxklhx1pp0f"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276996/; classtype:trojan-activity;sid:84140096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cxee18lggahm83v4bkcbp73jymcenyak1p"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276997/; classtype:trojan-activity;sid:84140097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o0zrtapu0rw0exb9csa6i5cyvpx2gqz2kp"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276998/; classtype:trojan-activity;sid:84140098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276987/; classtype:trojan-activity;sid:84140087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ghnt6rxxueeirffz4z7oiaxbyzt1b8doty"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276988/; classtype:trojan-activity;sid:84140088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276989/; classtype:trojan-activity;sid:84140089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/l2k6ay5fudeyn65xw9kwllftg6s5wbpunb"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276990/; classtype:trojan-activity;sid:84140090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwkjebwi686"; depth:12; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276991/; classtype:trojan-activity;sid:84140091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1wzckx5degfrdg4ahbv3ldqkskcwi5q9wc"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276992/; classtype:trojan-activity;sid:84140092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkbfi86"; depth:8; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276993/; classtype:trojan-activity;sid:84140093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4cpwlxnrt5fqbb2vgxpd9vw3cdbj6vfarp"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276994/; classtype:trojan-activity;sid:84140094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/38xhwbgxoza1em4zrzik3k9y28zcc5z6e8"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276986/; classtype:trojan-activity;sid:84140086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276967/; classtype:trojan-activity;sid:84140067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ahig0aqcdwztp7mogbdyriknerh5rjelrl"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276968/; classtype:trojan-activity;sid:84140068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iq1yuo7cyrbgazjbjnnsuu0yomlmplkhlz"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276969/; classtype:trojan-activity;sid:84140069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fhypayhvp1r7wr73hurugxhou0jiv5pseq"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276970/; classtype:trojan-activity;sid:84140070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jx9gbvv3jhsveddycztjy6ypzoi9iosbbs"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276971/; classtype:trojan-activity;sid:84140071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ocnv0iqmbfj1esrgvdf2valwzygiavruts"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276972/; classtype:trojan-activity;sid:84140072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/osgczxcrauaogrcce2haijxuoidjqu78wx"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276973/; classtype:trojan-activity;sid:84140073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c3qndjlzikzg0bbt0xf4tfrbhdzstnmgfc"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276974/; classtype:trojan-activity;sid:84140074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wudteren1mkqff26708hgybu8q5wvynsd0"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276975/; classtype:trojan-activity;sid:84140075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/9d9ke7rkjrfrqbvsgvwdbabkyvqjjtkkcd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276976/; classtype:trojan-activity;sid:84140076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vrc5zheiz4ky43wpzymmkyyl3nvzcq3hru"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276977/; classtype:trojan-activity;sid:84140077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwhdbg"; depth:7; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276978/; classtype:trojan-activity;sid:84140078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qhvgnbzhl0vwynjajfwqvijxb312fcwb61"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276979/; classtype:trojan-activity;sid:84140079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bzb56ngfzvhodqitgw8eici3bbn4g0a9ne"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276980/; classtype:trojan-activity;sid:84140080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vns2lpdebtf9fu0upilgxuzepuz6ojndsy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276981/; classtype:trojan-activity;sid:84140081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qxqd6xt8iahsmlwh6gcnonhm0717zaakz8"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276982/; classtype:trojan-activity;sid:84140082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/a9fbswawafnpufvs8vbevc1jexdfbset7q"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276983/; classtype:trojan-activity;sid:84140083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xu3vesrf1nf0b2op2b4b4aw4bwaao7gnia"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276984/; classtype:trojan-activity;sid:84140084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/naoyxkh8l8fmokfgc3na2jqm8keugesct3"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276985/; classtype:trojan-activity;sid:84140085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276966/; classtype:trojan-activity;sid:84140066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276965/; classtype:trojan-activity;sid:84140065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276964/; classtype:trojan-activity;sid:84140064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276957/; classtype:trojan-activity;sid:84140057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276958/; classtype:trojan-activity;sid:84140058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.spc"; depth:12; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276959/; classtype:trojan-activity;sid:84140059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276960/; classtype:trojan-activity;sid:84140060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276961/; classtype:trojan-activity;sid:84140061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276962/; classtype:trojan-activity;sid:84140062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm4"; depth:13; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276963/; classtype:trojan-activity;sid:84140063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276939/; classtype:trojan-activity;sid:84140039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276940/; classtype:trojan-activity;sid:84140040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276941/; classtype:trojan-activity;sid:84140041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276942/; classtype:trojan-activity;sid:84140042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276943/; classtype:trojan-activity;sid:84140043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276944/; classtype:trojan-activity;sid:84140044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.i686"; depth:13; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276945/; classtype:trojan-activity;sid:84140045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68"; depth:12; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276946/; classtype:trojan-activity;sid:84140046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276947/; classtype:trojan-activity;sid:84140047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276948/; classtype:trojan-activity;sid:84140048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276949/; classtype:trojan-activity;sid:84140049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276950/; classtype:trojan-activity;sid:84140050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276951/; classtype:trojan-activity;sid:84140051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276952/; classtype:trojan-activity;sid:84140052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"109.120.137.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276953/; classtype:trojan-activity;sid:84140053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"2.58.113.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276954/; classtype:trojan-activity;sid:84140054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"157.173.118.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276955/; classtype:trojan-activity;sid:84140055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mig"; depth:4; endswith; nocase; http.host; content:"216.201.80.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.64.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276938/; classtype:trojan-activity;sid:84140038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.exe"; depth:6; endswith; nocase; http.host; content:"45.149.241.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276937/; classtype:trojan-activity;sid:84140037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.22.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276936/; classtype:trojan-activity;sid:84140036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.62.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276935/; classtype:trojan-activity;sid:84140035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276934/; classtype:trojan-activity;sid:84140034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276933/; classtype:trojan-activity;sid:84140033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.222.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276932/; classtype:trojan-activity;sid:84140032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.12.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276931/; classtype:trojan-activity;sid:84140031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.137.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276930/; classtype:trojan-activity;sid:84140030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/document.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276929/; classtype:trojan-activity;sid:84140029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.244.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276928/; classtype:trojan-activity;sid:84140028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.79.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276927/; classtype:trojan-activity;sid:84140027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276926/; classtype:trojan-activity;sid:84140026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.64.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276925/; classtype:trojan-activity;sid:84140025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.107.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276924/; classtype:trojan-activity;sid:84140024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276923/; classtype:trojan-activity;sid:84140023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.181.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276922/; classtype:trojan-activity;sid:84140022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.228.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276921/; classtype:trojan-activity;sid:84140021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276920/; classtype:trojan-activity;sid:84140020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276919/; classtype:trojan-activity;sid:84140019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276918/; classtype:trojan-activity;sid:84140018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.244.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276917/; classtype:trojan-activity;sid:84140017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.9.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276916/; classtype:trojan-activity;sid:84140016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.208.221.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276915/; classtype:trojan-activity;sid:84140015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.213.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276914/; classtype:trojan-activity;sid:84140014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.105.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276913/; classtype:trojan-activity;sid:84140013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.127.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276912/; classtype:trojan-activity;sid:84140012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.228.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276911/; classtype:trojan-activity;sid:84140011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.105.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276910/; classtype:trojan-activity;sid:84140010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.137.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276909/; classtype:trojan-activity;sid:84140009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.107.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276908/; classtype:trojan-activity;sid:84140008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.247.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276907/; classtype:trojan-activity;sid:84140007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.97.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276906/; classtype:trojan-activity;sid:84140006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.27.32.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276905/; classtype:trojan-activity;sid:84140005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.219.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276902/; classtype:trojan-activity;sid:84140002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.84.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276903/; classtype:trojan-activity;sid:84140003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276904/; classtype:trojan-activity;sid:84140004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.26.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276901/; classtype:trojan-activity;sid:84140001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.192.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276900/; classtype:trojan-activity;sid:84140000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.12.241"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276899/; classtype:trojan-activity;sid:84139999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.182.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276898/; classtype:trojan-activity;sid:84139998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.165.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276897/; classtype:trojan-activity;sid:84139997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eazy.exe"; depth:9; endswith; nocase; http.host; content:"162.230.48.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276895/; classtype:trojan-activity;sid:84139995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1061027900809285655/1303031693631819816/virus_warning.exe|3f|ex=672a4654|7c|26|7c|is=6728f4d4|7c|26|7c|hm=44f7b87fe8341fda97d8395893466c4f672f787a62aed0adba9fd76caface67a|7c|26|7c|"; depth:193; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276894/; classtype:trojan-activity;sid:84139994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.171.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276893/; classtype:trojan-activity;sid:84139993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276892/; classtype:trojan-activity;sid:84139992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.79.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276891/; classtype:trojan-activity;sid:84139991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.247.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276890/; classtype:trojan-activity;sid:84139990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.219.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276889/; classtype:trojan-activity;sid:84139989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.26.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276888/; classtype:trojan-activity;sid:84139988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.24.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276887/; classtype:trojan-activity;sid:84139987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.174.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276886/; classtype:trojan-activity;sid:84139986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.11.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276885/; classtype:trojan-activity;sid:84139985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.241.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276884/; classtype:trojan-activity;sid:84139984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.112.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276883/; classtype:trojan-activity;sid:84139983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.233.94.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276882/; classtype:trojan-activity;sid:84139982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.10.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276881/; classtype:trojan-activity;sid:84139981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.4.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276880/; classtype:trojan-activity;sid:84139980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276879/; classtype:trojan-activity;sid:84139979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.97.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276878/; classtype:trojan-activity;sid:84139978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.72.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276877/; classtype:trojan-activity;sid:84139977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276876/; classtype:trojan-activity;sid:84139976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.159.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276875/; classtype:trojan-activity;sid:84139975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.86.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276874/; classtype:trojan-activity;sid:84139974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.161.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276873/; classtype:trojan-activity;sid:84139973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276872/; classtype:trojan-activity;sid:84139972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.13.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276871/; classtype:trojan-activity;sid:84139971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.174.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276870/; classtype:trojan-activity;sid:84139970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.72.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276869/; classtype:trojan-activity;sid:84139969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.56.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276868/; classtype:trojan-activity;sid:84139968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276866/; classtype:trojan-activity;sid:84139966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.174.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276867/; classtype:trojan-activity;sid:84139967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.221.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276865/; classtype:trojan-activity;sid:84139965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.27.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276864/; classtype:trojan-activity;sid:84139964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.11.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276862/; classtype:trojan-activity;sid:84139962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.189.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276863/; classtype:trojan-activity;sid:84139963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.24.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276861/; classtype:trojan-activity;sid:84139961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.155.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276860/; classtype:trojan-activity;sid:84139960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.159.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276859/; classtype:trojan-activity;sid:84139959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.135.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276858/; classtype:trojan-activity;sid:84139958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.161.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276857/; classtype:trojan-activity;sid:84139957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276856/; classtype:trojan-activity;sid:84139956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bytrosyt/xuy/releases/download/dick/xclient.exe"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276851/; classtype:trojan-activity;sid:84139951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.219.119.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276852/; classtype:trojan-activity;sid:84139952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analhacker/-/raw/main/xclient.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276853/; classtype:trojan-activity;sid:84139953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276854/; classtype:trojan-activity;sid:84139954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analhacker/htt/raw/main/xclient.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276855/; classtype:trojan-activity;sid:84139955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276842/; classtype:trojan-activity;sid:84139942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2backside/stealercentral/raw/refs/heads/main/xclient.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276843/; classtype:trojan-activity;sid:84139943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276844/; classtype:trojan-activity;sid:84139944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276845/; classtype:trojan-activity;sid:84139945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276846/; classtype:trojan-activity;sid:84139946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smerttb2/xvpn/raw/main/xclient.exe"; depth:35; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276847/; classtype:trojan-activity;sid:84139947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276848/; classtype:trojan-activity;sid:84139948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nomorelife1/te/raw/main/xclient.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276849/; classtype:trojan-activity;sid:84139949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276850/; classtype:trojan-activity;sid:84139950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bypick/pitch/raw/main/xclient.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276840/; classtype:trojan-activity;sid:84139940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276841/; classtype:trojan-activity;sid:84139941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbmdjnk.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276838/; classtype:trojan-activity;sid:84139938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodyblazexaa/dll/raw/main/xclient.exe/"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276839/; classtype:trojan-activity;sid:84139939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/makslalp123/rakdj213/raw/master/xclient.exe/"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276833/; classtype:trojan-activity;sid:84139933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/xclient.exe"; depth:20; endswith; nocase; http.host; content:"klayner.beget.tech"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276834/; classtype:trojan-activity;sid:84139934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdmmmnm.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276835/; classtype:trojan-activity;sid:84139935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdmmmnm.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276836/; classtype:trojan-activity;sid:84139936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imkokaf.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276837/; classtype:trojan-activity;sid:84139937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe/"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276826/; classtype:trojan-activity;sid:84139926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nomorelife1/te/raw/main/xclient.exe/"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276827/; classtype:trojan-activity;sid:84139927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uspat/capybara_jar/raw/main/xclient.exe"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276828/; classtype:trojan-activity;sid:84139928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe/"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276829/; classtype:trojan-activity;sid:84139929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smerttb2/xvpn/raw/main/xclient.exe/"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276830/; classtype:trojan-activity;sid:84139930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analhacker/htt/raw/main/xclient.exe/"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276831/; classtype:trojan-activity;sid:84139931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analhacker/htt/main/xclient.exe"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276832/; classtype:trojan-activity;sid:84139932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.184.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276822/; classtype:trojan-activity;sid:84139922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imkokaf.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276823/; classtype:trojan-activity;sid:84139923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe/"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276824/; classtype:trojan-activity;sid:84139924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bypick/pitch/raw/main/xclient.exe/"; depth:35; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276825/; classtype:trojan-activity;sid:84139925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbmdjnk.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276821/; classtype:trojan-activity;sid:84139921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adssgfdsg/testing/downloads/afagbam.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276820/; classtype:trojan-activity;sid:84139920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adssgfdsg/testing/downloads/img_test.jpg|3f|144417"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276819/; classtype:trojan-activity;sid:84139919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.13.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276816/; classtype:trojan-activity;sid:84139916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.94.190.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276817/; classtype:trojan-activity;sid:84139917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.53.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276818/; classtype:trojan-activity;sid:84139918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.86.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276815/; classtype:trojan-activity;sid:84139915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.31.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276814/; classtype:trojan-activity;sid:84139914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.56.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276813/; classtype:trojan-activity;sid:84139913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.174.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276812/; classtype:trojan-activity;sid:84139912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.59.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276811/; classtype:trojan-activity;sid:84139911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276810/; classtype:trojan-activity;sid:84139910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.235.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276809/; classtype:trojan-activity;sid:84139909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.189.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276807/; classtype:trojan-activity;sid:84139907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276808/; classtype:trojan-activity;sid:84139908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.117.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276806/; classtype:trojan-activity;sid:84139906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276805/; classtype:trojan-activity;sid:84139905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276804/; classtype:trojan-activity;sid:84139904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.191.83.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276803/; classtype:trojan-activity;sid:84139903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276802/; classtype:trojan-activity;sid:84139902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/neduman-1e60d.appspot.com/o/mediatexmpdw-constraints.vbs|3f|alt=media|7c|26|7c|token=41e36674-d3eb-49e6-915d-dcc23f75a544"; depth:127; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276801/; classtype:trojan-activity;sid:84139901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.88.226.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276800/; classtype:trojan-activity;sid:84139900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.194.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276799/; classtype:trojan-activity;sid:84139899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dler214.exe"; depth:12; endswith; nocase; http.host; content:"smithpropertysolutions.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276798/; classtype:trojan-activity;sid:84139898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.112.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276797/; classtype:trojan-activity;sid:84139897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.182.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276796/; classtype:trojan-activity;sid:84139896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.247.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276795/; classtype:trojan-activity;sid:84139895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1nsp5dsxy17gcef-_kcn_bz_kcqalioozqylbvnsxvwuhb0alny99mxjso-m5rcdl8yef29lre1pgh7vqas9gw9tf_tnlt0mumyhm2u15ndw1-biu4s5-ta5nhbkubgyccv3af7rsbfzmgh2ua81gwfspaqr5uiincssb3ncaixv/zkhb5qfew4i1r4i/mpdw-constraints.vbs"; depth:210; endswith; nocase; http.host; content:"download1587.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276794/; classtype:trojan-activity;sid:84139894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276793/; classtype:trojan-activity;sid:84139893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.109.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276792/; classtype:trojan-activity;sid:84139892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebgacr159.bin"; depth:14; endswith; nocase; http.host; content:"109.248.150.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276789/; classtype:trojan-activity;sid:84139889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbyfjmlwmojdbxmu27.bin"; depth:23; endswith; nocase; http.host; content:"109.248.150.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276790/; classtype:trojan-activity;sid:84139890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaqanyj17.bin"; depth:14; endswith; nocase; http.host; content:"109.248.150.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276791/; classtype:trojan-activity;sid:84139891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.39.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276788/; classtype:trojan-activity;sid:84139888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276787/; classtype:trojan-activity;sid:84139887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276786/; classtype:trojan-activity;sid:84139886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.11.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276785/; classtype:trojan-activity;sid:84139885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.200.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276784/; classtype:trojan-activity;sid:84139884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276783/; classtype:trojan-activity;sid:84139883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.84.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276782/; classtype:trojan-activity;sid:84139882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/smpllu.txt"; depth:14; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276781/; classtype:trojan-activity;sid:84139881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.26.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276780/; classtype:trojan-activity;sid:84139880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.178.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276779/; classtype:trojan-activity;sid:84139879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.82.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276778/; classtype:trojan-activity;sid:84139878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.20.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276777/; classtype:trojan-activity;sid:84139877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mondayfilemanagermpdw-constraints.vbs"; depth:38; endswith; nocase; http.host; content:"fridayyybabedatinglover.duckdns.org"; depth:35; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276776/; classtype:trojan-activity;sid:84139876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.56.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276775/; classtype:trojan-activity;sid:84139875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1trylxyffdaijonsjqthdcpm_hcv3n01k"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276774/; classtype:trojan-activity;sid:84139874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1l9jekafxlsh0mhcgixxcrndvb1donuaw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276773/; classtype:trojan-activity;sid:84139873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.114.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276772/; classtype:trojan-activity;sid:84139872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdakfok.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276770/; classtype:trojan-activity;sid:84139870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adssgfdsg/testing/downloads/img_test.jpg"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276771/; classtype:trojan-activity;sid:84139871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24uku/freaky.txt"; depth:17; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276768/; classtype:trojan-activity;sid:84139868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10bfx5/fore.txt"; depth:16; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276769/; classtype:trojan-activity;sid:84139869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santomalo/audit/main/img_test.jpg"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276767/; classtype:trojan-activity;sid:84139867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/picturewithattitudeevenbetterforallthings.tif"; depth:49; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276766/; classtype:trojan-activity;sid:84139866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/ew/bestgreetingwithbestthingsevermadewithgreatthigns.hta"; depth:60; endswith; nocase; http.host; content:"104.168.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276765/; classtype:trojan-activity;sid:84139865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.157.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276764/; classtype:trojan-activity;sid:84139864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duma/nome.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276762/; classtype:trojan-activity;sid:84139862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duma/nome.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276759/; classtype:trojan-activity;sid:84139859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duma/nome.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276760/; classtype:trojan-activity;sid:84139860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duma/nome.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276761/; classtype:trojan-activity;sid:84139861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.79.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276754/; classtype:trojan-activity;sid:84139854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.13.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276753/; classtype:trojan-activity;sid:84139853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.182.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276752/; classtype:trojan-activity;sid:84139852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/222721042521541.dll"; depth:20; endswith; nocase; http.host; content:"94.159.113.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276751/; classtype:trojan-activity;sid:84139851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.74.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276750/; classtype:trojan-activity;sid:84139850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.88.226.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276749/; classtype:trojan-activity;sid:84139849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.26.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276748/; classtype:trojan-activity;sid:84139848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.216.166.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276747/; classtype:trojan-activity;sid:84139847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276746/; classtype:trojan-activity;sid:84139846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276745/; classtype:trojan-activity;sid:84139845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.161.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276743/; classtype:trojan-activity;sid:84139843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.88.2.213"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276744/; classtype:trojan-activity;sid:84139844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.196.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276741/; classtype:trojan-activity;sid:84139841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.62.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276742/; classtype:trojan-activity;sid:84139842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.154.192.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276740/; classtype:trojan-activity;sid:84139840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276739/; classtype:trojan-activity;sid:84139839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.62.52.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276738/; classtype:trojan-activity;sid:84139838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.96.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276737/; classtype:trojan-activity;sid:84139837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.75.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276736/; classtype:trojan-activity;sid:84139836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/main.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276735/; classtype:trojan-activity;sid:84139835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/main.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276733/; classtype:trojan-activity;sid:84139833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/main.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276734/; classtype:trojan-activity;sid:84139834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/665.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276731/; classtype:trojan-activity;sid:84139831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/665.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276732/; classtype:trojan-activity;sid:84139832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/classik.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276726/; classtype:trojan-activity;sid:84139826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.16.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276727/; classtype:trojan-activity;sid:84139827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/555.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276728/; classtype:trojan-activity;sid:84139828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/555.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276729/; classtype:trojan-activity;sid:84139829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/665.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276730/; classtype:trojan-activity;sid:84139830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/classik.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276725/; classtype:trojan-activity;sid:84139825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1123.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276723/; classtype:trojan-activity;sid:84139823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.178.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276724/; classtype:trojan-activity;sid:84139824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/classik.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276721/; classtype:trojan-activity;sid:84139821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1123.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276722/; classtype:trojan-activity;sid:84139822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/n0pump.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276720/; classtype:trojan-activity;sid:84139820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/n0pump.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276719/; classtype:trojan-activity;sid:84139819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/software.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276717/; classtype:trojan-activity;sid:84139817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/n0pump.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276718/; classtype:trojan-activity;sid:84139818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/software.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276715/; classtype:trojan-activity;sid:84139815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/software.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276716/; classtype:trojan-activity;sid:84139816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.248.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276714/; classtype:trojan-activity;sid:84139814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gdn5yfjd.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276713/; classtype:trojan-activity;sid:84139813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kmvcsaed.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276711/; classtype:trojan-activity;sid:84139811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gdn5yfjd.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276712/; classtype:trojan-activity;sid:84139812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/classik.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276710/; classtype:trojan-activity;sid:84139810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/555.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276709/; classtype:trojan-activity;sid:84139809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reko/valid.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276708/; classtype:trojan-activity;sid:84139808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/feb9sxwk.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276705/; classtype:trojan-activity;sid:84139805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/feb9sxwk.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276706/; classtype:trojan-activity;sid:84139806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1123.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276707/; classtype:trojan-activity;sid:84139807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/myrdx.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276703/; classtype:trojan-activity;sid:84139803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/18ijuw13.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276704/; classtype:trojan-activity;sid:84139804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276702/; classtype:trojan-activity;sid:84139802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.13.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276700/; classtype:trojan-activity;sid:84139800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.157.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276701/; classtype:trojan-activity;sid:84139801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.189.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276699/; classtype:trojan-activity;sid:84139799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.68.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276698/; classtype:trojan-activity;sid:84139798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.129.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276697/; classtype:trojan-activity;sid:84139797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.252.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276694/; classtype:trojan-activity;sid:84139794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.207.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276695/; classtype:trojan-activity;sid:84139795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.63.83.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276696/; classtype:trojan-activity;sid:84139796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.44.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276693/; classtype:trojan-activity;sid:84139793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.40.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276692/; classtype:trojan-activity;sid:84139792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.219.83.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276691/; classtype:trojan-activity;sid:84139791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276690/; classtype:trojan-activity;sid:84139790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.198.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276689/; classtype:trojan-activity;sid:84139789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.54.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276688/; classtype:trojan-activity;sid:84139788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.96.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276687/; classtype:trojan-activity;sid:84139787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.192.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276686/; classtype:trojan-activity;sid:84139786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/665.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276685/; classtype:trojan-activity;sid:84139785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.233.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276684/; classtype:trojan-activity;sid:84139784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.215.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276683/; classtype:trojan-activity;sid:84139783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.58.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276682/; classtype:trojan-activity;sid:84139782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.255.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276681/; classtype:trojan-activity;sid:84139781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.155.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276680/; classtype:trojan-activity;sid:84139780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.162.16.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276679/; classtype:trojan-activity;sid:84139779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.129.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276678/; classtype:trojan-activity;sid:84139778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.252.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276677/; classtype:trojan-activity;sid:84139777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.207.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276676/; classtype:trojan-activity;sid:84139776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.138.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276675/; classtype:trojan-activity;sid:84139775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.219.83.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276674/; classtype:trojan-activity;sid:84139774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.62.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276673/; classtype:trojan-activity;sid:84139773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.38.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276672/; classtype:trojan-activity;sid:84139772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.198.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276671/; classtype:trojan-activity;sid:84139771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.250.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276670/; classtype:trojan-activity;sid:84139770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276669/; classtype:trojan-activity;sid:84139769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.215.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276668/; classtype:trojan-activity;sid:84139768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.145.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276667/; classtype:trojan-activity;sid:84139767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.216.4.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276665/; classtype:trojan-activity;sid:84139765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.60.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276666/; classtype:trojan-activity;sid:84139766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.90.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276664/; classtype:trojan-activity;sid:84139764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.39.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276663/; classtype:trojan-activity;sid:84139763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.233.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276662/; classtype:trojan-activity;sid:84139762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.144.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276661/; classtype:trojan-activity;sid:84139761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.115.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276660/; classtype:trojan-activity;sid:84139760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.117.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276659/; classtype:trojan-activity;sid:84139759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276658/; classtype:trojan-activity;sid:84139758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.25.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276657/; classtype:trojan-activity;sid:84139757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.90.3.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276656/; classtype:trojan-activity;sid:84139756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.19.229"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276655/; classtype:trojan-activity;sid:84139755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.38.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276654/; classtype:trojan-activity;sid:84139754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.243.134.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276653/; classtype:trojan-activity;sid:84139753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.247.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276652/; classtype:trojan-activity;sid:84139752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276650/; classtype:trojan-activity;sid:84139750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.122.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276651/; classtype:trojan-activity;sid:84139751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.243.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276649/; classtype:trojan-activity;sid:84139749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276648/; classtype:trojan-activity;sid:84139748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.131.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276647/; classtype:trojan-activity;sid:84139747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.100.172.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276646/; classtype:trojan-activity;sid:84139746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.115.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276645/; classtype:trojan-activity;sid:84139745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.224.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276644/; classtype:trojan-activity;sid:84139744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.18.68.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276643/; classtype:trojan-activity;sid:84139743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276642/; classtype:trojan-activity;sid:84139742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.8.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276641/; classtype:trojan-activity;sid:84139741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.90.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276640/; classtype:trojan-activity;sid:84139740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.54.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276639/; classtype:trojan-activity;sid:84139739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.25.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276638/; classtype:trojan-activity;sid:84139738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.82.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276637/; classtype:trojan-activity;sid:84139737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.90.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276636/; classtype:trojan-activity;sid:84139736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.2.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276635/; classtype:trojan-activity;sid:84139735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.196.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276634/; classtype:trojan-activity;sid:84139734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.117.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276633/; classtype:trojan-activity;sid:84139733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.196.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276632/; classtype:trojan-activity;sid:84139732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.115.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276630/; classtype:trojan-activity;sid:84139730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yylxmftgdu38.bin"; depth:17; endswith; nocase; http.host; content:"109.248.150.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276631/; classtype:trojan-activity;sid:84139731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"154.216.16.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276629/; classtype:trojan-activity;sid:84139729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.115.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276628/; classtype:trojan-activity;sid:84139728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.144.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276626/; classtype:trojan-activity;sid:84139726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.8.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276627/; classtype:trojan-activity;sid:84139727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276625/; classtype:trojan-activity;sid:84139725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.224.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276624/; classtype:trojan-activity;sid:84139724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.2.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276623/; classtype:trojan-activity;sid:84139723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.83.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276622/; classtype:trojan-activity;sid:84139722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.228.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276621/; classtype:trojan-activity;sid:84139721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.165.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276620/; classtype:trojan-activity;sid:84139720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.149.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276619/; classtype:trojan-activity;sid:84139719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.30.240.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276618/; classtype:trojan-activity;sid:84139718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.87.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276617/; classtype:trojan-activity;sid:84139717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.85.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276616/; classtype:trojan-activity;sid:84139716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.160.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276615/; classtype:trojan-activity;sid:84139715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.234.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276614/; classtype:trojan-activity;sid:84139714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.107.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276613/; classtype:trojan-activity;sid:84139713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.112.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276612/; classtype:trojan-activity;sid:84139712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.37.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276610/; classtype:trojan-activity;sid:84139710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.196.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276611/; classtype:trojan-activity;sid:84139711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.106.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276609/; classtype:trojan-activity;sid:84139709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.97.46.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276608/; classtype:trojan-activity;sid:84139708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/18ijuw13.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276607/; classtype:trojan-activity;sid:84139707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276606/; classtype:trojan-activity;sid:84139706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.149.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276605/; classtype:trojan-activity;sid:84139705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.18.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276604/; classtype:trojan-activity;sid:84139704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.226.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276603/; classtype:trojan-activity;sid:84139703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.0.11.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276602/; classtype:trojan-activity;sid:84139702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.245.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276601/; classtype:trojan-activity;sid:84139701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.237.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276600/; classtype:trojan-activity;sid:84139700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.104.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276599/; classtype:trojan-activity;sid:84139699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.85.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276598/; classtype:trojan-activity;sid:84139698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.87.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276597/; classtype:trojan-activity;sid:84139697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.51.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276596/; classtype:trojan-activity;sid:84139696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276595/; classtype:trojan-activity;sid:84139695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.234.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276594/; classtype:trojan-activity;sid:84139694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.110.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276593/; classtype:trojan-activity;sid:84139693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.205.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276592/; classtype:trojan-activity;sid:84139692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.166.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276591/; classtype:trojan-activity;sid:84139691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.196.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276590/; classtype:trojan-activity;sid:84139690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.138.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276589/; classtype:trojan-activity;sid:84139689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.123.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276588/; classtype:trojan-activity;sid:84139688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.1.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276587/; classtype:trojan-activity;sid:84139687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.228.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276586/; classtype:trojan-activity;sid:84139686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"190.109.228.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276584/; classtype:trojan-activity;sid:84139684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.165.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276585/; classtype:trojan-activity;sid:84139685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.164.231.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276583/; classtype:trojan-activity;sid:84139683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.103.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276582/; classtype:trojan-activity;sid:84139682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276581/; classtype:trojan-activity;sid:84139681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276580/; classtype:trojan-activity;sid:84139680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.248.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276579/; classtype:trojan-activity;sid:84139679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.32.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276578/; classtype:trojan-activity;sid:84139678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276577/; classtype:trojan-activity;sid:84139677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.105.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276576/; classtype:trojan-activity;sid:84139676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.97.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276575/; classtype:trojan-activity;sid:84139675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.104.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276574/; classtype:trojan-activity;sid:84139674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.19.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276573/; classtype:trojan-activity;sid:84139673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.168.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276572/; classtype:trojan-activity;sid:84139672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.115.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276571/; classtype:trojan-activity;sid:84139671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.164.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276570/; classtype:trojan-activity;sid:84139670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276569/; classtype:trojan-activity;sid:84139669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.197.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276568/; classtype:trojan-activity;sid:84139668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.230.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276567/; classtype:trojan-activity;sid:84139667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.184.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276566/; classtype:trojan-activity;sid:84139666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.151.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276565/; classtype:trojan-activity;sid:84139665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.11.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276564/; classtype:trojan-activity;sid:84139664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.248.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276563/; classtype:trojan-activity;sid:84139663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276561/; classtype:trojan-activity;sid:84139661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.154.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276562/; classtype:trojan-activity;sid:84139662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.97.46.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276560/; classtype:trojan-activity;sid:84139660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.187.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276558/; classtype:trojan-activity;sid:84139658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.100.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276559/; classtype:trojan-activity;sid:84139659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.204.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276556/; classtype:trojan-activity;sid:84139656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.197.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276557/; classtype:trojan-activity;sid:84139657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.168.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276555/; classtype:trojan-activity;sid:84139655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.18.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276553/; classtype:trojan-activity;sid:84139653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.97.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276554/; classtype:trojan-activity;sid:84139654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.117.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276552/; classtype:trojan-activity;sid:84139652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.166.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276551/; classtype:trojan-activity;sid:84139651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.92.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276550/; classtype:trojan-activity;sid:84139650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.220.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276549/; classtype:trojan-activity;sid:84139649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.147.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276548/; classtype:trojan-activity;sid:84139648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276547/; classtype:trojan-activity;sid:84139647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; depth:52; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276542/; classtype:trojan-activity;sid:84139642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276543/; classtype:trojan-activity;sid:84139643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86_64"; depth:55; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276544/; classtype:trojan-activity;sid:84139644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276545/; classtype:trojan-activity;sid:84139645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm"; depth:52; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276546/; classtype:trojan-activity;sid:84139646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276519/; classtype:trojan-activity;sid:84139619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; depth:52; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276520/; classtype:trojan-activity;sid:84139620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; depth:52; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276521/; classtype:trojan-activity;sid:84139621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276522/; classtype:trojan-activity;sid:84139622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; depth:52; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276523/; classtype:trojan-activity;sid:84139623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276524/; classtype:trojan-activity;sid:84139624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shithirointhehouse.sh"; depth:22; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276525/; classtype:trojan-activity;sid:84139625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276526/; classtype:trojan-activity;sid:84139626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276527/; classtype:trojan-activity;sid:84139627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276528/; classtype:trojan-activity;sid:84139628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1123.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276529/; classtype:trojan-activity;sid:84139629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276530/; classtype:trojan-activity;sid:84139630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276531/; classtype:trojan-activity;sid:84139631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; depth:53; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276532/; classtype:trojan-activity;sid:84139632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; depth:52; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276533/; classtype:trojan-activity;sid:84139633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276534/; classtype:trojan-activity;sid:84139634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276535/; classtype:trojan-activity;sid:84139635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276536/; classtype:trojan-activity;sid:84139636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276537/; classtype:trojan-activity;sid:84139637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276538/; classtype:trojan-activity;sid:84139638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eskgbins.sh"; depth:12; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276539/; classtype:trojan-activity;sid:84139639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276540/; classtype:trojan-activity;sid:84139640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"91.208.162.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276541/; classtype:trojan-activity;sid:84139641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.210.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276518/; classtype:trojan-activity;sid:84139618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.141.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276517/; classtype:trojan-activity;sid:84139617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276516/; classtype:trojan-activity;sid:84139616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.31.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276515/; classtype:trojan-activity;sid:84139615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276514/; classtype:trojan-activity;sid:84139614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.27.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276513/; classtype:trojan-activity;sid:84139613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276511/; classtype:trojan-activity;sid:84139611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.4.162.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276512/; classtype:trojan-activity;sid:84139612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.243.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276510/; classtype:trojan-activity;sid:84139610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.85.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276509/; classtype:trojan-activity;sid:84139609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.49.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276508/; classtype:trojan-activity;sid:84139608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276507/; classtype:trojan-activity;sid:84139607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.34.241.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276506/; classtype:trojan-activity;sid:84139606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.100.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276505/; classtype:trojan-activity;sid:84139605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.92.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276504/; classtype:trojan-activity;sid:84139604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.69.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276503/; classtype:trojan-activity;sid:84139603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.170.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276502/; classtype:trojan-activity;sid:84139602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.254.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276501/; classtype:trojan-activity;sid:84139601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.156.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276500/; classtype:trojan-activity;sid:84139600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.171.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276499/; classtype:trojan-activity;sid:84139599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.18.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276498/; classtype:trojan-activity;sid:84139598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276497/; classtype:trojan-activity;sid:84139597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.245.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276496/; classtype:trojan-activity;sid:84139596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.121.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276494/; classtype:trojan-activity;sid:84139594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.166.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276495/; classtype:trojan-activity;sid:84139595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.236.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276492/; classtype:trojan-activity;sid:84139592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.187.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276493/; classtype:trojan-activity;sid:84139593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.230.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276491/; classtype:trojan-activity;sid:84139591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.59.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276489/; classtype:trojan-activity;sid:84139589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.210.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276490/; classtype:trojan-activity;sid:84139590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.158.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276488/; classtype:trojan-activity;sid:84139588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276487/; classtype:trojan-activity;sid:84139587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.17.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276486/; classtype:trojan-activity;sid:84139586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276485/; classtype:trojan-activity;sid:84139585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.211.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276484/; classtype:trojan-activity;sid:84139584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.243.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276482/; classtype:trojan-activity;sid:84139582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.32.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276483/; classtype:trojan-activity;sid:84139583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.212.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276481/; classtype:trojan-activity;sid:84139581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276480/; classtype:trojan-activity;sid:84139580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.76.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276479/; classtype:trojan-activity;sid:84139579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.90.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276478/; classtype:trojan-activity;sid:84139578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.34.241.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276477/; classtype:trojan-activity;sid:84139577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.104.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276476/; classtype:trojan-activity;sid:84139576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.233.189.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276474/; classtype:trojan-activity;sid:84139574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.180.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276475/; classtype:trojan-activity;sid:84139575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.35.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276473/; classtype:trojan-activity;sid:84139573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.79.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276472/; classtype:trojan-activity;sid:84139572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.72.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276471/; classtype:trojan-activity;sid:84139571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.72.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276470/; classtype:trojan-activity;sid:84139570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.93.142.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276469/; classtype:trojan-activity;sid:84139569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276468/; classtype:trojan-activity;sid:84139568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.115.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276467/; classtype:trojan-activity;sid:84139567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.189.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276466/; classtype:trojan-activity;sid:84139566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.156.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276463/; classtype:trojan-activity;sid:84139563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.25.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276464/; classtype:trojan-activity;sid:84139564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.165.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276465/; classtype:trojan-activity;sid:84139565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.254.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276462/; classtype:trojan-activity;sid:84139562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.236.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276461/; classtype:trojan-activity;sid:84139561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276460/; classtype:trojan-activity;sid:84139560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.87.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276459/; classtype:trojan-activity;sid:84139559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.247.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276458/; classtype:trojan-activity;sid:84139558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.59.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276456/; classtype:trojan-activity;sid:84139556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276457/; classtype:trojan-activity;sid:84139557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.212.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276455/; classtype:trojan-activity;sid:84139555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.165.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276454/; classtype:trojan-activity;sid:84139554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.218.20"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276453/; classtype:trojan-activity;sid:84139553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.93.142.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276452/; classtype:trojan-activity;sid:84139552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.107.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276451/; classtype:trojan-activity;sid:84139551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276450/; classtype:trojan-activity;sid:84139550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.180.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276449/; classtype:trojan-activity;sid:84139549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.59.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276448/; classtype:trojan-activity;sid:84139548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276446/; classtype:trojan-activity;sid:84139546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.132.133.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276447/; classtype:trojan-activity;sid:84139547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.30.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276445/; classtype:trojan-activity;sid:84139545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.239.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276444/; classtype:trojan-activity;sid:84139544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.87.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276443/; classtype:trojan-activity;sid:84139543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.87.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276442/; classtype:trojan-activity;sid:84139542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.83.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276441/; classtype:trojan-activity;sid:84139541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.52.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276440/; classtype:trojan-activity;sid:84139540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.115.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276439/; classtype:trojan-activity;sid:84139539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.171.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276438/; classtype:trojan-activity;sid:84139538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276437/; classtype:trojan-activity;sid:84139537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.165.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276436/; classtype:trojan-activity;sid:84139536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.2.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276435/; classtype:trojan-activity;sid:84139535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276434/; classtype:trojan-activity;sid:84139534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.33.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276433/; classtype:trojan-activity;sid:84139533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.172.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276432/; classtype:trojan-activity;sid:84139532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.191.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276431/; classtype:trojan-activity;sid:84139531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.19.251.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276430/; classtype:trojan-activity;sid:84139530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.239.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276429/; classtype:trojan-activity;sid:84139529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.254.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276428/; classtype:trojan-activity;sid:84139528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.147.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276427/; classtype:trojan-activity;sid:84139527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.13.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276426/; classtype:trojan-activity;sid:84139526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.124.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276424/; classtype:trojan-activity;sid:84139524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.145.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276425/; classtype:trojan-activity;sid:84139525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.32.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276423/; classtype:trojan-activity;sid:84139523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276422/; classtype:trojan-activity;sid:84139522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276421/; classtype:trojan-activity;sid:84139521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.79.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276420/; classtype:trojan-activity;sid:84139520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.180.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276419/; classtype:trojan-activity;sid:84139519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.104.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276417/; classtype:trojan-activity;sid:84139517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.2.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276418/; classtype:trojan-activity;sid:84139518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276416/; classtype:trojan-activity;sid:84139516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.97.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276415/; classtype:trojan-activity;sid:84139515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kmvcsaed.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276414/; classtype:trojan-activity;sid:84139514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.55.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276413/; classtype:trojan-activity;sid:84139513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.167.33.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276412/; classtype:trojan-activity;sid:84139512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.40.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276411/; classtype:trojan-activity;sid:84139511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.124.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276410/; classtype:trojan-activity;sid:84139510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.26.235.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276409/; classtype:trojan-activity;sid:84139509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.197.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276408/; classtype:trojan-activity;sid:84139508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.57.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276407/; classtype:trojan-activity;sid:84139507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.251.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276406/; classtype:trojan-activity;sid:84139506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"45.125.66.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276405/; classtype:trojan-activity;sid:84139505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.61.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276404/; classtype:trojan-activity;sid:84139504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.101.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276403/; classtype:trojan-activity;sid:84139503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.80.0.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276402/; classtype:trojan-activity;sid:84139502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.209.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276401/; classtype:trojan-activity;sid:84139501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.106.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276400/; classtype:trojan-activity;sid:84139500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.24.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276399/; classtype:trojan-activity;sid:84139499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.85.157.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276398/; classtype:trojan-activity;sid:84139498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.22.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276396/; classtype:trojan-activity;sid:84139496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.7.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276397/; classtype:trojan-activity;sid:84139497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276394/; classtype:trojan-activity;sid:84139494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.189.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276395/; classtype:trojan-activity;sid:84139495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276393/; classtype:trojan-activity;sid:84139493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/review/document.exe"; depth:20; endswith; nocase; http.host; content:"0nedrivee.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276392/; classtype:trojan-activity;sid:84139492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276391/; classtype:trojan-activity;sid:84139491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.85.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276389/; classtype:trojan-activity;sid:84139489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.23.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276390/; classtype:trojan-activity;sid:84139490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.10.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276388/; classtype:trojan-activity;sid:84139488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.245.2.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276387/; classtype:trojan-activity;sid:84139487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.132.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276386/; classtype:trojan-activity;sid:84139486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276385/; classtype:trojan-activity;sid:84139485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.117.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276384/; classtype:trojan-activity;sid:84139484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.97.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276382/; classtype:trojan-activity;sid:84139482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.248.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276383/; classtype:trojan-activity;sid:84139483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276381/; classtype:trojan-activity;sid:84139481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.55.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276380/; classtype:trojan-activity;sid:84139480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.84.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276379/; classtype:trojan-activity;sid:84139479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.186.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276378/; classtype:trojan-activity;sid:84139478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.242.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276377/; classtype:trojan-activity;sid:84139477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.108.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276376/; classtype:trojan-activity;sid:84139476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.228.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276375/; classtype:trojan-activity;sid:84139475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.46.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276374/; classtype:trojan-activity;sid:84139474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.251.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276373/; classtype:trojan-activity;sid:84139473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.85.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276372/; classtype:trojan-activity;sid:84139472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.139.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276371/; classtype:trojan-activity;sid:84139471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.61.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276370/; classtype:trojan-activity;sid:84139470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.132.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276369/; classtype:trojan-activity;sid:84139469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.128.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276368/; classtype:trojan-activity;sid:84139468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.91.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276367/; classtype:trojan-activity;sid:84139467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.241.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276366/; classtype:trojan-activity;sid:84139466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.242.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276365/; classtype:trojan-activity;sid:84139465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.243.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276364/; classtype:trojan-activity;sid:84139464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/strange_zipper"; depth:15; endswith; nocase; http.host; content:"104.155.124.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276363/; classtype:trojan-activity;sid:84139463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get"; depth:4; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276361/; classtype:trojan-activity;sid:84139461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.88.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276362/; classtype:trojan-activity;sid:84139462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.6.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276360/; classtype:trojan-activity;sid:84139460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.183.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276357/; classtype:trojan-activity;sid:84139457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icmp"; depth:5; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276358/; classtype:trojan-activity;sid:84139458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ack"; depth:4; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276359/; classtype:trojan-activity;sid:84139459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.208.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276356/; classtype:trojan-activity;sid:84139456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcp"; depth:4; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276355/; classtype:trojan-activity;sid:84139455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/7777.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276354/; classtype:trojan-activity;sid:84139454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powershell.exe"; depth:15; endswith; nocase; http.host; content:"galxetoken.online"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276353/; classtype:trojan-activity;sid:84139453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syn"; depth:4; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276351/; classtype:trojan-activity;sid:84139451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.37.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276352/; classtype:trojan-activity;sid:84139452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.10.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276350/; classtype:trojan-activity;sid:84139450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient.exe"; depth:12; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276349/; classtype:trojan-activity;sid:84139449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.15.203"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276346/; classtype:trojan-activity;sid:84139446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.237.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276347/; classtype:trojan-activity;sid:84139447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot"; depth:4; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276348/; classtype:trojan-activity;sid:84139448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udp"; depth:4; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276345/; classtype:trojan-activity;sid:84139445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dns"; depth:4; endswith; nocase; http.host; content:"104.168.87.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276344/; classtype:trojan-activity;sid:84139444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.245.2.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276343/; classtype:trojan-activity;sid:84139443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276342/; classtype:trojan-activity;sid:84139442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276341/; classtype:trojan-activity;sid:84139441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.128.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276340/; classtype:trojan-activity;sid:84139440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.248.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276339/; classtype:trojan-activity;sid:84139439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.186.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276338/; classtype:trojan-activity;sid:84139438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.164.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276337/; classtype:trojan-activity;sid:84139437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276336/; classtype:trojan-activity;sid:84139436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.90.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276335/; classtype:trojan-activity;sid:84139435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.59.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276334/; classtype:trojan-activity;sid:84139434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.70.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276333/; classtype:trojan-activity;sid:84139433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.139.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276332/; classtype:trojan-activity;sid:84139432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.124.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276331/; classtype:trojan-activity;sid:84139431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.244.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276330/; classtype:trojan-activity;sid:84139430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.242.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276329/; classtype:trojan-activity;sid:84139429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.154.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276328/; classtype:trojan-activity;sid:84139428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276327/; classtype:trojan-activity;sid:84139427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.17.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276325/; classtype:trojan-activity;sid:84139425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276326/; classtype:trojan-activity;sid:84139426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.244.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276324/; classtype:trojan-activity;sid:84139424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.31.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276323/; classtype:trojan-activity;sid:84139423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.243.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276322/; classtype:trojan-activity;sid:84139422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.183.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276321/; classtype:trojan-activity;sid:84139421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"168.196.171.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276320/; classtype:trojan-activity;sid:84139420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.90.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276319/; classtype:trojan-activity;sid:84139419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276318/; classtype:trojan-activity;sid:84139418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276317/; classtype:trojan-activity;sid:84139417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.246.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276316/; classtype:trojan-activity;sid:84139416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.80.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276315/; classtype:trojan-activity;sid:84139415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276314/; classtype:trojan-activity;sid:84139414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.191.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276313/; classtype:trojan-activity;sid:84139413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.129.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276312/; classtype:trojan-activity;sid:84139412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.168.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276311/; classtype:trojan-activity;sid:84139411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.70.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276310/; classtype:trojan-activity;sid:84139410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276309/; classtype:trojan-activity;sid:84139409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.48.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276308/; classtype:trojan-activity;sid:84139408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.189.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276307/; classtype:trojan-activity;sid:84139407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.17.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276306/; classtype:trojan-activity;sid:84139406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.90.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276304/; classtype:trojan-activity;sid:84139404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"bbos.eye-network.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276305/; classtype:trojan-activity;sid:84139405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.75.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276303/; classtype:trojan-activity;sid:84139403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276302/; classtype:trojan-activity;sid:84139402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backups/popsverif.txt"; depth:22; endswith; nocase; http.host; content:"budgidjskwj.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276301/; classtype:trojan-activity;sid:84139401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276300/; classtype:trojan-activity;sid:84139400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276299/; classtype:trojan-activity;sid:84139399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.59.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276298/; classtype:trojan-activity;sid:84139398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.200.177.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276297/; classtype:trojan-activity;sid:84139397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.228.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276296/; classtype:trojan-activity;sid:84139396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marowodn.zip"; depth:13; endswith; nocase; http.host; content:"perfectimage40.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276295/; classtype:trojan-activity;sid:84139395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backups/cuverif.txt"; depth:20; endswith; nocase; http.host; content:"makemygreatgain.b-cdn.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276294/; classtype:trojan-activity;sid:84139394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276293/; classtype:trojan-activity;sid:84139393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276292/; classtype:trojan-activity;sid:84139392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.4.162.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276291/; classtype:trojan-activity;sid:84139391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.246.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276290/; classtype:trojan-activity;sid:84139390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.145.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276289/; classtype:trojan-activity;sid:84139389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.44.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276288/; classtype:trojan-activity;sid:84139388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.46.80.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276287/; classtype:trojan-activity;sid:84139387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.80.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276286/; classtype:trojan-activity;sid:84139386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.168.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276283/; classtype:trojan-activity;sid:84139383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.251.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276284/; classtype:trojan-activity;sid:84139384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.237.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276285/; classtype:trojan-activity;sid:84139385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.40.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276282/; classtype:trojan-activity;sid:84139382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.39.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276281/; classtype:trojan-activity;sid:84139381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276280/; classtype:trojan-activity;sid:84139380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.19.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276278/; classtype:trojan-activity;sid:84139378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276279/; classtype:trojan-activity;sid:84139379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276276/; classtype:trojan-activity;sid:84139376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276277/; classtype:trojan-activity;sid:84139377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276273/; classtype:trojan-activity;sid:84139373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276274/; classtype:trojan-activity;sid:84139374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys.sh"; depth:11; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276275/; classtype:trojan-activity;sid:84139375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz.sh"; depth:6; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276265/; classtype:trojan-activity;sid:84139365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flll"; depth:5; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276266/; classtype:trojan-activity;sid:84139366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/std.sh"; depth:7; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276267/; classtype:trojan-activity;sid:84139367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276268/; classtype:trojan-activity;sid:84139368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.sh"; depth:7; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276269/; classtype:trojan-activity;sid:84139369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed.sh"; depth:8; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276270/; classtype:trojan-activity;sid:84139370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276271/; classtype:trojan-activity;sid:84139371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276272/; classtype:trojan-activity;sid:84139372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.108.90.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276264/; classtype:trojan-activity;sid:84139364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.218.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276263/; classtype:trojan-activity;sid:84139363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.235.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276262/; classtype:trojan-activity;sid:84139362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.119.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276261/; classtype:trojan-activity;sid:84139361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.241.48.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276260/; classtype:trojan-activity;sid:84139360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.169.13.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276259/; classtype:trojan-activity;sid:84139359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.178.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276258/; classtype:trojan-activity;sid:84139358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276257/; classtype:trojan-activity;sid:84139357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhatbuoitovcl/socks1/downloads/steal_stub.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276256/; classtype:trojan-activity;sid:84139356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhatbuoitovcl/adsthang/downloads/out.exe"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276254/; classtype:trojan-activity;sid:84139354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhatbuoitovcl/adsthang/downloads/steal_stub.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276255/; classtype:trojan-activity;sid:84139355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.19.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276253/; classtype:trojan-activity;sid:84139353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.101.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276252/; classtype:trojan-activity;sid:84139352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.156.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276251/; classtype:trojan-activity;sid:84139351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.127.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276250/; classtype:trojan-activity;sid:84139350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.189.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276249/; classtype:trojan-activity;sid:84139349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ag181/a/downloads/invoice.zip"; depth:30; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276247/; classtype:trojan-activity;sid:84139347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ag181/a/downloads/glx.exe"; depth:26; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276248/; classtype:trojan-activity;sid:84139348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.228.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276246/; classtype:trojan-activity;sid:84139346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.252.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276245/; classtype:trojan-activity;sid:84139345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.251.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276244/; classtype:trojan-activity;sid:84139344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.109.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276242/; classtype:trojan-activity;sid:84139342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276243/; classtype:trojan-activity;sid:84139343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276238/; classtype:trojan-activity;sid:84139338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276239/; classtype:trojan-activity;sid:84139339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276240/; classtype:trojan-activity;sid:84139340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276241/; classtype:trojan-activity;sid:84139341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.46.80.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276237/; classtype:trojan-activity;sid:84139337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276236/; classtype:trojan-activity;sid:84139336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276231/; classtype:trojan-activity;sid:84139331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276232/; classtype:trojan-activity;sid:84139332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276233/; classtype:trojan-activity;sid:84139333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276234/; classtype:trojan-activity;sid:84139334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.53.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276235/; classtype:trojan-activity;sid:84139335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.146.141.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276230/; classtype:trojan-activity;sid:84139330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.55.82.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276228/; classtype:trojan-activity;sid:84139328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.241.174.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276229/; classtype:trojan-activity;sid:84139329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.216.40.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276227/; classtype:trojan-activity;sid:84139327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.108.90.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276225/; classtype:trojan-activity;sid:84139325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.163.170.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276226/; classtype:trojan-activity;sid:84139326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.198.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276223/; classtype:trojan-activity;sid:84139323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.196.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276224/; classtype:trojan-activity;sid:84139324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.230.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276222/; classtype:trojan-activity;sid:84139322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.151.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276221/; classtype:trojan-activity;sid:84139321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.78.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276220/; classtype:trojan-activity;sid:84139320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.212.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276219/; classtype:trojan-activity;sid:84139319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.6.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276218/; classtype:trojan-activity;sid:84139318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"asianchow.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276217/; classtype:trojan-activity;sid:84139317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.156.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276216/; classtype:trojan-activity;sid:84139316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.169.13.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276215/; classtype:trojan-activity;sid:84139315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.78.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276214/; classtype:trojan-activity;sid:84139314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.228.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276213/; classtype:trojan-activity;sid:84139313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.243.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276211/; classtype:trojan-activity;sid:84139311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.7.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276212/; classtype:trojan-activity;sid:84139312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.189.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276210/; classtype:trojan-activity;sid:84139310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276209/; classtype:trojan-activity;sid:84139309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.196.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276208/; classtype:trojan-activity;sid:84139308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.18.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276207/; classtype:trojan-activity;sid:84139307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.36.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276206/; classtype:trojan-activity;sid:84139306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.198.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276205/; classtype:trojan-activity;sid:84139305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.132.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276203/; classtype:trojan-activity;sid:84139303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.117.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276204/; classtype:trojan-activity;sid:84139304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.190.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276202/; classtype:trojan-activity;sid:84139302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.148.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276201/; classtype:trojan-activity;sid:84139301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.211.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276200/; classtype:trojan-activity;sid:84139300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.75.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276199/; classtype:trojan-activity;sid:84139299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.49.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276198/; classtype:trojan-activity;sid:84139298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/remcossssssss.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276197/; classtype:trojan-activity;sid:84139297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/dcrat.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276196/; classtype:trojan-activity;sid:84139296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.6.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276195/; classtype:trojan-activity;sid:84139295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.81.26.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276194/; classtype:trojan-activity;sid:84139294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276193/; classtype:trojan-activity;sid:84139293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.108.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276192/; classtype:trojan-activity;sid:84139292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.123.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276191/; classtype:trojan-activity;sid:84139291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostedcr.vbs"; depth:13; endswith; nocase; http.host; content:"186.169.95.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276190/; classtype:trojan-activity;sid:84139290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31agosto.vbs"; depth:13; endswith; nocase; http.host; content:"186.169.95.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276189/; classtype:trojan-activity;sid:84139289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.253.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276188/; classtype:trojan-activity;sid:84139288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.243.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276187/; classtype:trojan-activity;sid:84139287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/n0pump.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276186/; classtype:trojan-activity;sid:84139286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.92.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276185/; classtype:trojan-activity;sid:84139285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.7.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276183/; classtype:trojan-activity;sid:84139283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.47.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276184/; classtype:trojan-activity;sid:84139284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276182/; classtype:trojan-activity;sid:84139282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276181/; classtype:trojan-activity;sid:84139281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.165.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276180/; classtype:trojan-activity;sid:84139280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.225.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276179/; classtype:trojan-activity;sid:84139279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276178/; classtype:trojan-activity;sid:84139278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.12.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276177/; classtype:trojan-activity;sid:84139277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.8.93"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276176/; classtype:trojan-activity;sid:84139276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.18.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276175/; classtype:trojan-activity;sid:84139275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276174/; classtype:trojan-activity;sid:84139274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.132.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276173/; classtype:trojan-activity;sid:84139273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.179.27.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276172/; classtype:trojan-activity;sid:84139272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.117.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276171/; classtype:trojan-activity;sid:84139271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.148.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276170/; classtype:trojan-activity;sid:84139270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.125.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276169/; classtype:trojan-activity;sid:84139269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.239.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276168/; classtype:trojan-activity;sid:84139268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.0.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276167/; classtype:trojan-activity;sid:84139267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276166/; classtype:trojan-activity;sid:84139266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.254.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276165/; classtype:trojan-activity;sid:84139265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.30.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276164/; classtype:trojan-activity;sid:84139264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276163/; classtype:trojan-activity;sid:84139263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276162/; classtype:trojan-activity;sid:84139262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.75.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276161/; classtype:trojan-activity;sid:84139261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276160/; classtype:trojan-activity;sid:84139260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.211.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276159/; classtype:trojan-activity;sid:84139259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.192.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276158/; classtype:trojan-activity;sid:84139258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.227.78.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276157/; classtype:trojan-activity;sid:84139257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276156/; classtype:trojan-activity;sid:84139256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.216.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276155/; classtype:trojan-activity;sid:84139255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.49.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276154/; classtype:trojan-activity;sid:84139254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.59.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276153/; classtype:trojan-activity;sid:84139253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.66.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276152/; classtype:trojan-activity;sid:84139252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.32.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276151/; classtype:trojan-activity;sid:84139251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.84.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276149/; classtype:trojan-activity;sid:84139249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.138.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276150/; classtype:trojan-activity;sid:84139250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276148/; classtype:trojan-activity;sid:84139248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.139.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276147/; classtype:trojan-activity;sid:84139247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.86.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276146/; classtype:trojan-activity;sid:84139246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276145/; classtype:trojan-activity;sid:84139245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.154.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276144/; classtype:trojan-activity;sid:84139244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276143/; classtype:trojan-activity;sid:84139243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.84.139.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276142/; classtype:trojan-activity;sid:84139242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276141/; classtype:trojan-activity;sid:84139241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.239.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276140/; classtype:trojan-activity;sid:84139240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.19.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276139/; classtype:trojan-activity;sid:84139239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.202.242.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276138/; classtype:trojan-activity;sid:84139238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.11.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276137/; classtype:trojan-activity;sid:84139237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.161.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276135/; classtype:trojan-activity;sid:84139235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.83.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276136/; classtype:trojan-activity;sid:84139236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276131/; classtype:trojan-activity;sid:84139231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.254.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276132/; classtype:trojan-activity;sid:84139232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276133/; classtype:trojan-activity;sid:84139233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.68.200"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276134/; classtype:trojan-activity;sid:84139234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.226.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276130/; classtype:trojan-activity;sid:84139230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.78.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276129/; classtype:trojan-activity;sid:84139229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.108.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276128/; classtype:trojan-activity;sid:84139228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"files1.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276127/; classtype:trojan-activity;sid:84139227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276125/; classtype:trojan-activity;sid:84139225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.152.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276126/; classtype:trojan-activity;sid:84139226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.203.114.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276124/; classtype:trojan-activity;sid:84139224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.138.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276123/; classtype:trojan-activity;sid:84139223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.230.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276120/; classtype:trojan-activity;sid:84139220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.59.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276121/; classtype:trojan-activity;sid:84139221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.73.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276122/; classtype:trojan-activity;sid:84139222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.227.78.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276119/; classtype:trojan-activity;sid:84139219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276118/; classtype:trojan-activity;sid:84139218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.128.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276117/; classtype:trojan-activity;sid:84139217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276116/; classtype:trojan-activity;sid:84139216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.142.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276115/; classtype:trojan-activity;sid:84139215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276114/; classtype:trojan-activity;sid:84139214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276111/; classtype:trojan-activity;sid:84139211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276112/; classtype:trojan-activity;sid:84139212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.91.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276113/; classtype:trojan-activity;sid:84139213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.84.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276110/; classtype:trojan-activity;sid:84139210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.73.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276109/; classtype:trojan-activity;sid:84139209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276105/; classtype:trojan-activity;sid:84139205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276106/; classtype:trojan-activity;sid:84139206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276107/; classtype:trojan-activity;sid:84139207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276108/; classtype:trojan-activity;sid:84139208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276104/; classtype:trojan-activity;sid:84139204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276102/; classtype:trojan-activity;sid:84139202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276103/; classtype:trojan-activity;sid:84139203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276101/; classtype:trojan-activity;sid:84139201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276100/; classtype:trojan-activity;sid:84139200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276097/; classtype:trojan-activity;sid:84139197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276098/; classtype:trojan-activity;sid:84139198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.192.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276099/; classtype:trojan-activity;sid:84139199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276096/; classtype:trojan-activity;sid:84139196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276094/; classtype:trojan-activity;sid:84139194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276095/; classtype:trojan-activity;sid:84139195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276091/; classtype:trojan-activity;sid:84139191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz.sh"; depth:6; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276092/; classtype:trojan-activity;sid:84139192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/std.sh"; depth:7; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276093/; classtype:trojan-activity;sid:84139193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276090/; classtype:trojan-activity;sid:84139190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.43.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276089/; classtype:trojan-activity;sid:84139189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.35.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276088/; classtype:trojan-activity;sid:84139188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.230.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276087/; classtype:trojan-activity;sid:84139187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.148.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276086/; classtype:trojan-activity;sid:84139186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.114.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276085/; classtype:trojan-activity;sid:84139185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.81.113.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276084/; classtype:trojan-activity;sid:84139184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.117.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276083/; classtype:trojan-activity;sid:84139183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.82.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276082/; classtype:trojan-activity;sid:84139182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.114.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276081/; classtype:trojan-activity;sid:84139181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.203.114.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276080/; classtype:trojan-activity;sid:84139180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276077/; classtype:trojan-activity;sid:84139177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276078/; classtype:trojan-activity;sid:84139178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.191.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276079/; classtype:trojan-activity;sid:84139179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flll"; depth:5; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276074/; classtype:trojan-activity;sid:84139174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlink.sh"; depth:9; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276075/; classtype:trojan-activity;sid:84139175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.sh"; depth:7; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276076/; classtype:trojan-activity;sid:84139176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.175.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276073/; classtype:trojan-activity;sid:84139173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.4.107.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276072/; classtype:trojan-activity;sid:84139172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276071/; classtype:trojan-activity;sid:84139171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.43.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276070/; classtype:trojan-activity;sid:84139170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.128.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276069/; classtype:trojan-activity;sid:84139169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276068/; classtype:trojan-activity;sid:84139168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.arm5"; depth:15; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276063/; classtype:trojan-activity;sid:84139163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.arm6"; depth:15; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276064/; classtype:trojan-activity;sid:84139164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.arm4"; depth:15; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276065/; classtype:trojan-activity;sid:84139165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.mips"; depth:15; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276066/; classtype:trojan-activity;sid:84139166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.x86"; depth:14; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276067/; classtype:trojan-activity;sid:84139167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.sh"; depth:13; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276062/; classtype:trojan-activity;sid:84139162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm4"; depth:16; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276060/; classtype:trojan-activity;sid:84139160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm6"; depth:16; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276061/; classtype:trojan-activity;sid:84139161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mips"; depth:16; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276057/; classtype:trojan-activity;sid:84139157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.mpsl"; depth:15; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276058/; classtype:trojan-activity;sid:84139158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urhyugeur.ppc"; depth:14; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276059/; classtype:trojan-activity;sid:84139159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm5"; depth:16; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276052/; classtype:trojan-activity;sid:84139152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.ppc"; depth:15; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276053/; classtype:trojan-activity;sid:84139153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sparc"; depth:17; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276054/; classtype:trojan-activity;sid:84139154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.x86"; depth:15; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276055/; classtype:trojan-activity;sid:84139155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mpsl"; depth:16; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276056/; classtype:trojan-activity;sid:84139156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm7"; depth:16; endswith; nocase; http.host; content:"209.126.0.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276051/; classtype:trojan-activity;sid:84139151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.222.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276050/; classtype:trojan-activity;sid:84139150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.81.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276048/; classtype:trojan-activity;sid:84139148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"files.eye-network.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276049/; classtype:trojan-activity;sid:84139149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.246.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276047/; classtype:trojan-activity;sid:84139147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.215.176.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276046/; classtype:trojan-activity;sid:84139146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.192.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276045/; classtype:trojan-activity;sid:84139145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276044/; classtype:trojan-activity;sid:84139144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276043/; classtype:trojan-activity;sid:84139143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.82.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276042/; classtype:trojan-activity;sid:84139142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.81.113.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276041/; classtype:trojan-activity;sid:84139141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.4.107.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276040/; classtype:trojan-activity;sid:84139140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.32.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276039/; classtype:trojan-activity;sid:84139139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon.sh"; depth:8; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276037/; classtype:trojan-activity;sid:84139137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276038/; classtype:trojan-activity;sid:84139138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276036/; classtype:trojan-activity;sid:84139136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276032/; classtype:trojan-activity;sid:84139132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276033/; classtype:trojan-activity;sid:84139133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276034/; classtype:trojan-activity;sid:84139134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.91.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276035/; classtype:trojan-activity;sid:84139135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.82.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276031/; classtype:trojan-activity;sid:84139131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.63.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276030/; classtype:trojan-activity;sid:84139130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276025/; classtype:trojan-activity;sid:84139125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276026/; classtype:trojan-activity;sid:84139126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon.sh"; depth:8; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276027/; classtype:trojan-activity;sid:84139127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276028/; classtype:trojan-activity;sid:84139128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276029/; classtype:trojan-activity;sid:84139129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86_64"; depth:28; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276013/; classtype:trojan-activity;sid:84139113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.spc"; depth:25; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276014/; classtype:trojan-activity;sid:84139114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mips"; depth:26; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276015/; classtype:trojan-activity;sid:84139115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm5"; depth:26; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276016/; classtype:trojan-activity;sid:84139116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.m68k"; depth:26; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276017/; classtype:trojan-activity;sid:84139117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm6"; depth:26; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276018/; classtype:trojan-activity;sid:84139118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm7"; depth:26; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276019/; classtype:trojan-activity;sid:84139119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm"; depth:25; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276020/; classtype:trojan-activity;sid:84139120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.ppc"; depth:25; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276021/; classtype:trojan-activity;sid:84139121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86"; depth:25; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276022/; classtype:trojan-activity;sid:84139122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.sh4"; depth:25; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276023/; classtype:trojan-activity;sid:84139123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mpsl"; depth:26; endswith; nocase; http.host; content:"cnc.carteldesinaloa.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276024/; classtype:trojan-activity;sid:84139124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.72.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276012/; classtype:trojan-activity;sid:84139112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.43.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276011/; classtype:trojan-activity;sid:84139111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.81.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276010/; classtype:trojan-activity;sid:84139110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.194.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276009/; classtype:trojan-activity;sid:84139109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276008/; classtype:trojan-activity;sid:84139108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276007/; classtype:trojan-activity;sid:84139107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276006/; classtype:trojan-activity;sid:84139106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i486"; depth:10; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276005/; classtype:trojan-activity;sid:84139105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275999/; classtype:trojan-activity;sid:84139099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276000/; classtype:trojan-activity;sid:84139100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276001/; classtype:trojan-activity;sid:84139101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276002/; classtype:trojan-activity;sid:84139102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276003/; classtype:trojan-activity;sid:84139103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3276004/; classtype:trojan-activity;sid:84139104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.113.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275998/; classtype:trojan-activity;sid:84139098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.53.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275997/; classtype:trojan-activity;sid:84139097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.67.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275996/; classtype:trojan-activity;sid:84139096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.115.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275995/; classtype:trojan-activity;sid:84139095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.152.167.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275994/; classtype:trojan-activity;sid:84139094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.15.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275993/; classtype:trojan-activity;sid:84139093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"140.240.254.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275991/; classtype:trojan-activity;sid:84139091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275992/; classtype:trojan-activity;sid:84139092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.91.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275990/; classtype:trojan-activity;sid:84139090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.194.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275989/; classtype:trojan-activity;sid:84139089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.28.147"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275988/; classtype:trojan-activity;sid:84139088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275987/; classtype:trojan-activity;sid:84139087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.73.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275986/; classtype:trojan-activity;sid:84139086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.70.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275985/; classtype:trojan-activity;sid:84139085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.101.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275984/; classtype:trojan-activity;sid:84139084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.95.11.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275983/; classtype:trojan-activity;sid:84139083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.196.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275982/; classtype:trojan-activity;sid:84139082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.94.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275981/; classtype:trojan-activity;sid:84139081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275980/; classtype:trojan-activity;sid:84139080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.73.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275979/; classtype:trojan-activity;sid:84139079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.138.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275978/; classtype:trojan-activity;sid:84139078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.13.229"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275977/; classtype:trojan-activity;sid:84139077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.66.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275976/; classtype:trojan-activity;sid:84139076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.71.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275975/; classtype:trojan-activity;sid:84139075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.165.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275974/; classtype:trojan-activity;sid:84139074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.152.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275973/; classtype:trojan-activity;sid:84139073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.115.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275972/; classtype:trojan-activity;sid:84139072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.30.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275971/; classtype:trojan-activity;sid:84139071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.238.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275970/; classtype:trojan-activity;sid:84139070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.241.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275968/; classtype:trojan-activity;sid:84139068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.156.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275969/; classtype:trojan-activity;sid:84139069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.28.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275967/; classtype:trojan-activity;sid:84139067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wriww68k"; depth:10; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275966/; classtype:trojan-activity;sid:84139066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wheiuwa4"; depth:10; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275965/; classtype:trojan-activity;sid:84139065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//qkehusl"; depth:9; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275963/; classtype:trojan-activity;sid:84139063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//dvwkja7"; depth:9; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275964/; classtype:trojan-activity;sid:84139064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//jwwofba5"; depth:10; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275957/; classtype:trojan-activity;sid:84139057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vqsjh4"; depth:8; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275958/; classtype:trojan-activity;sid:84139058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wnbw86"; depth:8; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275959/; classtype:trojan-activity;sid:84139059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vsbeps"; depth:8; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275960/; classtype:trojan-activity;sid:84139060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vkjqpc"; depth:8; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275961/; classtype:trojan-activity;sid:84139061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//kjsusa6"; depth:9; endswith; nocase; http.host; content:"server5.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275962/; classtype:trojan-activity;sid:84139062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.78.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275956/; classtype:trojan-activity;sid:84139056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.131.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275955/; classtype:trojan-activity;sid:84139055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.180.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275954/; classtype:trojan-activity;sid:84139054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.188.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275953/; classtype:trojan-activity;sid:84139053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275952/; classtype:trojan-activity;sid:84139052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.190.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275951/; classtype:trojan-activity;sid:84139051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275950/; classtype:trojan-activity;sid:84139050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.16.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275949/; classtype:trojan-activity;sid:84139049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.27.48.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275948/; classtype:trojan-activity;sid:84139048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.71.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275947/; classtype:trojan-activity;sid:84139047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.94.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275946/; classtype:trojan-activity;sid:84139046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.236.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275945/; classtype:trojan-activity;sid:84139045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.185.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275944/; classtype:trojan-activity;sid:84139044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.66.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275943/; classtype:trojan-activity;sid:84139043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.165.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275942/; classtype:trojan-activity;sid:84139042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.129.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275941/; classtype:trojan-activity;sid:84139041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.60.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275940/; classtype:trojan-activity;sid:84139040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.241.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275939/; classtype:trojan-activity;sid:84139039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.156.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275938/; classtype:trojan-activity;sid:84139038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275937/; classtype:trojan-activity;sid:84139037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.252.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275936/; classtype:trojan-activity;sid:84139036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.5.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275935/; classtype:trojan-activity;sid:84139035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.119.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275934/; classtype:trojan-activity;sid:84139034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.215.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275933/; classtype:trojan-activity;sid:84139033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.241.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275932/; classtype:trojan-activity;sid:84139032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.83.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275931/; classtype:trojan-activity;sid:84139031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.252.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275930/; classtype:trojan-activity;sid:84139030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"93.123.109.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275929/; classtype:trojan-activity;sid:84139029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.190.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275928/; classtype:trojan-activity;sid:84139028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.161.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275927/; classtype:trojan-activity;sid:84139027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275926/; classtype:trojan-activity;sid:84139026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.197.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275925/; classtype:trojan-activity;sid:84139025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.43.185"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275924/; classtype:trojan-activity;sid:84139024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.116.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275923/; classtype:trojan-activity;sid:84139023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.185.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275922/; classtype:trojan-activity;sid:84139022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.120.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275921/; classtype:trojan-activity;sid:84139021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.105.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275920/; classtype:trojan-activity;sid:84139020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.180.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275919/; classtype:trojan-activity;sid:84139019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.115.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275918/; classtype:trojan-activity;sid:84139018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.33.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275917/; classtype:trojan-activity;sid:84139017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.0.249"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275916/; classtype:trojan-activity;sid:84139016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.107.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275915/; classtype:trojan-activity;sid:84139015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.5.182"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275914/; classtype:trojan-activity;sid:84139014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.15.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275913/; classtype:trojan-activity;sid:84139013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.232.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275911/; classtype:trojan-activity;sid:84139011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.120.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275912/; classtype:trojan-activity;sid:84139012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.80.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275910/; classtype:trojan-activity;sid:84139010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.190.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275909/; classtype:trojan-activity;sid:84139009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.9.234"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275908/; classtype:trojan-activity;sid:84139008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.89.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275907/; classtype:trojan-activity;sid:84139007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275906/; classtype:trojan-activity;sid:84139006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.142.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275905/; classtype:trojan-activity;sid:84139005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.223.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275904/; classtype:trojan-activity;sid:84139004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.17.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275902/; classtype:trojan-activity;sid:84139002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.177.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275903/; classtype:trojan-activity;sid:84139003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.41.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275901/; classtype:trojan-activity;sid:84139001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.167.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275900/; classtype:trojan-activity;sid:84139000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.0.249"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275899/; classtype:trojan-activity;sid:84138999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.184.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275898/; classtype:trojan-activity;sid:84138998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275897/; classtype:trojan-activity;sid:84138997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.161.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275896/; classtype:trojan-activity;sid:84138996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.195.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275895/; classtype:trojan-activity;sid:84138995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.54.133"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275894/; classtype:trojan-activity;sid:84138994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.15.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275893/; classtype:trojan-activity;sid:84138993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/games/app/echel%d0%ben.zip"; depth:27; endswith; nocase; http.host; content:"echeloncheats.space"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275892/; classtype:trojan-activity;sid:84138992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275891/; classtype:trojan-activity;sid:84138991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.94.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275890/; classtype:trojan-activity;sid:84138990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.105.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275889/; classtype:trojan-activity;sid:84138989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.102.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275888/; classtype:trojan-activity;sid:84138988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.108.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275887/; classtype:trojan-activity;sid:84138987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file_premium/r99xqb5kz15skq3/setup_mac_pa%2524%2524_1885.zip/file"; depth:66; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275885/; classtype:trojan-activity;sid:84138985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.83.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275884/; classtype:trojan-activity;sid:84138984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.35.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275883/; classtype:trojan-activity;sid:84138983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.184.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275882/; classtype:trojan-activity;sid:84138982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.17.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275881/; classtype:trojan-activity;sid:84138981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.80.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275880/; classtype:trojan-activity;sid:84138980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275879/; classtype:trojan-activity;sid:84138979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275878/; classtype:trojan-activity;sid:84138978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.41.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275877/; classtype:trojan-activity;sid:84138977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275868/; classtype:trojan-activity;sid:84138968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275869/; classtype:trojan-activity;sid:84138969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275870/; classtype:trojan-activity;sid:84138970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275871/; classtype:trojan-activity;sid:84138971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275872/; classtype:trojan-activity;sid:84138972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275873/; classtype:trojan-activity;sid:84138973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275874/; classtype:trojan-activity;sid:84138974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275875/; classtype:trojan-activity;sid:84138975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275876/; classtype:trojan-activity;sid:84138976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275866/; classtype:trojan-activity;sid:84138966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"raw.eye-network.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275867/; classtype:trojan-activity;sid:84138967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.125.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275863/; classtype:trojan-activity;sid:84138963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275857/; classtype:trojan-activity;sid:84138957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275858/; classtype:trojan-activity;sid:84138958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275859/; classtype:trojan-activity;sid:84138959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275860/; classtype:trojan-activity;sid:84138960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275861/; classtype:trojan-activity;sid:84138961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275862/; classtype:trojan-activity;sid:84138962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275855/; classtype:trojan-activity;sid:84138955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.exe"; depth:8; endswith; nocase; http.host; content:"www.smithpropertysolutions.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275856/; classtype:trojan-activity;sid:84138956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275835/; classtype:trojan-activity;sid:84138935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275836/; classtype:trojan-activity;sid:84138936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275837/; classtype:trojan-activity;sid:84138937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275839/; classtype:trojan-activity;sid:84138939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275840/; classtype:trojan-activity;sid:84138940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275841/; classtype:trojan-activity;sid:84138941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275842/; classtype:trojan-activity;sid:84138942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275843/; classtype:trojan-activity;sid:84138943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnbw86"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275844/; classtype:trojan-activity;sid:84138944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275845/; classtype:trojan-activity;sid:84138945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275846/; classtype:trojan-activity;sid:84138946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275847/; classtype:trojan-activity;sid:84138947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275848/; classtype:trojan-activity;sid:84138948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275849/; classtype:trojan-activity;sid:84138949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275850/; classtype:trojan-activity;sid:84138950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275851/; classtype:trojan-activity;sid:84138951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275852/; classtype:trojan-activity;sid:84138952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275853/; classtype:trojan-activity;sid:84138953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275854/; classtype:trojan-activity;sid:84138954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275831/; classtype:trojan-activity;sid:84138931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275832/; classtype:trojan-activity;sid:84138932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275833/; classtype:trojan-activity;sid:84138933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275834/; classtype:trojan-activity;sid:84138934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"154.216.17.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275830/; classtype:trojan-activity;sid:84138930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275829/; classtype:trojan-activity;sid:84138929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.195.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275828/; classtype:trojan-activity;sid:84138928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275824/; classtype:trojan-activity;sid:84138924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275825/; classtype:trojan-activity;sid:84138925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275826/; classtype:trojan-activity;sid:84138926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275827/; classtype:trojan-activity;sid:84138927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275823/; classtype:trojan-activity;sid:84138923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.102.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275822/; classtype:trojan-activity;sid:84138922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.83.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275821/; classtype:trojan-activity;sid:84138921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.200.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275820/; classtype:trojan-activity;sid:84138920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275819/; classtype:trojan-activity;sid:84138919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.177.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275818/; classtype:trojan-activity;sid:84138918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.13.229"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275817/; classtype:trojan-activity;sid:84138917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.201.135.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275816/; classtype:trojan-activity;sid:84138916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.135.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275814/; classtype:trojan-activity;sid:84138914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.253.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275813/; classtype:trojan-activity;sid:84138913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwir64"; depth:7; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275812/; classtype:trojan-activity;sid:84138912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.3.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275811/; classtype:trojan-activity;sid:84138911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.4.67.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275810/; classtype:trojan-activity;sid:84138910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.170.216.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275809/; classtype:trojan-activity;sid:84138909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.113.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275808/; classtype:trojan-activity;sid:84138908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275806/; classtype:trojan-activity;sid:84138906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.43.185"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275805/; classtype:trojan-activity;sid:84138905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.233.156.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275804/; classtype:trojan-activity;sid:84138904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.130.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275803/; classtype:trojan-activity;sid:84138903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.191.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275802/; classtype:trojan-activity;sid:84138902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.66.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275801/; classtype:trojan-activity;sid:84138901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.209.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275800/; classtype:trojan-activity;sid:84138900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275799/; classtype:trojan-activity;sid:84138899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.87.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275798/; classtype:trojan-activity;sid:84138898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.125.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275797/; classtype:trojan-activity;sid:84138897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.4.67.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275796/; classtype:trojan-activity;sid:84138896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.129.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275795/; classtype:trojan-activity;sid:84138895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.226.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275794/; classtype:trojan-activity;sid:84138894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.40.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275793/; classtype:trojan-activity;sid:84138893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.191.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275792/; classtype:trojan-activity;sid:84138892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.3.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275791/; classtype:trojan-activity;sid:84138891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.167.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275790/; classtype:trojan-activity;sid:84138890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e.dat"; depth:6; endswith; nocase; http.host; content:"78.46.194.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275789/; classtype:trojan-activity;sid:84138889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kringe2.exe"; depth:12; endswith; nocase; http.host; content:"sosipisos2.site"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275783/; classtype:trojan-activity;sid:84138883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/myrdx.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275784/; classtype:trojan-activity;sid:84138884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kringe2.exe"; depth:12; endswith; nocase; http.host; content:"sosipisos2.site"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275785/; classtype:trojan-activity;sid:84138885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reko/valid.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275786/; classtype:trojan-activity;sid:84138886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97c9beb737884d93a1899766d9f4e34c:gostired/perceivedfurthermore.zip"; depth:67; endswith; nocase; http.host; content:"eu2.contabostorage.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275787/; classtype:trojan-activity;sid:84138887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perceivedfurthermore.txt"; depth:25; endswith; nocase; http.host; content:"pub-1f3e5ec684c24b40ae9d9716dd6514f0.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275788/; classtype:trojan-activity;sid:84138888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275782/; classtype:trojan-activity;sid:84138882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.129.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275781/; classtype:trojan-activity;sid:84138881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.87.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275780/; classtype:trojan-activity;sid:84138880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275779/; classtype:trojan-activity;sid:84138879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275778/; classtype:trojan-activity;sid:84138878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.111.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275776/; classtype:trojan-activity;sid:84138876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.69.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275777/; classtype:trojan-activity;sid:84138877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.exe"; depth:7; endswith; nocase; http.host; content:"smithpropertysolutions.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275775/; classtype:trojan-activity;sid:84138875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.7.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275774/; classtype:trojan-activity;sid:84138874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275773/; classtype:trojan-activity;sid:84138873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.223.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275772/; classtype:trojan-activity;sid:84138872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.132.207.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275771/; classtype:trojan-activity;sid:84138871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.227.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275770/; classtype:trojan-activity;sid:84138870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.164.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275769/; classtype:trojan-activity;sid:84138869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.38.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275768/; classtype:trojan-activity;sid:84138868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275767/; classtype:trojan-activity;sid:84138867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.7.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275766/; classtype:trojan-activity;sid:84138866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.22.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275765/; classtype:trojan-activity;sid:84138865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.94.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275764/; classtype:trojan-activity;sid:84138864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.141.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275763/; classtype:trojan-activity;sid:84138863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.166.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275762/; classtype:trojan-activity;sid:84138862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.109.131.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275761/; classtype:trojan-activity;sid:84138861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.132.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275760/; classtype:trojan-activity;sid:84138860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275759/; classtype:trojan-activity;sid:84138859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.55.22.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275758/; classtype:trojan-activity;sid:84138858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm5"; depth:26; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275757/; classtype:trojan-activity;sid:84138857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.spc"; depth:25; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275753/; classtype:trojan-activity;sid:84138853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.ppc"; depth:25; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275754/; classtype:trojan-activity;sid:84138854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mpsl"; depth:26; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275755/; classtype:trojan-activity;sid:84138855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm7"; depth:26; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275756/; classtype:trojan-activity;sid:84138856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.sh4"; depth:25; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275748/; classtype:trojan-activity;sid:84138848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86"; depth:25; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275749/; classtype:trojan-activity;sid:84138849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mips"; depth:26; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275750/; classtype:trojan-activity;sid:84138850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.m68k"; depth:26; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275751/; classtype:trojan-activity;sid:84138851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm6"; depth:26; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275752/; classtype:trojan-activity;sid:84138852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm"; depth:25; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275745/; classtype:trojan-activity;sid:84138845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86_64"; depth:28; endswith; nocase; http.host; content:"94.156.177.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275746/; classtype:trojan-activity;sid:84138846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.140.238.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275747/; classtype:trojan-activity;sid:84138847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275744/; classtype:trojan-activity;sid:84138844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275743/; classtype:trojan-activity;sid:84138843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.3.27.240"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275742/; classtype:trojan-activity;sid:84138842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275741/; classtype:trojan-activity;sid:84138841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.119.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275740/; classtype:trojan-activity;sid:84138840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275739/; classtype:trojan-activity;sid:84138839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.55.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275738/; classtype:trojan-activity;sid:84138838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.201.133.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275737/; classtype:trojan-activity;sid:84138837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.84.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275735/; classtype:trojan-activity;sid:84138835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.185.108.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275736/; classtype:trojan-activity;sid:84138836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.137.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275734/; classtype:trojan-activity;sid:84138834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.223.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275733/; classtype:trojan-activity;sid:84138833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.76.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275732/; classtype:trojan-activity;sid:84138832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.227.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275731/; classtype:trojan-activity;sid:84138831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.26.82.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275730/; classtype:trojan-activity;sid:84138830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275729/; classtype:trojan-activity;sid:84138829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.248.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275728/; classtype:trojan-activity;sid:84138828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275727/; classtype:trojan-activity;sid:84138827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.180.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275726/; classtype:trojan-activity;sid:84138826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.8.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275725/; classtype:trojan-activity;sid:84138825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.247.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275724/; classtype:trojan-activity;sid:84138824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.55.22.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275723/; classtype:trojan-activity;sid:84138823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.140.238.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275722/; classtype:trojan-activity;sid:84138822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.76.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275720/; classtype:trojan-activity;sid:84138820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.3.27.240"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275721/; classtype:trojan-activity;sid:84138821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275719/; classtype:trojan-activity;sid:84138819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.18.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275718/; classtype:trojan-activity;sid:84138818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.123.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275717/; classtype:trojan-activity;sid:84138817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.178.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275716/; classtype:trojan-activity;sid:84138816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.25.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275715/; classtype:trojan-activity;sid:84138815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.208.40.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275714/; classtype:trojan-activity;sid:84138814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.45.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275713/; classtype:trojan-activity;sid:84138813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/software.exe"; depth:19; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275712/; classtype:trojan-activity;sid:84138812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.103.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275711/; classtype:trojan-activity;sid:84138811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.159.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275710/; classtype:trojan-activity;sid:84138810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.188.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275709/; classtype:trojan-activity;sid:84138809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.45.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275708/; classtype:trojan-activity;sid:84138808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.6.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275707/; classtype:trojan-activity;sid:84138807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.180.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275706/; classtype:trojan-activity;sid:84138806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.18.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275705/; classtype:trojan-activity;sid:84138805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.148.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275704/; classtype:trojan-activity;sid:84138804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275703/; classtype:trojan-activity;sid:84138803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275702/; classtype:trojan-activity;sid:84138802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.210.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275701/; classtype:trojan-activity;sid:84138801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275700/; classtype:trojan-activity;sid:84138800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.244.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275699/; classtype:trojan-activity;sid:84138799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.110.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275698/; classtype:trojan-activity;sid:84138798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275697/; classtype:trojan-activity;sid:84138797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.200.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275696/; classtype:trojan-activity;sid:84138796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.35.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275695/; classtype:trojan-activity;sid:84138795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275694/; classtype:trojan-activity;sid:84138794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275693/; classtype:trojan-activity;sid:84138793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.159.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275692/; classtype:trojan-activity;sid:84138792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.110.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275691/; classtype:trojan-activity;sid:84138791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.89.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275690/; classtype:trojan-activity;sid:84138790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.53.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275689/; classtype:trojan-activity;sid:84138789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.188.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275688/; classtype:trojan-activity;sid:84138788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.95.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275687/; classtype:trojan-activity;sid:84138787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.200.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275686/; classtype:trojan-activity;sid:84138786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.220.182.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275685/; classtype:trojan-activity;sid:84138785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.133.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275684/; classtype:trojan-activity;sid:84138784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pisos23.exe"; depth:12; endswith; nocase; http.host; content:"sosipisos2.site"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275683/; classtype:trojan-activity;sid:84138783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.35.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275682/; classtype:trojan-activity;sid:84138782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.130.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275681/; classtype:trojan-activity;sid:84138781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.216.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275680/; classtype:trojan-activity;sid:84138780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.22.48"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275679/; classtype:trojan-activity;sid:84138779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.100.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275678/; classtype:trojan-activity;sid:84138778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.97.201.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275677/; classtype:trojan-activity;sid:84138777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.185.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275675/; classtype:trojan-activity;sid:84138775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.106.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275676/; classtype:trojan-activity;sid:84138776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update"; depth:7; endswith; nocase; http.host; content:"154.205.134.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275673/; classtype:trojan-activity;sid:84138773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.89.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275674/; classtype:trojan-activity;sid:84138774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yvctcnhxrpnqxvrwer3snk7kyqsgxk0w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275670/; classtype:trojan-activity;sid:84138770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hi3rgjfwmmhu1g8qdbyp8hlue3nczav2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275671/; classtype:trojan-activity;sid:84138771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cpidoaau6k__pne7dfam9mz7e02h2cxc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275672/; classtype:trojan-activity;sid:84138772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1leawzinny0otn692olyowavbzv4iveup"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275661/; classtype:trojan-activity;sid:84138761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=16z2gvd5s8diouvqouq99hwjk2tfvmiwx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275662/; classtype:trojan-activity;sid:84138762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1vm6lylqa1c1zh2vwwafpg72l9qfskzxi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275663/; classtype:trojan-activity;sid:84138763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yp8z-k3e02lwv5a0sseppvxmvbges0q8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275664/; classtype:trojan-activity;sid:84138764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.159.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275665/; classtype:trojan-activity;sid:84138765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1x8hrxt3ybf1gaaqbn1tkmnjnn29yvc7j"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275666/; classtype:trojan-activity;sid:84138766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ber5-j61po9sbwndn0_u9vsmsszii_g8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275668/; classtype:trojan-activity;sid:84138768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1iztpnictivvjlwacdezme1enrlgb_fun"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275659/; classtype:trojan-activity;sid:84138759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1qig8eqcnrg-kygiixcbtlftkgxx9ji2w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275660/; classtype:trojan-activity;sid:84138760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1huotbd1zjmnea4wg46v7jnontoz7cpfk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275657/; classtype:trojan-activity;sid:84138757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.164.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275654/; classtype:trojan-activity;sid:84138754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.92.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275655/; classtype:trojan-activity;sid:84138755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.185.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275653/; classtype:trojan-activity;sid:84138753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~lizard581/cgi-bin/imageup/data/1421.png"; depth:41; endswith; nocase; http.host; content:"www.diced.jp"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275652/; classtype:trojan-activity;sid:84138752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.211.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275651/; classtype:trojan-activity;sid:84138751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275650/; classtype:trojan-activity;sid:84138750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.238.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275649/; classtype:trojan-activity;sid:84138749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nzcxs/freakyy222.txt"; depth:21; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275648/; classtype:trojan-activity;sid:84138748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.237.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275647/; classtype:trojan-activity;sid:84138747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.62.117.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275646/; classtype:trojan-activity;sid:84138746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbam5/sdeexloa.txt"; depth:19; endswith; nocase; http.host; content:"transfer.adttemp.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275645/; classtype:trojan-activity;sid:84138745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34/snc/greatthignswithnewworkingskillwithmegreatwithe.hta"; depth:58; endswith; nocase; http.host; content:"185.117.91.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275644/; classtype:trojan-activity;sid:84138744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275643/; classtype:trojan-activity;sid:84138743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.6.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275642/; classtype:trojan-activity;sid:84138742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.87.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275641/; classtype:trojan-activity;sid:84138741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275640/; classtype:trojan-activity;sid:84138740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.86.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275639/; classtype:trojan-activity;sid:84138739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.177.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275638/; classtype:trojan-activity;sid:84138738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bjulbjuqd.dat"; depth:14; endswith; nocase; http.host; content:"nbowling.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275637/; classtype:trojan-activity;sid:84138737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.216.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275636/; classtype:trojan-activity;sid:84138736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1njiskszkycw3w4s_sjxxfxgsqjovjebn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275635/; classtype:trojan-activity;sid:84138735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275634/; classtype:trojan-activity;sid:84138734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.185.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275633/; classtype:trojan-activity;sid:84138733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.121.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275632/; classtype:trojan-activity;sid:84138732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vdpawrpsfehthv196.bin"; depth:22; endswith; nocase; http.host; content:"173.249.193.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275631/; classtype:trojan-activity;sid:84138731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lngwkyvzvtm166.bin"; depth:19; endswith; nocase; http.host; content:"212.162.149.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275630/; classtype:trojan-activity;sid:84138730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.181.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275629/; classtype:trojan-activity;sid:84138729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.67.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275628/; classtype:trojan-activity;sid:84138728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08944c4ccd05189a/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"95.215.204.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275626/; classtype:trojan-activity;sid:84138726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08944c4ccd05189a/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275627/; classtype:trojan-activity;sid:84138727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08944c4ccd05189a/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275624/; classtype:trojan-activity;sid:84138724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08944c4ccd05189a/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275625/; classtype:trojan-activity;sid:84138725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08944c4ccd05189a/nss3.dll"; depth:26; endswith; nocase; http.host; content:"95.215.204.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275623/; classtype:trojan-activity;sid:84138723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08944c4ccd05189a/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.204.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275621/; classtype:trojan-activity;sid:84138721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08944c4ccd05189a/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.204.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275622/; classtype:trojan-activity;sid:84138722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.33.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275620/; classtype:trojan-activity;sid:84138720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.219.63.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275619/; classtype:trojan-activity;sid:84138719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.3.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275618/; classtype:trojan-activity;sid:84138718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.12.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275617/; classtype:trojan-activity;sid:84138717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.55.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275616/; classtype:trojan-activity;sid:84138716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.140.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275615/; classtype:trojan-activity;sid:84138715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.34.125.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275614/; classtype:trojan-activity;sid:84138714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.170.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275613/; classtype:trojan-activity;sid:84138713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.93.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275612/; classtype:trojan-activity;sid:84138712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.58.231.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275611/; classtype:trojan-activity;sid:84138711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.36.142.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275610/; classtype:trojan-activity;sid:84138710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.219.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275609/; classtype:trojan-activity;sid:84138709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_131.exe"; depth:15; endswith; nocase; http.host; content:"gosp.xaman.es"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275608/; classtype:trojan-activity;sid:84138708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.87.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275607/; classtype:trojan-activity;sid:84138707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.177.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275606/; classtype:trojan-activity;sid:84138706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.31.189.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275605/; classtype:trojan-activity;sid:84138705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.86.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275604/; classtype:trojan-activity;sid:84138704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.61.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275602/; classtype:trojan-activity;sid:84138702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.88.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275603/; classtype:trojan-activity;sid:84138703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.152.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275601/; classtype:trojan-activity;sid:84138701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.21.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275600/; classtype:trojan-activity;sid:84138700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.181.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275599/; classtype:trojan-activity;sid:84138699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.225.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275598/; classtype:trojan-activity;sid:84138698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.109.159.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275597/; classtype:trojan-activity;sid:84138697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.180.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275596/; classtype:trojan-activity;sid:84138696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.244.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275595/; classtype:trojan-activity;sid:84138695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mesh.exe"; depth:9; endswith; nocase; http.host; content:"79.124.58.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275594/; classtype:trojan-activity;sid:84138694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.213.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275592/; classtype:trojan-activity;sid:84138692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.35.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275593/; classtype:trojan-activity;sid:84138693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.77.245.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275591/; classtype:trojan-activity;sid:84138691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.186.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275590/; classtype:trojan-activity;sid:84138690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.226.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275589/; classtype:trojan-activity;sid:84138689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.180.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275588/; classtype:trojan-activity;sid:84138688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.242.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275587/; classtype:trojan-activity;sid:84138687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275585/; classtype:trojan-activity;sid:84138685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/visitorlevy.exe"; depth:16; endswith; nocase; http.host; content:"79.124.58.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275586/; classtype:trojan-activity;sid:84138686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.172.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275582/; classtype:trojan-activity;sid:84138682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.21.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275583/; classtype:trojan-activity;sid:84138683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.232.85.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275584/; classtype:trojan-activity;sid:84138684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.21.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275581/; classtype:trojan-activity;sid:84138681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.152.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275580/; classtype:trojan-activity;sid:84138680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.73.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275579/; classtype:trojan-activity;sid:84138679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.46.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275578/; classtype:trojan-activity;sid:84138678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275577/; classtype:trojan-activity;sid:84138677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.191.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275576/; classtype:trojan-activity;sid:84138676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.212.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275575/; classtype:trojan-activity;sid:84138675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.149.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275574/; classtype:trojan-activity;sid:84138674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.21.174.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275573/; classtype:trojan-activity;sid:84138673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.137.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275572/; classtype:trojan-activity;sid:84138672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.186.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275571/; classtype:trojan-activity;sid:84138671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.109.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275570/; classtype:trojan-activity;sid:84138670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.226.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275569/; classtype:trojan-activity;sid:84138669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.73.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275568/; classtype:trojan-activity;sid:84138668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/explorers.exe"; depth:14; endswith; nocase; http.host; content:"a1045941.xsph.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275567/; classtype:trojan-activity;sid:84138667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.253.225.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275566/; classtype:trojan-activity;sid:84138666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.230.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275565/; classtype:trojan-activity;sid:84138665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.224.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275563/; classtype:trojan-activity;sid:84138663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.92.207.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275564/; classtype:trojan-activity;sid:84138664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.59.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275562/; classtype:trojan-activity;sid:84138662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275561/; classtype:trojan-activity;sid:84138661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.109.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275560/; classtype:trojan-activity;sid:84138660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.164.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275559/; classtype:trojan-activity;sid:84138659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275558/; classtype:trojan-activity;sid:84138658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.160.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275557/; classtype:trojan-activity;sid:84138657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.34.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275556/; classtype:trojan-activity;sid:84138656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.43.108.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275555/; classtype:trojan-activity;sid:84138655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.132.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275554/; classtype:trojan-activity;sid:84138654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.54.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275553/; classtype:trojan-activity;sid:84138653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powershell.exe"; depth:15; endswith; nocase; http.host; content:"cars2024.online"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275552/; classtype:trojan-activity;sid:84138652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.135.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275551/; classtype:trojan-activity;sid:84138651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275550/; classtype:trojan-activity;sid:84138650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.224.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275549/; classtype:trojan-activity;sid:84138649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.93.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275548/; classtype:trojan-activity;sid:84138648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.129.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275547/; classtype:trojan-activity;sid:84138647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.132.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275546/; classtype:trojan-activity;sid:84138646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.1.116"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275545/; classtype:trojan-activity;sid:84138645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.73.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275543/; classtype:trojan-activity;sid:84138643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.101.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275544/; classtype:trojan-activity;sid:84138644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.177.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275542/; classtype:trojan-activity;sid:84138642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.33.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275541/; classtype:trojan-activity;sid:84138641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.113.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275540/; classtype:trojan-activity;sid:84138640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.79.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275539/; classtype:trojan-activity;sid:84138639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.59.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275538/; classtype:trojan-activity;sid:84138638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275537/; classtype:trojan-activity;sid:84138637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.200.177.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275536/; classtype:trojan-activity;sid:84138636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.82.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275534/; classtype:trojan-activity;sid:84138634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.9.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275535/; classtype:trojan-activity;sid:84138635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.93.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275533/; classtype:trojan-activity;sid:84138633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.73.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275532/; classtype:trojan-activity;sid:84138632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.234.21.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275531/; classtype:trojan-activity;sid:84138631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275530/; classtype:trojan-activity;sid:84138630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.77.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275529/; classtype:trojan-activity;sid:84138629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.104.126.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275527/; classtype:trojan-activity;sid:84138627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.9.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275528/; classtype:trojan-activity;sid:84138628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.108.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275526/; classtype:trojan-activity;sid:84138626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.106.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275525/; classtype:trojan-activity;sid:84138625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fleetdeck-agent-tquz5vmfchj86vptji33lc.exe"; depth:43; endswith; nocase; http.host; content:"agentinstall.fleetdeck.io"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275524/; classtype:trojan-activity;sid:84138624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275523/; classtype:trojan-activity;sid:84138623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.49.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275522/; classtype:trojan-activity;sid:84138622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.252.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275519/; classtype:trojan-activity;sid:84138619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.252.165.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275520/; classtype:trojan-activity;sid:84138620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.105.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275521/; classtype:trojan-activity;sid:84138621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.31.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275518/; classtype:trojan-activity;sid:84138618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.214.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275517/; classtype:trojan-activity;sid:84138617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.0.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275516/; classtype:trojan-activity;sid:84138616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.96.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275515/; classtype:trojan-activity;sid:84138615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.106.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275514/; classtype:trojan-activity;sid:84138614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.252.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275513/; classtype:trojan-activity;sid:84138613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275512/; classtype:trojan-activity;sid:84138612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.235.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275511/; classtype:trojan-activity;sid:84138611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275508/; classtype:trojan-activity;sid:84138608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.36.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275509/; classtype:trojan-activity;sid:84138609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.201.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275510/; classtype:trojan-activity;sid:84138610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.134.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275507/; classtype:trojan-activity;sid:84138607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.48.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275506/; classtype:trojan-activity;sid:84138606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.60.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275505/; classtype:trojan-activity;sid:84138605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.176.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275504/; classtype:trojan-activity;sid:84138604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.50.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275503/; classtype:trojan-activity;sid:84138603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.188.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275501/; classtype:trojan-activity;sid:84138601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.235.163.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275502/; classtype:trojan-activity;sid:84138602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.71.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275499/; classtype:trojan-activity;sid:84138599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275500/; classtype:trojan-activity;sid:84138600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.167.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275497/; classtype:trojan-activity;sid:84138597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275498/; classtype:trojan-activity;sid:84138598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275496/; classtype:trojan-activity;sid:84138596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.228.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275495/; classtype:trojan-activity;sid:84138595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.52.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275494/; classtype:trojan-activity;sid:84138594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.214.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275493/; classtype:trojan-activity;sid:84138593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.94.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275492/; classtype:trojan-activity;sid:84138592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.252.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275491/; classtype:trojan-activity;sid:84138591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.0.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275489/; classtype:trojan-activity;sid:84138589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.105.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275490/; classtype:trojan-activity;sid:84138590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li/"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275488/; classtype:trojan-activity;sid:84138588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.102.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275487/; classtype:trojan-activity;sid:84138587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.222.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275486/; classtype:trojan-activity;sid:84138586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.174.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275485/; classtype:trojan-activity;sid:84138585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275484/; classtype:trojan-activity;sid:84138584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.186.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275483/; classtype:trojan-activity;sid:84138583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows10/client11.png"; depth:23; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275482/; classtype:trojan-activity;sid:84138582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows10/client1.exe"; depth:22; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275481/; classtype:trojan-activity;sid:84138581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.23.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275480/; classtype:trojan-activity;sid:84138580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/encript.exe"; depth:12; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275479/; classtype:trojan-activity;sid:84138579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows10/firefoxw.png"; depth:23; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275478/; classtype:trojan-activity;sid:84138578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows10/wps_cl.exe"; depth:21; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275476/; classtype:trojan-activity;sid:84138576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2.enc"; depth:7; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275477/; classtype:trojan-activity;sid:84138577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows10/filedoc2.png"; depth:23; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275474/; classtype:trojan-activity;sid:84138574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gig.txt"; depth:8; endswith; nocase; http.host; content:"filezzdwn.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275475/; classtype:trojan-activity;sid:84138575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gig.zip"; depth:8; endswith; nocase; http.host; content:"filezzdwn.b-cdn.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275471/; classtype:trojan-activity;sid:84138571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.py"; depth:10; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275472/; classtype:trojan-activity;sid:84138572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows10/client2.exe"; depth:22; endswith; nocase; http.host; content:"203.161.43.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275473/; classtype:trojan-activity;sid:84138573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275470/; classtype:trojan-activity;sid:84138570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verification.html"; depth:18; endswith; nocase; http.host; content:"spam-protect-v1.b-cdn.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275469/; classtype:trojan-activity;sid:84138569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.78.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275468/; classtype:trojan-activity;sid:84138568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.209.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275467/; classtype:trojan-activity;sid:84138567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.97.113.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275466/; classtype:trojan-activity;sid:84138566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.205.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275465/; classtype:trojan-activity;sid:84138565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"149.210.68.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275464/; classtype:trojan-activity;sid:84138564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.174.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275462/; classtype:trojan-activity;sid:84138562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.186.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275463/; classtype:trojan-activity;sid:84138563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.72.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275461/; classtype:trojan-activity;sid:84138561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.131.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275460/; classtype:trojan-activity;sid:84138560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275459/; classtype:trojan-activity;sid:84138559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.21.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275458/; classtype:trojan-activity;sid:84138558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.188.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275457/; classtype:trojan-activity;sid:84138557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.44.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275456/; classtype:trojan-activity;sid:84138556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.237.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275455/; classtype:trojan-activity;sid:84138555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.27.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275454/; classtype:trojan-activity;sid:84138554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.68.59.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275452/; classtype:trojan-activity;sid:84138552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.131.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275453/; classtype:trojan-activity;sid:84138553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.191.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275451/; classtype:trojan-activity;sid:84138551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275450/; classtype:trojan-activity;sid:84138550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.102.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275449/; classtype:trojan-activity;sid:84138549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.135.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275448/; classtype:trojan-activity;sid:84138548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.48.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275447/; classtype:trojan-activity;sid:84138547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.46.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275446/; classtype:trojan-activity;sid:84138546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.164.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275445/; classtype:trojan-activity;sid:84138545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.112.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275444/; classtype:trojan-activity;sid:84138544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.139.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275443/; classtype:trojan-activity;sid:84138543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.41.138.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275442/; classtype:trojan-activity;sid:84138542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.59.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275441/; classtype:trojan-activity;sid:84138541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.198.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275440/; classtype:trojan-activity;sid:84138540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.224.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275439/; classtype:trojan-activity;sid:84138539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.188.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275438/; classtype:trojan-activity;sid:84138538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.244.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275437/; classtype:trojan-activity;sid:84138537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.109.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275436/; classtype:trojan-activity;sid:84138536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.9.100.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275434/; classtype:trojan-activity;sid:84138534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.164.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275435/; classtype:trojan-activity;sid:84138535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.54.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275433/; classtype:trojan-activity;sid:84138533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.34.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275432/; classtype:trojan-activity;sid:84138532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.40.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275431/; classtype:trojan-activity;sid:84138531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.229.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275430/; classtype:trojan-activity;sid:84138530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.114.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275429/; classtype:trojan-activity;sid:84138529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.115.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275428/; classtype:trojan-activity;sid:84138528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.59.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275427/; classtype:trojan-activity;sid:84138527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.31.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275425/; classtype:trojan-activity;sid:84138525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.224.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275426/; classtype:trojan-activity;sid:84138526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.150.42.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275424/; classtype:trojan-activity;sid:84138524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.6.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275423/; classtype:trojan-activity;sid:84138523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.222.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275422/; classtype:trojan-activity;sid:84138522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.227.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275420/; classtype:trojan-activity;sid:84138520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.77.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275421/; classtype:trojan-activity;sid:84138521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.245.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275419/; classtype:trojan-activity;sid:84138519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.132.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275418/; classtype:trojan-activity;sid:84138518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.100.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275417/; classtype:trojan-activity;sid:84138517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.25.232.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275416/; classtype:trojan-activity;sid:84138516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akitaxss/bin.x86"; depth:17; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275415/; classtype:trojan-activity;sid:84138515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275414/; classtype:trojan-activity;sid:84138514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.195.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275413/; classtype:trojan-activity;sid:84138513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.146.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275412/; classtype:trojan-activity;sid:84138512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.81.243"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275411/; classtype:trojan-activity;sid:84138511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/main.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275410/; classtype:trojan-activity;sid:84138510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.164.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275409/; classtype:trojan-activity;sid:84138509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.31.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275408/; classtype:trojan-activity;sid:84138508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.101.160.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275407/; classtype:trojan-activity;sid:84138507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.196.170.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275406/; classtype:trojan-activity;sid:84138506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.45.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275405/; classtype:trojan-activity;sid:84138505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275404/; classtype:trojan-activity;sid:84138504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.222.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275403/; classtype:trojan-activity;sid:84138503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.112.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275402/; classtype:trojan-activity;sid:84138502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275401/; classtype:trojan-activity;sid:84138501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275400/; classtype:trojan-activity;sid:84138500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.248.135.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275399/; classtype:trojan-activity;sid:84138499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275398/; classtype:trojan-activity;sid:84138498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.40.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275397/; classtype:trojan-activity;sid:84138497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.176.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275396/; classtype:trojan-activity;sid:84138496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.6.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275395/; classtype:trojan-activity;sid:84138495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.88.179.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275394/; classtype:trojan-activity;sid:84138494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.15.19.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275392/; classtype:trojan-activity;sid:84138492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.189.4.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275393/; classtype:trojan-activity;sid:84138493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.229.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275391/; classtype:trojan-activity;sid:84138491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.33.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275390/; classtype:trojan-activity;sid:84138490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.72.16.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275389/; classtype:trojan-activity;sid:84138489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.190.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275388/; classtype:trojan-activity;sid:84138488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.220.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275387/; classtype:trojan-activity;sid:84138487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.240.50.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275386/; classtype:trojan-activity;sid:84138486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275385/; classtype:trojan-activity;sid:84138485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.229.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275384/; classtype:trojan-activity;sid:84138484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.77.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275383/; classtype:trojan-activity;sid:84138483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.137.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275382/; classtype:trojan-activity;sid:84138482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.177.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275380/; classtype:trojan-activity;sid:84138480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.221.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275381/; classtype:trojan-activity;sid:84138481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.224.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275379/; classtype:trojan-activity;sid:84138479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.190.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275378/; classtype:trojan-activity;sid:84138478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.112.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275377/; classtype:trojan-activity;sid:84138477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.169.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275376/; classtype:trojan-activity;sid:84138476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.225.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275375/; classtype:trojan-activity;sid:84138475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275374/; classtype:trojan-activity;sid:84138474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.248.135.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275373/; classtype:trojan-activity;sid:84138473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.9.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275371/; classtype:trojan-activity;sid:84138471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.69.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275372/; classtype:trojan-activity;sid:84138472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275370/; classtype:trojan-activity;sid:84138470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275369/; classtype:trojan-activity;sid:84138469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.102.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275368/; classtype:trojan-activity;sid:84138468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.111.75.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275367/; classtype:trojan-activity;sid:84138467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.122.61.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275366/; classtype:trojan-activity;sid:84138466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.109.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275365/; classtype:trojan-activity;sid:84138465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.230.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275362/; classtype:trojan-activity;sid:84138462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275363/; classtype:trojan-activity;sid:84138463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.198.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275364/; classtype:trojan-activity;sid:84138464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.19.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275361/; classtype:trojan-activity;sid:84138461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.254.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275360/; classtype:trojan-activity;sid:84138460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.38.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275358/; classtype:trojan-activity;sid:84138458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.132.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275359/; classtype:trojan-activity;sid:84138459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.135.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275355/; classtype:trojan-activity;sid:84138455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.58.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275356/; classtype:trojan-activity;sid:84138456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.213.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275357/; classtype:trojan-activity;sid:84138457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.180.8.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275354/; classtype:trojan-activity;sid:84138454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.59.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275353/; classtype:trojan-activity;sid:84138453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.23.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275352/; classtype:trojan-activity;sid:84138452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.113.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275351/; classtype:trojan-activity;sid:84138451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275350/; classtype:trojan-activity;sid:84138450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.22.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275349/; classtype:trojan-activity;sid:84138449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.60.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275348/; classtype:trojan-activity;sid:84138448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.59.253.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275347/; classtype:trojan-activity;sid:84138447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.134.254.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275346/; classtype:trojan-activity;sid:84138446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275345/; classtype:trojan-activity;sid:84138445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.121.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275344/; classtype:trojan-activity;sid:84138444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.240.50.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275343/; classtype:trojan-activity;sid:84138443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.84.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275342/; classtype:trojan-activity;sid:84138442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.132.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275341/; classtype:trojan-activity;sid:84138441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.250.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275340/; classtype:trojan-activity;sid:84138440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.219.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275339/; classtype:trojan-activity;sid:84138439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.24.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275338/; classtype:trojan-activity;sid:84138438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.169.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275337/; classtype:trojan-activity;sid:84138437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.118.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275336/; classtype:trojan-activity;sid:84138436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275335/; classtype:trojan-activity;sid:84138435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"106.56.123.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275334/; classtype:trojan-activity;sid:84138434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275333/; classtype:trojan-activity;sid:84138433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdsecureutil.exe"; depth:17; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275332/; classtype:trojan-activity;sid:84138432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ermando2.txt"; depth:13; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275330/; classtype:trojan-activity;sid:84138430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ermando1.txt"; depth:13; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275331/; classtype:trojan-activity;sid:84138431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275329/; classtype:trojan-activity;sid:84138429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.23.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275328/; classtype:trojan-activity;sid:84138428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.59.253.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275327/; classtype:trojan-activity;sid:84138427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.57.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275326/; classtype:trojan-activity;sid:84138426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.115.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275325/; classtype:trojan-activity;sid:84138425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.59.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275324/; classtype:trojan-activity;sid:84138424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275323/; classtype:trojan-activity;sid:84138423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.120.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275322/; classtype:trojan-activity;sid:84138422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.53.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275321/; classtype:trojan-activity;sid:84138421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.84.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275320/; classtype:trojan-activity;sid:84138420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.93.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275319/; classtype:trojan-activity;sid:84138419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.118.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275318/; classtype:trojan-activity;sid:84138418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.139.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275317/; classtype:trojan-activity;sid:84138417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275316/; classtype:trojan-activity;sid:84138416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.100.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275315/; classtype:trojan-activity;sid:84138415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275314/; classtype:trojan-activity;sid:84138414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.70.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275313/; classtype:trojan-activity;sid:84138413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275312/; classtype:trojan-activity;sid:84138412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275311/; classtype:trojan-activity;sid:84138411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.225.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275310/; classtype:trojan-activity;sid:84138410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.92.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275309/; classtype:trojan-activity;sid:84138409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275308/; classtype:trojan-activity;sid:84138408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.55.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275307/; classtype:trojan-activity;sid:84138407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.166.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275305/; classtype:trojan-activity;sid:84138405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275306/; classtype:trojan-activity;sid:84138406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.222.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275304/; classtype:trojan-activity;sid:84138404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.101.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275303/; classtype:trojan-activity;sid:84138403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.215.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275302/; classtype:trojan-activity;sid:84138402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/osgczxcrauaogrcce2haijxuoidjqu78wx"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275300/; classtype:trojan-activity;sid:84138400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bzb56ngfzvhodqitgw8eici3bbn4g0a9ne"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275301/; classtype:trojan-activity;sid:84138401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.118.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275299/; classtype:trojan-activity;sid:84138399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/naoyxkh8l8fmokfgc3na2jqm8keugesct3"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275295/; classtype:trojan-activity;sid:84138395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wudteren1mkqff26708hgybu8q5wvynsd0"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275296/; classtype:trojan-activity;sid:84138396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/l2k6ay5fudeyn65xw9kwllftg6s5wbpunb"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275297/; classtype:trojan-activity;sid:84138397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/s0d31wnlhdzcld5ismas9vur6mb74ocaau"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275298/; classtype:trojan-activity;sid:84138398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.255.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275294/; classtype:trojan-activity;sid:84138394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/coqkkyrjy7jrj6jedgpzwmkkn7n0rbjgqx"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275290/; classtype:trojan-activity;sid:84138390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qhvgnbzhl0vwynjajfwqvijxb312fcwb61"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275291/; classtype:trojan-activity;sid:84138391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/9d9ke7rkjrfrqbvsgvwdbabkyvqjjtkkcd"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275292/; classtype:trojan-activity;sid:84138392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/eknejaipbckgrhnslrsjfxmvkq9qcty9fk"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275293/; classtype:trojan-activity;sid:84138393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4cpwlxnrt5fqbb2vgxpd9vw3cdbj6vfarp"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275287/; classtype:trojan-activity;sid:84138387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o0zrtapu0rw0exb9csa6i5cyvpx2gqz2kp"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275288/; classtype:trojan-activity;sid:84138388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ocnv0iqmbfj1esrgvdf2valwzygiavruts"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275289/; classtype:trojan-activity;sid:84138389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.162.202.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275286/; classtype:trojan-activity;sid:84138386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.0.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275285/; classtype:trojan-activity;sid:84138385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.105.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275284/; classtype:trojan-activity;sid:84138384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ghnt6rxxueeirffz4z7oiaxbyzt1b8doty"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275281/; classtype:trojan-activity;sid:84138381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.133.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275282/; classtype:trojan-activity;sid:84138382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.133.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275283/; classtype:trojan-activity;sid:84138383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.245.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275279/; classtype:trojan-activity;sid:84138379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275280/; classtype:trojan-activity;sid:84138380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.60.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275278/; classtype:trojan-activity;sid:84138378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.152.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275277/; classtype:trojan-activity;sid:84138377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.24.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275276/; classtype:trojan-activity;sid:84138376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.164.178.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275275/; classtype:trojan-activity;sid:84138375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.215.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275274/; classtype:trojan-activity;sid:84138374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.50.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275273/; classtype:trojan-activity;sid:84138373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.172.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275272/; classtype:trojan-activity;sid:84138372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.158.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275271/; classtype:trojan-activity;sid:84138371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.124.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275270/; classtype:trojan-activity;sid:84138370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.180.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275269/; classtype:trojan-activity;sid:84138369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.120.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275268/; classtype:trojan-activity;sid:84138368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.174.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275267/; classtype:trojan-activity;sid:84138367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.26.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275266/; classtype:trojan-activity;sid:84138366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.67.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275265/; classtype:trojan-activity;sid:84138365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.191.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275264/; classtype:trojan-activity;sid:84138364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.242.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275262/; classtype:trojan-activity;sid:84138362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.122.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275263/; classtype:trojan-activity;sid:84138363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.0.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275261/; classtype:trojan-activity;sid:84138361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275260/; classtype:trojan-activity;sid:84138360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.23.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275258/; classtype:trojan-activity;sid:84138358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.223.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275259/; classtype:trojan-activity;sid:84138359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.72.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275257/; classtype:trojan-activity;sid:84138357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.201.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275256/; classtype:trojan-activity;sid:84138356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.215.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275255/; classtype:trojan-activity;sid:84138355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.6.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275254/; classtype:trojan-activity;sid:84138354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.29.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275253/; classtype:trojan-activity;sid:84138353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.225.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275252/; classtype:trojan-activity;sid:84138352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.203.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275250/; classtype:trojan-activity;sid:84138350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.48.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275251/; classtype:trojan-activity;sid:84138351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.80.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275249/; classtype:trojan-activity;sid:84138349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1fis2mc5dhllxwqksuytpybqne_n2xx9p"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275245/; classtype:trojan-activity;sid:84138345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kywfd3o8r9ukkpuqbith1xaywtu1qeit"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275246/; classtype:trojan-activity;sid:84138346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=162fomrp1wzqrlitdgp2spt1ubzpwj5ox"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275247/; classtype:trojan-activity;sid:84138347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.159.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275248/; classtype:trojan-activity;sid:84138348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.40.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275238/; classtype:trojan-activity;sid:84138338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11tfcoys5tuxg7zw4bxocbtog_6xfied0"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275239/; classtype:trojan-activity;sid:84138339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=10duu5hs-aflqt56ag6u6o5ys2rm78-n2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275243/; classtype:trojan-activity;sid:84138343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=14nlwjh9qyuacpcfodobipvrmfeagb40l"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275244/; classtype:trojan-activity;sid:84138344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jnxehcf7k8bt3sr2qwmowzafp06o9ik6"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275237/; classtype:trojan-activity;sid:84138337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.247.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275236/; classtype:trojan-activity;sid:84138336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.164.178.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275235/; classtype:trojan-activity;sid:84138335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275234/; classtype:trojan-activity;sid:84138334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.189.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275233/; classtype:trojan-activity;sid:84138333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqlo.dll"; depth:9; endswith; nocase; http.host; content:"tougn.website"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275232/; classtype:trojan-activity;sid:84138332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.229.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275231/; classtype:trojan-activity;sid:84138331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nss3.dll"; depth:9; endswith; nocase; http.host; content:"tougn.website"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275228/; classtype:trojan-activity;sid:84138328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcruntime140.dll"; depth:17; endswith; nocase; http.host; content:"tougn.website"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275229/; classtype:trojan-activity;sid:84138329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softokn3.dll"; depth:13; endswith; nocase; http.host; content:"tougn.website"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275230/; classtype:trojan-activity;sid:84138330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozglue.dll"; depth:12; endswith; nocase; http.host; content:"tougn.website"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275225/; classtype:trojan-activity;sid:84138325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msvcp140.dll"; depth:13; endswith; nocase; http.host; content:"tougn.website"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275226/; classtype:trojan-activity;sid:84138326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freebl3.dll"; depth:12; endswith; nocase; http.host; content:"tougn.website"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275227/; classtype:trojan-activity;sid:84138327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.210.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275224/; classtype:trojan-activity;sid:84138324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/visitorlevy.exe"; depth:16; endswith; nocase; http.host; content:"79.124.58.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275223/; classtype:trojan-activity;sid:84138323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/we/givingbestthignswithgreatheatcaptialthingstodo.hta"; depth:58; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275222/; classtype:trojan-activity;sid:84138322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/bignewswithgreatcarewithgreatnewscoin.tif"; depth:46; endswith; nocase; http.host; content:"107.173.4.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275220/; classtype:trojan-activity;sid:84138320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uyhqwrnxclkbj3j63ll1t2stvggxbst0"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275221/; classtype:trojan-activity;sid:84138321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.157.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275219/; classtype:trojan-activity;sid:84138319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.247.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275218/; classtype:trojan-activity;sid:84138318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275217/; classtype:trojan-activity;sid:84138317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.111.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275214/; classtype:trojan-activity;sid:84138314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275215/; classtype:trojan-activity;sid:84138315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.197.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275216/; classtype:trojan-activity;sid:84138316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diamotrix.exe"; depth:14; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275213/; classtype:trojan-activity;sid:84138313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275212/; classtype:trojan-activity;sid:84138312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.81.113.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275211/; classtype:trojan-activity;sid:84138311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.23.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275210/; classtype:trojan-activity;sid:84138310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.183.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275209/; classtype:trojan-activity;sid:84138309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.46.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275208/; classtype:trojan-activity;sid:84138308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.54.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275207/; classtype:trojan-activity;sid:84138307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275206/; classtype:trojan-activity;sid:84138306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.146.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275205/; classtype:trojan-activity;sid:84138305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/zok7yvjlvmdji9aj.exe"; depth:25; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275204/; classtype:trojan-activity;sid:84138304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.246.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275203/; classtype:trojan-activity;sid:84138303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.191.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275202/; classtype:trojan-activity;sid:84138302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.29.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275201/; classtype:trojan-activity;sid:84138301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.220.182.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275200/; classtype:trojan-activity;sid:84138300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.94.190.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275198/; classtype:trojan-activity;sid:84138298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275199/; classtype:trojan-activity;sid:84138299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.41.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275197/; classtype:trojan-activity;sid:84138297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.250.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275196/; classtype:trojan-activity;sid:84138296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.126.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275195/; classtype:trojan-activity;sid:84138295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.214.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275194/; classtype:trojan-activity;sid:84138294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.149.77.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275193/; classtype:trojan-activity;sid:84138293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gzlilfnb217.bin"; depth:16; endswith; nocase; http.host; content:"212.162.149.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275192/; classtype:trojan-activity;sid:84138292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.189.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275191/; classtype:trojan-activity;sid:84138291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.210.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275190/; classtype:trojan-activity;sid:84138290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.191.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275188/; classtype:trojan-activity;sid:84138288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.157.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275189/; classtype:trojan-activity;sid:84138289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.11.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275186/; classtype:trojan-activity;sid:84138286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.191.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275187/; classtype:trojan-activity;sid:84138287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.172.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275185/; classtype:trojan-activity;sid:84138285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.91.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275184/; classtype:trojan-activity;sid:84138284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.252.197.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275183/; classtype:trojan-activity;sid:84138283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275182/; classtype:trojan-activity;sid:84138282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.191.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275181/; classtype:trojan-activity;sid:84138281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.27.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275180/; classtype:trojan-activity;sid:84138280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.48.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275179/; classtype:trojan-activity;sid:84138279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.226.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275178/; classtype:trojan-activity;sid:84138278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275177/; classtype:trojan-activity;sid:84138277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275176/; classtype:trojan-activity;sid:84138276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.101.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275175/; classtype:trojan-activity;sid:84138275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.9.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275174/; classtype:trojan-activity;sid:84138274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.85.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275173/; classtype:trojan-activity;sid:84138273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275172/; classtype:trojan-activity;sid:84138272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.121.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275171/; classtype:trojan-activity;sid:84138271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.221.222.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275170/; classtype:trojan-activity;sid:84138270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.210.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275169/; classtype:trojan-activity;sid:84138269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/segura.vbs"; depth:11; endswith; nocase; http.host; content:"152.201.184.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275168/; classtype:trojan-activity;sid:84138268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asegurar.vbs"; depth:13; endswith; nocase; http.host; content:"152.201.184.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275167/; classtype:trojan-activity;sid:84138267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.94.191"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275166/; classtype:trojan-activity;sid:84138266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.248.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275165/; classtype:trojan-activity;sid:84138265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275164/; classtype:trojan-activity;sid:84138264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.220.182.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275163/; classtype:trojan-activity;sid:84138263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.44.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275162/; classtype:trojan-activity;sid:84138262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.221.222.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275161/; classtype:trojan-activity;sid:84138261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275160/; classtype:trojan-activity;sid:84138260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.133.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275159/; classtype:trojan-activity;sid:84138259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.5.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275158/; classtype:trojan-activity;sid:84138258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.156.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275156/; classtype:trojan-activity;sid:84138256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.136.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275157/; classtype:trojan-activity;sid:84138257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.56.54.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275155/; classtype:trojan-activity;sid:84138255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.233.156.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275154/; classtype:trojan-activity;sid:84138254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.46.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275153/; classtype:trojan-activity;sid:84138253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.79.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275151/; classtype:trojan-activity;sid:84138251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.184.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275152/; classtype:trojan-activity;sid:84138252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.152.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275150/; classtype:trojan-activity;sid:84138250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.55.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275149/; classtype:trojan-activity;sid:84138249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.100.169.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275148/; classtype:trojan-activity;sid:84138248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.84.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275147/; classtype:trojan-activity;sid:84138247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.253.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275146/; classtype:trojan-activity;sid:84138246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.191.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275145/; classtype:trojan-activity;sid:84138245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.27.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275144/; classtype:trojan-activity;sid:84138244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275143/; classtype:trojan-activity;sid:84138243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.178.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275142/; classtype:trojan-activity;sid:84138242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.48.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275141/; classtype:trojan-activity;sid:84138241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.198.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275140/; classtype:trojan-activity;sid:84138240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275139/; classtype:trojan-activity;sid:84138239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.64.226.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275138/; classtype:trojan-activity;sid:84138238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.248.37.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275137/; classtype:trojan-activity;sid:84138237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.34.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275134/; classtype:trojan-activity;sid:84138234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.129.103.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275135/; classtype:trojan-activity;sid:84138235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.55.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275136/; classtype:trojan-activity;sid:84138236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.180.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275133/; classtype:trojan-activity;sid:84138233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.88.226.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275132/; classtype:trojan-activity;sid:84138232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.107.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275130/; classtype:trojan-activity;sid:84138230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.147.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275131/; classtype:trojan-activity;sid:84138231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.135.218.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275128/; classtype:trojan-activity;sid:84138228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.224.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275129/; classtype:trojan-activity;sid:84138229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.203.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275127/; classtype:trojan-activity;sid:84138227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.15.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275125/; classtype:trojan-activity;sid:84138225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.89.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275126/; classtype:trojan-activity;sid:84138226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.82.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275124/; classtype:trojan-activity;sid:84138224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.184.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275123/; classtype:trojan-activity;sid:84138223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.56.54.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275122/; classtype:trojan-activity;sid:84138222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.156.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275121/; classtype:trojan-activity;sid:84138221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.127.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275120/; classtype:trojan-activity;sid:84138220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.39.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275119/; classtype:trojan-activity;sid:84138219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.150.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275118/; classtype:trojan-activity;sid:84138218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.232.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275117/; classtype:trojan-activity;sid:84138217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.164.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275114/; classtype:trojan-activity;sid:84138214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.122.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275115/; classtype:trojan-activity;sid:84138215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.72.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275116/; classtype:trojan-activity;sid:84138216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275113/; classtype:trojan-activity;sid:84138213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.152.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275112/; classtype:trojan-activity;sid:84138212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275111/; classtype:trojan-activity;sid:84138211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.79.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275110/; classtype:trojan-activity;sid:84138210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.28.82"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275109/; classtype:trojan-activity;sid:84138209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.219.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275108/; classtype:trojan-activity;sid:84138208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.10.82"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275107/; classtype:trojan-activity;sid:84138207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.165.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275106/; classtype:trojan-activity;sid:84138206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.142.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275105/; classtype:trojan-activity;sid:84138205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.22.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275104/; classtype:trojan-activity;sid:84138204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275103/; classtype:trojan-activity;sid:84138203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.156.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275102/; classtype:trojan-activity;sid:84138202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.15.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275101/; classtype:trojan-activity;sid:84138201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.123.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275100/; classtype:trojan-activity;sid:84138200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.89.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275099/; classtype:trojan-activity;sid:84138199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.190.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275098/; classtype:trojan-activity;sid:84138198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.81.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275097/; classtype:trojan-activity;sid:84138197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.34.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275096/; classtype:trojan-activity;sid:84138196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.150.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275095/; classtype:trojan-activity;sid:84138195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.81.26.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275094/; classtype:trojan-activity;sid:84138194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.223.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275093/; classtype:trojan-activity;sid:84138193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.223.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275092/; classtype:trojan-activity;sid:84138192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275091/; classtype:trojan-activity;sid:84138191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.1.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275090/; classtype:trojan-activity;sid:84138190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.178.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275089/; classtype:trojan-activity;sid:84138189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.15.53"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275087/; classtype:trojan-activity;sid:84138187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.122.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275088/; classtype:trojan-activity;sid:84138188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.170.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275086/; classtype:trojan-activity;sid:84138186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.41.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275084/; classtype:trojan-activity;sid:84138184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.97.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275085/; classtype:trojan-activity;sid:84138185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.10.82"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275083/; classtype:trojan-activity;sid:84138183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.39.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275082/; classtype:trojan-activity;sid:84138182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.118.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275081/; classtype:trojan-activity;sid:84138181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.72.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275080/; classtype:trojan-activity;sid:84138180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.27.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275079/; classtype:trojan-activity;sid:84138179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.228.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275078/; classtype:trojan-activity;sid:84138178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.138.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275077/; classtype:trojan-activity;sid:84138177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.201.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275076/; classtype:trojan-activity;sid:84138176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.226.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275075/; classtype:trojan-activity;sid:84138175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.81.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275074/; classtype:trojan-activity;sid:84138174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.188.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275071/; classtype:trojan-activity;sid:84138171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.138.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275072/; classtype:trojan-activity;sid:84138172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275073/; classtype:trojan-activity;sid:84138173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.242.54.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275070/; classtype:trojan-activity;sid:84138170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275069/; classtype:trojan-activity;sid:84138169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.15.53"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275068/; classtype:trojan-activity;sid:84138168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.247.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275067/; classtype:trojan-activity;sid:84138167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.114.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275066/; classtype:trojan-activity;sid:84138166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.190.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275065/; classtype:trojan-activity;sid:84138165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.26.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275064/; classtype:trojan-activity;sid:84138164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.97.113.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275063/; classtype:trojan-activity;sid:84138163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.140.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275062/; classtype:trojan-activity;sid:84138162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.228.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275061/; classtype:trojan-activity;sid:84138161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.111.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275060/; classtype:trojan-activity;sid:84138160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275059/; classtype:trojan-activity;sid:84138159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"168.195.81.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275058/; classtype:trojan-activity;sid:84138158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.72.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275057/; classtype:trojan-activity;sid:84138157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275056/; classtype:trojan-activity;sid:84138156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.28.232"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275055/; classtype:trojan-activity;sid:84138155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275054/; classtype:trojan-activity;sid:84138154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275052/; classtype:trojan-activity;sid:84138152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.178.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275053/; classtype:trojan-activity;sid:84138153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.192.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275051/; classtype:trojan-activity;sid:84138151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.165.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275050/; classtype:trojan-activity;sid:84138150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.251.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275048/; classtype:trojan-activity;sid:84138148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.18.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275049/; classtype:trojan-activity;sid:84138149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/en7nq8lm3v7yww0.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275047/; classtype:trojan-activity;sid:84138147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.94.190.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275046/; classtype:trojan-activity;sid:84138146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.242.54.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275045/; classtype:trojan-activity;sid:84138145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.31.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275044/; classtype:trojan-activity;sid:84138144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.244.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275043/; classtype:trojan-activity;sid:84138143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.27.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275042/; classtype:trojan-activity;sid:84138142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.212.201.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275041/; classtype:trojan-activity;sid:84138141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.182.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275040/; classtype:trojan-activity;sid:84138140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.240.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275039/; classtype:trojan-activity;sid:84138139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.80.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275038/; classtype:trojan-activity;sid:84138138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275037/; classtype:trojan-activity;sid:84138137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275036/; classtype:trojan-activity;sid:84138136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275034/; classtype:trojan-activity;sid:84138134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.30.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275035/; classtype:trojan-activity;sid:84138135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.18.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275033/; classtype:trojan-activity;sid:84138133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.146.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275032/; classtype:trojan-activity;sid:84138132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.244.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275030/; classtype:trojan-activity;sid:84138130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.56.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275031/; classtype:trojan-activity;sid:84138131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.26.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275029/; classtype:trojan-activity;sid:84138129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.82.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275028/; classtype:trojan-activity;sid:84138128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.201.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275027/; classtype:trojan-activity;sid:84138127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.215.176.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275026/; classtype:trojan-activity;sid:84138126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.30.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275025/; classtype:trojan-activity;sid:84138125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.230.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275024/; classtype:trojan-activity;sid:84138124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.114.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275023/; classtype:trojan-activity;sid:84138123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.89.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275022/; classtype:trojan-activity;sid:84138122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.251.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275021/; classtype:trojan-activity;sid:84138121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.192.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275019/; classtype:trojan-activity;sid:84138119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.80.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275020/; classtype:trojan-activity;sid:84138120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.123.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275018/; classtype:trojan-activity;sid:84138118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.175.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275017/; classtype:trojan-activity;sid:84138117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.169.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275016/; classtype:trojan-activity;sid:84138116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275015/; classtype:trojan-activity;sid:84138115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.53.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275014/; classtype:trojan-activity;sid:84138114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.255.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275013/; classtype:trojan-activity;sid:84138113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.244.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275011/; classtype:trojan-activity;sid:84138111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.175.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275012/; classtype:trojan-activity;sid:84138112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.52.4.164"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275010/; classtype:trojan-activity;sid:84138110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275009/; classtype:trojan-activity;sid:84138109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275008/; classtype:trojan-activity;sid:84138108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.16.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275007/; classtype:trojan-activity;sid:84138107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.218.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275006/; classtype:trojan-activity;sid:84138106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275004/; classtype:trojan-activity;sid:84138104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.85.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275005/; classtype:trojan-activity;sid:84138105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.252.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275003/; classtype:trojan-activity;sid:84138103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obfuscated.exe"; depth:15; endswith; nocase; http.host; content:"108.165.228.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275002/; classtype:trojan-activity;sid:84138102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.184.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275001/; classtype:trojan-activity;sid:84138101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.32.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275000/; classtype:trojan-activity;sid:84138100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.140.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274999/; classtype:trojan-activity;sid:84138099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.213.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274998/; classtype:trojan-activity;sid:84138098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.89.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274997/; classtype:trojan-activity;sid:84138097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.162.16.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274996/; classtype:trojan-activity;sid:84138096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.238.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274995/; classtype:trojan-activity;sid:84138095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.27.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274993/; classtype:trojan-activity;sid:84138093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.30.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274994/; classtype:trojan-activity;sid:84138094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.114.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274992/; classtype:trojan-activity;sid:84138092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.169.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274991/; classtype:trojan-activity;sid:84138091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.123.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274990/; classtype:trojan-activity;sid:84138090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.93.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274989/; classtype:trojan-activity;sid:84138089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.235.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274988/; classtype:trojan-activity;sid:84138088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.215.176.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274987/; classtype:trojan-activity;sid:84138087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.51.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274986/; classtype:trojan-activity;sid:84138086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274985/; classtype:trojan-activity;sid:84138085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.31.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274983/; classtype:trojan-activity;sid:84138083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.224.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274984/; classtype:trojan-activity;sid:84138084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.109.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274982/; classtype:trojan-activity;sid:84138082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.16.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274981/; classtype:trojan-activity;sid:84138081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.242.86.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274980/; classtype:trojan-activity;sid:84138080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274979/; classtype:trojan-activity;sid:84138079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.32.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274978/; classtype:trojan-activity;sid:84138078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.20.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274976/; classtype:trojan-activity;sid:84138076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.27.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274977/; classtype:trojan-activity;sid:84138077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.40.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274975/; classtype:trojan-activity;sid:84138075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.101.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274974/; classtype:trojan-activity;sid:84138074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274973/; classtype:trojan-activity;sid:84138073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.132.132.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274972/; classtype:trojan-activity;sid:84138072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.195.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274970/; classtype:trojan-activity;sid:84138070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.247.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274971/; classtype:trojan-activity;sid:84138071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.179.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274968/; classtype:trojan-activity;sid:84138068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.105.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274969/; classtype:trojan-activity;sid:84138069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.59.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274967/; classtype:trojan-activity;sid:84138067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274966/; classtype:trojan-activity;sid:84138066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.146.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274964/; classtype:trojan-activity;sid:84138064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.87.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274965/; classtype:trojan-activity;sid:84138065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.120.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274963/; classtype:trojan-activity;sid:84138063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.51.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274962/; classtype:trojan-activity;sid:84138062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.93.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274961/; classtype:trojan-activity;sid:84138061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.28.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274960/; classtype:trojan-activity;sid:84138060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.15.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274959/; classtype:trojan-activity;sid:84138059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.219.216.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.157.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274958/; classtype:trojan-activity;sid:84138058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.179.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274956/; classtype:trojan-activity;sid:84138056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vakjf64"; depth:8; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274955/; classtype:trojan-activity;sid:84138055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.101.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274954/; classtype:trojan-activity;sid:84138054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.205.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274953/; classtype:trojan-activity;sid:84138053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274952/; classtype:trojan-activity;sid:84138052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.157.120.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274951/; classtype:trojan-activity;sid:84138051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.141.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274950/; classtype:trojan-activity;sid:84138050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.228.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274949/; classtype:trojan-activity;sid:84138049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.26.235.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274948/; classtype:trojan-activity;sid:84138048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.218.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274947/; classtype:trojan-activity;sid:84138047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.124.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274946/; classtype:trojan-activity;sid:84138046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.109.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274945/; classtype:trojan-activity;sid:84138045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.84.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274944/; classtype:trojan-activity;sid:84138044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.44.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274942/; classtype:trojan-activity;sid:84138042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.41.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274943/; classtype:trojan-activity;sid:84138043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.253.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274940/; classtype:trojan-activity;sid:84138040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.101.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274941/; classtype:trojan-activity;sid:84138041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.209.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274939/; classtype:trojan-activity;sid:84138039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.129.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274937/; classtype:trojan-activity;sid:84138037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.140.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274938/; classtype:trojan-activity;sid:84138038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.27.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274936/; classtype:trojan-activity;sid:84138036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.193.201.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274935/; classtype:trojan-activity;sid:84138035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.87.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274934/; classtype:trojan-activity;sid:84138034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.39.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274933/; classtype:trojan-activity;sid:84138033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"77.247.88.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274931/; classtype:trojan-activity;sid:84138031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.32.242.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274932/; classtype:trojan-activity;sid:84138032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.235.15.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274930/; classtype:trojan-activity;sid:84138030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.114.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274929/; classtype:trojan-activity;sid:84138029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.110.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274928/; classtype:trojan-activity;sid:84138028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.0.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274927/; classtype:trojan-activity;sid:84138027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274926/; classtype:trojan-activity;sid:84138026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.92.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274925/; classtype:trojan-activity;sid:84138025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.250.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274924/; classtype:trojan-activity;sid:84138024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.44.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274923/; classtype:trojan-activity;sid:84138023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.179.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274922/; classtype:trojan-activity;sid:84138022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.85.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274921/; classtype:trojan-activity;sid:84138021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.64.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274920/; classtype:trojan-activity;sid:84138020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.228.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274919/; classtype:trojan-activity;sid:84138019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.65.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274918/; classtype:trojan-activity;sid:84138018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.91.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274917/; classtype:trojan-activity;sid:84138017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.228.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274916/; classtype:trojan-activity;sid:84138016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.162.202.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274915/; classtype:trojan-activity;sid:84138015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.196.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274914/; classtype:trojan-activity;sid:84138014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.6.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274913/; classtype:trojan-activity;sid:84138013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.138.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274912/; classtype:trojan-activity;sid:84138012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.253.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274911/; classtype:trojan-activity;sid:84138011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.114.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274910/; classtype:trojan-activity;sid:84138010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.129.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274909/; classtype:trojan-activity;sid:84138009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.160.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274908/; classtype:trojan-activity;sid:84138008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.140.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274907/; classtype:trojan-activity;sid:84138007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.26.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274906/; classtype:trojan-activity;sid:84138006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.47.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274905/; classtype:trojan-activity;sid:84138005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.31.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274904/; classtype:trojan-activity;sid:84138004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.124.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274903/; classtype:trojan-activity;sid:84138003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.67.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274902/; classtype:trojan-activity;sid:84138002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.198.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274901/; classtype:trojan-activity;sid:84138001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.175.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274900/; classtype:trojan-activity;sid:84138000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.157.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274899/; classtype:trojan-activity;sid:84137999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.146.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274898/; classtype:trojan-activity;sid:84137998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274897/; classtype:trojan-activity;sid:84137997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.198.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274896/; classtype:trojan-activity;sid:84137996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.140.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274895/; classtype:trojan-activity;sid:84137995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274894/; classtype:trojan-activity;sid:84137994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.195.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274893/; classtype:trojan-activity;sid:84137993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.24.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274892/; classtype:trojan-activity;sid:84137992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.35.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274891/; classtype:trojan-activity;sid:84137991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.4.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274890/; classtype:trojan-activity;sid:84137990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.38.123.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274889/; classtype:trojan-activity;sid:84137989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.121.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274887/; classtype:trojan-activity;sid:84137987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.119.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274888/; classtype:trojan-activity;sid:84137988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.153.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274886/; classtype:trojan-activity;sid:84137986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.103.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274885/; classtype:trojan-activity;sid:84137985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.84.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274884/; classtype:trojan-activity;sid:84137984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.196.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274883/; classtype:trojan-activity;sid:84137983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274882/; classtype:trojan-activity;sid:84137982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.44.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274881/; classtype:trojan-activity;sid:84137981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.210.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274880/; classtype:trojan-activity;sid:84137980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.140.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274879/; classtype:trojan-activity;sid:84137979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.103.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274878/; classtype:trojan-activity;sid:84137978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274877/; classtype:trojan-activity;sid:84137977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.57.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274876/; classtype:trojan-activity;sid:84137976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274875/; classtype:trojan-activity;sid:84137975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.175.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274874/; classtype:trojan-activity;sid:84137974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.198.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274873/; classtype:trojan-activity;sid:84137973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274872/; classtype:trojan-activity;sid:84137972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.38.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274870/; classtype:trojan-activity;sid:84137970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.218.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274871/; classtype:trojan-activity;sid:84137971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.52.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274869/; classtype:trojan-activity;sid:84137969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.210.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274868/; classtype:trojan-activity;sid:84137968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.35.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274867/; classtype:trojan-activity;sid:84137967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.250.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274866/; classtype:trojan-activity;sid:84137966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.195.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274865/; classtype:trojan-activity;sid:84137965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.52.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274863/; classtype:trojan-activity;sid:84137963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.36.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274864/; classtype:trojan-activity;sid:84137964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.119.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274862/; classtype:trojan-activity;sid:84137962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.106.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274861/; classtype:trojan-activity;sid:84137961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.209.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274859/; classtype:trojan-activity;sid:84137959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.36.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274860/; classtype:trojan-activity;sid:84137960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.38.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274858/; classtype:trojan-activity;sid:84137958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.59.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274857/; classtype:trojan-activity;sid:84137957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.140.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274856/; classtype:trojan-activity;sid:84137956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.103.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274855/; classtype:trojan-activity;sid:84137955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.44.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274854/; classtype:trojan-activity;sid:84137954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.210.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274853/; classtype:trojan-activity;sid:84137953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.134.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274852/; classtype:trojan-activity;sid:84137952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.103.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274851/; classtype:trojan-activity;sid:84137951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274850/; classtype:trojan-activity;sid:84137950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.167.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274849/; classtype:trojan-activity;sid:84137949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.228.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274847/; classtype:trojan-activity;sid:84137947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.211.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274848/; classtype:trojan-activity;sid:84137948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.44.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274846/; classtype:trojan-activity;sid:84137946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.218.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274845/; classtype:trojan-activity;sid:84137945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.30.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274844/; classtype:trojan-activity;sid:84137944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.188.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274843/; classtype:trojan-activity;sid:84137943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.7.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274842/; classtype:trojan-activity;sid:84137942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.216.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274841/; classtype:trojan-activity;sid:84137941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274840/; classtype:trojan-activity;sid:84137940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.246.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274839/; classtype:trojan-activity;sid:84137939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.52.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274838/; classtype:trojan-activity;sid:84137938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.217.111.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274837/; classtype:trojan-activity;sid:84137937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274836/; classtype:trojan-activity;sid:84137936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.215.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274835/; classtype:trojan-activity;sid:84137935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.118.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274834/; classtype:trojan-activity;sid:84137934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.244.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274833/; classtype:trojan-activity;sid:84137933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.209.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274832/; classtype:trojan-activity;sid:84137932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.119.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274831/; classtype:trojan-activity;sid:84137931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.35.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274830/; classtype:trojan-activity;sid:84137930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274828/; classtype:trojan-activity;sid:84137928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.35.179.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274829/; classtype:trojan-activity;sid:84137929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.224.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274827/; classtype:trojan-activity;sid:84137927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.44.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274826/; classtype:trojan-activity;sid:84137926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.31.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274823/; classtype:trojan-activity;sid:84137923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.222.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274824/; classtype:trojan-activity;sid:84137924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274825/; classtype:trojan-activity;sid:84137925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.85.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274822/; classtype:trojan-activity;sid:84137922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.228.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274821/; classtype:trojan-activity;sid:84137921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.195.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274820/; classtype:trojan-activity;sid:84137920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.114.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274819/; classtype:trojan-activity;sid:84137919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.210.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274818/; classtype:trojan-activity;sid:84137918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.52.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274817/; classtype:trojan-activity;sid:84137917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.24.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274816/; classtype:trojan-activity;sid:84137916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.215.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274815/; classtype:trojan-activity;sid:84137915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274814/; classtype:trojan-activity;sid:84137914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.147.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274813/; classtype:trojan-activity;sid:84137913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.61.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274812/; classtype:trojan-activity;sid:84137912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.248.224.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274811/; classtype:trojan-activity;sid:84137911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.134.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274810/; classtype:trojan-activity;sid:84137910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.118.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274809/; classtype:trojan-activity;sid:84137909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.227.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274808/; classtype:trojan-activity;sid:84137908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274807/; classtype:trojan-activity;sid:84137907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.35.179.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274806/; classtype:trojan-activity;sid:84137906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.113.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274804/; classtype:trojan-activity;sid:84137904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.21.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274805/; classtype:trojan-activity;sid:84137905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274803/; classtype:trojan-activity;sid:84137903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.44.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274802/; classtype:trojan-activity;sid:84137902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.113.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274801/; classtype:trojan-activity;sid:84137901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274800/; classtype:trojan-activity;sid:84137900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.210.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274799/; classtype:trojan-activity;sid:84137899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.134.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274798/; classtype:trojan-activity;sid:84137898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.75.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274797/; classtype:trojan-activity;sid:84137897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.252.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274796/; classtype:trojan-activity;sid:84137896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.140.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274795/; classtype:trojan-activity;sid:84137895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.179.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274794/; classtype:trojan-activity;sid:84137894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.162.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274792/; classtype:trojan-activity;sid:84137892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.153.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274793/; classtype:trojan-activity;sid:84137893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.89.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274791/; classtype:trojan-activity;sid:84137891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.122.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274790/; classtype:trojan-activity;sid:84137890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.40.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274789/; classtype:trojan-activity;sid:84137889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.176.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274788/; classtype:trojan-activity;sid:84137888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274787/; classtype:trojan-activity;sid:84137887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274785/; classtype:trojan-activity;sid:84137885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.86.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274786/; classtype:trojan-activity;sid:84137886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.106.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274784/; classtype:trojan-activity;sid:84137884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.67.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274783/; classtype:trojan-activity;sid:84137883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.32.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274782/; classtype:trojan-activity;sid:84137882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.172.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274781/; classtype:trojan-activity;sid:84137881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.21.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274780/; classtype:trojan-activity;sid:84137880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.113.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274779/; classtype:trojan-activity;sid:84137879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274778/; classtype:trojan-activity;sid:84137878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.109.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274777/; classtype:trojan-activity;sid:84137877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.76.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274776/; classtype:trojan-activity;sid:84137876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.222.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274775/; classtype:trojan-activity;sid:84137875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.176.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274774/; classtype:trojan-activity;sid:84137874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.38.0.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274773/; classtype:trojan-activity;sid:84137873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.102.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274771/; classtype:trojan-activity;sid:84137871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.47.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274772/; classtype:trojan-activity;sid:84137872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.99.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274770/; classtype:trojan-activity;sid:84137870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.35.179.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274769/; classtype:trojan-activity;sid:84137869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.134.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274768/; classtype:trojan-activity;sid:84137868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.44.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274767/; classtype:trojan-activity;sid:84137867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.156.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274765/; classtype:trojan-activity;sid:84137865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.132.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274766/; classtype:trojan-activity;sid:84137866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.149.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274764/; classtype:trojan-activity;sid:84137864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.67.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274763/; classtype:trojan-activity;sid:84137863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.153.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274762/; classtype:trojan-activity;sid:84137862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.211.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274761/; classtype:trojan-activity;sid:84137861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.114.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274760/; classtype:trojan-activity;sid:84137860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.19.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274759/; classtype:trojan-activity;sid:84137859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.110.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274758/; classtype:trojan-activity;sid:84137858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.13.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274756/; classtype:trojan-activity;sid:84137856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.26.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274757/; classtype:trojan-activity;sid:84137857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.89.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274755/; classtype:trojan-activity;sid:84137855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.106.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274754/; classtype:trojan-activity;sid:84137854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.50.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274753/; classtype:trojan-activity;sid:84137853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.14.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274752/; classtype:trojan-activity;sid:84137852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.124.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274751/; classtype:trojan-activity;sid:84137851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.224.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274750/; classtype:trojan-activity;sid:84137850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.105.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274749/; classtype:trojan-activity;sid:84137849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.152.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274747/; classtype:trojan-activity;sid:84137847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.203.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274748/; classtype:trojan-activity;sid:84137848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.105.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274746/; classtype:trojan-activity;sid:84137846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.77.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274745/; classtype:trojan-activity;sid:84137845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.42.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274744/; classtype:trojan-activity;sid:84137844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.204.241.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274741/; classtype:trojan-activity;sid:84137841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.241.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274742/; classtype:trojan-activity;sid:84137842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274743/; classtype:trojan-activity;sid:84137843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.141.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274738/; classtype:trojan-activity;sid:84137838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.93.94.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274739/; classtype:trojan-activity;sid:84137839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.203.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274740/; classtype:trojan-activity;sid:84137840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.194.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274737/; classtype:trojan-activity;sid:84137837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274735/; classtype:trojan-activity;sid:84137835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.170.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274736/; classtype:trojan-activity;sid:84137836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.114.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274733/; classtype:trojan-activity;sid:84137833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.26.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274734/; classtype:trojan-activity;sid:84137834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.75.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274732/; classtype:trojan-activity;sid:84137832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274731/; classtype:trojan-activity;sid:84137831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.213.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274730/; classtype:trojan-activity;sid:84137830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274729/; classtype:trojan-activity;sid:84137829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274727/; classtype:trojan-activity;sid:84137827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.12.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274728/; classtype:trojan-activity;sid:84137828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.164.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274726/; classtype:trojan-activity;sid:84137826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.195.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274725/; classtype:trojan-activity;sid:84137825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.57.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274724/; classtype:trojan-activity;sid:84137824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.105.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274723/; classtype:trojan-activity;sid:84137823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.175.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274722/; classtype:trojan-activity;sid:84137822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.164.45.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274721/; classtype:trojan-activity;sid:84137821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.30.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274720/; classtype:trojan-activity;sid:84137820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274719/; classtype:trojan-activity;sid:84137819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.77.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274718/; classtype:trojan-activity;sid:84137818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.110.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274717/; classtype:trojan-activity;sid:84137817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.204.241.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274716/; classtype:trojan-activity;sid:84137816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.194.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274715/; classtype:trojan-activity;sid:84137815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.232.85.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274714/; classtype:trojan-activity;sid:84137814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.19.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274712/; classtype:trojan-activity;sid:84137812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.225.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274713/; classtype:trojan-activity;sid:84137813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.143.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274711/; classtype:trojan-activity;sid:84137811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.141.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274710/; classtype:trojan-activity;sid:84137810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.42.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274709/; classtype:trojan-activity;sid:84137809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.100.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274708/; classtype:trojan-activity;sid:84137808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274707/; classtype:trojan-activity;sid:84137807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.143.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274706/; classtype:trojan-activity;sid:84137806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.195.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274705/; classtype:trojan-activity;sid:84137805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.74.28.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274704/; classtype:trojan-activity;sid:84137804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.94.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274703/; classtype:trojan-activity;sid:84137803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.227.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274702/; classtype:trojan-activity;sid:84137802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.170.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274701/; classtype:trojan-activity;sid:84137801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.7.24"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274700/; classtype:trojan-activity;sid:84137800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.201.135.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274699/; classtype:trojan-activity;sid:84137799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.57.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274698/; classtype:trojan-activity;sid:84137798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.21.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274697/; classtype:trojan-activity;sid:84137797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.209.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274696/; classtype:trojan-activity;sid:84137796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.232.85.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274695/; classtype:trojan-activity;sid:84137795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.175.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274694/; classtype:trojan-activity;sid:84137794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274693/; classtype:trojan-activity;sid:84137793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.254.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274692/; classtype:trojan-activity;sid:84137792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274691/; classtype:trojan-activity;sid:84137791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.143.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274690/; classtype:trojan-activity;sid:84137790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.9.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274689/; classtype:trojan-activity;sid:84137789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.11.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274688/; classtype:trojan-activity;sid:84137788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.118.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274687/; classtype:trojan-activity;sid:84137787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274686/; classtype:trojan-activity;sid:84137786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.100.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274685/; classtype:trojan-activity;sid:84137785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.189.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274684/; classtype:trojan-activity;sid:84137784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.114.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274681/; classtype:trojan-activity;sid:84137781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.198.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274682/; classtype:trojan-activity;sid:84137782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.4.107.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274683/; classtype:trojan-activity;sid:84137783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.101.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274680/; classtype:trojan-activity;sid:84137780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.164.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274679/; classtype:trojan-activity;sid:84137779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.32.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274678/; classtype:trojan-activity;sid:84137778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.14.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274677/; classtype:trojan-activity;sid:84137777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.107.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274676/; classtype:trojan-activity;sid:84137776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.40.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274675/; classtype:trojan-activity;sid:84137775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.112.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274674/; classtype:trojan-activity;sid:84137774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.252.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274673/; classtype:trojan-activity;sid:84137773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.2.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274672/; classtype:trojan-activity;sid:84137772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.198.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274671/; classtype:trojan-activity;sid:84137771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.137.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274669/; classtype:trojan-activity;sid:84137769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.170.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274670/; classtype:trojan-activity;sid:84137770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.21.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274668/; classtype:trojan-activity;sid:84137768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.118.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274667/; classtype:trojan-activity;sid:84137767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.94.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274666/; classtype:trojan-activity;sid:84137766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.155.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274665/; classtype:trojan-activity;sid:84137765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.254.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274664/; classtype:trojan-activity;sid:84137764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.164.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274663/; classtype:trojan-activity;sid:84137763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.106.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274662/; classtype:trojan-activity;sid:84137762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.142.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274661/; classtype:trojan-activity;sid:84137761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.166.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274660/; classtype:trojan-activity;sid:84137760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.132.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274659/; classtype:trojan-activity;sid:84137759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274658/; classtype:trojan-activity;sid:84137758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.112.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274657/; classtype:trojan-activity;sid:84137757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.10.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274656/; classtype:trojan-activity;sid:84137756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274654/; classtype:trojan-activity;sid:84137754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.112.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274655/; classtype:trojan-activity;sid:84137755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274653/; classtype:trojan-activity;sid:84137753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.228.189.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274652/; classtype:trojan-activity;sid:84137752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274651/; classtype:trojan-activity;sid:84137751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274650/; classtype:trojan-activity;sid:84137750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.14.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274649/; classtype:trojan-activity;sid:84137749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.10.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274648/; classtype:trojan-activity;sid:84137748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.2.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274646/; classtype:trojan-activity;sid:84137746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.23.51.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274647/; classtype:trojan-activity;sid:84137747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.19.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274645/; classtype:trojan-activity;sid:84137745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.103.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274644/; classtype:trojan-activity;sid:84137744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.187.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274643/; classtype:trojan-activity;sid:84137743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.187.118.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274642/; classtype:trojan-activity;sid:84137742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.153.207.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274641/; classtype:trojan-activity;sid:84137741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.210.38.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274640/; classtype:trojan-activity;sid:84137740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.151.149.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274639/; classtype:trojan-activity;sid:84137739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.180.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274638/; classtype:trojan-activity;sid:84137738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.136.217.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274637/; classtype:trojan-activity;sid:84137737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.24.79.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274633/; classtype:trojan-activity;sid:84137733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.123.89.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274634/; classtype:trojan-activity;sid:84137734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.0.199.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.145.165.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274636/; classtype:trojan-activity;sid:84137736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.32.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274632/; classtype:trojan-activity;sid:84137732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.103.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274631/; classtype:trojan-activity;sid:84137731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274630/; classtype:trojan-activity;sid:84137730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.155.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274629/; classtype:trojan-activity;sid:84137729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.40.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274628/; classtype:trojan-activity;sid:84137728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274627/; classtype:trojan-activity;sid:84137727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.43.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274626/; classtype:trojan-activity;sid:84137726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.142.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274625/; classtype:trojan-activity;sid:84137725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.164.231.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274624/; classtype:trojan-activity;sid:84137724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.44.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274623/; classtype:trojan-activity;sid:84137723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274622/; classtype:trojan-activity;sid:84137722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/zipghbxlck/download/file.exe"; depth:35; endswith; nocase; http.host; content:"api.hostize.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274621/; classtype:trojan-activity;sid:84137721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274620/; classtype:trojan-activity;sid:84137720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.21.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274619/; classtype:trojan-activity;sid:84137719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.155.49.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274618/; classtype:trojan-activity;sid:84137718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274617/; classtype:trojan-activity;sid:84137717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.103.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274616/; classtype:trojan-activity;sid:84137716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.187.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274615/; classtype:trojan-activity;sid:84137715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.19.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274614/; classtype:trojan-activity;sid:84137714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274613/; classtype:trojan-activity;sid:84137713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.187.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274612/; classtype:trojan-activity;sid:84137712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.124.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274611/; classtype:trojan-activity;sid:84137711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.48.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274610/; classtype:trojan-activity;sid:84137710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.8.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274609/; classtype:trojan-activity;sid:84137709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.106.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274608/; classtype:trojan-activity;sid:84137708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.41.182.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274607/; classtype:trojan-activity;sid:84137707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.2.41.165"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274606/; classtype:trojan-activity;sid:84137706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.125.48.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274603/; classtype:trojan-activity;sid:84137703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.4.29.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274604/; classtype:trojan-activity;sid:84137704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.16.223.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274605/; classtype:trojan-activity;sid:84137705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.119.120.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274600/; classtype:trojan-activity;sid:84137700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.150.217.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274601/; classtype:trojan-activity;sid:84137701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.104.33.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.55.83.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274598/; classtype:trojan-activity;sid:84137698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.0.2.38"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274599/; classtype:trojan-activity;sid:84137699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.19.13.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.226.28.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274592/; classtype:trojan-activity;sid:84137692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.90.6.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274593/; classtype:trojan-activity;sid:84137693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.84.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274594/; classtype:trojan-activity;sid:84137694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"96.67.231.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274595/; classtype:trojan-activity;sid:84137695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"128.127.202.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274596/; classtype:trojan-activity;sid:84137696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.254.36.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274597/; classtype:trojan-activity;sid:84137697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.162.107.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274588/; classtype:trojan-activity;sid:84137688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.39.146.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274589/; classtype:trojan-activity;sid:84137689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.239.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274590/; classtype:trojan-activity;sid:84137690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274586/; classtype:trojan-activity;sid:84137686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274585/; classtype:trojan-activity;sid:84137685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274582/; classtype:trojan-activity;sid:84137682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.200.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274583/; classtype:trojan-activity;sid:84137683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.44.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274584/; classtype:trojan-activity;sid:84137684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.162.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274581/; classtype:trojan-activity;sid:84137681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274580/; classtype:trojan-activity;sid:84137680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.108.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274579/; classtype:trojan-activity;sid:84137679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.34.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274578/; classtype:trojan-activity;sid:84137678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274577/; classtype:trojan-activity;sid:84137677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.47.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274576/; classtype:trojan-activity;sid:84137676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.155.191.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274575/; classtype:trojan-activity;sid:84137675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.187.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274574/; classtype:trojan-activity;sid:84137674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.134.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274573/; classtype:trojan-activity;sid:84137673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.42.127.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274572/; classtype:trojan-activity;sid:84137672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.187.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274571/; classtype:trojan-activity;sid:84137671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.20.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274570/; classtype:trojan-activity;sid:84137670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.32.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274569/; classtype:trojan-activity;sid:84137669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.25.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274567/; classtype:trojan-activity;sid:84137667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.134.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274568/; classtype:trojan-activity;sid:84137668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.13.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274566/; classtype:trojan-activity;sid:84137666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274565/; classtype:trojan-activity;sid:84137665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.212.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274564/; classtype:trojan-activity;sid:84137664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.170.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274563/; classtype:trojan-activity;sid:84137663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.46.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274562/; classtype:trojan-activity;sid:84137662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.155.49.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274561/; classtype:trojan-activity;sid:84137661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.134.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274560/; classtype:trojan-activity;sid:84137660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.248.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274559/; classtype:trojan-activity;sid:84137659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.32.242.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274558/; classtype:trojan-activity;sid:84137658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.86.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274557/; classtype:trojan-activity;sid:84137657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.58.126.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274556/; classtype:trojan-activity;sid:84137656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.246.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274554/; classtype:trojan-activity;sid:84137654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.187.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274555/; classtype:trojan-activity;sid:84137655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274553/; classtype:trojan-activity;sid:84137653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.76.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274552/; classtype:trojan-activity;sid:84137652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274551/; classtype:trojan-activity;sid:84137651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.247.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274550/; classtype:trojan-activity;sid:84137650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.19.251.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274549/; classtype:trojan-activity;sid:84137649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.20.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274548/; classtype:trojan-activity;sid:84137648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.79.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274546/; classtype:trojan-activity;sid:84137646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.148.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274547/; classtype:trojan-activity;sid:84137647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.13.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274545/; classtype:trojan-activity;sid:84137645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.62.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274544/; classtype:trojan-activity;sid:84137644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.180.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274543/; classtype:trojan-activity;sid:84137643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.86.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274542/; classtype:trojan-activity;sid:84137642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.235.163.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274541/; classtype:trojan-activity;sid:84137641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.145.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274540/; classtype:trojan-activity;sid:84137640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.248.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274539/; classtype:trojan-activity;sid:84137639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.171.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274538/; classtype:trojan-activity;sid:84137638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.96.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274536/; classtype:trojan-activity;sid:84137636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274537/; classtype:trojan-activity;sid:84137637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"65.172.242.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274535/; classtype:trojan-activity;sid:84137635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.114.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274534/; classtype:trojan-activity;sid:84137634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.145.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274533/; classtype:trojan-activity;sid:84137633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274532/; classtype:trojan-activity;sid:84137632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notes/document.exe"; depth:19; endswith; nocase; http.host; content:"documentreviewone.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274531/; classtype:trojan-activity;sid:84137631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.14.217"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274530/; classtype:trojan-activity;sid:84137630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.12.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274529/; classtype:trojan-activity;sid:84137629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.109.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274528/; classtype:trojan-activity;sid:84137628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.180.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274527/; classtype:trojan-activity;sid:84137627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274526/; classtype:trojan-activity;sid:84137626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.85.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274524/; classtype:trojan-activity;sid:84137624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.203.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274525/; classtype:trojan-activity;sid:84137625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.118.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274521/; classtype:trojan-activity;sid:84137621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.81.26.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274522/; classtype:trojan-activity;sid:84137622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.107.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274523/; classtype:trojan-activity;sid:84137623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.107.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274520/; classtype:trojan-activity;sid:84137620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274519/; classtype:trojan-activity;sid:84137619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.228.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274518/; classtype:trojan-activity;sid:84137618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.73.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274517/; classtype:trojan-activity;sid:84137617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.191.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274516/; classtype:trojan-activity;sid:84137616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.205.181.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274515/; classtype:trojan-activity;sid:84137615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.114.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274514/; classtype:trojan-activity;sid:84137614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274513/; classtype:trojan-activity;sid:84137613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.33.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274512/; classtype:trojan-activity;sid:84137612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.215.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274511/; classtype:trojan-activity;sid:84137611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.184.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274510/; classtype:trojan-activity;sid:84137610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.110.176.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274509/; classtype:trojan-activity;sid:84137609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.219.123.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274508/; classtype:trojan-activity;sid:84137608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.85.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274507/; classtype:trojan-activity;sid:84137607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.209.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274506/; classtype:trojan-activity;sid:84137606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.226.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274505/; classtype:trojan-activity;sid:84137605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.61.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274504/; classtype:trojan-activity;sid:84137604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.190.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274503/; classtype:trojan-activity;sid:84137603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274502/; classtype:trojan-activity;sid:84137602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.172.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274501/; classtype:trojan-activity;sid:84137601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.228.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274500/; classtype:trojan-activity;sid:84137600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.37.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274499/; classtype:trojan-activity;sid:84137599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.147.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274498/; classtype:trojan-activity;sid:84137598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.130.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274497/; classtype:trojan-activity;sid:84137597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.73.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274496/; classtype:trojan-activity;sid:84137596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.125.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274495/; classtype:trojan-activity;sid:84137595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.205.181.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274494/; classtype:trojan-activity;sid:84137594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.251.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274492/; classtype:trojan-activity;sid:84137592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.184.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274493/; classtype:trojan-activity;sid:84137593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.20.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274491/; classtype:trojan-activity;sid:84137591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.240.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274490/; classtype:trojan-activity;sid:84137590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.63.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274489/; classtype:trojan-activity;sid:84137589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.245.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274488/; classtype:trojan-activity;sid:84137588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.147.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274487/; classtype:trojan-activity;sid:84137587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.209.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274486/; classtype:trojan-activity;sid:84137586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.72.16.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274485/; classtype:trojan-activity;sid:84137585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.172.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274484/; classtype:trojan-activity;sid:84137584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.137.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274483/; classtype:trojan-activity;sid:84137583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.163.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274481/; classtype:trojan-activity;sid:84137581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.58.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274482/; classtype:trojan-activity;sid:84137582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.78.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274480/; classtype:trojan-activity;sid:84137580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.37.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274479/; classtype:trojan-activity;sid:84137579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.242.86.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274478/; classtype:trojan-activity;sid:84137578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.38.19.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274477/; classtype:trojan-activity;sid:84137577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.32.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274476/; classtype:trojan-activity;sid:84137576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.228.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274475/; classtype:trojan-activity;sid:84137575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274474/; classtype:trojan-activity;sid:84137574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaoc"; depth:5; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274473/; classtype:trojan-activity;sid:84137573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.245.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274469/; classtype:trojan-activity;sid:84137569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etnk"; depth:5; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274470/; classtype:trojan-activity;sid:84137570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s18/pupqhpbtwgrdqwuohrkz.sh"; depth:28; endswith; nocase; http.host; content:"small.fileditchstuff.me"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274471/; classtype:trojan-activity;sid:84137571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s18/cocudinysynhrggypwuo.tar"; depth:29; endswith; nocase; http.host; content:"small.fileditchstuff.me"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274472/; classtype:trojan-activity;sid:84137572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsnj"; depth:5; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274468/; classtype:trojan-activity;sid:84137568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nossl/lsnj"; depth:11; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274466/; classtype:trojan-activity;sid:84137566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boru512/h4ck-f0rtnite/blob/main/loader.zip"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274467/; classtype:trojan-activity;sid:84137567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nossl/aaoc"; depth:11; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274465/; classtype:trojan-activity;sid:84137565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nossl/etnk"; depth:11; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274464/; classtype:trojan-activity;sid:84137564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nossl/bqnp"; depth:11; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274463/; classtype:trojan-activity;sid:84137563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bqnp"; depth:5; endswith; nocase; http.host; content:"oshi.at"; depth:7; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274462/; classtype:trojan-activity;sid:84137562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.137.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274461/; classtype:trojan-activity;sid:84137561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.92.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274460/; classtype:trojan-activity;sid:84137560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.40.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274459/; classtype:trojan-activity;sid:84137559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.98.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274458/; classtype:trojan-activity;sid:84137558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.106.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274457/; classtype:trojan-activity;sid:84137557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.71.196.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274456/; classtype:trojan-activity;sid:84137556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274455/; classtype:trojan-activity;sid:84137555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274450/; classtype:trojan-activity;sid:84137550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.78.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274451/; classtype:trojan-activity;sid:84137551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274452/; classtype:trojan-activity;sid:84137552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274453/; classtype:trojan-activity;sid:84137553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon.sh"; depth:8; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274454/; classtype:trojan-activity;sid:84137554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.93.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274449/; classtype:trojan-activity;sid:84137549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.62.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274448/; classtype:trojan-activity;sid:84137548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.252.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274447/; classtype:trojan-activity;sid:84137547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.122.255.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274446/; classtype:trojan-activity;sid:84137546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.16.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274445/; classtype:trojan-activity;sid:84137545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274444/; classtype:trojan-activity;sid:84137544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274443/; classtype:trojan-activity;sid:84137543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.170.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274442/; classtype:trojan-activity;sid:84137542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.47.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274441/; classtype:trojan-activity;sid:84137541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.231.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274440/; classtype:trojan-activity;sid:84137540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.148.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274439/; classtype:trojan-activity;sid:84137539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274438/; classtype:trojan-activity;sid:84137538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.21.175.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274437/; classtype:trojan-activity;sid:84137537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.170.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274436/; classtype:trojan-activity;sid:84137536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.57.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274435/; classtype:trojan-activity;sid:84137535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.140.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274434/; classtype:trojan-activity;sid:84137534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.97.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274433/; classtype:trojan-activity;sid:84137533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274432/; classtype:trojan-activity;sid:84137532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274431/; classtype:trojan-activity;sid:84137531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.241.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274430/; classtype:trojan-activity;sid:84137530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.53.165.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274429/; classtype:trojan-activity;sid:84137529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.155.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274428/; classtype:trojan-activity;sid:84137528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.221.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274427/; classtype:trojan-activity;sid:84137527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.93.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274426/; classtype:trojan-activity;sid:84137526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.255.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274425/; classtype:trojan-activity;sid:84137525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86_64"; depth:28; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274424/; classtype:trojan-activity;sid:84137524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.47.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274421/; classtype:trojan-activity;sid:84137521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm5"; depth:26; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274422/; classtype:trojan-activity;sid:84137522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm"; depth:25; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274423/; classtype:trojan-activity;sid:84137523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm6"; depth:26; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274412/; classtype:trojan-activity;sid:84137512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mpsl"; depth:26; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274413/; classtype:trojan-activity;sid:84137513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86"; depth:25; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274414/; classtype:trojan-activity;sid:84137514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mips"; depth:26; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274415/; classtype:trojan-activity;sid:84137515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.ppc"; depth:25; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274416/; classtype:trojan-activity;sid:84137516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.spc"; depth:25; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274417/; classtype:trojan-activity;sid:84137517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.m68k"; depth:26; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274418/; classtype:trojan-activity;sid:84137518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm7"; depth:26; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274419/; classtype:trojan-activity;sid:84137519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.sh4"; depth:25; endswith; nocase; http.host; content:"66.63.187.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274420/; classtype:trojan-activity;sid:84137520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.71.196.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274411/; classtype:trojan-activity;sid:84137511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.29.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274410/; classtype:trojan-activity;sid:84137510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.231.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274409/; classtype:trojan-activity;sid:84137509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.232.0.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274408/; classtype:trojan-activity;sid:84137508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.209.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274403/; classtype:trojan-activity;sid:84137503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.148.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274404/; classtype:trojan-activity;sid:84137504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.96.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274405/; classtype:trojan-activity;sid:84137505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.178.47.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274406/; classtype:trojan-activity;sid:84137506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.177.200.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274407/; classtype:trojan-activity;sid:84137507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.83.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274402/; classtype:trojan-activity;sid:84137502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.10.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274401/; classtype:trojan-activity;sid:84137501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274400/; classtype:trojan-activity;sid:84137500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.193.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274399/; classtype:trojan-activity;sid:84137499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.25.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274398/; classtype:trojan-activity;sid:84137498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274397/; classtype:trojan-activity;sid:84137497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.255.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274396/; classtype:trojan-activity;sid:84137496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.83.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274395/; classtype:trojan-activity;sid:84137495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.1.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274394/; classtype:trojan-activity;sid:84137494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.89.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274393/; classtype:trojan-activity;sid:84137493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.138.222.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274392/; classtype:trojan-activity;sid:84137492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.240.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274391/; classtype:trojan-activity;sid:84137491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.15.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274390/; classtype:trojan-activity;sid:84137490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.234.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274389/; classtype:trojan-activity;sid:84137489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.181.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274388/; classtype:trojan-activity;sid:84137488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.84.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274386/; classtype:trojan-activity;sid:84137486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274385/; classtype:trojan-activity;sid:84137485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274383/; classtype:trojan-activity;sid:84137483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.124.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274384/; classtype:trojan-activity;sid:84137484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274382/; classtype:trojan-activity;sid:84137482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.222.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274381/; classtype:trojan-activity;sid:84137481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.153.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274380/; classtype:trojan-activity;sid:84137480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.65.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274379/; classtype:trojan-activity;sid:84137479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.191.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274378/; classtype:trojan-activity;sid:84137478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.72.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274377/; classtype:trojan-activity;sid:84137477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.215.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274376/; classtype:trojan-activity;sid:84137476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.17.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274375/; classtype:trojan-activity;sid:84137475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.105.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274374/; classtype:trojan-activity;sid:84137474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.43.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274373/; classtype:trojan-activity;sid:84137473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.181.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274372/; classtype:trojan-activity;sid:84137472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.2.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274371/; classtype:trojan-activity;sid:84137471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.131.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274370/; classtype:trojan-activity;sid:84137470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.175.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274369/; classtype:trojan-activity;sid:84137469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.238.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274368/; classtype:trojan-activity;sid:84137468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.253.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274367/; classtype:trojan-activity;sid:84137467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.215.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274366/; classtype:trojan-activity;sid:84137466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.100.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274365/; classtype:trojan-activity;sid:84137465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.127.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274364/; classtype:trojan-activity;sid:84137464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.93.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274363/; classtype:trojan-activity;sid:84137463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.105.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274361/; classtype:trojan-activity;sid:84137461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274362/; classtype:trojan-activity;sid:84137462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274352/; classtype:trojan-activity;sid:84137452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274353/; classtype:trojan-activity;sid:84137453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pi.exe"; depth:7; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274354/; classtype:trojan-activity;sid:84137454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.exe"; depth:7; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274355/; classtype:trojan-activity;sid:84137455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274356/; classtype:trojan-activity;sid:84137456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tl.exe"; depth:7; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274357/; classtype:trojan-activity;sid:84137457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274358/; classtype:trojan-activity;sid:84137458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1"; depth:2; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274359/; classtype:trojan-activity;sid:84137459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274325/; classtype:trojan-activity;sid:84137425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274326/; classtype:trojan-activity;sid:84137426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peinf.exe"; depth:10; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274327/; classtype:trojan-activity;sid:84137427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t2.exe"; depth:7; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274328/; classtype:trojan-activity;sid:84137428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt.exe"; depth:7; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274329/; classtype:trojan-activity;sid:84137429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274330/; classtype:trojan-activity;sid:84137430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5"; depth:2; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274331/; classtype:trojan-activity;sid:84137431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6"; depth:2; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274332/; classtype:trojan-activity;sid:84137432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274333/; classtype:trojan-activity;sid:84137433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t1.exe"; depth:7; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274334/; classtype:trojan-activity;sid:84137434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274335/; classtype:trojan-activity;sid:84137435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274336/; classtype:trojan-activity;sid:84137436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274337/; classtype:trojan-activity;sid:84137437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.exe"; depth:8; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274338/; classtype:trojan-activity;sid:84137438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274339/; classtype:trojan-activity;sid:84137439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274340/; classtype:trojan-activity;sid:84137440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274341/; classtype:trojan-activity;sid:84137441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274342/; classtype:trojan-activity;sid:84137442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc"; depth:3; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274343/; classtype:trojan-activity;sid:84137443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274344/; classtype:trojan-activity;sid:84137444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274345/; classtype:trojan-activity;sid:84137445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274346/; classtype:trojan-activity;sid:84137446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274347/; classtype:trojan-activity;sid:84137447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpeinf.exe"; depth:11; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274348/; classtype:trojan-activity;sid:84137448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274349/; classtype:trojan-activity;sid:84137449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.exe"; depth:6; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274350/; classtype:trojan-activity;sid:84137450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"eveezueigohehla.co"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274351/; classtype:trojan-activity;sid:84137451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.241.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274324/; classtype:trojan-activity;sid:84137424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.228.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274323/; classtype:trojan-activity;sid:84137423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.43.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274322/; classtype:trojan-activity;sid:84137422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.218.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274321/; classtype:trojan-activity;sid:84137421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274320/; classtype:trojan-activity;sid:84137420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274319/; classtype:trojan-activity;sid:84137419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/putty.exe"; depth:10; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274318/; classtype:trojan-activity;sid:84137418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274285/; classtype:trojan-activity;sid:84137385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274286/; classtype:trojan-activity;sid:84137386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274287/; classtype:trojan-activity;sid:84137387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274288/; classtype:trojan-activity;sid:84137388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc"; depth:3; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274289/; classtype:trojan-activity;sid:84137389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274290/; classtype:trojan-activity;sid:84137390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274291/; classtype:trojan-activity;sid:84137391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peinf.exe"; depth:10; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274292/; classtype:trojan-activity;sid:84137392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.exe"; depth:7; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274293/; classtype:trojan-activity;sid:84137393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1"; depth:2; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274294/; classtype:trojan-activity;sid:84137394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274295/; classtype:trojan-activity;sid:84137395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274296/; classtype:trojan-activity;sid:84137396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pi.exe"; depth:7; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274297/; classtype:trojan-activity;sid:84137397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274298/; classtype:trojan-activity;sid:84137398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t1.exe"; depth:7; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274299/; classtype:trojan-activity;sid:84137399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274300/; classtype:trojan-activity;sid:84137400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274301/; classtype:trojan-activity;sid:84137401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274302/; classtype:trojan-activity;sid:84137402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274303/; classtype:trojan-activity;sid:84137403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274304/; classtype:trojan-activity;sid:84137404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274305/; classtype:trojan-activity;sid:84137405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tl.exe"; depth:7; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274306/; classtype:trojan-activity;sid:84137406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t2.exe"; depth:7; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274307/; classtype:trojan-activity;sid:84137407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6"; depth:2; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274308/; classtype:trojan-activity;sid:84137408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274309/; classtype:trojan-activity;sid:84137409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt.exe"; depth:7; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274310/; classtype:trojan-activity;sid:84137410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274311/; classtype:trojan-activity;sid:84137411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.exe"; depth:8; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274312/; classtype:trojan-activity;sid:84137412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274313/; classtype:trojan-activity;sid:84137413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274314/; classtype:trojan-activity;sid:84137414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274315/; classtype:trojan-activity;sid:84137415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpeinf.exe"; depth:11; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274316/; classtype:trojan-activity;sid:84137416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.exe"; depth:6; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274317/; classtype:trojan-activity;sid:84137417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5"; depth:2; endswith; nocase; http.host; content:"ouauooaoaoeeutr.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274284/; classtype:trojan-activity;sid:84137384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.109.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274283/; classtype:trojan-activity;sid:84137383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274282/; classtype:trojan-activity;sid:84137382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274272/; classtype:trojan-activity;sid:84137372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc"; depth:3; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274273/; classtype:trojan-activity;sid:84137373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274274/; classtype:trojan-activity;sid:84137374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274275/; classtype:trojan-activity;sid:84137375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274276/; classtype:trojan-activity;sid:84137376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt.exe"; depth:7; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274277/; classtype:trojan-activity;sid:84137377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1"; depth:2; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274278/; classtype:trojan-activity;sid:84137378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5"; depth:2; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274279/; classtype:trojan-activity;sid:84137379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tl.exe"; depth:7; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274280/; classtype:trojan-activity;sid:84137380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274246/; classtype:trojan-activity;sid:84137346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274247/; classtype:trojan-activity;sid:84137347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274248/; classtype:trojan-activity;sid:84137348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274249/; classtype:trojan-activity;sid:84137349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274250/; classtype:trojan-activity;sid:84137350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.exe"; depth:8; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274251/; classtype:trojan-activity;sid:84137351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274252/; classtype:trojan-activity;sid:84137352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274253/; classtype:trojan-activity;sid:84137353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274254/; classtype:trojan-activity;sid:84137354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274255/; classtype:trojan-activity;sid:84137355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274256/; classtype:trojan-activity;sid:84137356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.exe"; depth:7; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274257/; classtype:trojan-activity;sid:84137357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pi.exe"; depth:7; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274258/; classtype:trojan-activity;sid:84137358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t1.exe"; depth:7; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274259/; classtype:trojan-activity;sid:84137359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6"; depth:2; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274260/; classtype:trojan-activity;sid:84137360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274261/; classtype:trojan-activity;sid:84137361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peinf.exe"; depth:10; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274262/; classtype:trojan-activity;sid:84137362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274263/; classtype:trojan-activity;sid:84137363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274264/; classtype:trojan-activity;sid:84137364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274265/; classtype:trojan-activity;sid:84137365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274266/; classtype:trojan-activity;sid:84137366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t2.exe"; depth:7; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274267/; classtype:trojan-activity;sid:84137367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274268/; classtype:trojan-activity;sid:84137368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274269/; classtype:trojan-activity;sid:84137369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274270/; classtype:trojan-activity;sid:84137370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpeinf.exe"; depth:11; endswith; nocase; http.host; content:"twizthash.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274271/; classtype:trojan-activity;sid:84137371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.240.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274245/; classtype:trojan-activity;sid:84137345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.238.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274244/; classtype:trojan-activity;sid:84137344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.195.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274243/; classtype:trojan-activity;sid:84137343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.240.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274241/; classtype:trojan-activity;sid:84137341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.229.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274242/; classtype:trojan-activity;sid:84137342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.84.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274240/; classtype:trojan-activity;sid:84137340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.225.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274239/; classtype:trojan-activity;sid:84137339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.188.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274238/; classtype:trojan-activity;sid:84137338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.53.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274237/; classtype:trojan-activity;sid:84137337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.175.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274236/; classtype:trojan-activity;sid:84137336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.238.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274235/; classtype:trojan-activity;sid:84137335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.29.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274234/; classtype:trojan-activity;sid:84137334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.26.82.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274233/; classtype:trojan-activity;sid:84137333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.174.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274232/; classtype:trojan-activity;sid:84137332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.20.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274230/; classtype:trojan-activity;sid:84137330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.245.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274231/; classtype:trojan-activity;sid:84137331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.89.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274229/; classtype:trojan-activity;sid:84137329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.32.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274228/; classtype:trojan-activity;sid:84137328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.128.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274227/; classtype:trojan-activity;sid:84137327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.186.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274226/; classtype:trojan-activity;sid:84137326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.162.33.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274225/; classtype:trojan-activity;sid:84137325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.241.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274224/; classtype:trojan-activity;sid:84137324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.48.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274223/; classtype:trojan-activity;sid:84137323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.218.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274222/; classtype:trojan-activity;sid:84137322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.50.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274221/; classtype:trojan-activity;sid:84137321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.242.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274220/; classtype:trojan-activity;sid:84137320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.93.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274219/; classtype:trojan-activity;sid:84137319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.127.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274218/; classtype:trojan-activity;sid:84137318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274217/; classtype:trojan-activity;sid:84137317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.1.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274215/; classtype:trojan-activity;sid:84137315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274216/; classtype:trojan-activity;sid:84137316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.170.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274214/; classtype:trojan-activity;sid:84137314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.89.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274213/; classtype:trojan-activity;sid:84137313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.203.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274212/; classtype:trojan-activity;sid:84137312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.54.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274211/; classtype:trojan-activity;sid:84137311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.37.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274210/; classtype:trojan-activity;sid:84137310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.10.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274209/; classtype:trojan-activity;sid:84137309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.80.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274208/; classtype:trojan-activity;sid:84137308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274207/; classtype:trojan-activity;sid:84137307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.106.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274206/; classtype:trojan-activity;sid:84137306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.164.57.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274205/; classtype:trojan-activity;sid:84137305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.86.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274204/; classtype:trojan-activity;sid:84137304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.154.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274203/; classtype:trojan-activity;sid:84137303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.165.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274202/; classtype:trojan-activity;sid:84137302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.91.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274201/; classtype:trojan-activity;sid:84137301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.244.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274200/; classtype:trojan-activity;sid:84137300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274198/; classtype:trojan-activity;sid:84137298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.86.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274199/; classtype:trojan-activity;sid:84137299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.99.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274197/; classtype:trojan-activity;sid:84137297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.169.234.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274196/; classtype:trojan-activity;sid:84137296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.138.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274195/; classtype:trojan-activity;sid:84137295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.138.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274194/; classtype:trojan-activity;sid:84137294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/termo.pdf.exe"; depth:14; endswith; nocase; http.host; content:"108.165.228.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274193/; classtype:trojan-activity;sid:84137293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274192/; classtype:trojan-activity;sid:84137292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.196.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274191/; classtype:trojan-activity;sid:84137291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.118.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274190/; classtype:trojan-activity;sid:84137290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.26.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274189/; classtype:trojan-activity;sid:84137289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.164.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274188/; classtype:trojan-activity;sid:84137288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.30.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274187/; classtype:trojan-activity;sid:84137287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.191.83.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274186/; classtype:trojan-activity;sid:84137286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.37.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274185/; classtype:trojan-activity;sid:84137285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.29.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274184/; classtype:trojan-activity;sid:84137284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274182/; classtype:trojan-activity;sid:84137282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.101.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274183/; classtype:trojan-activity;sid:84137283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.28.112"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274179/; classtype:trojan-activity;sid:84137279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.31.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274180/; classtype:trojan-activity;sid:84137280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.237.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274181/; classtype:trojan-activity;sid:84137281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.17.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274178/; classtype:trojan-activity;sid:84137278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274177/; classtype:trojan-activity;sid:84137277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.32.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274176/; classtype:trojan-activity;sid:84137276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.164.57.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274175/; classtype:trojan-activity;sid:84137275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.210.181.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274174/; classtype:trojan-activity;sid:84137274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.84.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274173/; classtype:trojan-activity;sid:84137273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.203.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274172/; classtype:trojan-activity;sid:84137272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.165.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274171/; classtype:trojan-activity;sid:84137271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.16.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274170/; classtype:trojan-activity;sid:84137270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274168/; classtype:trojan-activity;sid:84137268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86"; depth:9; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274169/; classtype:trojan-activity;sid:84137269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mpsl"; depth:10; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274162/; classtype:trojan-activity;sid:84137262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274163/; classtype:trojan-activity;sid:84137263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.ppc"; depth:9; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274164/; classtype:trojan-activity;sid:84137264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.92.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274165/; classtype:trojan-activity;sid:84137265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.sh4"; depth:9; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274166/; classtype:trojan-activity;sid:84137266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mips"; depth:10; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274167/; classtype:trojan-activity;sid:84137267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274160/; classtype:trojan-activity;sid:84137260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274161/; classtype:trojan-activity;sid:84137261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm5"; depth:10; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274144/; classtype:trojan-activity;sid:84137244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274145/; classtype:trojan-activity;sid:84137245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274146/; classtype:trojan-activity;sid:84137246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeros6x.sh"; depth:11; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274147/; classtype:trojan-activity;sid:84137247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274148/; classtype:trojan-activity;sid:84137248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86_64"; depth:12; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274149/; classtype:trojan-activity;sid:84137249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274150/; classtype:trojan-activity;sid:84137250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274151/; classtype:trojan-activity;sid:84137251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm6"; depth:10; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274152/; classtype:trojan-activity;sid:84137252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274153/; classtype:trojan-activity;sid:84137253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274154/; classtype:trojan-activity;sid:84137254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274155/; classtype:trojan-activity;sid:84137255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274156/; classtype:trojan-activity;sid:84137256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274157/; classtype:trojan-activity;sid:84137257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274158/; classtype:trojan-activity;sid:84137258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"server.dico-inside.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274159/; classtype:trojan-activity;sid:84137259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.110.176.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274143/; classtype:trojan-activity;sid:84137243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.82.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274141/; classtype:trojan-activity;sid:84137241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.236.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274142/; classtype:trojan-activity;sid:84137242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.84.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274140/; classtype:trojan-activity;sid:84137240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.78.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274139/; classtype:trojan-activity;sid:84137239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.171.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274138/; classtype:trojan-activity;sid:84137238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.254.60.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274137/; classtype:trojan-activity;sid:84137237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.240.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274136/; classtype:trojan-activity;sid:84137236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeros6x.sh"; depth:11; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274135/; classtype:trojan-activity;sid:84137235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274134/; classtype:trojan-activity;sid:84137234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274133/; classtype:trojan-activity;sid:84137233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274132/; classtype:trojan-activity;sid:84137232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274131/; classtype:trojan-activity;sid:84137231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274125/; classtype:trojan-activity;sid:84137225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274126/; classtype:trojan-activity;sid:84137226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274127/; classtype:trojan-activity;sid:84137227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274128/; classtype:trojan-activity;sid:84137228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274129/; classtype:trojan-activity;sid:84137229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274130/; classtype:trojan-activity;sid:84137230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274123/; classtype:trojan-activity;sid:84137223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274124/; classtype:trojan-activity;sid:84137224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.sh4"; depth:9; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274112/; classtype:trojan-activity;sid:84137212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86_64"; depth:12; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274113/; classtype:trojan-activity;sid:84137213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mpsl"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274114/; classtype:trojan-activity;sid:84137214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mips"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274115/; classtype:trojan-activity;sid:84137215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm5"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274116/; classtype:trojan-activity;sid:84137216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm6"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274117/; classtype:trojan-activity;sid:84137217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274118/; classtype:trojan-activity;sid:84137218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86"; depth:9; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274119/; classtype:trojan-activity;sid:84137219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274120/; classtype:trojan-activity;sid:84137220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.ppc"; depth:9; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274121/; classtype:trojan-activity;sid:84137221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274122/; classtype:trojan-activity;sid:84137222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arc"; depth:9; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274110/; classtype:trojan-activity;sid:84137210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.i686"; depth:10; endswith; nocase; http.host; content:"server.myway-ing.win"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274111/; classtype:trojan-activity;sid:84137211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.19.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274109/; classtype:trojan-activity;sid:84137209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.190.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274108/; classtype:trojan-activity;sid:84137208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.252.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274107/; classtype:trojan-activity;sid:84137207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.210.181.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274106/; classtype:trojan-activity;sid:84137206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274105/; classtype:trojan-activity;sid:84137205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.91.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274104/; classtype:trojan-activity;sid:84137204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.117.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274101/; classtype:trojan-activity;sid:84137201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274102/; classtype:trojan-activity;sid:84137202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.101.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274103/; classtype:trojan-activity;sid:84137203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.72.177.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274100/; classtype:trojan-activity;sid:84137200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274098/; classtype:trojan-activity;sid:84137198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274099/; classtype:trojan-activity;sid:84137199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274097/; classtype:trojan-activity;sid:84137197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274093/; classtype:trojan-activity;sid:84137193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274094/; classtype:trojan-activity;sid:84137194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274095/; classtype:trojan-activity;sid:84137195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"93.123.85.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274096/; classtype:trojan-activity;sid:84137196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274091/; classtype:trojan-activity;sid:84137191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.11.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274092/; classtype:trojan-activity;sid:84137192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274090/; classtype:trojan-activity;sid:84137190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.146.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274068/; classtype:trojan-activity;sid:84137168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274069/; classtype:trojan-activity;sid:84137169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274070/; classtype:trojan-activity;sid:84137170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274071/; classtype:trojan-activity;sid:84137171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274072/; classtype:trojan-activity;sid:84137172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274073/; classtype:trojan-activity;sid:84137173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274074/; classtype:trojan-activity;sid:84137174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274075/; classtype:trojan-activity;sid:84137175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274076/; classtype:trojan-activity;sid:84137176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274077/; classtype:trojan-activity;sid:84137177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274078/; classtype:trojan-activity;sid:84137178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274079/; classtype:trojan-activity;sid:84137179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274080/; classtype:trojan-activity;sid:84137180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274081/; classtype:trojan-activity;sid:84137181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274082/; classtype:trojan-activity;sid:84137182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.sh"; depth:8; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274083/; classtype:trojan-activity;sid:84137183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274084/; classtype:trojan-activity;sid:84137184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274085/; classtype:trojan-activity;sid:84137185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274086/; classtype:trojan-activity;sid:84137186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274087/; classtype:trojan-activity;sid:84137187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274088/; classtype:trojan-activity;sid:84137188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274089/; classtype:trojan-activity;sid:84137189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274067/; classtype:trojan-activity;sid:84137167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76d32be0.sh"; depth:12; endswith; nocase; http.host; content:"93.123.85.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274066/; classtype:trojan-activity;sid:84137166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.92.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274065/; classtype:trojan-activity;sid:84137165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ltxw60odfaerqirvh326g3qck7e7ynbzkg"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274056/; classtype:trojan-activity;sid:84137156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lfanbuhsbislnpupzzqcu43juadrybpxac"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274057/; classtype:trojan-activity;sid:84137157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fpwjdimi4zzg3lim5h39bwpetwvnsfy2vi"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274058/; classtype:trojan-activity;sid:84137158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wzwv5bnjr0oopmffok35mdm58vghewydiz"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274059/; classtype:trojan-activity;sid:84137159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tg2zq856z4jesij78lxubqsrm8tdrhi3qy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274060/; classtype:trojan-activity;sid:84137160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ejqasq8p5kjxj22ghtfhfmm9miu363pwp9"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274061/; classtype:trojan-activity;sid:84137161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nv9liocuoc7l0nkqqz70hb9xmoxddac1s5"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274062/; classtype:trojan-activity;sid:84137162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hzkxqpi1aaciyh2rysuxggxzs3pzsmenny"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274063/; classtype:trojan-activity;sid:84137163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h3maq5lmfsacfvdm0gejorl7wvpdigr5re"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274050/; classtype:trojan-activity;sid:84137150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/eofdxk27sgqcsgw9zvwqivngbqreq4iltj"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274051/; classtype:trojan-activity;sid:84137151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/8vlvc2rjjfywssrnfo4zefv6kt4xyp1boj"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274052/; classtype:trojan-activity;sid:84137152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ir7doxallpwot5f8lur4btg80q6e2u9wkc"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274053/; classtype:trojan-activity;sid:84137153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xv2pv2wsmeav0ewxdlwihmigqwhkf8toos"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274054/; classtype:trojan-activity;sid:84137154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x9kex5as4lnuypffsapiobdkzbmh33fit4"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274055/; classtype:trojan-activity;sid:84137155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.229.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274045/; classtype:trojan-activity;sid:84137145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.46.81.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274044/; classtype:trojan-activity;sid:84137144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86_64"; depth:36; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274041/; classtype:trojan-activity;sid:84137141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86"; depth:33; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274042/; classtype:trojan-activity;sid:84137142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arc"; depth:33; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274043/; classtype:trojan-activity;sid:84137143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.i686"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274030/; classtype:trojan-activity;sid:84137130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.i486"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274031/; classtype:trojan-activity;sid:84137131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm"; depth:33; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274032/; classtype:trojan-activity;sid:84137132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.spc"; depth:33; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274033/; classtype:trojan-activity;sid:84137133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mips"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274034/; classtype:trojan-activity;sid:84137134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm6"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274035/; classtype:trojan-activity;sid:84137135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.ppc"; depth:33; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274036/; classtype:trojan-activity;sid:84137136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.m68k"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274037/; classtype:trojan-activity;sid:84137137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.sh4"; depth:33; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274038/; classtype:trojan-activity;sid:84137138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm5"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274039/; classtype:trojan-activity;sid:84137139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mpsl"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274040/; classtype:trojan-activity;sid:84137140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm7"; depth:34; endswith; nocase; http.host; content:"cnc.ghtyuio.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274029/; classtype:trojan-activity;sid:84137129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.175.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274028/; classtype:trojan-activity;sid:84137128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.128.127.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274027/; classtype:trojan-activity;sid:84137127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.252.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274026/; classtype:trojan-activity;sid:84137126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.5.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274025/; classtype:trojan-activity;sid:84137125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.82.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274024/; classtype:trojan-activity;sid:84137124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274022/; classtype:trojan-activity;sid:84137122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.100.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274023/; classtype:trojan-activity;sid:84137123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mpsl"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274021/; classtype:trojan-activity;sid:84137121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.spc"; depth:33; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274015/; classtype:trojan-activity;sid:84137115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.m68k"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274016/; classtype:trojan-activity;sid:84137116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm"; depth:33; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274017/; classtype:trojan-activity;sid:84137117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86_64"; depth:36; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274018/; classtype:trojan-activity;sid:84137118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm5"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274019/; classtype:trojan-activity;sid:84137119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.i486"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274020/; classtype:trojan-activity;sid:84137120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.195.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274014/; classtype:trojan-activity;sid:84137114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.ppc"; depth:33; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274008/; classtype:trojan-activity;sid:84137108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mips"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274009/; classtype:trojan-activity;sid:84137109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm6"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274010/; classtype:trojan-activity;sid:84137110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.sh4"; depth:33; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274011/; classtype:trojan-activity;sid:84137111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arc"; depth:33; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274012/; classtype:trojan-activity;sid:84137112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm7"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274013/; classtype:trojan-activity;sid:84137113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.i686"; depth:34; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274007/; classtype:trojan-activity;sid:84137107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/everything.exe"; depth:15; endswith; nocase; http.host; content:"5.252.155.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274005/; classtype:trojan-activity;sid:84137105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.pdf"; depth:6; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274003/; classtype:trojan-activity;sid:84137103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.pdf"; depth:6; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274004/; classtype:trojan-activity;sid:84137104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/june--pdf12.lnk"; depth:16; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274000/; classtype:trojan-activity;sid:84137100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/june--pdf11.lnk"; depth:16; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274001/; classtype:trojan-activity;sid:84137101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274002/; classtype:trojan-activity;sid:84137102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/vrm019929942-pdf.lnk"; depth:24; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273980/; classtype:trojan-activity;sid:84137080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273981/; classtype:trojan-activity;sid:84137081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273982/; classtype:trojan-activity;sid:84137082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273983/; classtype:trojan-activity;sid:84137083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273984/; classtype:trojan-activity;sid:84137084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bas.bat"; depth:8; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273985/; classtype:trojan-activity;sid:84137085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/june--pdf12.lnk"; depth:16; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273986/; classtype:trojan-activity;sid:84137086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273987/; classtype:trojan-activity;sid:84137087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/man.bat"; depth:8; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273988/; classtype:trojan-activity;sid:84137088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273989/; classtype:trojan-activity;sid:84137089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273990/; classtype:trojan-activity;sid:84137090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/june--pdf11.lnk"; depth:16; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273991/; classtype:trojan-activity;sid:84137091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bas.bat"; depth:8; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273992/; classtype:trojan-activity;sid:84137092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/taxreturn_2024.pdf.lnk"; depth:33; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273993/; classtype:trojan-activity;sid:84137093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273994/; classtype:trojan-activity;sid:84137094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/man.bat"; depth:8; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273995/; classtype:trojan-activity;sid:84137095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273996/; classtype:trojan-activity;sid:84137096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273997/; classtype:trojan-activity;sid:84137097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273998/; classtype:trojan-activity;sid:84137098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273999/; classtype:trojan-activity;sid:84137099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fas.py"; depth:7; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273979/; classtype:trojan-activity;sid:84137079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fas.py"; depth:7; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273978/; classtype:trojan-activity;sid:84137078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tots.bat"; depth:9; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273977/; classtype:trojan-activity;sid:84137077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuits.bat"; depth:10; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273976/; classtype:trojan-activity;sid:84137076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.11.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273975/; classtype:trojan-activity;sid:84137075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.55.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273974/; classtype:trojan-activity;sid:84137074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.187.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273973/; classtype:trojan-activity;sid:84137073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.46.81.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273971/; classtype:trojan-activity;sid:84137071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.238.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273972/; classtype:trojan-activity;sid:84137072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.128.127.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273970/; classtype:trojan-activity;sid:84137070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.233.116.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273969/; classtype:trojan-activity;sid:84137069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.248.13.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273967/; classtype:trojan-activity;sid:84137067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.35.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273968/; classtype:trojan-activity;sid:84137068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.210.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273966/; classtype:trojan-activity;sid:84137066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.1.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273952/; classtype:trojan-activity;sid:84137052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.172.22.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273951/; classtype:trojan-activity;sid:84137051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273950/; classtype:trojan-activity;sid:84137050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"85-95-173-28.saransk.ru"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273949/; classtype:trojan-activity;sid:84137049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.118.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273948/; classtype:trojan-activity;sid:84137048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.187.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273947/; classtype:trojan-activity;sid:84137047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.180.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273946/; classtype:trojan-activity;sid:84137046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"69.117.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273945/; classtype:trojan-activity;sid:84137045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.124.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273944/; classtype:trojan-activity;sid:84137044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.6.108.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273943/; classtype:trojan-activity;sid:84137043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.51.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273942/; classtype:trojan-activity;sid:84137042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273941/; classtype:trojan-activity;sid:84137041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"134.122.170.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273940/; classtype:trojan-activity;sid:84137040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"92.42.102.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273939/; classtype:trojan-activity;sid:84137039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/ktyhpldea.exe"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273934/; classtype:trojan-activity;sid:84137034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donw2023/ad/main/gestor%20de%20pedidos.apk"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273935/; classtype:trojan-activity;sid:84137035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/-pril/refs/heads/main/pothjadwtrgh.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273936/; classtype:trojan-activity;sid:84137036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donw2023/ae/main/ready.apk"; depth:27; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273937/; classtype:trojan-activity;sid:84137037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.exe"; depth:6; endswith; nocase; http.host; content:"92.42.102.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273938/; classtype:trojan-activity;sid:84137038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.shell"; depth:7; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273921/; classtype:trojan-activity;sid:84137021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273922/; classtype:trojan-activity;sid:84137022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273923/; classtype:trojan-activity;sid:84137023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273924/; classtype:trojan-activity;sid:84137024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/ptihjawdthas.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273925/; classtype:trojan-activity;sid:84137025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273926/; classtype:trojan-activity;sid:84137026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/njrtdhadawt.exe"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273927/; classtype:trojan-activity;sid:84137027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donw2023/ad/main/bb.apk"; depth:24; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273928/; classtype:trojan-activity;sid:84137028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"92.42.102.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273929/; classtype:trojan-activity;sid:84137029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.bin"; depth:12; endswith; nocase; http.host; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273930/; classtype:trojan-activity;sid:84137030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donw2023/ad/main/ready.apk"; depth:27; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273931/; classtype:trojan-activity;sid:84137031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"92.42.102.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273932/; classtype:trojan-activity;sid:84137032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/-pril/raw/refs/heads/main/pothjadwtrgh.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273933/; classtype:trojan-activity;sid:84137033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273911/; classtype:trojan-activity;sid:84137011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273912/; classtype:trojan-activity;sid:84137012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273913/; classtype:trojan-activity;sid:84137013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273914/; classtype:trojan-activity;sid:84137014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273915/; classtype:trojan-activity;sid:84137015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273916/; classtype:trojan-activity;sid:84137016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273917/; classtype:trojan-activity;sid:84137017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273918/; classtype:trojan-activity;sid:84137018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273919/; classtype:trojan-activity;sid:84137019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273920/; classtype:trojan-activity;sid:84137020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273907/; classtype:trojan-activity;sid:84137007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273908/; classtype:trojan-activity;sid:84137008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273909/; classtype:trojan-activity;sid:84137009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273910/; classtype:trojan-activity;sid:84137010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273904/; classtype:trojan-activity;sid:84137004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.233.116.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273905/; classtype:trojan-activity;sid:84137005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273906/; classtype:trojan-activity;sid:84137006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273903/; classtype:trojan-activity;sid:84137003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transocks_x64.zip"; depth:18; endswith; nocase; http.host; content:"zh.seacdndown.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273900/; classtype:trojan-activity;sid:84137000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.112.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273899/; classtype:trojan-activity;sid:84136999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273898/; classtype:trojan-activity;sid:84136998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yvkalphgvb1ctmdndfwzm77q4n04ciravt"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273897/; classtype:trojan-activity;sid:84136997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.113.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273896/; classtype:trojan-activity;sid:84136996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.14.57.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273895/; classtype:trojan-activity;sid:84136995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.233.189.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273894/; classtype:trojan-activity;sid:84136994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.31.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273893/; classtype:trojan-activity;sid:84136993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273887/; classtype:trojan-activity;sid:84136987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273888/; classtype:trojan-activity;sid:84136988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273889/; classtype:trojan-activity;sid:84136989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273890/; classtype:trojan-activity;sid:84136990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"mirailover.ddns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273891/; classtype:trojan-activity;sid:84136991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.172.22.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273892/; classtype:trojan-activity;sid:84136992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.251.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273886/; classtype:trojan-activity;sid:84136986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.189.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273885/; classtype:trojan-activity;sid:84136985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.163.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273884/; classtype:trojan-activity;sid:84136984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.60.204"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273883/; classtype:trojan-activity;sid:84136983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273882/; classtype:trojan-activity;sid:84136982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.169.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273881/; classtype:trojan-activity;sid:84136981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.251.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273880/; classtype:trojan-activity;sid:84136980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"83.217.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273878/; classtype:trojan-activity;sid:84136978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.113.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273879/; classtype:trojan-activity;sid:84136979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"83.217.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273876/; classtype:trojan-activity;sid:84136976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"83.217.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273877/; classtype:trojan-activity;sid:84136977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"83.217.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273872/; classtype:trojan-activity;sid:84136972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"83.217.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273873/; classtype:trojan-activity;sid:84136973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"83.217.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273874/; classtype:trojan-activity;sid:84136974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dace046278f1f1ba/nss3.dll"; depth:26; endswith; nocase; http.host; content:"83.217.209.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273875/; classtype:trojan-activity;sid:84136975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/masjesuscan"; depth:12; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273871/; classtype:trojan-activity;sid:84136971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/post/android-crackme/crackme-telegram.apk"; depth:42; endswith; nocase; http.host; content:"romainthomas.fr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273870/; classtype:trojan-activity;sid:84136970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scan.sh"; depth:8; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273869/; classtype:trojan-activity;sid:84136969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/telegram.apk"; depth:22; endswith; nocase; http.host; content:"telegramcn.co"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telegram.apk"; depth:13; endswith; nocase; http.host; content:"telegracxn.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273867/; classtype:trojan-activity;sid:84136967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/telegram.apk"; depth:22; endswith; nocase; http.host; content:"telegramandroid.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273866/; classtype:trojan-activity;sid:84136966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telegram.apk"; depth:13; endswith; nocase; http.host; content:"telegram-cdn.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273863/; classtype:trojan-activity;sid:84136963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cp0bhty83t9lhjweqcsk2nqqvkwqc0etyy"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273862/; classtype:trojan-activity;sid:84136962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/un3k7t8fsajmuaeg0kx8wiw1wnrivuho66"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273860/; classtype:trojan-activity;sid:84136960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nymvvxmlkxblsxxbblo74gfln8gudwph9d"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273861/; classtype:trojan-activity;sid:84136961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.240.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273849/; classtype:trojan-activity;sid:84136949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273850/; classtype:trojan-activity;sid:84136950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wytdenqpp9zhgbfoojyf0bkxoz0mqwv7qp"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273851/; classtype:trojan-activity;sid:84136951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lkuju0rsxdontrjxlz5e0rzro3roy4rkro"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273852/; classtype:trojan-activity;sid:84136952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/doqqmlpwcxk3tf48o7pz2ayjzbzwapu7nh"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273853/; classtype:trojan-activity;sid:84136953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wsaysoiksr3afbebbblelehakqc8mfucqx"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273854/; classtype:trojan-activity;sid:84136954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m1tuocfcmhon01zdyjxrtewsmydvd8fz4k"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273855/; classtype:trojan-activity;sid:84136955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dqq4ar4kvw6h1hnphqtqwckevzo4vylfys"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273856/; classtype:trojan-activity;sid:84136956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1l22z6gkgxpe1tn9ynyy0wnw15tg2ea44"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273857/; classtype:trojan-activity;sid:84136957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/e6yb1kcrn7wzwnbqpdocv7wxvnyb5trosx"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273858/; classtype:trojan-activity;sid:84136958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dgpylahsteugjsfrmjyfblk9cdedhswa5u"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273859/; classtype:trojan-activity;sid:84136959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lz5cab1ux0mjpeadkafzlgqh37ntk9zvst"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273847/; classtype:trojan-activity;sid:84136947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lgqrvsn6btr5xrsretx1ycy3tv8pyp6rro"; depth:40; endswith; nocase; http.host; content:"216.126.231.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273848/; classtype:trojan-activity;sid:84136948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telegram.apk"; depth:13; endswith; nocase; http.host; content:"telegracxn.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273846/; classtype:trojan-activity;sid:84136946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273844/; classtype:trojan-activity;sid:84136944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telegram.apk"; depth:13; endswith; nocase; http.host; content:"tgatpk.s3.ap-northeast-2.amazonaws.com"; depth:38; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273843/; classtype:trojan-activity;sid:84136943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.157.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273842/; classtype:trojan-activity;sid:84136942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/telegram.apk"; depth:19; endswith; nocase; http.host; content:"telegram-app.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273841/; classtype:trojan-activity;sid:84136941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273839/; classtype:trojan-activity;sid:84136939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.225.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273840/; classtype:trojan-activity;sid:84136940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273838/; classtype:trojan-activity;sid:84136938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.92.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273837/; classtype:trojan-activity;sid:84136937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.75.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273836/; classtype:trojan-activity;sid:84136936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.132.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273835/; classtype:trojan-activity;sid:84136935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.3.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273834/; classtype:trojan-activity;sid:84136934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273833/; classtype:trojan-activity;sid:84136933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273823/; classtype:trojan-activity;sid:84136923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273824/; classtype:trojan-activity;sid:84136924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273825/; classtype:trojan-activity;sid:84136925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273826/; classtype:trojan-activity;sid:84136926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273827/; classtype:trojan-activity;sid:84136927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273828/; classtype:trojan-activity;sid:84136928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273829/; classtype:trojan-activity;sid:84136929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273830/; classtype:trojan-activity;sid:84136930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273831/; classtype:trojan-activity;sid:84136931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.204.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273832/; classtype:trojan-activity;sid:84136932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273819/; classtype:trojan-activity;sid:84136919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.204.41.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273820/; classtype:trojan-activity;sid:84136920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.204.41.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273821/; classtype:trojan-activity;sid:84136921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273822/; classtype:trojan-activity;sid:84136922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273816/; classtype:trojan-activity;sid:84136916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273817/; classtype:trojan-activity;sid:84136917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.204.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273818/; classtype:trojan-activity;sid:84136918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273814/; classtype:trojan-activity;sid:84136914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273815/; classtype:trojan-activity;sid:84136915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.169.234.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273813/; classtype:trojan-activity;sid:84136913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273812/; classtype:trojan-activity;sid:84136912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.240.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273811/; classtype:trojan-activity;sid:84136911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.23.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273810/; classtype:trojan-activity;sid:84136910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.119.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273809/; classtype:trojan-activity;sid:84136909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.71.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273808/; classtype:trojan-activity;sid:84136908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/tokenpocketpro.apk"; depth:23; endswith; nocase; http.host; content:"tokospoccket.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273807/; classtype:trojan-activity;sid:84136907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.21.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273806/; classtype:trojan-activity;sid:84136906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/file/tokenpocket-pro.apk"; depth:32; endswith; nocase; http.host; content:"zh.toknnpocket.pro"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273804/; classtype:trojan-activity;sid:84136904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telegram.apk"; depth:13; endswith; nocase; http.host; content:"telegracxm.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273803/; classtype:trojan-activity;sid:84136903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.157.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273802/; classtype:trojan-activity;sid:84136902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273801/; classtype:trojan-activity;sid:84136901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.200.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273800/; classtype:trojan-activity;sid:84136900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.240.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273799/; classtype:trojan-activity;sid:84136899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273798/; classtype:trojan-activity;sid:84136898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273797/; classtype:trojan-activity;sid:84136897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273796/; classtype:trojan-activity;sid:84136896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273795/; classtype:trojan-activity;sid:84136895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.108.98.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273793/; classtype:trojan-activity;sid:84136893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.159.154.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273794/; classtype:trojan-activity;sid:84136894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.19.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273792/; classtype:trojan-activity;sid:84136892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.2.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273791/; classtype:trojan-activity;sid:84136891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.148.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273790/; classtype:trojan-activity;sid:84136890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.78.23.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273789/; classtype:trojan-activity;sid:84136889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.20.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273788/; classtype:trojan-activity;sid:84136888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.169.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273787/; classtype:trojan-activity;sid:84136887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.47.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273786/; classtype:trojan-activity;sid:84136886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273784/; classtype:trojan-activity;sid:84136884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.161.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273785/; classtype:trojan-activity;sid:84136885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273782/; classtype:trojan-activity;sid:84136882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273783/; classtype:trojan-activity;sid:84136883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273781/; classtype:trojan-activity;sid:84136881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273780/; classtype:trojan-activity;sid:84136880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273779/; classtype:trojan-activity;sid:84136879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273777/; classtype:trojan-activity;sid:84136877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273778/; classtype:trojan-activity;sid:84136878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273776/; classtype:trojan-activity;sid:84136876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273773/; classtype:trojan-activity;sid:84136873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273774/; classtype:trojan-activity;sid:84136874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273775/; classtype:trojan-activity;sid:84136875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273771/; classtype:trojan-activity;sid:84136871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273772/; classtype:trojan-activity;sid:84136872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273770/; classtype:trojan-activity;sid:84136870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273768/; classtype:trojan-activity;sid:84136868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273769/; classtype:trojan-activity;sid:84136869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273767/; classtype:trojan-activity;sid:84136867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273766/; classtype:trojan-activity;sid:84136866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273765/; classtype:trojan-activity;sid:84136865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ujkdsa_d0c_scan00364883/ujkdsa_d0c_scan00364883_pdf.lnk"; depth:56; endswith; nocase; http.host; content:"trackmyshiptng.site"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273764/; classtype:trojan-activity;sid:84136864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ujkdsa_d0c_scan00364883/ujkdsa_d0c_scan00364883_pdf.lnk"; depth:56; endswith; nocase; http.host; content:"goninvoicceme.shop"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273763/; classtype:trojan-activity;sid:84136863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273760/; classtype:trojan-activity;sid:84136860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ujkdsa_d0c_scan00364883/ujkdsa_d0c_scan00364883_pdf.lnklnk"; depth:59; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273761/; classtype:trojan-activity;sid:84136861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273762/; classtype:trojan-activity;sid:84136862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273759/; classtype:trojan-activity;sid:84136859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273758/; classtype:trojan-activity;sid:84136858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startuppp.bat"; depth:14; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273757/; classtype:trojan-activity;sid:84136857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273756/; classtype:trojan-activity;sid:84136856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273755/; classtype:trojan-activity;sid:84136855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startuppp.bat"; depth:14; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273754/; classtype:trojan-activity;sid:84136854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273753/; classtype:trojan-activity;sid:84136853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273752/; classtype:trojan-activity;sid:84136852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanned/pxvab_hjs930283sca8392_pdf.lnk"; depth:39; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273747/; classtype:trojan-activity;sid:84136847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upst_bvsauksa/upst_bvsauksa_scan007_pdf.lnk"; depth:44; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273748/; classtype:trojan-activity;sid:84136848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanned/pxvab_hjs930283sca8392_pdf.lnk"; depth:39; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273749/; classtype:trojan-activity;sid:84136849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftspay_stub_scan/ftspay_stub_scan000000849_pdf.lnk"; depth:51; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273750/; classtype:trojan-activity;sid:84136850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upst_bvsauksa/upst_bvsauksa_scan007_pdf.lnk"; depth:44; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273751/; classtype:trojan-activity;sid:84136851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.bat"; depth:6; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273744/; classtype:trojan-activity;sid:84136844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.bat"; depth:6; endswith; nocase; http.host; content:"ap-0182.cfd"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273745/; classtype:trojan-activity;sid:84136845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftspay_stub_scan/ftspay_stub_scan000000849_pdf.lnk"; depth:51; endswith; nocase; http.host; content:"invoiceposs.shop"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273746/; classtype:trojan-activity;sid:84136846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.3.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273743/; classtype:trojan-activity;sid:84136843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startuppp.bat"; depth:14; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273742/; classtype:trojan-activity;sid:84136842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.10.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273740/; classtype:trojan-activity;sid:84136840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upst_bvsauksa/upst_bvsauksa_scan007_pdf.lnk"; depth:44; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273741/; classtype:trojan-activity;sid:84136841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.bat"; depth:6; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273738/; classtype:trojan-activity;sid:84136838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanned/pxvab_hjs930283sca8392_pdf.lnk"; depth:39; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273739/; classtype:trojan-activity;sid:84136839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.121.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273736/; classtype:trojan-activity;sid:84136836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.132.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273737/; classtype:trojan-activity;sid:84136837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.2.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273735/; classtype:trojan-activity;sid:84136835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.254.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273734/; classtype:trojan-activity;sid:84136834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.197.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273733/; classtype:trojan-activity;sid:84136833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.235.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273732/; classtype:trojan-activity;sid:84136832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.0.136.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273731/; classtype:trojan-activity;sid:84136831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.20.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273730/; classtype:trojan-activity;sid:84136830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273729/; classtype:trojan-activity;sid:84136829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273728/; classtype:trojan-activity;sid:84136828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273727/; classtype:trojan-activity;sid:84136827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273726/; classtype:trojan-activity;sid:84136826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273725/; classtype:trojan-activity;sid:84136825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.27.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273724/; classtype:trojan-activity;sid:84136824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273723/; classtype:trojan-activity;sid:84136823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.248.224.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273722/; classtype:trojan-activity;sid:84136822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ujkdsa_d0c_scan00364883/ujkdsa_d0c_scan00364883_pdf.lnk"; depth:56; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273720/; classtype:trojan-activity;sid:84136820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.74.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273721/; classtype:trojan-activity;sid:84136821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.242.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273719/; classtype:trojan-activity;sid:84136819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.47.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273718/; classtype:trojan-activity;sid:84136818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273717/; classtype:trojan-activity;sid:84136817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273716/; classtype:trojan-activity;sid:84136816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273715/; classtype:trojan-activity;sid:84136815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273713/; classtype:trojan-activity;sid:84136813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs2.zip"; depth:10; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273714/; classtype:trojan-activity;sid:84136814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273712/; classtype:trojan-activity;sid:84136812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273710/; classtype:trojan-activity;sid:84136810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273711/; classtype:trojan-activity;sid:84136811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273709/; classtype:trojan-activity;sid:84136809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273708/; classtype:trojan-activity;sid:84136808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273707/; classtype:trojan-activity;sid:84136807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273706/; classtype:trojan-activity;sid:84136806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"154.216.18.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273705/; classtype:trojan-activity;sid:84136805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startupppp.bat"; depth:15; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273703/; classtype:trojan-activity;sid:84136803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startuppp.bat"; depth:14; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273704/; classtype:trojan-activity;sid:84136804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/canlishow.apk"; depth:14; endswith; nocase; http.host; content:"canlishowcum.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273702/; classtype:trojan-activity;sid:84136802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273701/; classtype:trojan-activity;sid:84136801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273700/; classtype:trojan-activity;sid:84136800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanned/pxvab_hjs930283sca8392_pdf.lnk"; depth:39; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273699/; classtype:trojan-activity;sid:84136799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftspay_stub_scan/ftspay_stub_scan000000849_pdf.lnk"; depth:51; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273695/; classtype:trojan-activity;sid:84136795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftspay_stub_scan/ftspay_stub_scan000000849_pdf.lnk"; depth:51; endswith; nocase; http.host; content:"154.216.18.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273696/; classtype:trojan-activity;sid:84136796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upst_bvsauksa/upst_bvsauksa_scan007_pdf.lnk"; depth:44; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273697/; classtype:trojan-activity;sid:84136797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ujkdsa_d0c_scan00364883/ujkdsa_d0c_scan00364883_pdf.lnk"; depth:56; endswith; nocase; http.host; content:"kendychop.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273698/; classtype:trojan-activity;sid:84136798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.bat"; depth:6; endswith; nocase; http.host; content:"payhostmsa.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273694/; classtype:trojan-activity;sid:84136794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.99.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273692/; classtype:trojan-activity;sid:84136792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.105.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273693/; classtype:trojan-activity;sid:84136793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.221.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273691/; classtype:trojan-activity;sid:84136791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.84.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273690/; classtype:trojan-activity;sid:84136790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.197.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273689/; classtype:trojan-activity;sid:84136789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.83.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273688/; classtype:trojan-activity;sid:84136788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.74.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273687/; classtype:trojan-activity;sid:84136787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.254.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273686/; classtype:trojan-activity;sid:84136786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.237.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273685/; classtype:trojan-activity;sid:84136785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.87.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273684/; classtype:trojan-activity;sid:84136784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.5.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273683/; classtype:trojan-activity;sid:84136783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.246.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273682/; classtype:trojan-activity;sid:84136782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.55.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273681/; classtype:trojan-activity;sid:84136781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.255.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273680/; classtype:trojan-activity;sid:84136780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"42.243.133.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273679/; classtype:trojan-activity;sid:84136779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273678/; classtype:trojan-activity;sid:84136778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.91.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273677/; classtype:trojan-activity;sid:84136777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.19.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273676/; classtype:trojan-activity;sid:84136776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.197.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273675/; classtype:trojan-activity;sid:84136775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.255.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273674/; classtype:trojan-activity;sid:84136774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.140.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273673/; classtype:trojan-activity;sid:84136773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.92.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273672/; classtype:trojan-activity;sid:84136772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.225.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273669/; classtype:trojan-activity;sid:84136769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273670/; classtype:trojan-activity;sid:84136770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.56.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273671/; classtype:trojan-activity;sid:84136771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.170.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273668/; classtype:trojan-activity;sid:84136768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.80.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273667/; classtype:trojan-activity;sid:84136767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.99.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273666/; classtype:trojan-activity;sid:84136766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.122.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273665/; classtype:trojan-activity;sid:84136765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.84.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273664/; classtype:trojan-activity;sid:84136764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.247.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273663/; classtype:trojan-activity;sid:84136763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273662/; classtype:trojan-activity;sid:84136762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.254.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273661/; classtype:trojan-activity;sid:84136761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.218.111.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273660/; classtype:trojan-activity;sid:84136760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.111.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273659/; classtype:trojan-activity;sid:84136759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.64.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273658/; classtype:trojan-activity;sid:84136758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.5.28.142"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273657/; classtype:trojan-activity;sid:84136757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.18.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273656/; classtype:trojan-activity;sid:84136756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.19.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273655/; classtype:trojan-activity;sid:84136755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.1.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273654/; classtype:trojan-activity;sid:84136754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2927.exe"; depth:9; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273653/; classtype:trojan-activity;sid:84136753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newofff.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273651/; classtype:trojan-activity;sid:84136751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.253.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273652/; classtype:trojan-activity;sid:84136752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.126.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273650/; classtype:trojan-activity;sid:84136750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.179.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273649/; classtype:trojan-activity;sid:84136749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/office2024.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273648/; classtype:trojan-activity;sid:84136748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exbuild.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273646/; classtype:trojan-activity;sid:84136746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.78.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273647/; classtype:trojan-activity;sid:84136747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.111.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273644/; classtype:trojan-activity;sid:84136744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nework.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273645/; classtype:trojan-activity;sid:84136745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.218.111.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273642/; classtype:trojan-activity;sid:84136742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.5.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273643/; classtype:trojan-activity;sid:84136743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.247.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273641/; classtype:trojan-activity;sid:84136741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.189.194.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273640/; classtype:trojan-activity;sid:84136740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.196.170.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273638/; classtype:trojan-activity;sid:84136738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.136.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273639/; classtype:trojan-activity;sid:84136739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.117.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273637/; classtype:trojan-activity;sid:84136737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.159.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273636/; classtype:trojan-activity;sid:84136736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudappsoftware/vsc/downloads/glitchclipper.exe"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273634/; classtype:trojan-activity;sid:84136734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudappsoftware/vsc/downloads/tenderque_nopump.zip"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273635/; classtype:trojan-activity;sid:84136735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.252.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273633/; classtype:trojan-activity;sid:84136733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.80.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273632/; classtype:trojan-activity;sid:84136732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.203.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273631/; classtype:trojan-activity;sid:84136731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.5.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273629/; classtype:trojan-activity;sid:84136729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.8.116"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273630/; classtype:trojan-activity;sid:84136730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.130.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273628/; classtype:trojan-activity;sid:84136728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273627/; classtype:trojan-activity;sid:84136727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.93.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273626/; classtype:trojan-activity;sid:84136726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.114.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273625/; classtype:trojan-activity;sid:84136725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273624/; classtype:trojan-activity;sid:84136724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.16.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273623/; classtype:trojan-activity;sid:84136723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javvum.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273622/; classtype:trojan-activity;sid:84136722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stail.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273621/; classtype:trojan-activity;sid:84136721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.65.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273620/; classtype:trojan-activity;sid:84136720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.215.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273619/; classtype:trojan-activity;sid:84136719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.215.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273618/; classtype:trojan-activity;sid:84136718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273613/; classtype:trojan-activity;sid:84136713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273614/; classtype:trojan-activity;sid:84136714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273615/; classtype:trojan-activity;sid:84136715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273616/; classtype:trojan-activity;sid:84136716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273617/; classtype:trojan-activity;sid:84136717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.125.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273612/; classtype:trojan-activity;sid:84136712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.45.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273416/; classtype:trojan-activity;sid:84136516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.167.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273414/; classtype:trojan-activity;sid:84136514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.167.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273415/; classtype:trojan-activity;sid:84136515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.194.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273413/; classtype:trojan-activity;sid:84136513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build555.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273412/; classtype:trojan-activity;sid:84136512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.77.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273409/; classtype:trojan-activity;sid:84136509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/psfei0ez.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273410/; classtype:trojan-activity;sid:84136510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ldqj18tn.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273411/; classtype:trojan-activity;sid:84136511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ldqj18tn.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273408/; classtype:trojan-activity;sid:84136508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build555.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273406/; classtype:trojan-activity;sid:84136506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/psfei0ez.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273407/; classtype:trojan-activity;sid:84136507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.65.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273405/; classtype:trojan-activity;sid:84136505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.80.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273404/; classtype:trojan-activity;sid:84136504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/hashed.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273402/; classtype:trojan-activity;sid:84136502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/installer.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273403/; classtype:trojan-activity;sid:84136503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/shopfree.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273401/; classtype:trojan-activity;sid:84136501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/blackload.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273400/; classtype:trojan-activity;sid:84136500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build11.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273398/; classtype:trojan-activity;sid:84136498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/j86piuq9.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273399/; classtype:trojan-activity;sid:84136499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xxz.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273397/; classtype:trojan-activity;sid:84136497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/loadnew.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273395/; classtype:trojan-activity;sid:84136495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/probnik.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273396/; classtype:trojan-activity;sid:84136496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/off/random.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273394/; classtype:trojan-activity;sid:84136494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lgendpremium.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273393/; classtype:trojan-activity;sid:84136493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steam/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273391/; classtype:trojan-activity;sid:84136491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5gevcp8z.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273392/; classtype:trojan-activity;sid:84136492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/0b44ippu.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273389/; classtype:trojan-activity;sid:84136489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273390/; classtype:trojan-activity;sid:84136490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/well/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273386/; classtype:trojan-activity;sid:84136486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winrarinstall.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273387/; classtype:trojan-activity;sid:84136487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummetc.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273388/; classtype:trojan-activity;sid:84136488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/new_v8.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273384/; classtype:trojan-activity;sid:84136484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dsds.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273385/; classtype:trojan-activity;sid:84136485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ufw.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273382/; classtype:trojan-activity;sid:84136482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/divinedialogue.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273383/; classtype:trojan-activity;sid:84136483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/yxrd0ob7.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273378/; classtype:trojan-activity;sid:84136478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/legas.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273379/; classtype:trojan-activity;sid:84136479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/hhnjqu9y.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273380/; classtype:trojan-activity;sid:84136480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/off/def.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273381/; classtype:trojan-activity;sid:84136481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/final.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273375/; classtype:trojan-activity;sid:84136475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273376/; classtype:trojan-activity;sid:84136476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummac222222.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273377/; classtype:trojan-activity;sid:84136477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/amadeus.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273374/; classtype:trojan-activity;sid:84136474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mine/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273372/; classtype:trojan-activity;sid:84136472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/deliciouspart.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273373/; classtype:trojan-activity;sid:84136473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rdx123456.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273371/; classtype:trojan-activity;sid:84136471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bildnewl.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273369/; classtype:trojan-activity;sid:84136469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/h5a71wdy.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273370/; classtype:trojan-activity;sid:84136470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lumma/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273368/; classtype:trojan-activity;sid:84136468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/torque.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273367/; classtype:trojan-activity;sid:84136467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/tn8cdkzn.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273365/; classtype:trojan-activity;sid:84136465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ewpeloxttug.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273366/; classtype:trojan-activity;sid:84136466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273364/; classtype:trojan-activity;sid:84136464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/prem1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273362/; classtype:trojan-activity;sid:84136462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luma/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273363/; classtype:trojan-activity;sid:84136463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/diff.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273359/; classtype:trojan-activity;sid:84136459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winx86.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273360/; classtype:trojan-activity;sid:84136460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soka/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273361/; classtype:trojan-activity;sid:84136461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273357/; classtype:trojan-activity;sid:84136457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/onlysteal.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273358/; classtype:trojan-activity;sid:84136458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kp8dnpa9.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273355/; classtype:trojan-activity;sid:84136455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/splwow64.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273356/; classtype:trojan-activity;sid:84136456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/vidar.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273353/; classtype:trojan-activity;sid:84136453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/unison.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273354/; classtype:trojan-activity;sid:84136454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cvimelugfq.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273352/; classtype:trojan-activity;sid:84136452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/completestudio.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273351/; classtype:trojan-activity;sid:84136451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/num.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273348/; classtype:trojan-activity;sid:84136448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/newbundle2.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273349/; classtype:trojan-activity;sid:84136449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pkcontent.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273350/; classtype:trojan-activity;sid:84136450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zts.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273346/; classtype:trojan-activity;sid:84136446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/softina.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273347/; classtype:trojan-activity;sid:84136447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ai2.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273342/; classtype:trojan-activity;sid:84136442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/loader_5879465914.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273343/; classtype:trojan-activity;sid:84136443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/exclude.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273344/; classtype:trojan-activity;sid:84136444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/octus.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273345/; classtype:trojan-activity;sid:84136445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bwapp.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273341/; classtype:trojan-activity;sid:84136441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/neonn.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273340/; classtype:trojan-activity;sid:84136440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vidsusername.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273339/; classtype:trojan-activity;sid:84136439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ewrvuh.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273338/; classtype:trojan-activity;sid:84136438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/installeraus.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273337/; classtype:trojan-activity;sid:84136437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ubi-inst.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273335/; classtype:trojan-activity;sid:84136435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273336/; classtype:trojan-activity;sid:84136436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/utility-inst.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273333/; classtype:trojan-activity;sid:84136433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gold1234.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273334/; classtype:trojan-activity;sid:84136434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/setup8.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273327/; classtype:trojan-activity;sid:84136427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/def.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273328/; classtype:trojan-activity;sid:84136428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rstxdhuj.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273329/; classtype:trojan-activity;sid:84136429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xyaw4fkp.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273330/; classtype:trojan-activity;sid:84136430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/controlledaccesspoint.exe"; depth:30; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273331/; classtype:trojan-activity;sid:84136431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/chicken123.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273332/; classtype:trojan-activity;sid:84136432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/windowsexecutable.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273319/; classtype:trojan-activity;sid:84136419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypted25.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273320/; classtype:trojan-activity;sid:84136420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/splwow64_1.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273321/; classtype:trojan-activity;sid:84136421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/q1wnx5ir.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273322/; classtype:trojan-activity;sid:84136422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.130.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273323/; classtype:trojan-activity;sid:84136423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273324/; classtype:trojan-activity;sid:84136424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/singerjudy.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273325/; classtype:trojan-activity;sid:84136425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/processclass.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273326/; classtype:trojan-activity;sid:84136426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/123.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273314/; classtype:trojan-activity;sid:84136414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mk.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273315/; classtype:trojan-activity;sid:84136415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/newbundle.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273316/; classtype:trojan-activity;sid:84136416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zzz.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273317/; classtype:trojan-activity;sid:84136417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/unit.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273318/; classtype:trojan-activity;sid:84136418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/noll.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273313/; classtype:trojan-activity;sid:84136413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/87f3f2.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273308/; classtype:trojan-activity;sid:84136408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/v7wa24td.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273309/; classtype:trojan-activity;sid:84136409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kiyan.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273310/; classtype:trojan-activity;sid:84136410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cccc2.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273311/; classtype:trojan-activity;sid:84136411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/do.ps1"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273312/; classtype:trojan-activity;sid:84136412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.146.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273306/; classtype:trojan-activity;sid:84136406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.189.194.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273307/; classtype:trojan-activity;sid:84136407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.120.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273305/; classtype:trojan-activity;sid:84136405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273304/; classtype:trojan-activity;sid:84136404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273303/; classtype:trojan-activity;sid:84136403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.82.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273302/; classtype:trojan-activity;sid:84136402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.77.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273301/; classtype:trojan-activity;sid:84136401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.221.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273300/; classtype:trojan-activity;sid:84136400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.36.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273299/; classtype:trojan-activity;sid:84136399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.164.140.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273298/; classtype:trojan-activity;sid:84136398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.167.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273297/; classtype:trojan-activity;sid:84136397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.25.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273296/; classtype:trojan-activity;sid:84136396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.188.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273295/; classtype:trojan-activity;sid:84136395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.104.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273294/; classtype:trojan-activity;sid:84136394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.249.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273293/; classtype:trojan-activity;sid:84136393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.201.72.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273292/; classtype:trojan-activity;sid:84136392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.175.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273291/; classtype:trojan-activity;sid:84136391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.150.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273290/; classtype:trojan-activity;sid:84136390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.29.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273289/; classtype:trojan-activity;sid:84136389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.0.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273288/; classtype:trojan-activity;sid:84136388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.123.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273287/; classtype:trojan-activity;sid:84136387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.139.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273286/; classtype:trojan-activity;sid:84136386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.69.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273285/; classtype:trojan-activity;sid:84136385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.101.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273284/; classtype:trojan-activity;sid:84136384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.252.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273283/; classtype:trojan-activity;sid:84136383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.50.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273282/; classtype:trojan-activity;sid:84136382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.159.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273279/; classtype:trojan-activity;sid:84136379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.76.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273280/; classtype:trojan-activity;sid:84136380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.163.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273281/; classtype:trojan-activity;sid:84136381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.59.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273275/; classtype:trojan-activity;sid:84136375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.27.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273276/; classtype:trojan-activity;sid:84136376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.64.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273277/; classtype:trojan-activity;sid:84136377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.236.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273278/; classtype:trojan-activity;sid:84136378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.195.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273274/; classtype:trojan-activity;sid:84136374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.69.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273273/; classtype:trojan-activity;sid:84136373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.213.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273272/; classtype:trojan-activity;sid:84136372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273271/; classtype:trojan-activity;sid:84136371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.164.140.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273270/; classtype:trojan-activity;sid:84136370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.83.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273268/; classtype:trojan-activity;sid:84136368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.46.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273269/; classtype:trojan-activity;sid:84136369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.38.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273267/; classtype:trojan-activity;sid:84136367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.18.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273266/; classtype:trojan-activity;sid:84136366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.182.29.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273265/; classtype:trojan-activity;sid:84136365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273264/; classtype:trojan-activity;sid:84136364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.146.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273263/; classtype:trojan-activity;sid:84136363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273262/; classtype:trojan-activity;sid:84136362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.117.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273261/; classtype:trojan-activity;sid:84136361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.148.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273260/; classtype:trojan-activity;sid:84136360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.225.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273259/; classtype:trojan-activity;sid:84136359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.46.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273258/; classtype:trojan-activity;sid:84136358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.8.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273257/; classtype:trojan-activity;sid:84136357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.73.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273256/; classtype:trojan-activity;sid:84136356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.3.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273255/; classtype:trojan-activity;sid:84136355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.142.190.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273254/; classtype:trojan-activity;sid:84136354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.95.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273253/; classtype:trojan-activity;sid:84136353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.199.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273252/; classtype:trojan-activity;sid:84136352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.148.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273251/; classtype:trojan-activity;sid:84136351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.86.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273250/; classtype:trojan-activity;sid:84136350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.227.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273249/; classtype:trojan-activity;sid:84136349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.255.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273248/; classtype:trojan-activity;sid:84136348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.97.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273247/; classtype:trojan-activity;sid:84136347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.170.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273246/; classtype:trojan-activity;sid:84136346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.34.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273245/; classtype:trojan-activity;sid:84136345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.34.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273244/; classtype:trojan-activity;sid:84136344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.13.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273243/; classtype:trojan-activity;sid:84136343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.213.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273242/; classtype:trojan-activity;sid:84136342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.32.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273241/; classtype:trojan-activity;sid:84136341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.150.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273240/; classtype:trojan-activity;sid:84136340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.173.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273239/; classtype:trojan-activity;sid:84136339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.90.245.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273238/; classtype:trojan-activity;sid:84136338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273237/; classtype:trojan-activity;sid:84136337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.10.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273236/; classtype:trojan-activity;sid:84136336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.16.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273235/; classtype:trojan-activity;sid:84136335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.64.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273234/; classtype:trojan-activity;sid:84136334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.208.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273233/; classtype:trojan-activity;sid:84136333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.97.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273232/; classtype:trojan-activity;sid:84136332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.32.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273231/; classtype:trojan-activity;sid:84136331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.32.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273230/; classtype:trojan-activity;sid:84136330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.80.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273229/; classtype:trojan-activity;sid:84136329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.222.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273228/; classtype:trojan-activity;sid:84136328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.4.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273227/; classtype:trojan-activity;sid:84136327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.95.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273226/; classtype:trojan-activity;sid:84136326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.86.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273225/; classtype:trojan-activity;sid:84136325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.13.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273224/; classtype:trojan-activity;sid:84136324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.34.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273223/; classtype:trojan-activity;sid:84136323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.34.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273222/; classtype:trojan-activity;sid:84136322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.255.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273221/; classtype:trojan-activity;sid:84136321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273220/; classtype:trojan-activity;sid:84136320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.87.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273219/; classtype:trojan-activity;sid:84136319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.235.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273218/; classtype:trojan-activity;sid:84136318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.45.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273217/; classtype:trojan-activity;sid:84136317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.57.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273216/; classtype:trojan-activity;sid:84136316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.10.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273215/; classtype:trojan-activity;sid:84136315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273214/; classtype:trojan-activity;sid:84136314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.119.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273213/; classtype:trojan-activity;sid:84136313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273212/; classtype:trojan-activity;sid:84136312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273211/; classtype:trojan-activity;sid:84136311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273210/; classtype:trojan-activity;sid:84136310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.79.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273209/; classtype:trojan-activity;sid:84136309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.4.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273208/; classtype:trojan-activity;sid:84136308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.80.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273207/; classtype:trojan-activity;sid:84136307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.65.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273206/; classtype:trojan-activity;sid:84136306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.196.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273205/; classtype:trojan-activity;sid:84136305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.153.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273204/; classtype:trojan-activity;sid:84136304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"85.175.244.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273203/; classtype:trojan-activity;sid:84136303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.244.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273202/; classtype:trojan-activity;sid:84136302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.64.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273201/; classtype:trojan-activity;sid:84136301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.72.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273200/; classtype:trojan-activity;sid:84136300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.87.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273199/; classtype:trojan-activity;sid:84136299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javumar.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273198/; classtype:trojan-activity;sid:84136298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.193.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273197/; classtype:trojan-activity;sid:84136297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273196/; classtype:trojan-activity;sid:84136296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.110.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273194/; classtype:trojan-activity;sid:84136294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.237.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273195/; classtype:trojan-activity;sid:84136295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273193/; classtype:trojan-activity;sid:84136293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"98.233.5.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273192/; classtype:trojan-activity;sid:84136292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.229.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273191/; classtype:trojan-activity;sid:84136291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.119.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273190/; classtype:trojan-activity;sid:84136290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273189/; classtype:trojan-activity;sid:84136289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273188/; classtype:trojan-activity;sid:84136288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"69.254.95.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273186/; classtype:trojan-activity;sid:84136286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273187/; classtype:trojan-activity;sid:84136287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273185/; classtype:trojan-activity;sid:84136285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.122.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273183/; classtype:trojan-activity;sid:84136283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273184/; classtype:trojan-activity;sid:84136284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.58.126.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273182/; classtype:trojan-activity;sid:84136282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.191.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273181/; classtype:trojan-activity;sid:84136281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273180/; classtype:trojan-activity;sid:84136280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.196.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273179/; classtype:trojan-activity;sid:84136279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.153.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273177/; classtype:trojan-activity;sid:84136277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.0.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273178/; classtype:trojan-activity;sid:84136278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.235.163.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273176/; classtype:trojan-activity;sid:84136276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.65.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273175/; classtype:trojan-activity;sid:84136275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.117.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273174/; classtype:trojan-activity;sid:84136274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.110.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273173/; classtype:trojan-activity;sid:84136273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.237.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273172/; classtype:trojan-activity;sid:84136272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.198.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273171/; classtype:trojan-activity;sid:84136271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273170/; classtype:trojan-activity;sid:84136270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.255.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273169/; classtype:trojan-activity;sid:84136269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.6.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273168/; classtype:trojan-activity;sid:84136268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.118.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273166/; classtype:trojan-activity;sid:84136266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.144.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273167/; classtype:trojan-activity;sid:84136267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.117.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273165/; classtype:trojan-activity;sid:84136265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.88.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273164/; classtype:trojan-activity;sid:84136264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.82.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273162/; classtype:trojan-activity;sid:84136262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.10.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273163/; classtype:trojan-activity;sid:84136263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.10.18.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273160/; classtype:trojan-activity;sid:84136260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/hhnjqu9y.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273161/; classtype:trojan-activity;sid:84136261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273159/; classtype:trojan-activity;sid:84136259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.158.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273158/; classtype:trojan-activity;sid:84136258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273157/; classtype:trojan-activity;sid:84136257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cpa.pdf"; depth:8; endswith; nocase; http.host; content:"paradisoprovisor1.hospedagemdesites.ws"; depth:38; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273156/; classtype:trojan-activity;sid:84136256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/images/about-heade-about.svg"; depth:38; endswith; nocase; http.host; content:"paradisoprovisor1.hospedagemdesites.ws"; depth:38; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273155/; classtype:trojan-activity;sid:84136255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.140.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273154/; classtype:trojan-activity;sid:84136254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.238.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273153/; classtype:trojan-activity;sid:84136253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273152/; classtype:trojan-activity;sid:84136252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.81.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273151/; classtype:trojan-activity;sid:84136251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273150/; classtype:trojan-activity;sid:84136250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.140.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273149/; classtype:trojan-activity;sid:84136249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/vidar.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273148/; classtype:trojan-activity;sid:84136248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.2.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273147/; classtype:trojan-activity;sid:84136247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/lespim"; depth:12; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273145/; classtype:trojan-activity;sid:84136245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k86m"; depth:10; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273146/; classtype:trojan-activity;sid:84136246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/686i"; depth:10; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273143/; classtype:trojan-activity;sid:84136243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spim"; depth:10; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273144/; classtype:trojan-activity;sid:84136244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0030c5dfe3f4cd24/nss3.dll"; depth:26; endswith; nocase; http.host; content:"95.215.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273141/; classtype:trojan-activity;sid:84136241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0030c5dfe3f4cd24/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273142/; classtype:trojan-activity;sid:84136242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0030c5dfe3f4cd24/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"95.215.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273136/; classtype:trojan-activity;sid:84136236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0030c5dfe3f4cd24/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"95.215.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273137/; classtype:trojan-activity;sid:84136237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0030c5dfe3f4cd24/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273138/; classtype:trojan-activity;sid:84136238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0030c5dfe3f4cd24/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273139/; classtype:trojan-activity;sid:84136239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0030c5dfe3f4cd24/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273140/; classtype:trojan-activity;sid:84136240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.144.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273135/; classtype:trojan-activity;sid:84136235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.12.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273134/; classtype:trojan-activity;sid:84136234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/ref_vs650185_28_10_2024.pdf.lnk"; depth:42; endswith; nocase; http.host; content:"download.cdn-serveri6881-ns.shop"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273133/; classtype:trojan-activity;sid:84136233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/gzrb3i.exe"; depth:13; endswith; nocase; http.host; content:"clickette.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273132/; classtype:trojan-activity;sid:84136232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"85.95.173.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273131/; classtype:trojan-activity;sid:84136231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mondayconstraints.vbs"; depth:22; endswith; nocase; http.host; content:"23.95.60.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273126/; classtype:trojan-activity;sid:84136226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.sh"; depth:9; endswith; nocase; http.host; content:"157.173.106.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273127/; classtype:trojan-activity;sid:84136227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bla/unteased92.vbs"; depth:19; endswith; nocase; http.host; content:"megazdownloaddatas.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273128/; classtype:trojan-activity;sid:84136228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whataints.vbs"; depth:14; endswith; nocase; http.host; content:"23.95.60.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273129/; classtype:trojan-activity;sid:84136229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ywds3/calculators.vbs"; depth:22; endswith; nocase; http.host; content:"in-houselegal.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273130/; classtype:trojan-activity;sid:84136230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/order_ecf_2024864s.vbs"; depth:23; endswith; nocase; http.host; content:"babaszepsegverseny.hu"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273125/; classtype:trojan-activity;sid:84136225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.151.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273124/; classtype:trojan-activity;sid:84136224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273122/; classtype:trojan-activity;sid:84136222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.43.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273123/; classtype:trojan-activity;sid:84136223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273121/; classtype:trojan-activity;sid:84136221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.111.75.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273120/; classtype:trojan-activity;sid:84136220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273118/; classtype:trojan-activity;sid:84136218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.94.34.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273119/; classtype:trojan-activity;sid:84136219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.209.71.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273115/; classtype:trojan-activity;sid:84136215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.102.77.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273116/; classtype:trojan-activity;sid:84136216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273117/; classtype:trojan-activity;sid:84136217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.142.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273114/; classtype:trojan-activity;sid:84136214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.122.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273111/; classtype:trojan-activity;sid:84136211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.52.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273112/; classtype:trojan-activity;sid:84136212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.103.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273113/; classtype:trojan-activity;sid:84136213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273109/; classtype:trojan-activity;sid:84136209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.131.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273110/; classtype:trojan-activity;sid:84136210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.13.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273108/; classtype:trojan-activity;sid:84136208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.69.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273107/; classtype:trojan-activity;sid:84136207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273106/; classtype:trojan-activity;sid:84136206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.55.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273105/; classtype:trojan-activity;sid:84136205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273104/; classtype:trojan-activity;sid:84136204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.140.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273103/; classtype:trojan-activity;sid:84136203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.64.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273102/; classtype:trojan-activity;sid:84136202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.39.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273101/; classtype:trojan-activity;sid:84136201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.255.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273100/; classtype:trojan-activity;sid:84136200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.233.116.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273098/; classtype:trojan-activity;sid:84136198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.196.170.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273099/; classtype:trojan-activity;sid:84136199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273097/; classtype:trojan-activity;sid:84136197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.255.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273096/; classtype:trojan-activity;sid:84136196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273095/; classtype:trojan-activity;sid:84136195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.124.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273094/; classtype:trojan-activity;sid:84136194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.99.27"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273093/; classtype:trojan-activity;sid:84136193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.242.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273092/; classtype:trojan-activity;sid:84136192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.43.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273091/; classtype:trojan-activity;sid:84136191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.41.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273090/; classtype:trojan-activity;sid:84136190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.221.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273089/; classtype:trojan-activity;sid:84136189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.24.66.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273088/; classtype:trojan-activity;sid:84136188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.118.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273087/; classtype:trojan-activity;sid:84136187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.113.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273086/; classtype:trojan-activity;sid:84136186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm7"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273084/; classtype:trojan-activity;sid:84136184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm6"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273085/; classtype:trojan-activity;sid:84136185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/spc"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273082/; classtype:trojan-activity;sid:84136182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm5"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273083/; classtype:trojan-activity;sid:84136183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.175.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273081/; classtype:trojan-activity;sid:84136181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/spc"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273076/; classtype:trojan-activity;sid:84136176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/ppc"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273077/; classtype:trojan-activity;sid:84136177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/sh4"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273078/; classtype:trojan-activity;sid:84136178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/m68k"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273079/; classtype:trojan-activity;sid:84136179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.11.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273080/; classtype:trojan-activity;sid:84136180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm7"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273060/; classtype:trojan-activity;sid:84136160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/mips"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273061/; classtype:trojan-activity;sid:84136161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/spc"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273062/; classtype:trojan-activity;sid:84136162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/mpsl"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273063/; classtype:trojan-activity;sid:84136163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/sh4"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273064/; classtype:trojan-activity;sid:84136164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/ppc"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273065/; classtype:trojan-activity;sid:84136165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273066/; classtype:trojan-activity;sid:84136166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/mips"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273067/; classtype:trojan-activity;sid:84136167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/x86"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273068/; classtype:trojan-activity;sid:84136168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm5"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273069/; classtype:trojan-activity;sid:84136169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/mpsl"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273070/; classtype:trojan-activity;sid:84136170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm6"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273071/; classtype:trojan-activity;sid:84136171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/spc"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273072/; classtype:trojan-activity;sid:84136172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/x86"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273073/; classtype:trojan-activity;sid:84136173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/arm"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273074/; classtype:trojan-activity;sid:84136174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok/m68k"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273075/; classtype:trojan-activity;sid:84136175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.13.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273059/; classtype:trojan-activity;sid:84136159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.140.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273058/; classtype:trojan-activity;sid:84136158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.64.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273057/; classtype:trojan-activity;sid:84136157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.233.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273056/; classtype:trojan-activity;sid:84136156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.238.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273054/; classtype:trojan-activity;sid:84136154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273055/; classtype:trojan-activity;sid:84136155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273053/; classtype:trojan-activity;sid:84136153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.193.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273052/; classtype:trojan-activity;sid:84136152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273051/; classtype:trojan-activity;sid:84136151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.238.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273049/; classtype:trojan-activity;sid:84136149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.23.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273050/; classtype:trojan-activity;sid:84136150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.37.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273047/; classtype:trojan-activity;sid:84136147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.87.33.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273048/; classtype:trojan-activity;sid:84136148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.124.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273046/; classtype:trojan-activity;sid:84136146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.137.249.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273045/; classtype:trojan-activity;sid:84136145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.85.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273044/; classtype:trojan-activity;sid:84136144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273043/; classtype:trojan-activity;sid:84136143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.133.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273042/; classtype:trojan-activity;sid:84136142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.132.207.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273041/; classtype:trojan-activity;sid:84136141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.52.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273039/; classtype:trojan-activity;sid:84136139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.240.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273040/; classtype:trojan-activity;sid:84136140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273038/; classtype:trojan-activity;sid:84136138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273036/; classtype:trojan-activity;sid:84136136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273037/; classtype:trojan-activity;sid:84136137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273028/; classtype:trojan-activity;sid:84136128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273029/; classtype:trojan-activity;sid:84136129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273030/; classtype:trojan-activity;sid:84136130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273031/; classtype:trojan-activity;sid:84136131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273032/; classtype:trojan-activity;sid:84136132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273033/; classtype:trojan-activity;sid:84136133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273034/; classtype:trojan-activity;sid:84136134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"146.103.38.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273035/; classtype:trojan-activity;sid:84136135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.11.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273026/; classtype:trojan-activity;sid:84136126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.189.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273027/; classtype:trojan-activity;sid:84136127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.108.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273025/; classtype:trojan-activity;sid:84136125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.3.21.164"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273024/; classtype:trojan-activity;sid:84136124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.54.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273023/; classtype:trojan-activity;sid:84136123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.17.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273022/; classtype:trojan-activity;sid:84136122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.10.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273021/; classtype:trojan-activity;sid:84136121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.59.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273020/; classtype:trojan-activity;sid:84136120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.147.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273019/; classtype:trojan-activity;sid:84136119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.99.27"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273018/; classtype:trojan-activity;sid:84136118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.184.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273016/; classtype:trojan-activity;sid:84136116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.209.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273017/; classtype:trojan-activity;sid:84136117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.186.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273015/; classtype:trojan-activity;sid:84136115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.237.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273014/; classtype:trojan-activity;sid:84136114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.125.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273013/; classtype:trojan-activity;sid:84136113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.118.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273012/; classtype:trojan-activity;sid:84136112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.166.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273011/; classtype:trojan-activity;sid:84136111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.197.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273010/; classtype:trojan-activity;sid:84136110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273008/; classtype:trojan-activity;sid:84136108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273009/; classtype:trojan-activity;sid:84136109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.196.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273007/; classtype:trojan-activity;sid:84136107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.8.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273006/; classtype:trojan-activity;sid:84136106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.11.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273005/; classtype:trojan-activity;sid:84136105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273004/; classtype:trojan-activity;sid:84136104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.148.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273003/; classtype:trojan-activity;sid:84136103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273002/; classtype:trojan-activity;sid:84136102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.125.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273001/; classtype:trojan-activity;sid:84136101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.118.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273000/; classtype:trojan-activity;sid:84136100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.240.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272999/; classtype:trojan-activity;sid:84136099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.213.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272998/; classtype:trojan-activity;sid:84136098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.99.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272997/; classtype:trojan-activity;sid:84136097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272996/; classtype:trojan-activity;sid:84136096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.137.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272995/; classtype:trojan-activity;sid:84136095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.59.144.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272994/; classtype:trojan-activity;sid:84136094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.72.16.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272993/; classtype:trojan-activity;sid:84136093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.51.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272992/; classtype:trojan-activity;sid:84136092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.170.200.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272991/; classtype:trojan-activity;sid:84136091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.252.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272990/; classtype:trojan-activity;sid:84136090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272989/; classtype:trojan-activity;sid:84136089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272988/; classtype:trojan-activity;sid:84136088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.123.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272986/; classtype:trojan-activity;sid:84136086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.130.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272987/; classtype:trojan-activity;sid:84136087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.211.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272985/; classtype:trojan-activity;sid:84136085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.232.187.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272984/; classtype:trojan-activity;sid:84136084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.242.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272983/; classtype:trojan-activity;sid:84136083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272982/; classtype:trojan-activity;sid:84136082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272981/; classtype:trojan-activity;sid:84136081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.224.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272980/; classtype:trojan-activity;sid:84136080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.148.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272978/; classtype:trojan-activity;sid:84136078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.152.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272979/; classtype:trojan-activity;sid:84136079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.17.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272977/; classtype:trojan-activity;sid:84136077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272976/; classtype:trojan-activity;sid:84136076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.21.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272975/; classtype:trojan-activity;sid:84136075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.125.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272974/; classtype:trojan-activity;sid:84136074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.92.88.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272973/; classtype:trojan-activity;sid:84136073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272972/; classtype:trojan-activity;sid:84136072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.189.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272971/; classtype:trojan-activity;sid:84136071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.194.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272970/; classtype:trojan-activity;sid:84136070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.37.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272969/; classtype:trojan-activity;sid:84136069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272968/; classtype:trojan-activity;sid:84136068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_130.exe"; depth:15; endswith; nocase; http.host; content:"gosp.davidmolins.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272967/; classtype:trojan-activity;sid:84136067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.81.115.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272966/; classtype:trojan-activity;sid:84136066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cmaclient.exe"; depth:14; endswith; nocase; http.host; content:"193.233.254.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272965/; classtype:trojan-activity;sid:84136065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.81.115.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272964/; classtype:trojan-activity;sid:84136064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.211.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272963/; classtype:trojan-activity;sid:84136063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.27.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272962/; classtype:trojan-activity;sid:84136062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272961/; classtype:trojan-activity;sid:84136061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272959/; classtype:trojan-activity;sid:84136059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.158.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272960/; classtype:trojan-activity;sid:84136060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.53.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272956/; classtype:trojan-activity;sid:84136056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.123.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272957/; classtype:trojan-activity;sid:84136057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.57.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272958/; classtype:trojan-activity;sid:84136058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272955/; classtype:trojan-activity;sid:84136055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.6.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272954/; classtype:trojan-activity;sid:84136054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.10.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272953/; classtype:trojan-activity;sid:84136053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.43.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272952/; classtype:trojan-activity;sid:84136052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.45.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272951/; classtype:trojan-activity;sid:84136051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.46.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272950/; classtype:trojan-activity;sid:84136050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272949/; classtype:trojan-activity;sid:84136049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.12.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272948/; classtype:trojan-activity;sid:84136048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.194.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272947/; classtype:trojan-activity;sid:84136047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.127.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272945/; classtype:trojan-activity;sid:84136045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.8.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272946/; classtype:trojan-activity;sid:84136046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.61.134.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272944/; classtype:trojan-activity;sid:84136044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.2.127"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272943/; classtype:trojan-activity;sid:84136043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.6.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272942/; classtype:trojan-activity;sid:84136042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.136.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272941/; classtype:trojan-activity;sid:84136041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.57.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272940/; classtype:trojan-activity;sid:84136040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.246.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272939/; classtype:trojan-activity;sid:84136039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.83.179.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272938/; classtype:trojan-activity;sid:84136038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.81.115.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272936/; classtype:trojan-activity;sid:84136036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.116.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272937/; classtype:trojan-activity;sid:84136037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.41.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272935/; classtype:trojan-activity;sid:84136035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272933/; classtype:trojan-activity;sid:84136033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.221.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272934/; classtype:trojan-activity;sid:84136034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.175.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272932/; classtype:trojan-activity;sid:84136032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272931/; classtype:trojan-activity;sid:84136031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.41.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272930/; classtype:trojan-activity;sid:84136030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.185.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272929/; classtype:trojan-activity;sid:84136029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.6.111"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272928/; classtype:trojan-activity;sid:84136028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.36.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272926/; classtype:trojan-activity;sid:84136026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.163.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272927/; classtype:trojan-activity;sid:84136027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.254.95.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272925/; classtype:trojan-activity;sid:84136025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272924/; classtype:trojan-activity;sid:84136024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272923/; classtype:trojan-activity;sid:84136023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.254.231.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272922/; classtype:trojan-activity;sid:84136022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.7.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272921/; classtype:trojan-activity;sid:84136021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.6.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272920/; classtype:trojan-activity;sid:84136020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.189.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272919/; classtype:trojan-activity;sid:84136019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.2.127"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272918/; classtype:trojan-activity;sid:84136018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272917/; classtype:trojan-activity;sid:84136017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.83.179.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272916/; classtype:trojan-activity;sid:84136016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.11.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272915/; classtype:trojan-activity;sid:84136015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.54.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272914/; classtype:trojan-activity;sid:84136014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.58.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272913/; classtype:trojan-activity;sid:84136013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.173.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272912/; classtype:trojan-activity;sid:84136012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.63.83.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272911/; classtype:trojan-activity;sid:84136011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.21.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272910/; classtype:trojan-activity;sid:84136010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.136.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272909/; classtype:trojan-activity;sid:84136009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.75.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272908/; classtype:trojan-activity;sid:84136008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.92.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272907/; classtype:trojan-activity;sid:84136007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.3.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272906/; classtype:trojan-activity;sid:84136006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.154.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272905/; classtype:trojan-activity;sid:84136005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.212.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272904/; classtype:trojan-activity;sid:84136004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.64.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272903/; classtype:trojan-activity;sid:84136003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.7.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272902/; classtype:trojan-activity;sid:84136002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.175.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272901/; classtype:trojan-activity;sid:84136001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86"; depth:33; endswith; nocase; http.host; content:"198.12.107.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272900/; classtype:trojan-activity;sid:84136000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.127.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272899/; classtype:trojan-activity;sid:84135999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272898/; classtype:trojan-activity;sid:84135998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.213.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272897/; classtype:trojan-activity;sid:84135997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.24.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272896/; classtype:trojan-activity;sid:84135996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272895/; classtype:trojan-activity;sid:84135995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272894/; classtype:trojan-activity;sid:84135994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.47.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272893/; classtype:trojan-activity;sid:84135993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.36.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272892/; classtype:trojan-activity;sid:84135992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.30.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272891/; classtype:trojan-activity;sid:84135991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.254.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272890/; classtype:trojan-activity;sid:84135990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.63.83.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272889/; classtype:trojan-activity;sid:84135989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.214.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272888/; classtype:trojan-activity;sid:84135988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272887/; classtype:trojan-activity;sid:84135987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.136.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272886/; classtype:trojan-activity;sid:84135986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272885/; classtype:trojan-activity;sid:84135985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.227.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272884/; classtype:trojan-activity;sid:84135984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.58.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272883/; classtype:trojan-activity;sid:84135983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.248.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272882/; classtype:trojan-activity;sid:84135982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272881/; classtype:trojan-activity;sid:84135981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.45.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272880/; classtype:trojan-activity;sid:84135980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.169.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272879/; classtype:trojan-activity;sid:84135979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.155.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272878/; classtype:trojan-activity;sid:84135978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.44.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272877/; classtype:trojan-activity;sid:84135977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.64.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272876/; classtype:trojan-activity;sid:84135976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.237.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272875/; classtype:trojan-activity;sid:84135975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.47.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272874/; classtype:trojan-activity;sid:84135974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.182.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272873/; classtype:trojan-activity;sid:84135973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.250.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272872/; classtype:trojan-activity;sid:84135972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.136.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272871/; classtype:trojan-activity;sid:84135971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.43.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272870/; classtype:trojan-activity;sid:84135970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86|3f|ddos"; depth:12; endswith; nocase; http.host; content:"92.249.48.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272868/; classtype:trojan-activity;sid:84135968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl|3f|ddos"; depth:13; endswith; nocase; http.host; content:"92.249.48.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272869/; classtype:trojan-activity;sid:84135969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.231.177.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272867/; classtype:trojan-activity;sid:84135967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.101.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272866/; classtype:trojan-activity;sid:84135966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//mpsl"; depth:6; endswith; nocase; http.host; content:"92.249.48.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272865/; classtype:trojan-activity;sid:84135965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.172.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272864/; classtype:trojan-activity;sid:84135964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.24.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272863/; classtype:trojan-activity;sid:84135963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips|3f|ddos"; depth:13; endswith; nocase; http.host; content:"92.249.48.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272862/; classtype:trojan-activity;sid:84135962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.255.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272861/; classtype:trojan-activity;sid:84135961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.227.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272860/; classtype:trojan-activity;sid:84135960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.104.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272859/; classtype:trojan-activity;sid:84135959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272858/; classtype:trojan-activity;sid:84135958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.97.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272857/; classtype:trojan-activity;sid:84135957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.34.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272856/; classtype:trojan-activity;sid:84135956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.250.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272855/; classtype:trojan-activity;sid:84135955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.83.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272853/; classtype:trojan-activity;sid:84135953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.251.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272854/; classtype:trojan-activity;sid:84135954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272852/; classtype:trojan-activity;sid:84135952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.153.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272851/; classtype:trojan-activity;sid:84135951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.209.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272850/; classtype:trojan-activity;sid:84135950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.44.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272849/; classtype:trojan-activity;sid:84135949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.62.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272848/; classtype:trojan-activity;sid:84135948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.32.240.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272847/; classtype:trojan-activity;sid:84135947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272846/; classtype:trojan-activity;sid:84135946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.255.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272845/; classtype:trojan-activity;sid:84135945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.201.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272844/; classtype:trojan-activity;sid:84135944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.72.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272843/; classtype:trojan-activity;sid:84135943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272842/; classtype:trojan-activity;sid:84135942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.49.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272841/; classtype:trojan-activity;sid:84135941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.30.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272840/; classtype:trojan-activity;sid:84135940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.232.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272839/; classtype:trojan-activity;sid:84135939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272838/; classtype:trojan-activity;sid:84135938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.111.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272837/; classtype:trojan-activity;sid:84135937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.36.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272836/; classtype:trojan-activity;sid:84135936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.150.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272835/; classtype:trojan-activity;sid:84135935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.99.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272834/; classtype:trojan-activity;sid:84135934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.103.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272833/; classtype:trojan-activity;sid:84135933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272832/; classtype:trojan-activity;sid:84135932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.45.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272831/; classtype:trojan-activity;sid:84135931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.80.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272830/; classtype:trojan-activity;sid:84135930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272829/; classtype:trojan-activity;sid:84135929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.92.7.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272828/; classtype:trojan-activity;sid:84135928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.250.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272827/; classtype:trojan-activity;sid:84135927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272826/; classtype:trojan-activity;sid:84135926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272825/; classtype:trojan-activity;sid:84135925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.90.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272823/; classtype:trojan-activity;sid:84135923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.181.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272824/; classtype:trojan-activity;sid:84135924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.49.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272822/; classtype:trojan-activity;sid:84135922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.103.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272821/; classtype:trojan-activity;sid:84135921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.32.240.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272820/; classtype:trojan-activity;sid:84135920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.239.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272819/; classtype:trojan-activity;sid:84135919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.235.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272818/; classtype:trojan-activity;sid:84135918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.161.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272817/; classtype:trojan-activity;sid:84135917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.58.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272816/; classtype:trojan-activity;sid:84135916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.126.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272815/; classtype:trojan-activity;sid:84135915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.191.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272814/; classtype:trojan-activity;sid:84135914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.2.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272813/; classtype:trojan-activity;sid:84135913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.130.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272810/; classtype:trojan-activity;sid:84135910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.185.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272811/; classtype:trojan-activity;sid:84135911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.56.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272812/; classtype:trojan-activity;sid:84135912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.146.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272808/; classtype:trojan-activity;sid:84135908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272809/; classtype:trojan-activity;sid:84135909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.182.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272807/; classtype:trojan-activity;sid:84135907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.80.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272806/; classtype:trojan-activity;sid:84135906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.155.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272805/; classtype:trojan-activity;sid:84135905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.89.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272804/; classtype:trojan-activity;sid:84135904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.92.7.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272803/; classtype:trojan-activity;sid:84135903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.239.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272802/; classtype:trojan-activity;sid:84135902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.71.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272801/; classtype:trojan-activity;sid:84135901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.45.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272800/; classtype:trojan-activity;sid:84135900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272799/; classtype:trojan-activity;sid:84135899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.49.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272798/; classtype:trojan-activity;sid:84135898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.219.125.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272797/; classtype:trojan-activity;sid:84135897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.82.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272796/; classtype:trojan-activity;sid:84135896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.95.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272795/; classtype:trojan-activity;sid:84135895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.28.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272794/; classtype:trojan-activity;sid:84135894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.0.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272793/; classtype:trojan-activity;sid:84135893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.9.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272792/; classtype:trojan-activity;sid:84135892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.48.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272791/; classtype:trojan-activity;sid:84135891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.154.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272790/; classtype:trojan-activity;sid:84135890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.130.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272789/; classtype:trojan-activity;sid:84135889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272788/; classtype:trojan-activity;sid:84135888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.225.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272787/; classtype:trojan-activity;sid:84135887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.56.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272786/; classtype:trojan-activity;sid:84135886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.2.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272785/; classtype:trojan-activity;sid:84135885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.94.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272784/; classtype:trojan-activity;sid:84135884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.109.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272783/; classtype:trojan-activity;sid:84135883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.132.133.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272782/; classtype:trojan-activity;sid:84135882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.71.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272781/; classtype:trojan-activity;sid:84135881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.65.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272779/; classtype:trojan-activity;sid:84135879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.198.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272780/; classtype:trojan-activity;sid:84135880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.50.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272778/; classtype:trojan-activity;sid:84135878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.48.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272777/; classtype:trojan-activity;sid:84135877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.73.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272775/; classtype:trojan-activity;sid:84135875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.255.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272776/; classtype:trojan-activity;sid:84135876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.49.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272774/; classtype:trojan-activity;sid:84135874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.155.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272773/; classtype:trojan-activity;sid:84135873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.146.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272772/; classtype:trojan-activity;sid:84135872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.35.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272771/; classtype:trojan-activity;sid:84135871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.103.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272770/; classtype:trojan-activity;sid:84135870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.35.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272769/; classtype:trojan-activity;sid:84135869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.247.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272767/; classtype:trojan-activity;sid:84135867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.215.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272768/; classtype:trojan-activity;sid:84135868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.71.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272766/; classtype:trojan-activity;sid:84135866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.50.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272765/; classtype:trojan-activity;sid:84135865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"dztr.range.cccinvolve.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272764/; classtype:trojan-activity;sid:84135864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272763/; classtype:trojan-activity;sid:84135863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.41.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272762/; classtype:trojan-activity;sid:84135862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272761/; classtype:trojan-activity;sid:84135861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272760/; classtype:trojan-activity;sid:84135860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.2.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272759/; classtype:trojan-activity;sid:84135859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.161.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272758/; classtype:trojan-activity;sid:84135858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.242.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272757/; classtype:trojan-activity;sid:84135857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272756/; classtype:trojan-activity;sid:84135856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.156.48.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272755/; classtype:trojan-activity;sid:84135855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.111.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272754/; classtype:trojan-activity;sid:84135854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.120.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272753/; classtype:trojan-activity;sid:84135853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.73.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272752/; classtype:trojan-activity;sid:84135852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.15.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272751/; classtype:trojan-activity;sid:84135851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272750/; classtype:trojan-activity;sid:84135850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.55.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272749/; classtype:trojan-activity;sid:84135849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.29.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272748/; classtype:trojan-activity;sid:84135848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.215.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272747/; classtype:trojan-activity;sid:84135847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.186.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272746/; classtype:trojan-activity;sid:84135846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272745/; classtype:trojan-activity;sid:84135845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.30.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272744/; classtype:trojan-activity;sid:84135844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.131.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272743/; classtype:trojan-activity;sid:84135843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.198.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272742/; classtype:trojan-activity;sid:84135842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272741/; classtype:trojan-activity;sid:84135841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.64.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272740/; classtype:trojan-activity;sid:84135840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.149.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272739/; classtype:trojan-activity;sid:84135839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.9.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272738/; classtype:trojan-activity;sid:84135838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.184.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272737/; classtype:trojan-activity;sid:84135837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.83.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272736/; classtype:trojan-activity;sid:84135836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.111.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272735/; classtype:trojan-activity;sid:84135835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.225.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272734/; classtype:trojan-activity;sid:84135834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.160.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272733/; classtype:trojan-activity;sid:84135833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272732/; classtype:trojan-activity;sid:84135832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.234.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272731/; classtype:trojan-activity;sid:84135831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.184.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272730/; classtype:trojan-activity;sid:84135830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.65.81"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272728/; classtype:trojan-activity;sid:84135828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272729/; classtype:trojan-activity;sid:84135829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.161.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272726/; classtype:trojan-activity;sid:84135826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272727/; classtype:trojan-activity;sid:84135827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272725/; classtype:trojan-activity;sid:84135825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.176.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272724/; classtype:trojan-activity;sid:84135824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.202.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272722/; classtype:trojan-activity;sid:84135822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.188.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272723/; classtype:trojan-activity;sid:84135823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.87.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272721/; classtype:trojan-activity;sid:84135821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.101.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272720/; classtype:trojan-activity;sid:84135820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.1.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272719/; classtype:trojan-activity;sid:84135819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.30.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272718/; classtype:trojan-activity;sid:84135818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.181.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3272717/; classtype:trojan-activity;sid:84135817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.65.81"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272716/; classtype:trojan-activity;sid:84135816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272715/; classtype:trojan-activity;sid:84135815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.16.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272714/; classtype:trojan-activity;sid:84135814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272713/; classtype:trojan-activity;sid:84135813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.57.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272712/; classtype:trojan-activity;sid:84135812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.136.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272711/; classtype:trojan-activity;sid:84135811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.121.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272710/; classtype:trojan-activity;sid:84135810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272709/; classtype:trojan-activity;sid:84135809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.252.198.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272708/; classtype:trojan-activity;sid:84135808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.181.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272707/; classtype:trojan-activity;sid:84135807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.92.88.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272706/; classtype:trojan-activity;sid:84135806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.234.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272705/; classtype:trojan-activity;sid:84135805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.99.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272704/; classtype:trojan-activity;sid:84135804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.191.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272702/; classtype:trojan-activity;sid:84135802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.161.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272703/; classtype:trojan-activity;sid:84135803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.87.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272701/; classtype:trojan-activity;sid:84135801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.202.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272700/; classtype:trojan-activity;sid:84135800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272699/; classtype:trojan-activity;sid:84135799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.169.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272698/; classtype:trojan-activity;sid:84135798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.7.35"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272697/; classtype:trojan-activity;sid:84135797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272695/; classtype:trojan-activity;sid:84135795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.1.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272696/; classtype:trojan-activity;sid:84135796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.69.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272694/; classtype:trojan-activity;sid:84135794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.43.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272693/; classtype:trojan-activity;sid:84135793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.123.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272692/; classtype:trojan-activity;sid:84135792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272691/; classtype:trojan-activity;sid:84135791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.32.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272690/; classtype:trojan-activity;sid:84135790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.99.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272689/; classtype:trojan-activity;sid:84135789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.181.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272688/; classtype:trojan-activity;sid:84135788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272687/; classtype:trojan-activity;sid:84135787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.27.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272686/; classtype:trojan-activity;sid:84135786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272685/; classtype:trojan-activity;sid:84135785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmningsanlg.cmd"; depth:16; endswith; nocase; http.host; content:"154.38.176.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272684/; classtype:trojan-activity;sid:84135784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.209.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272683/; classtype:trojan-activity;sid:84135783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.158.161.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272682/; classtype:trojan-activity;sid:84135782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.203.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272681/; classtype:trojan-activity;sid:84135781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.158.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272680/; classtype:trojan-activity;sid:84135780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.45.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272679/; classtype:trojan-activity;sid:84135779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tatarbfferne.vbs"; depth:17; endswith; nocase; http.host; content:"154.38.176.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272677/; classtype:trojan-activity;sid:84135777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/citatfusk.vbe"; depth:14; endswith; nocase; http.host; content:"154.38.176.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272678/; classtype:trojan-activity;sid:84135778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.87.77.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272674/; classtype:trojan-activity;sid:84135774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.234.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272675/; classtype:trojan-activity;sid:84135775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.169.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272673/; classtype:trojan-activity;sid:84135773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.7.35"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272672/; classtype:trojan-activity;sid:84135772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.191.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272671/; classtype:trojan-activity;sid:84135771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.190.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272670/; classtype:trojan-activity;sid:84135770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.136.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272669/; classtype:trojan-activity;sid:84135769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.146.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272668/; classtype:trojan-activity;sid:84135768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.120.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272667/; classtype:trojan-activity;sid:84135767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.201.72.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272666/; classtype:trojan-activity;sid:84135766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272665/; classtype:trojan-activity;sid:84135765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.28.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272664/; classtype:trojan-activity;sid:84135764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272663/; classtype:trojan-activity;sid:84135763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.46.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272662/; classtype:trojan-activity;sid:84135762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.27.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272661/; classtype:trojan-activity;sid:84135761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.69.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272660/; classtype:trojan-activity;sid:84135760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.234.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272659/; classtype:trojan-activity;sid:84135759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.57.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272658/; classtype:trojan-activity;sid:84135758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.120.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272657/; classtype:trojan-activity;sid:84135757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.96.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272656/; classtype:trojan-activity;sid:84135756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.120.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272655/; classtype:trojan-activity;sid:84135755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.95.135.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272652/; classtype:trojan-activity;sid:84135752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.155.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272653/; classtype:trojan-activity;sid:84135753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.3.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272654/; classtype:trojan-activity;sid:84135754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272651/; classtype:trojan-activity;sid:84135751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.28.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272650/; classtype:trojan-activity;sid:84135750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272649/; classtype:trojan-activity;sid:84135749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.9.224"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272648/; classtype:trojan-activity;sid:84135748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.124.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272647/; classtype:trojan-activity;sid:84135747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.247.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272646/; classtype:trojan-activity;sid:84135746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.245.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272645/; classtype:trojan-activity;sid:84135745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.165.104.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272643/; classtype:trojan-activity;sid:84135743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.101.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272644/; classtype:trojan-activity;sid:84135744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.57.250.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272641/; classtype:trojan-activity;sid:84135741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272642/; classtype:trojan-activity;sid:84135742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.28.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272640/; classtype:trojan-activity;sid:84135740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.80.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272639/; classtype:trojan-activity;sid:84135739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272638/; classtype:trojan-activity;sid:84135738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.156.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272637/; classtype:trojan-activity;sid:84135737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272636/; classtype:trojan-activity;sid:84135736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.87.77.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272635/; classtype:trojan-activity;sid:84135735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.30.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272634/; classtype:trojan-activity;sid:84135734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.250.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272633/; classtype:trojan-activity;sid:84135733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsa.msi"; depth:8; endswith; nocase; http.host; content:"45.14.244.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272632/; classtype:trojan-activity;sid:84135732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272631/; classtype:trojan-activity;sid:84135731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.193.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272630/; classtype:trojan-activity;sid:84135730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.76.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272629/; classtype:trojan-activity;sid:84135729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272628/; classtype:trojan-activity;sid:84135728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.82.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272627/; classtype:trojan-activity;sid:84135727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.58.126.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272626/; classtype:trojan-activity;sid:84135726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.239.120.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272625/; classtype:trojan-activity;sid:84135725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.56.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272624/; classtype:trojan-activity;sid:84135724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.203.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272623/; classtype:trojan-activity;sid:84135723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.46.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272622/; classtype:trojan-activity;sid:84135722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.46.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272620/; classtype:trojan-activity;sid:84135720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.196.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272621/; classtype:trojan-activity;sid:84135721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.249.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272619/; classtype:trojan-activity;sid:84135719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.165.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272618/; classtype:trojan-activity;sid:84135718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.80.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272617/; classtype:trojan-activity;sid:84135717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272616/; classtype:trojan-activity;sid:84135716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.245.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272615/; classtype:trojan-activity;sid:84135715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272614/; classtype:trojan-activity;sid:84135714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272611/; classtype:trojan-activity;sid:84135711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272612/; classtype:trojan-activity;sid:84135712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272613/; classtype:trojan-activity;sid:84135713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.9.224"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272610/; classtype:trojan-activity;sid:84135710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272609/; classtype:trojan-activity;sid:84135709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.35.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272608/; classtype:trojan-activity;sid:84135708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.96.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272607/; classtype:trojan-activity;sid:84135707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.156.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272606/; classtype:trojan-activity;sid:84135706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.30.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272605/; classtype:trojan-activity;sid:84135705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.90.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272604/; classtype:trojan-activity;sid:84135704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.131.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272603/; classtype:trojan-activity;sid:84135703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.96.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272602/; classtype:trojan-activity;sid:84135702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/detailreservationid0020300403044033044030300204000982309809840049750347384709803485034985/cdt.mp3"; depth:98; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272601/; classtype:trojan-activity;sid:84135701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.105.103.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272599/; classtype:trojan-activity;sid:84135699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1invoke.pdf"; depth:22; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272600/; classtype:trojan-activity;sid:84135700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1execute.pdf"; depth:23; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272594/; classtype:trojan-activity;sid:84135694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1tronps1.pdf"; depth:23; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272595/; classtype:trojan-activity;sid:84135695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1tronps1.pdf"; depth:21; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272596/; classtype:trojan-activity;sid:84135696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/tody.pdf"; depth:17; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272597/; classtype:trojan-activity;sid:84135697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/turitarefa.htm"; depth:15; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272598/; classtype:trojan-activity;sid:84135698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1load.pdf"; depth:20; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272582/; classtype:trojan-activity;sid:84135682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document.pdf"; depth:13; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272583/; classtype:trojan-activity;sid:84135683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1invoke.pdf"; depth:20; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272584/; classtype:trojan-activity;sid:84135684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1xx.pdf"; depth:18; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272585/; classtype:trojan-activity;sid:84135685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1tronvbs.pdf"; depth:21; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272586/; classtype:trojan-activity;sid:84135686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarefab.html"; depth:13; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272587/; classtype:trojan-activity;sid:84135687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1load.pdf"; depth:18; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272588/; classtype:trojan-activity;sid:84135688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1tronbat.pdf"; depth:21; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272589/; classtype:trojan-activity;sid:84135689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1msg.pdf"; depth:17; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272590/; classtype:trojan-activity;sid:84135690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1runpe.pdf"; depth:21; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272591/; classtype:trojan-activity;sid:84135691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1xx.pdf"; depth:16; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272592/; classtype:trojan-activity;sid:84135692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1framework.pdf"; depth:25; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272593/; classtype:trojan-activity;sid:84135693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enviador.mp3"; depth:13; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272564/; classtype:trojan-activity;sid:84135664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarefa2022.html"; depth:16; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272565/; classtype:trojan-activity;sid:84135665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1runpe.pdf"; depth:19; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272566/; classtype:trojan-activity;sid:84135666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarefa2.htm"; depth:12; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272567/; classtype:trojan-activity;sid:84135667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1type.pdf"; depth:20; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272568/; classtype:trojan-activity;sid:84135668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booking.htm"; depth:12; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272570/; classtype:trojan-activity;sid:84135670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1execute.pdf"; depth:21; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272571/; classtype:trojan-activity;sid:84135671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microsoft.htm"; depth:14; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272572/; classtype:trojan-activity;sid:84135672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1tronvbs.pdf"; depth:23; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272573/; classtype:trojan-activity;sid:84135673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarefa.html"; depth:12; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272574/; classtype:trojan-activity;sid:84135674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documento.txt"; depth:14; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272575/; classtype:trojan-activity;sid:84135675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helper.html"; depth:12; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272576/; classtype:trojan-activity;sid:84135676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1method.pdf"; depth:22; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272577/; classtype:trojan-activity;sid:84135677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1method.pdf"; depth:20; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272578/; classtype:trojan-activity;sid:84135678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microsoft.html"; depth:15; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272579/; classtype:trojan-activity;sid:84135679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1type.pdf"; depth:18; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272580/; classtype:trojan-activity;sid:84135680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/detailreservationid0020300403044033044030300204000982309809840049750347384709803485034985/id.pdf"; depth:97; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272581/; classtype:trojan-activity;sid:84135681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1tronbat.pdf"; depth:23; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272560/; classtype:trojan-activity;sid:84135660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/2/1msg.pdf"; depth:19; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272561/; classtype:trojan-activity;sid:84135661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/license/1framework.pdf"; depth:23; endswith; nocase; http.host; content:"skynetx.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272563/; classtype:trojan-activity;sid:84135663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index.txt"; depth:10; endswith; nocase; http.host; content:"hoteltoscanaplaza.com.co"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272559/; classtype:trojan-activity;sid:84135659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.82.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272558/; classtype:trojan-activity;sid:84135658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272557/; classtype:trojan-activity;sid:84135657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.242.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272556/; classtype:trojan-activity;sid:84135656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/atendimento.pdf"; depth:24; endswith; nocase; http.host; content:"hoteltoscanaplaza.com.co"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272555/; classtype:trojan-activity;sid:84135655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load.txt"; depth:9; endswith; nocase; http.host; content:"detail-booking.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272554/; classtype:trojan-activity;sid:84135654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.186.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272552/; classtype:trojan-activity;sid:84135652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272553/; classtype:trojan-activity;sid:84135653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.80.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272551/; classtype:trojan-activity;sid:84135651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.14.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272550/; classtype:trojan-activity;sid:84135650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272549/; classtype:trojan-activity;sid:84135649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272548/; classtype:trojan-activity;sid:84135648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.131.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272547/; classtype:trojan-activity;sid:84135647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdsecureutil.exe"; depth:17; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272545/; classtype:trojan-activity;sid:84135645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdsecureut.exe"; depth:15; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272546/; classtype:trojan-activity;sid:84135646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdsecureutilities.exe"; depth:22; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272541/; classtype:trojan-activity;sid:84135641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1231.txt"; depth:9; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272542/; classtype:trojan-activity;sid:84135642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.txt"; depth:6; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272543/; classtype:trojan-activity;sid:84135643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdsecureutility.exe"; depth:20; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272544/; classtype:trojan-activity;sid:84135644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ermando1.txt"; depth:13; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272540/; classtype:trojan-activity;sid:84135640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mybeeper.txt"; depth:13; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272535/; classtype:trojan-activity;sid:84135635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.txt"; depth:11; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272536/; classtype:trojan-activity;sid:84135636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ermando2.txt"; depth:13; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272537/; classtype:trojan-activity;sid:84135637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/up1.txt"; depth:8; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272538/; classtype:trojan-activity;sid:84135638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upd.txt"; depth:8; endswith; nocase; http.host; content:"apitradingview.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272539/; classtype:trojan-activity;sid:84135639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.143.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272534/; classtype:trojan-activity;sid:84135634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.28.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272533/; classtype:trojan-activity;sid:84135633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.50.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272532/; classtype:trojan-activity;sid:84135632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.61.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272531/; classtype:trojan-activity;sid:84135631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.76.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272530/; classtype:trojan-activity;sid:84135630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.185.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272529/; classtype:trojan-activity;sid:84135629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvqkjf64"; depth:9; endswith; nocase; http.host; content:"server4.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272528/; classtype:trojan-activity;sid:84135628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.14.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272527/; classtype:trojan-activity;sid:84135627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272525/; classtype:trojan-activity;sid:84135625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.146.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272526/; classtype:trojan-activity;sid:84135626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.241.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272524/; classtype:trojan-activity;sid:84135624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.163.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272523/; classtype:trojan-activity;sid:84135623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.84.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272522/; classtype:trojan-activity;sid:84135622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.66.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272521/; classtype:trojan-activity;sid:84135621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.117.210.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272520/; classtype:trojan-activity;sid:84135620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.164.45.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272519/; classtype:trojan-activity;sid:84135619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.86.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272518/; classtype:trojan-activity;sid:84135618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272517/; classtype:trojan-activity;sid:84135617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/taxreturn_2024.pdf.lnk"; depth:33; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272516/; classtype:trojan-activity;sid:84135616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.232.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272515/; classtype:trojan-activity;sid:84135615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tots.bat"; depth:9; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272513/; classtype:trojan-activity;sid:84135613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuits.bat"; depth:10; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272514/; classtype:trojan-activity;sid:84135614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/agreement%20for%20youtube%20cooperation.pdf.lnk"; depth:58; endswith; nocase; http.host; content:"download.cdn-serveri6881-ns.shop"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272511/; classtype:trojan-activity;sid:84135611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/instruction_1921.pdf.lnk"; depth:35; endswith; nocase; http.host; content:"download.cdn-serveri6881-ns.shop"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272512/; classtype:trojan-activity;sid:84135612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/vrm019929942-pdf.lnk"; depth:24; endswith; nocase; http.host; content:"haven-quantity-bring-exclusion.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272508/; classtype:trojan-activity;sid:84135608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/3rd_cc_form_oct_2024.pdf.lnk"; depth:39; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272509/; classtype:trojan-activity;sid:84135609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/instruction_1928_w9coi.pdf.lnk"; depth:41; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272510/; classtype:trojan-activity;sid:84135610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/studentslist.pdf.lnk"; depth:31; endswith; nocase; http.host; content:"059879e5-b2e8-4f58-aa46-95f69d92aa34.random.alphalaureate.com"; depth:61; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272507/; classtype:trojan-activity;sid:84135607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/dkm-019256pdf.lnk"; depth:21; endswith; nocase; http.host; content:"triangle-publications-tennessee-double.trycloudflare.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272502/; classtype:trojan-activity;sid:84135602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/bestellung-dkm00392pdf.lnk"; depth:30; endswith; nocase; http.host; content:"theme-crack-emissions-perspectives.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272503/; classtype:trojan-activity;sid:84135603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/bestellung-dkm00392pdf.lnk"; depth:30; endswith; nocase; http.host; content:"cruz-contribution-lewis-h.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272504/; classtype:trojan-activity;sid:84135604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/agreement%20for%20youtube%20cooperation.pdf.lnk"; depth:58; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272505/; classtype:trojan-activity;sid:84135605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/instruction_1928.pdf.lnk"; depth:35; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272506/; classtype:trojan-activity;sid:84135606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272501/; classtype:trojan-activity;sid:84135601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.61.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272500/; classtype:trojan-activity;sid:84135600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.50.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272499/; classtype:trojan-activity;sid:84135599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.241.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272498/; classtype:trojan-activity;sid:84135598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272495/; classtype:trojan-activity;sid:84135595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm4"; depth:10; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272496/; classtype:trojan-activity;sid:84135596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.120.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272497/; classtype:trojan-activity;sid:84135597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh"; depth:8; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272488/; classtype:trojan-activity;sid:84135588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272489/; classtype:trojan-activity;sid:84135589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sparc"; depth:11; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272490/; classtype:trojan-activity;sid:84135590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272491/; classtype:trojan-activity;sid:84135591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272492/; classtype:trojan-activity;sid:84135592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272493/; classtype:trojan-activity;sid:84135593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"sianikeres.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272494/; classtype:trojan-activity;sid:84135594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.88.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272487/; classtype:trojan-activity;sid:84135587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sh"; depth:8; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272479/; classtype:trojan-activity;sid:84135579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm4"; depth:10; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272480/; classtype:trojan-activity;sid:84135580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.ppc"; depth:9; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272481/; classtype:trojan-activity;sid:84135581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272482/; classtype:trojan-activity;sid:84135582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm6"; depth:10; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272483/; classtype:trojan-activity;sid:84135583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mpsl"; depth:10; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272484/; classtype:trojan-activity;sid:84135584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.sparc"; depth:11; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272485/; classtype:trojan-activity;sid:84135585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.arm5"; depth:10; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272486/; classtype:trojan-activity;sid:84135586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.61.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272478/; classtype:trojan-activity;sid:84135578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.202.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272476/; classtype:trojan-activity;sid:84135576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.3.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272477/; classtype:trojan-activity;sid:84135577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.x86"; depth:9; endswith; nocase; http.host; content:"94.156.248.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272475/; classtype:trojan-activity;sid:84135575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkdjdjj888.x86"; depth:15; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272474/; classtype:trojan-activity;sid:84135574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.54.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272473/; classtype:trojan-activity;sid:84135573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.15.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272472/; classtype:trojan-activity;sid:84135572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkdjdjj888.m68k"; depth:16; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272470/; classtype:trojan-activity;sid:84135570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.219.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272471/; classtype:trojan-activity;sid:84135571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.5.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272469/; classtype:trojan-activity;sid:84135569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272468/; classtype:trojan-activity;sid:84135568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.154.111.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272465/; classtype:trojan-activity;sid:84135565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.51.49.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272466/; classtype:trojan-activity;sid:84135566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.64.226.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272467/; classtype:trojan-activity;sid:84135567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272464/; classtype:trojan-activity;sid:84135564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.232.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272461/; classtype:trojan-activity;sid:84135561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.71.196.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272462/; classtype:trojan-activity;sid:84135562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.86.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272463/; classtype:trojan-activity;sid:84135563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.121.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272460/; classtype:trojan-activity;sid:84135560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.111.75.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272459/; classtype:trojan-activity;sid:84135559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.200.166.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272458/; classtype:trojan-activity;sid:84135558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.191.175.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272449/; classtype:trojan-activity;sid:84135549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.70.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272450/; classtype:trojan-activity;sid:84135550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1234.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272451/; classtype:trojan-activity;sid:84135551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.128.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272452/; classtype:trojan-activity;sid:84135552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272453/; classtype:trojan-activity;sid:84135553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.124.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272454/; classtype:trojan-activity;sid:84135554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.109.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272455/; classtype:trojan-activity;sid:84135555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.233.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272456/; classtype:trojan-activity;sid:84135556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.51.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272457/; classtype:trojan-activity;sid:84135557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/team.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272448/; classtype:trojan-activity;sid:84135548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/authenticator222.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272447/; classtype:trojan-activity;sid:84135547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/identification.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272446/; classtype:trojan-activity;sid:84135546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/1111.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272445/; classtype:trojan-activity;sid:84135545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dtrade_v1.3.6.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272443/; classtype:trojan-activity;sid:84135543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/postbox.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272444/; classtype:trojan-activity;sid:84135544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bitcoincore.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272442/; classtype:trojan-activity;sid:84135542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/identification-1.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272441/; classtype:trojan-activity;sid:84135541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/indentif.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272440/; classtype:trojan-activity;sid:84135540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/authenticator.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272439/; classtype:trojan-activity;sid:84135539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thanksforusingourwebsite/serv/downloads/statement-110122025.exe"; depth:64; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272438/; classtype:trojan-activity;sid:84135538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gift-info.lmg.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272437/; classtype:trojan-activity;sid:84135537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/main.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272436/; classtype:trojan-activity;sid:84135536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/setup2.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272435/; classtype:trojan-activity;sid:84135535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/clcs.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272433/; classtype:trojan-activity;sid:84135533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pyl64.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272434/; classtype:trojan-activity;sid:84135534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/installer.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272432/; classtype:trojan-activity;sid:84135532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/8.11.9-windows.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272430/; classtype:trojan-activity;sid:84135530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/identifications.exe"; depth:24; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272431/; classtype:trojan-activity;sid:84135531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/jrkicre.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272429/; classtype:trojan-activity;sid:84135529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pctoccurred.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272428/; classtype:trojan-activity;sid:84135528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.184.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272426/; classtype:trojan-activity;sid:84135526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cudo.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272427/; classtype:trojan-activity;sid:84135527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build2.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272425/; classtype:trojan-activity;sid:84135525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5447jsx.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272424/; classtype:trojan-activity;sid:84135524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kill.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272423/; classtype:trojan-activity;sid:84135523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/anticheat.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272421/; classtype:trojan-activity;sid:84135521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mobiletrans.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272422/; classtype:trojan-activity;sid:84135522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/coreplugin.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272419/; classtype:trojan-activity;sid:84135519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dcratbuild.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272420/; classtype:trojan-activity;sid:84135520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/whiteheroin.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272418/; classtype:trojan-activity;sid:84135518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/nano.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272417/; classtype:trojan-activity;sid:84135517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptenumoidinfo9d26a48d46.exe"; depth:31; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272415/; classtype:trojan-activity;sid:84135515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/considerablewinners.exe"; depth:28; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272416/; classtype:trojan-activity;sid:84135516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pyld64.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272414/; classtype:trojan-activity;sid:84135514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vn70wvxw.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272412/; classtype:trojan-activity;sid:84135512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/yoyf.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272413/; classtype:trojan-activity;sid:84135513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/setup.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272411/; classtype:trojan-activity;sid:84135511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fprc.exe"; depth:9; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272410/; classtype:trojan-activity;sid:84135510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/ascfidk.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272409/; classtype:trojan-activity;sid:84135509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/systems.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272408/; classtype:trojan-activity;sid:84135508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.53.120.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272407/; classtype:trojan-activity;sid:84135507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svchost.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272405/; classtype:trojan-activity;sid:84135505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/univ.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272406/; classtype:trojan-activity;sid:84135506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svhosts.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272401/; classtype:trojan-activity;sid:84135501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.224.122.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272402/; classtype:trojan-activity;sid:84135502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/penis.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272403/; classtype:trojan-activity;sid:84135503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/operation6572.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272404/; classtype:trojan-activity;sid:84135504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/frap.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272399/; classtype:trojan-activity;sid:84135499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/splwow64.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272400/; classtype:trojan-activity;sid:84135500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rms1.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272398/; classtype:trojan-activity;sid:84135498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/edge.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272397/; classtype:trojan-activity;sid:84135497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.70.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272396/; classtype:trojan-activity;sid:84135496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mepaxil.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272394/; classtype:trojan-activity;sid:84135494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/armadegon.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272395/; classtype:trojan-activity;sid:84135495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pimer_bbbcontents7.exe"; depth:27; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272393/; classtype:trojan-activity;sid:84135493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zzzz1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272392/; classtype:trojan-activity;sid:84135492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ven_protected.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272390/; classtype:trojan-activity;sid:84135490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/test.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272391/; classtype:trojan-activity;sid:84135491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rage.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272389/; classtype:trojan-activity;sid:84135489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_default.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272387/; classtype:trojan-activity;sid:84135487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/buildred.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272388/; classtype:trojan-activity;sid:84135488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build11.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272386/; classtype:trojan-activity;sid:84135486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lee.exe"; depth:8; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272384/; classtype:trojan-activity;sid:84135484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/install2.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272385/; classtype:trojan-activity;sid:84135485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.142.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272382/; classtype:trojan-activity;sid:84135482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/s%d0%b5tup.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272383/; classtype:trojan-activity;sid:84135483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272381/; classtype:trojan-activity;sid:84135481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.54.149.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272379/; classtype:trojan-activity;sid:84135479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/hvnc1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272380/; classtype:trojan-activity;sid:84135480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/windowsui.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272378/; classtype:trojan-activity;sid:84135478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svhostc.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272377/; classtype:trojan-activity;sid:84135477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/channel1.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272376/; classtype:trojan-activity;sid:84135476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/client.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272375/; classtype:trojan-activity;sid:84135475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/firefox.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272374/; classtype:trojan-activity;sid:84135474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vlst.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272373/; classtype:trojan-activity;sid:84135473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ghost_0x000263826b9a9b91.exe"; depth:33; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272371/; classtype:trojan-activity;sid:84135471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.50.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272372/; classtype:trojan-activity;sid:84135472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/robotic.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272370/; classtype:trojan-activity;sid:84135470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/23c2343.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272368/; classtype:trojan-activity;sid:84135468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/decryptjohn.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272369/; classtype:trojan-activity;sid:84135469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ukodbcdcl.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272367/; classtype:trojan-activity;sid:84135467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/ndirsri.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272366/; classtype:trojan-activity;sid:84135466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/resex.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272364/; classtype:trojan-activity;sid:84135464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/launcher.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272365/; classtype:trojan-activity;sid:84135465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5_6190317556063017550.exe"; depth:30; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272363/; classtype:trojan-activity;sid:84135463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doma/stone.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272360/; classtype:trojan-activity;sid:84135460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/clip.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272361/; classtype:trojan-activity;sid:84135461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/taskhost.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272362/; classtype:trojan-activity;sid:84135462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/golden.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272359/; classtype:trojan-activity;sid:84135459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypteda.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272358/; classtype:trojan-activity;sid:84135458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/niribns.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272357/; classtype:trojan-activity;sid:84135457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xxl.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272356/; classtype:trojan-activity;sid:84135456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.155.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272354/; classtype:trojan-activity;sid:84135454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/meta.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272355/; classtype:trojan-activity;sid:84135455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/drchoe.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272353/; classtype:trojan-activity;sid:84135453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272352/; classtype:trojan-activity;sid:84135452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pharmaciesdetection.exe"; depth:28; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272350/; classtype:trojan-activity;sid:84135450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/soft.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272351/; classtype:trojan-activity;sid:84135451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/worker.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272348/; classtype:trojan-activity;sid:84135448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummac2.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272349/; classtype:trojan-activity;sid:84135449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/qqq.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272346/; classtype:trojan-activity;sid:84135446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/t3.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272347/; classtype:trojan-activity;sid:84135447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thanksforusingourwebsite/serv/downloads/statement-415322024.exe"; depth:64; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272345/; classtype:trojan-activity;sid:84135445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/s%d0%b5tu%d1%80111.exe"; depth:27; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272344/; classtype:trojan-activity;sid:84135444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thanksforusingourwebsite/serv/downloads/statement-415322025.exe"; depth:64; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272342/; classtype:trojan-activity;sid:84135442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xt.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272343/; classtype:trojan-activity;sid:84135443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build_2024-07-27_00-41.exe"; depth:31; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272340/; classtype:trojan-activity;sid:84135440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/3546345.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272341/; classtype:trojan-activity;sid:84135441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.202.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272338/; classtype:trojan-activity;sid:84135438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/needmoney.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272339/; classtype:trojan-activity;sid:84135439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pered.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272337/; classtype:trojan-activity;sid:84135437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dos.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272336/; classtype:trojan-activity;sid:84135436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/runtime.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272335/; classtype:trojan-activity;sid:84135435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummac22222.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272333/; classtype:trojan-activity;sid:84135433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/contorax.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272334/; classtype:trojan-activity;sid:84135434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/survox.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272332/; classtype:trojan-activity;sid:84135432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ovrflw.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272330/; classtype:trojan-activity;sid:84135430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cookie250.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272331/; classtype:trojan-activity;sid:84135431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.45.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272329/; classtype:trojan-activity;sid:84135429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/opdxdyeul.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272328/; classtype:trojan-activity;sid:84135428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/out_test_sig.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272327/; classtype:trojan-activity;sid:84135427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.75.161.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272326/; classtype:trojan-activity;sid:84135426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/06082025.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272323/; classtype:trojan-activity;sid:84135423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.191.175.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272324/; classtype:trojan-activity;sid:84135424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272325/; classtype:trojan-activity;sid:84135425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/12.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272322/; classtype:trojan-activity;sid:84135422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/freedom.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272321/; classtype:trojan-activity;sid:84135421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/25072023.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272320/; classtype:trojan-activity;sid:84135420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/baddstore.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272318/; classtype:trojan-activity;sid:84135418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/foffckb.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272319/; classtype:trojan-activity;sid:84135419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.120.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272317/; classtype:trojan-activity;sid:84135417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/igmmkmp.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272316/; classtype:trojan-activity;sid:84135416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/set-up.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272315/; classtype:trojan-activity;sid:84135415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/2020.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272313/; classtype:trojan-activity;sid:84135413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/microsoft.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272314/; classtype:trojan-activity;sid:84135414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/js.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272312/; classtype:trojan-activity;sid:84135412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/ifhcidg.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272309/; classtype:trojan-activity;sid:84135409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/doc.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272310/; classtype:trojan-activity;sid:84135410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/out.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272311/; classtype:trojan-activity;sid:84135411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/file1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272308/; classtype:trojan-activity;sid:84135408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/channel.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272306/; classtype:trojan-activity;sid:84135406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/armanivenntii_crypted_easy.exe"; depth:35; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272307/; classtype:trojan-activity;sid:84135407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zxcv.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272302/; classtype:trojan-activity;sid:84135402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zjpqxysn.exe"; depth:13; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272303/; classtype:trojan-activity;sid:84135403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/file.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272304/; classtype:trojan-activity;sid:84135404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/googleupdate.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272305/; classtype:trojan-activity;sid:84135405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vhpcde.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272301/; classtype:trojan-activity;sid:84135401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.61.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272299/; classtype:trojan-activity;sid:84135399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kitty.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272300/; classtype:trojan-activity;sid:84135400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gawdth.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272297/; classtype:trojan-activity;sid:84135397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.61.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272298/; classtype:trojan-activity;sid:84135398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.226.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272295/; classtype:trojan-activity;sid:84135395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/surfex.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272296/; classtype:trojan-activity;sid:84135396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/explorer.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272293/; classtype:trojan-activity;sid:84135393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pyld611114.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272294/; classtype:trojan-activity;sid:84135394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winrar-x64-701.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272292/; classtype:trojan-activity;sid:84135392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/newfile.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272291/; classtype:trojan-activity;sid:84135391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.rar"; depth:6; endswith; nocase; http.host; content:"78.161.46.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272290/; classtype:trojan-activity;sid:84135390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypted8888.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272289/; classtype:trojan-activity;sid:84135389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272288/; classtype:trojan-activity;sid:84135388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.15.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272286/; classtype:trojan-activity;sid:84135386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/1.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272287/; classtype:trojan-activity;sid:84135387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/300.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272284/; classtype:trojan-activity;sid:84135384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/creal.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272285/; classtype:trojan-activity;sid:84135385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/scheduledllama.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272281/; classtype:trojan-activity;sid:84135381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/new1.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272282/; classtype:trojan-activity;sid:84135382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.109.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272283/; classtype:trojan-activity;sid:84135383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cc2.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272277/; classtype:trojan-activity;sid:84135377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/jsawdtyjde.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272278/; classtype:trojan-activity;sid:84135378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/uhigdbf.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272279/; classtype:trojan-activity;sid:84135379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5_6253708004881862888.exe"; depth:30; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272280/; classtype:trojan-activity;sid:84135380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build9.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272276/; classtype:trojan-activity;sid:84135376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"185.248.13.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272274/; classtype:trojan-activity;sid:84135374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272275/; classtype:trojan-activity;sid:84135375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.88.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272273/; classtype:trojan-activity;sid:84135373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cbmefxrmnv.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272272/; classtype:trojan-activity;sid:84135372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/2.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272271/; classtype:trojan-activity;sid:84135371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/3544436.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272267/; classtype:trojan-activity;sid:84135367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/broadcom5.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272268/; classtype:trojan-activity;sid:84135368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.89.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272269/; classtype:trojan-activity;sid:84135369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_valenciga.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272270/; classtype:trojan-activity;sid:84135370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msql.bat"; depth:9; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272265/; classtype:trojan-activity;sid:84135365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/neon.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272266/; classtype:trojan-activity;sid:84135366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gopal4/twerrweteryw/downloads/hjdfgkh.jpg"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272264/; classtype:trojan-activity;sid:84135364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rorukal.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272261/; classtype:trojan-activity;sid:84135361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/we.exe"; depth:7; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272262/; classtype:trojan-activity;sid:84135362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_default2.exe"; depth:24; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272263/; classtype:trojan-activity;sid:84135363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/annesalt.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272260/; classtype:trojan-activity;sid:84135360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummnew.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272258/; classtype:trojan-activity;sid:84135358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/influencednervous.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272259/; classtype:trojan-activity;sid:84135359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/client_protected.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272257/; classtype:trojan-activity;sid:84135357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.61.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272255/; classtype:trojan-activity;sid:84135355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pichon.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272256/; classtype:trojan-activity;sid:84135356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bandwidth_monitor.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272253/; classtype:trojan-activity;sid:84135353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/morphic.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272254/; classtype:trojan-activity;sid:84135354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.64.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272252/; classtype:trojan-activity;sid:84135352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svc.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272251/; classtype:trojan-activity;sid:84135351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/14082024.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272249/; classtype:trojan-activity;sid:84135349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/battlegermany.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272250/; classtype:trojan-activity;sid:84135350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/diskutility.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272248/; classtype:trojan-activity;sid:84135348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/soft2.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272246/; classtype:trojan-activity;sid:84135346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/amadey.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272247/; classtype:trojan-activity;sid:84135347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.54.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272245/; classtype:trojan-activity;sid:84135345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5knchalah.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272243/; classtype:trojan-activity;sid:84135343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/semiconductornot.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272244/; classtype:trojan-activity;sid:84135344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/onedrive.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272242/; classtype:trojan-activity;sid:84135342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/4434.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272240/; classtype:trojan-activity;sid:84135340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bundle.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272241/; classtype:trojan-activity;sid:84135341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mynewrdx.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272237/; classtype:trojan-activity;sid:84135337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.132.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272238/; classtype:trojan-activity;sid:84135338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winn.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272239/; classtype:trojan-activity;sid:84135339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272236/; classtype:trojan-activity;sid:84135336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/343dsxs.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272233/; classtype:trojan-activity;sid:84135333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.171.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272234/; classtype:trojan-activity;sid:84135334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.35.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272235/; classtype:trojan-activity;sid:84135335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build_2024-07-25_20-56.exe"; depth:31; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272231/; classtype:trojan-activity;sid:84135331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/4ck3rr.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272232/; classtype:trojan-activity;sid:84135332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/ecepaoi.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272230/; classtype:trojan-activity;sid:84135330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypted.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272228/; classtype:trojan-activity;sid:84135328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cnyvvl.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272229/; classtype:trojan-activity;sid:84135329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cclent.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272226/; classtype:trojan-activity;sid:84135326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.43.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272227/; classtype:trojan-activity;sid:84135327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dccrypt.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272225/; classtype:trojan-activity;sid:84135325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/major.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272224/; classtype:trojan-activity;sid:84135324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/server.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272222/; classtype:trojan-activity;sid:84135322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cvv.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272223/; classtype:trojan-activity;sid:84135323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/seo.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272216/; classtype:trojan-activity;sid:84135316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/redsystem.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272217/; classtype:trojan-activity;sid:84135317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/msedge.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272218/; classtype:trojan-activity;sid:84135318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/purlog.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272219/; classtype:trojan-activity;sid:84135319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gsprout.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272220/; classtype:trojan-activity;sid:84135320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mswgoudnv.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272221/; classtype:trojan-activity;sid:84135321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/30072024.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272212/; classtype:trojan-activity;sid:84135312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/clsid.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272213/; classtype:trojan-activity;sid:84135313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xclient_protected.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272214/; classtype:trojan-activity;sid:84135314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build_2024-07-24_23-16.exe"; depth:31; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272215/; classtype:trojan-activity;sid:84135315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/request.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272210/; classtype:trojan-activity;sid:84135310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xxxx.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272211/; classtype:trojan-activity;sid:84135311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.101.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272206/; classtype:trojan-activity;sid:84135306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/123.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272207/; classtype:trojan-activity;sid:84135307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stub.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272208/; classtype:trojan-activity;sid:84135308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gold.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272209/; classtype:trojan-activity;sid:84135309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gagagggagagag.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272198/; classtype:trojan-activity;sid:84135298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.224.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272199/; classtype:trojan-activity;sid:84135299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/consoleapp3.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272200/; classtype:trojan-activity;sid:84135300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.64.235.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272201/; classtype:trojan-activity;sid:84135301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xm.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272202/; classtype:trojan-activity;sid:84135302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vidar.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272203/; classtype:trojan-activity;sid:84135303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_daval.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272204/; classtype:trojan-activity;sid:84135304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/northsperm.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272205/; classtype:trojan-activity;sid:84135305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gopal4/twerrweteryw/downloads/myimge.jpg|3f|14441723"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272196/; classtype:trojan-activity;sid:84135296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gopal4/twerrweteryw/downloads/myimge.jpg|3f|13441721"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272197/; classtype:trojan-activity;sid:84135297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sodirect.jar"; depth:13; endswith; nocase; http.host; content:"buskwet.s3.eu-west-1.amazonaws.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272195/; classtype:trojan-activity;sid:84135295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sodirect.jar"; depth:13; endswith; nocase; http.host; content:"buskwet.s3.eu-west-1.amazonaws.com"; depth:34; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272194/; classtype:trojan-activity;sid:84135294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell/obfuscator_1721486698027.txt"; depth:35; endswith; nocase; http.host; content:"seo.cyberdefender.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272193/; classtype:trojan-activity;sid:84135293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/div.php"; depth:8; endswith; nocase; http.host; content:"147.78.12.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272188/; classtype:trojan-activity;sid:84135288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marijuana.php"; depth:14; endswith; nocase; http.host; content:"147.78.12.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272189/; classtype:trojan-activity;sid:84135289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contents.php"; depth:13; endswith; nocase; http.host; content:"147.78.12.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272190/; classtype:trojan-activity;sid:84135290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conf1g.php"; depth:11; endswith; nocase; http.host; content:"147.78.12.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272191/; classtype:trojan-activity;sid:84135291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxfile.php"; depth:11; endswith; nocase; http.host; content:"147.78.12.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272192/; classtype:trojan-activity;sid:84135292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webshell/yy/contents.txt"; depth:25; endswith; nocase; http.host; content:"seo.cyberdefender.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272187/; classtype:trojan-activity;sid:84135287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.75.161.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272186/; classtype:trojan-activity;sid:84135286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.249.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272179/; classtype:trojan-activity;sid:84135279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_131.exe"; depth:15; endswith; nocase; http.host; content:"gosp.davidmolins.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272177/; classtype:trojan-activity;sid:84135277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.4.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272176/; classtype:trojan-activity;sid:84135276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.151.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272175/; classtype:trojan-activity;sid:84135275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.101.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272173/; classtype:trojan-activity;sid:84135273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.248.82.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272174/; classtype:trojan-activity;sid:84135274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.53.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272172/; classtype:trojan-activity;sid:84135272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.72.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272171/; classtype:trojan-activity;sid:84135271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.30.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272170/; classtype:trojan-activity;sid:84135270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.124.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272169/; classtype:trojan-activity;sid:84135269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.163.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272168/; classtype:trojan-activity;sid:84135268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272165/; classtype:trojan-activity;sid:84135265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.15.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272166/; classtype:trojan-activity;sid:84135266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.55.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272167/; classtype:trojan-activity;sid:84135267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272164/; classtype:trojan-activity;sid:84135264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.224.122.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272163/; classtype:trojan-activity;sid:84135263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.54.149.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272162/; classtype:trojan-activity;sid:84135262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.94.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272159/; classtype:trojan-activity;sid:84135259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.101.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272160/; classtype:trojan-activity;sid:84135260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.251.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272161/; classtype:trojan-activity;sid:84135261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.239.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272158/; classtype:trojan-activity;sid:84135258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.251.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272156/; classtype:trojan-activity;sid:84135256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.210.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272157/; classtype:trojan-activity;sid:84135257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.151.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272155/; classtype:trojan-activity;sid:84135255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.213.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272154/; classtype:trojan-activity;sid:84135254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.15.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272153/; classtype:trojan-activity;sid:84135253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"91.80.152.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272152/; classtype:trojan-activity;sid:84135252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.131.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272151/; classtype:trojan-activity;sid:84135251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.143.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272150/; classtype:trojan-activity;sid:84135250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.110.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272148/; classtype:trojan-activity;sid:84135248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.80.35.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272149/; classtype:trojan-activity;sid:84135249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272147/; classtype:trojan-activity;sid:84135247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272146/; classtype:trojan-activity;sid:84135246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.58.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272145/; classtype:trojan-activity;sid:84135245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/ruzno"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272143/; classtype:trojan-activity;sid:84135243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/stnna"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272144/; classtype:trojan-activity;sid:84135244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.39.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272142/; classtype:trojan-activity;sid:84135242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.248.224.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272141/; classtype:trojan-activity;sid:84135241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272140/; classtype:trojan-activity;sid:84135240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.210.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272138/; classtype:trojan-activity;sid:84135238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272139/; classtype:trojan-activity;sid:84135239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.192.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272137/; classtype:trojan-activity;sid:84135237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.206.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272136/; classtype:trojan-activity;sid:84135236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272135/; classtype:trojan-activity;sid:84135235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.185.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272134/; classtype:trojan-activity;sid:84135234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.151.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272133/; classtype:trojan-activity;sid:84135233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.54.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272132/; classtype:trojan-activity;sid:84135232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272131/; classtype:trojan-activity;sid:84135231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272130/; classtype:trojan-activity;sid:84135230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.85.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272129/; classtype:trojan-activity;sid:84135229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.62.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272128/; classtype:trojan-activity;sid:84135228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.83.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272127/; classtype:trojan-activity;sid:84135227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272126/; classtype:trojan-activity;sid:84135226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.121.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272124/; classtype:trojan-activity;sid:84135224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.248.224.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272125/; classtype:trojan-activity;sid:84135225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.233.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272123/; classtype:trojan-activity;sid:84135223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.113.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272122/; classtype:trojan-activity;sid:84135222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.174.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272121/; classtype:trojan-activity;sid:84135221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.60.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272119/; classtype:trojan-activity;sid:84135219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272120/; classtype:trojan-activity;sid:84135220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.60.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272118/; classtype:trojan-activity;sid:84135218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.2.67.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272117/; classtype:trojan-activity;sid:84135217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272116/; classtype:trojan-activity;sid:84135216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272115/; classtype:trojan-activity;sid:84135215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.128.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272114/; classtype:trojan-activity;sid:84135214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.253.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272113/; classtype:trojan-activity;sid:84135213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.154.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272112/; classtype:trojan-activity;sid:84135212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.187.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272111/; classtype:trojan-activity;sid:84135211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.113.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272110/; classtype:trojan-activity;sid:84135210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.152.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272109/; classtype:trojan-activity;sid:84135209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.132.132.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272108/; classtype:trojan-activity;sid:84135208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"148.103.220.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272107/; classtype:trojan-activity;sid:84135207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.62.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272106/; classtype:trojan-activity;sid:84135206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.213.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272105/; classtype:trojan-activity;sid:84135205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.2.67.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272104/; classtype:trojan-activity;sid:84135204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.19.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272103/; classtype:trojan-activity;sid:84135203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.121.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272102/; classtype:trojan-activity;sid:84135202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.28.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272101/; classtype:trojan-activity;sid:84135201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272100/; classtype:trojan-activity;sid:84135200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.203.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272099/; classtype:trojan-activity;sid:84135199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272097/; classtype:trojan-activity;sid:84135197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.172.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272098/; classtype:trojan-activity;sid:84135198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.60.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272096/; classtype:trojan-activity;sid:84135196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272095/; classtype:trojan-activity;sid:84135195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/jjsploit/raw/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272091/; classtype:trojan-activity;sid:84135191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kookspook24/ovix-gta-5-mod-menu-updated/releases/download/ovix-mod-menu/launcher.zip"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272093/; classtype:trojan-activity;sid:84135193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/jjsploit/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272094/; classtype:trojan-activity;sid:84135194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/actualka/raw/refs/heads/main/433412.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272089/; classtype:trojan-activity;sid:84135189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/jjsploit/refs/heads/main/file_jjsploit"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272090/; classtype:trojan-activity;sid:84135190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/iuiiiuj/loader1/buildzipname.txt"; depth:49; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272087/; classtype:trojan-activity;sid:84135187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/iuiiiuj/loader1/statisticonoff.txt"; depth:51; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272088/; classtype:trojan-activity;sid:84135188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.54.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272074/; classtype:trojan-activity;sid:84135174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/actualka/raw/refs/heads/main/file"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272075/; classtype:trojan-activity;sid:84135175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/jjsploit/raw/refs/heads/main/tumbler_l"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272076/; classtype:trojan-activity;sid:84135176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/actualka/refs/heads/main/file"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272077/; classtype:trojan-activity;sid:84135177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/liveyours111/newinstaller27/buildzipname.txt"; depth:61; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272078/; classtype:trojan-activity;sid:84135178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/iuiiiuj/loader1/z-closing.txt"; depth:46; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272079/; classtype:trojan-activity;sid:84135179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/iuiiiuj/loader1/buildlink.txt"; depth:46; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272080/; classtype:trojan-activity;sid:84135180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/iuiiiuj/hwids.txt"; depth:34; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272081/; classtype:trojan-activity;sid:84135181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/liveyours111/newinstaller27/statisticonoff.txt"; depth:63; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272082/; classtype:trojan-activity;sid:84135182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/jjsploit/refs/heads/main/tumbler_l"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272083/; classtype:trojan-activity;sid:84135183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/actualka/refs/heads/main/tumbler_g"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272084/; classtype:trojan-activity;sid:84135184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/liveyours111/newinstaller27/buildname.txt"; depth:58; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272085/; classtype:trojan-activity;sid:84135185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/liveyours111/newinstaller27/z-closing.txt"; depth:58; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272086/; classtype:trojan-activity;sid:84135186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/liveyours111/hwids.txt"; depth:39; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272070/; classtype:trojan-activity;sid:84135170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_files/archives/3a0432_20f7bb04cf594d18b1df2c723ba97835.zip|3f|dn=!%20chromer%20updaters.zip"; depth:93; endswith; nocase; http.host; content:"www.rphingenieria.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272071/; classtype:trojan-activity;sid:84135171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/hwid.txt"; depth:25; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272072/; classtype:trojan-activity;sid:84135172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/jjsploit/raw/refs/heads/main/file_jjsploit"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272073/; classtype:trojan-activity;sid:84135173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.43.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272069/; classtype:trojan-activity;sid:84135169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.83.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272068/; classtype:trojan-activity;sid:84135168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.22.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272067/; classtype:trojan-activity;sid:84135167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.46.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272066/; classtype:trojan-activity;sid:84135166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"153.209.210.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272064/; classtype:trojan-activity;sid:84135164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.113.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272065/; classtype:trojan-activity;sid:84135165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.247.6.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272063/; classtype:trojan-activity;sid:84135163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.3.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272062/; classtype:trojan-activity;sid:84135162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272061/; classtype:trojan-activity;sid:84135161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.185.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272060/; classtype:trojan-activity;sid:84135160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.91.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272059/; classtype:trojan-activity;sid:84135159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.9.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272058/; classtype:trojan-activity;sid:84135158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.10.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272057/; classtype:trojan-activity;sid:84135157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.91.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272056/; classtype:trojan-activity;sid:84135156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272055/; classtype:trojan-activity;sid:84135155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.38.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272054/; classtype:trojan-activity;sid:84135154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272052/; classtype:trojan-activity;sid:84135152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.203.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272053/; classtype:trojan-activity;sid:84135153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.122.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272051/; classtype:trojan-activity;sid:84135151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272050/; classtype:trojan-activity;sid:84135150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.54.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272049/; classtype:trojan-activity;sid:84135149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.112.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272048/; classtype:trojan-activity;sid:84135148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.137.248.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272047/; classtype:trojan-activity;sid:84135147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.43.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272046/; classtype:trojan-activity;sid:84135146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.73.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272045/; classtype:trojan-activity;sid:84135145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.10.18.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272044/; classtype:trojan-activity;sid:84135144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272042/; classtype:trojan-activity;sid:84135142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.23.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272043/; classtype:trojan-activity;sid:84135143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.241.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272041/; classtype:trojan-activity;sid:84135141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.13.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272040/; classtype:trojan-activity;sid:84135140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272039/; classtype:trojan-activity;sid:84135139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272038/; classtype:trojan-activity;sid:84135138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.58.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272037/; classtype:trojan-activity;sid:84135137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272036/; classtype:trojan-activity;sid:84135136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272035/; classtype:trojan-activity;sid:84135135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.122.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272034/; classtype:trojan-activity;sid:84135134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.58.158"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272033/; classtype:trojan-activity;sid:84135133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.52.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272032/; classtype:trojan-activity;sid:84135132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272031/; classtype:trojan-activity;sid:84135131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272030/; classtype:trojan-activity;sid:84135130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272029/; classtype:trojan-activity;sid:84135129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.180.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272028/; classtype:trojan-activity;sid:84135128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.165.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272027/; classtype:trojan-activity;sid:84135127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.119.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272026/; classtype:trojan-activity;sid:84135126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.119.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272025/; classtype:trojan-activity;sid:84135125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.238.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272024/; classtype:trojan-activity;sid:84135124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272023/; classtype:trojan-activity;sid:84135123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272022/; classtype:trojan-activity;sid:84135122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.73.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272021/; classtype:trojan-activity;sid:84135121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/7nergqhv.exe"; depth:18; endswith; nocase; http.host; content:"lobfile.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272020/; classtype:trojan-activity;sid:84135120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"98.233.5.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272019/; classtype:trojan-activity;sid:84135119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.23.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272018/; classtype:trojan-activity;sid:84135118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.97.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272017/; classtype:trojan-activity;sid:84135117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.exe"; depth:11; endswith; nocase; http.host; content:"154.197.69.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272016/; classtype:trojan-activity;sid:84135116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zcc.exe"; depth:8; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272015/; classtype:trojan-activity;sid:84135115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272014/; classtype:trojan-activity;sid:84135114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lnk.bat"; depth:8; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272013/; classtype:trojan-activity;sid:84135113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.bat"; depth:7; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272012/; classtype:trojan-activity;sid:84135112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.247.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272011/; classtype:trojan-activity;sid:84135111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.72.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272010/; classtype:trojan-activity;sid:84135110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.bat"; depth:6; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272006/; classtype:trojan-activity;sid:84135106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clean/cleantwnm9.bat"; depth:21; endswith; nocase; http.host; content:"wanfreeprogram.shop"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272007/; classtype:trojan-activity;sid:84135107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3pool7.bat"; depth:12; endswith; nocase; http.host; content:"c3poolbat.oss-accelerate.aliyuncs.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272008/; classtype:trojan-activity;sid:84135108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/add.bat"; depth:8; endswith; nocase; http.host; content:"update.vlnguba.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272009/; classtype:trojan-activity;sid:84135109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoc3pool.bat"; depth:15; endswith; nocase; http.host; content:"c3poolbat.oss-accelerate.aliyuncs.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272005/; classtype:trojan-activity;sid:84135105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5rymg.bat"; depth:10; endswith; nocase; http.host; content:"courtage-psd.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272002/; classtype:trojan-activity;sid:84135102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.bat"; depth:11; endswith; nocase; http.host; content:"deushack.site"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272003/; classtype:trojan-activity;sid:84135103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exit.bat"; depth:9; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272004/; classtype:trojan-activity;sid:84135104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freecleaner.bat"; depth:16; endswith; nocase; http.host; content:"cdnimmortal.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271999/; classtype:trojan-activity;sid:84135099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kling.bat"; depth:10; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272000/; classtype:trojan-activity;sid:84135100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.bat"; depth:6; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272001/; classtype:trojan-activity;sid:84135101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/persistence.bat"; depth:16; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271993/; classtype:trojan-activity;sid:84135093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y.bat"; depth:6; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271994/; classtype:trojan-activity;sid:84135094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exclu.bat"; depth:10; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271995/; classtype:trojan-activity;sid:84135095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bat1.bat"; depth:9; endswith; nocase; http.host; content:"15.235.130.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271996/; classtype:trojan-activity;sid:84135096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foodbox_install.bat"; depth:20; endswith; nocase; http.host; content:"omnicom.fr"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271997/; classtype:trojan-activity;sid:84135097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok.bat"; depth:7; endswith; nocase; http.host; content:"15.235.130.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271998/; classtype:trojan-activity;sid:84135098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hdev.bat"; depth:9; endswith; nocase; http.host; content:"15.235.130.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271987/; classtype:trojan-activity;sid:84135087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exit.bat"; depth:9; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271988/; classtype:trojan-activity;sid:84135088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bat2.bat"; depth:9; endswith; nocase; http.host; content:"15.235.130.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271989/; classtype:trojan-activity;sid:84135089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowsstartup.bat"; depth:19; endswith; nocase; http.host; content:"15.235.130.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271990/; classtype:trojan-activity;sid:84135090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y.bat"; depth:6; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271991/; classtype:trojan-activity;sid:84135091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/persistence.bat"; depth:16; endswith; nocase; http.host; content:"virtualishot.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271992/; classtype:trojan-activity;sid:84135092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/checker.bat"; depth:12; endswith; nocase; http.host; content:"cdnimmortal.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271984/; classtype:trojan-activity;sid:84135084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydromc.bat"; depth:12; endswith; nocase; http.host; content:"looksrare.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271985/; classtype:trojan-activity;sid:84135085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydromc.bat"; depth:12; endswith; nocase; http.host; content:"looksrare.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271986/; classtype:trojan-activity;sid:84135086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.46.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271983/; classtype:trojan-activity;sid:84135083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.247.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271982/; classtype:trojan-activity;sid:84135082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/yes/loader.exe"; depth:20; endswith; nocase; http.host; content:"emplaceking.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271981/; classtype:trojan-activity;sid:84135081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"www.eccheats.store"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271980/; classtype:trojan-activity;sid:84135080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/rage/loader.exe"; depth:21; endswith; nocase; http.host; content:"emplaceking.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271979/; classtype:trojan-activity;sid:84135079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.123.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271978/; classtype:trojan-activity;sid:84135078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.227.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271975/; classtype:trojan-activity;sid:84135075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.59.109.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271976/; classtype:trojan-activity;sid:84135076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.251.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271977/; classtype:trojan-activity;sid:84135077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/output/client/starter.exe"; depth:30; endswith; nocase; http.host; content:"89.213.50.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271974/; classtype:trojan-activity;sid:84135074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/loader.exe"; depth:16; endswith; nocase; http.host; content:"emplaceking.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271973/; classtype:trojan-activity;sid:84135073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/output/client/rohanclient.exe"; depth:34; endswith; nocase; http.host; content:"89.213.50.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271972/; classtype:trojan-activity;sid:84135072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.238.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271971/; classtype:trojan-activity;sid:84135071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.6.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271970/; classtype:trojan-activity;sid:84135070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/output/client/loader.exe"; depth:29; endswith; nocase; http.host; content:"89.213.50.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271969/; classtype:trojan-activity;sid:84135069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"193.227.240.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271968/; classtype:trojan-activity;sid:84135068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.227.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271967/; classtype:trojan-activity;sid:84135067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271966/; classtype:trojan-activity;sid:84135066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.77.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271965/; classtype:trojan-activity;sid:84135065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.209.130.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271964/; classtype:trojan-activity;sid:84135064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.22.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271963/; classtype:trojan-activity;sid:84135063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.147.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271962/; classtype:trojan-activity;sid:84135062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.94.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271961/; classtype:trojan-activity;sid:84135061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.69.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271960/; classtype:trojan-activity;sid:84135060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.17.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271959/; classtype:trojan-activity;sid:84135059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.28.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271958/; classtype:trojan-activity;sid:84135058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.173.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271953/; classtype:trojan-activity;sid:84135053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.41.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271954/; classtype:trojan-activity;sid:84135054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.84.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271955/; classtype:trojan-activity;sid:84135055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"38.137.0.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271956/; classtype:trojan-activity;sid:84135056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.194.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271957/; classtype:trojan-activity;sid:84135057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.244.203.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271952/; classtype:trojan-activity;sid:84135052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.204"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271951/; classtype:trojan-activity;sid:84135051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/iuiiiuj/loader1/buildname.txt"; depth:46; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271950/; classtype:trojan-activity;sid:84135050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.94.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271949/; classtype:trojan-activity;sid:84135049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.22.143"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271948/; classtype:trojan-activity;sid:84135048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.216.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271947/; classtype:trojan-activity;sid:84135047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.96.74"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271946/; classtype:trojan-activity;sid:84135046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/install-client.zip"; depth:24; endswith; nocase; http.host; content:"www.kailabeachhotel.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271945/; classtype:trojan-activity;sid:84135045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.193.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271944/; classtype:trojan-activity;sid:84135044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.223.218.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271943/; classtype:trojan-activity;sid:84135043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.zip"; depth:6; endswith; nocase; http.host; content:"weberside.do.am"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271942/; classtype:trojan-activity;sid:84135042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271941/; classtype:trojan-activity;sid:84135041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.30.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271940/; classtype:trojan-activity;sid:84135040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.173.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271938/; classtype:trojan-activity;sid:84135038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/actualka/refs/heads/main/433412.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271939/; classtype:trojan-activity;sid:84135039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pghtsata//lspthasw.exe"; depth:23; endswith; nocase; http.host; content:"178.236.247.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271937/; classtype:trojan-activity;sid:84135037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pclient.exe"; depth:12; endswith; nocase; http.host; content:"193.233.254.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271936/; classtype:trojan-activity;sid:84135036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oclo.exe"; depth:9; endswith; nocase; http.host; content:"193.233.254.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271935/; classtype:trojan-activity;sid:84135035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elm.exe"; depth:8; endswith; nocase; http.host; content:"193.233.254.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271933/; classtype:trojan-activity;sid:84135033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/responsibilityleadpro.exe"; depth:26; endswith; nocase; http.host; content:"193.233.254.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271934/; classtype:trojan-activity;sid:84135034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.44.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271932/; classtype:trojan-activity;sid:84135032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/actualka/raw/refs/heads/main/433412.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271931/; classtype:trojan-activity;sid:84135031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcin2123/actualka/raw/refs/heads/main/tumbler_g"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271930/; classtype:trojan-activity;sid:84135030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.108.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271929/; classtype:trojan-activity;sid:84135029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.124.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271928/; classtype:trojan-activity;sid:84135028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.9.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271926/; classtype:trojan-activity;sid:84135026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.162.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271927/; classtype:trojan-activity;sid:84135027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/sonygamamanager.dll"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271918/; classtype:trojan-activity;sid:84135018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271917/; classtype:trojan-activity;sid:84135017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.147.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271916/; classtype:trojan-activity;sid:84135016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.144.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271915/; classtype:trojan-activity;sid:84135015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suslo.exe"; depth:10; endswith; nocase; http.host; content:"150.241.95.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271914/; classtype:trojan-activity;sid:84135014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.55.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271912/; classtype:trojan-activity;sid:84135012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.112.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271913/; classtype:trojan-activity;sid:84135013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm7/"; depth:35; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271910/; classtype:trojan-activity;sid:84135010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.106.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271911/; classtype:trojan-activity;sid:84135011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.170.200.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271908/; classtype:trojan-activity;sid:84135008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.53.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271909/; classtype:trojan-activity;sid:84135009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.224.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271907/; classtype:trojan-activity;sid:84135007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.85.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271906/; classtype:trojan-activity;sid:84135006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271905/; classtype:trojan-activity;sid:84135005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.88.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271904/; classtype:trojan-activity;sid:84135004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.96.74"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271903/; classtype:trojan-activity;sid:84135003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.15.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271902/; classtype:trojan-activity;sid:84135002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.47.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271901/; classtype:trojan-activity;sid:84135001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.118.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271900/; classtype:trojan-activity;sid:84135000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271899/; classtype:trojan-activity;sid:84134999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.223.218.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271898/; classtype:trojan-activity;sid:84134998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.138.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271897/; classtype:trojan-activity;sid:84134997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.206.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271896/; classtype:trojan-activity;sid:84134996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/jthvhbrcl.vdf"; depth:26; endswith; nocase; http.host; content:"geocs.mx"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271895/; classtype:trojan-activity;sid:84134995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.216.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271893/; classtype:trojan-activity;sid:84134993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.112.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271894/; classtype:trojan-activity;sid:84134994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/kmnznxwp.vdf"; depth:25; endswith; nocase; http.host; content:"geocs.mx"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271891/; classtype:trojan-activity;sid:84134991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.15.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271892/; classtype:trojan-activity;sid:84134992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.193.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271890/; classtype:trojan-activity;sid:84134990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.39.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271889/; classtype:trojan-activity;sid:84134989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.208.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271888/; classtype:trojan-activity;sid:84134988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.189.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271887/; classtype:trojan-activity;sid:84134987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271886/; classtype:trojan-activity;sid:84134986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.106.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271885/; classtype:trojan-activity;sid:84134985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.254.95.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271884/; classtype:trojan-activity;sid:84134984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1q-otf4a|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271883/; classtype:trojan-activity;sid:84134983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.122.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271881/; classtype:trojan-activity;sid:84134981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271879/; classtype:trojan-activity;sid:84134979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/anzvlgkl.vdf"; depth:25; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271880/; classtype:trojan-activity;sid:84134980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/gkall.dat"; depth:22; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271878/; classtype:trojan-activity;sid:84134978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/anzvlgkl.vdf"; depth:25; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271877/; classtype:trojan-activity;sid:84134977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/favor/uxyypzrq.mp4"; depth:19; endswith; nocase; http.host; content:"erkasera.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271876/; classtype:trojan-activity;sid:84134976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/pkwihcjnew.dat"; depth:27; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271874/; classtype:trojan-activity;sid:84134974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/byxhfqgpzkc.dat"; depth:28; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271875/; classtype:trojan-activity;sid:84134975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/wdscn.vdf"; depth:22; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271873/; classtype:trojan-activity;sid:84134973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/crilkgsy.dat"; depth:25; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271872/; classtype:trojan-activity;sid:84134972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/crilkgsy.dat"; depth:25; endswith; nocase; http.host; content:"municipiodomaio.cv"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271871/; classtype:trojan-activity;sid:84134971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=2oadjzfo|7c|26|7c|p=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271869/; classtype:trojan-activity;sid:84134969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.216.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271870/; classtype:trojan-activity;sid:84134970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.239.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271867/; classtype:trojan-activity;sid:84134967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.90.91.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271868/; classtype:trojan-activity;sid:84134968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.195.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271861/; classtype:trojan-activity;sid:84134961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.243.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271862/; classtype:trojan-activity;sid:84134962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.89.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271863/; classtype:trojan-activity;sid:84134963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.151.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271864/; classtype:trojan-activity;sid:84134964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.13.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271865/; classtype:trojan-activity;sid:84134965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.8.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271866/; classtype:trojan-activity;sid:84134966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/cqnuke.exe"; depth:23; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271858/; classtype:trojan-activity;sid:84134958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/25.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271855/; classtype:trojan-activity;sid:84134955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/18.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271856/; classtype:trojan-activity;sid:84134956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=3s4oce2r|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271857/; classtype:trojan-activity;sid:84134957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/4.exe"; depth:17; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271853/; classtype:trojan-activity;sid:84134953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/hook.iso"; depth:21; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271854/; classtype:trojan-activity;sid:84134954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/malware2.exe"; depth:25; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271852/; classtype:trojan-activity;sid:84134952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/hook.iso/"; depth:22; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271849/; classtype:trojan-activity;sid:84134949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/2f6e054e58af48bfb96bbefa724529e7.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271850/; classtype:trojan-activity;sid:84134950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/15.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271851/; classtype:trojan-activity;sid:84134951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/7396c840cc654764a3495f8756021e10.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271848/; classtype:trojan-activity;sid:84134948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/b9c2d7624f574ca29cfe48dd63be7843.exe"; depth:48; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271847/; classtype:trojan-activity;sid:84134947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/"; depth:17; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271845/; classtype:trojan-activity;sid:84134945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/6f6fc662eaf347cdb08b1dc15abba962.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271846/; classtype:trojan-activity;sid:84134946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/5c7176d3b9b74063847dc952bee4a8d9.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271844/; classtype:trojan-activity;sid:84134944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/81b4bdcecd094b89bb7881a6d7566ff6.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271843/; classtype:trojan-activity;sid:84134943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/7396c840cc654764a3495f8756021e10.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271841/; classtype:trojan-activity;sid:84134941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/ebf8c73e04004b3b9a6e4f82d63bf05b.exe"; depth:48; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271842/; classtype:trojan-activity;sid:84134942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/fa4cb5213eae4a91a356a569aa75c3e4.exe/"; depth:49; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271840/; classtype:trojan-activity;sid:84134940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc"; depth:16; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271839/; classtype:trojan-activity;sid:84134939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/55b8d76765cb48598af5d6b51c67cdc9.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271838/; classtype:trojan-activity;sid:84134938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/23.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271836/; classtype:trojan-activity;sid:84134936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/23.exe/"; depth:19; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271837/; classtype:trojan-activity;sid:84134937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/1da1dbbe212946f8b2a4cd1a9ec6acd0.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271835/; classtype:trojan-activity;sid:84134935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.90.91.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271833/; classtype:trojan-activity;sid:84134933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/e84cf18162e644d0b45ac700c9c158ed.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271834/; classtype:trojan-activity;sid:84134934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/24.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271831/; classtype:trojan-activity;sid:84134931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1hgmygva|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271832/; classtype:trojan-activity;sid:84134932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/24.exe/"; depth:19; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271830/; classtype:trojan-activity;sid:84134930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/5.exe/"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271829/; classtype:trojan-activity;sid:84134929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/1122a1f9a39740b1af6e2121842471e0.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271828/; classtype:trojan-activity;sid:84134928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1rjot3of|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271827/; classtype:trojan-activity;sid:84134927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/e245ef50100240d496a0512c1fefaf7a.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271825/; classtype:trojan-activity;sid:84134925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/"; depth:12; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271826/; classtype:trojan-activity;sid:84134926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/malware.exe"; depth:24; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271824/; classtype:trojan-activity;sid:84134924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/malware2.exe/"; depth:26; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271823/; classtype:trojan-activity;sid:84134923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1en-nmxf|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271820/; classtype:trojan-activity;sid:84134920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=16ajcfmn|7c|26|7c|p=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271821/; classtype:trojan-activity;sid:84134921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/6ebeaa4b059b428d968c83f90589d3e5.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271822/; classtype:trojan-activity;sid:84134922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/"; depth:12; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271819/; classtype:trojan-activity;sid:84134919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/b42cd4f9b8a740ec8785a84015936fe4.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271818/; classtype:trojan-activity;sid:84134918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/b46cbb5c34b644b087f7afe19992038d.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271817/; classtype:trojan-activity;sid:84134917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/e84cf18162e644d0b45ac700c9c158ed.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271816/; classtype:trojan-activity;sid:84134916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/10.exe/"; depth:19; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271815/; classtype:trojan-activity;sid:84134915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/cqnuke.exe/"; depth:24; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271814/; classtype:trojan-activity;sid:84134914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/b7478ebe7e7644f3a1cfa26ffdc9acdb.exe/"; depth:49; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271813/; classtype:trojan-activity;sid:84134913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/e1ada754efdb4efea31d31b744e69628.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271812/; classtype:trojan-activity;sid:84134912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/6ebeaa4b059b428d968c83f90589d3e5.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271811/; classtype:trojan-activity;sid:84134911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/e1bf5b1aea774ee0836639d821211107.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271810/; classtype:trojan-activity;sid:84134910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/8c2e17c45fa542f8a95a97d6edd32eb8.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271809/; classtype:trojan-activity;sid:84134909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271808/; classtype:trojan-activity;sid:84134908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/b23047c69fd842b999a2a29d7454b541.exe"; depth:48; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271807/; classtype:trojan-activity;sid:84134907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.135.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271805/; classtype:trojan-activity;sid:84134905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.104.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271806/; classtype:trojan-activity;sid:84134906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1rjot3of|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271804/; classtype:trojan-activity;sid:84134904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271801/; classtype:trojan-activity;sid:84134901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi"; depth:11; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271802/; classtype:trojan-activity;sid:84134902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/ebf8c73e04004b3b9a6e4f82d63bf05b.exe/"; depth:49; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271803/; classtype:trojan-activity;sid:84134903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/10.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271800/; classtype:trojan-activity;sid:84134900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/5.exe"; depth:17; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271799/; classtype:trojan-activity;sid:84134899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/python/"; depth:14; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271798/; classtype:trojan-activity;sid:84134898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=0vmptzyx|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271797/; classtype:trojan-activity;sid:84134897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/python/"; depth:14; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271795/; classtype:trojan-activity;sid:84134895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/8c2e17c45fa542f8a95a97d6edd32eb8.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271796/; classtype:trojan-activity;sid:84134896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/infectorr.exe"; depth:26; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271791/; classtype:trojan-activity;sid:84134891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/1.exe"; depth:17; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271792/; classtype:trojan-activity;sid:84134892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/5c7176d3b9b74063847dc952bee4a8d9.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271793/; classtype:trojan-activity;sid:84134893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=0n6ea0gv|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271794/; classtype:trojan-activity;sid:84134894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/python/activepython-2.7.2.5-win64-x64.msi/"; depth:49; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271788/; classtype:trojan-activity;sid:84134888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/ff044c430583460a8f739514223d7ccc.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271789/; classtype:trojan-activity;sid:84134889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/dpapi/"; depth:13; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271790/; classtype:trojan-activity;sid:84134890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1wjdqhl5|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271787/; classtype:trojan-activity;sid:84134887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/malware.exe/"; depth:25; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271784/; classtype:trojan-activity;sid:84134884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=3s4oce2r|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271785/; classtype:trojan-activity;sid:84134885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/verifiertwo.exe"; depth:28; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271786/; classtype:trojan-activity;sid:84134886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/4.exe/"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271783/; classtype:trojan-activity;sid:84134883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.91.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271782/; classtype:trojan-activity;sid:84134882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=27vcrle1|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271781/; classtype:trojan-activity;sid:84134881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/25afa4ee9b144bc7af9c9b23b11f8e36.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271780/; classtype:trojan-activity;sid:84134880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=0q45fll6|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271779/; classtype:trojan-activity;sid:84134879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/c6db6fd5e7e34c3c852e49aa26cee435.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271777/; classtype:trojan-activity;sid:84134877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271774/; classtype:trojan-activity;sid:84134874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.123.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271775/; classtype:trojan-activity;sid:84134875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/verifiertwo.exe/"; depth:29; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271776/; classtype:trojan-activity;sid:84134876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=2oadjzfo|7c|26|7c|p=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271770/; classtype:trojan-activity;sid:84134870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/18.exe/"; depth:19; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271771/; classtype:trojan-activity;sid:84134871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/sysmon"; depth:13; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271772/; classtype:trojan-activity;sid:84134872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/fa4cb5213eae4a91a356a569aa75c3e4.exe"; depth:48; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271773/; classtype:trojan-activity;sid:84134873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/2.exe/"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271769/; classtype:trojan-activity;sid:84134869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.8.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271767/; classtype:trojan-activity;sid:84134867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=2v4ag0ze|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271768/; classtype:trojan-activity;sid:84134868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/7.exe/"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271766/; classtype:trojan-activity;sid:84134866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.74.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271765/; classtype:trojan-activity;sid:84134865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/16.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271764/; classtype:trojan-activity;sid:84134864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/19.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271762/; classtype:trojan-activity;sid:84134862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.69.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271763/; classtype:trojan-activity;sid:84134863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|d=1|7c|26|7c|h=2v4ag0ze"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271761/; classtype:trojan-activity;sid:84134861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/b7478ebe7e7644f3a1cfa26ffdc9acdb.exe"; depth:48; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271759/; classtype:trojan-activity;sid:84134859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/c6db6fd5e7e34c3c852e49aa26cee435.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271760/; classtype:trojan-activity;sid:84134860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1rjot3of|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271758/; classtype:trojan-activity;sid:84134858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.142.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271757/; classtype:trojan-activity;sid:84134857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=0q45fll6|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271756/; classtype:trojan-activity;sid:84134856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.137.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271754/; classtype:trojan-activity;sid:84134854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1kbh7zv-|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271755/; classtype:trojan-activity;sid:84134855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.228.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271753/; classtype:trojan-activity;sid:84134853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/ff044c430583460a8f739514223d7ccc.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271752/; classtype:trojan-activity;sid:84134852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/2.exe"; depth:17; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271750/; classtype:trojan-activity;sid:84134850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/5b156cb4185347c686f636ecb8586aca.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271751/; classtype:trojan-activity;sid:84134851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=16ajcfmn|7c|26|7c|p=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271749/; classtype:trojan-activity;sid:84134849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/19.exe/"; depth:19; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271746/; classtype:trojan-activity;sid:84134846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271747/; classtype:trojan-activity;sid:84134847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/93b13a0a61e54d46b908e232f558ab5a.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271748/; classtype:trojan-activity;sid:84134848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.208.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271745/; classtype:trojan-activity;sid:84134845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/13.exe/"; depth:19; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271744/; classtype:trojan-activity;sid:84134844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/22.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271742/; classtype:trojan-activity;sid:84134842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/16.exe/"; depth:19; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271743/; classtype:trojan-activity;sid:84134843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/55b8d76765cb48598af5d6b51c67cdc9.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271741/; classtype:trojan-activity;sid:84134841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/13.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271740/; classtype:trojan-activity;sid:84134840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/5b156cb4185347c686f636ecb8586aca.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271739/; classtype:trojan-activity;sid:84134839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/17.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271738/; classtype:trojan-activity;sid:84134838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=2v4ag0ze|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271737/; classtype:trojan-activity;sid:84134837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271736/; classtype:trojan-activity;sid:84134836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.11.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271733/; classtype:trojan-activity;sid:84134833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1en-nmxf|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271734/; classtype:trojan-activity;sid:84134834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=0vmptzyx|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271735/; classtype:trojan-activity;sid:84134835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/b46cbb5c34b644b087f7afe19992038d.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271730/; classtype:trojan-activity;sid:84134830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/e1ada754efdb4efea31d31b744e69628.exe/"; depth:54; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271731/; classtype:trojan-activity;sid:84134831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.36.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271732/; classtype:trojan-activity;sid:84134832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/1122a1f9a39740b1af6e2121842471e0.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271726/; classtype:trojan-activity;sid:84134826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/14.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271727/; classtype:trojan-activity;sid:84134827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=2p-y_aut|7c|26|7c|p=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271728/; classtype:trojan-activity;sid:84134828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/7.exe"; depth:17; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271729/; classtype:trojan-activity;sid:84134829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.14.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271724/; classtype:trojan-activity;sid:84134824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/malware1.exe"; depth:25; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271725/; classtype:trojan-activity;sid:84134825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/dpapi"; depth:12; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271723/; classtype:trojan-activity;sid:84134823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.39.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271722/; classtype:trojan-activity;sid:84134822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.195.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271719/; classtype:trojan-activity;sid:84134819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.170.200.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271720/; classtype:trojan-activity;sid:84134820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi_awsc/b42cd4f9b8a740ec8785a84015936fe4.exe"; depth:53; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271721/; classtype:trojan-activity;sid:84134821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/other/malware1.exe/"; depth:26; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271718/; classtype:trojan-activity;sid:84134818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/python/activepython-2.7.2.5-win64-x64.msi"; depth:48; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271717/; classtype:trojan-activity;sid:84134817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/mimi/11.exe"; depth:18; endswith; nocase; http.host; content:"stderr.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271716/; classtype:trojan-activity;sid:84134816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.189.10.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271714/; classtype:trojan-activity;sid:84134814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271715/; classtype:trojan-activity;sid:84134815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.243.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271713/; classtype:trojan-activity;sid:84134813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.151.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271712/; classtype:trojan-activity;sid:84134812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|d=1|7c|26|7c|h=2v4ag0ze"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271711/; classtype:trojan-activity;sid:84134811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.16.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271706/; classtype:trojan-activity;sid:84134806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1wjdqhl5|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271707/; classtype:trojan-activity;sid:84134807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|d=1|7c|26|7c|h=2v4ag0ze"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271708/; classtype:trojan-activity;sid:84134808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/prg8btry"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271709/; classtype:trojan-activity;sid:84134809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1hgmygva|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271710/; classtype:trojan-activity;sid:84134810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1q-otf4a|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271703/; classtype:trojan-activity;sid:84134803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1kbh7zv-|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271704/; classtype:trojan-activity;sid:84134804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.228.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271705/; classtype:trojan-activity;sid:84134805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=1hgmygva|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.cafe"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271702/; classtype:trojan-activity;sid:84134802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pubolupdate.exe"; depth:16; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271698/; classtype:trojan-activity;sid:84134798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqnetbar.exe"; depth:13; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271696/; classtype:trojan-activity;sid:84134796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aida64.exe"; depth:11; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271695/; classtype:trojan-activity;sid:84134795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rlaz.exe"; depth:9; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271694/; classtype:trojan-activity;sid:84134794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/checkypc.exe"; depth:13; endswith; nocase; http.host; content:"123.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271693/; classtype:trojan-activity;sid:84134793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc17x64.exe"; depth:12; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pchunter64.exe"; depth:15; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/remotelyanywhere11.exe"; depth:23; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rlol.exe"; depth:9; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271687/; classtype:trojan-activity;sid:84134787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clean.exe"; depth:10; endswith; nocase; http.host; content:"123.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271688/; classtype:trojan-activity;sid:84134788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pm3100.exe"; depth:11; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwsrv3.3.exe"; depth:13; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x210.exe"; depth:9; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kb2868626x64.exe"; depth:17; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271682/; classtype:trojan-activity;sid:84134782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ydcx.exe"; depth:9; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smb.exe"; depth:8; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kb2808679x64.exe"; depth:17; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271678/; classtype:trojan-activity;sid:84134778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rlpb15.exe"; depth:11; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hydkj.exe"; depth:10; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoruns.exe"; depth:13; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwwn.exe"; depth:9; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271676/; classtype:trojan-activity;sid:84134776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbgjupdate.exe"; depth:15; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271677/; classtype:trojan-activity;sid:84134777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sgn.exe"; depth:8; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271674/; classtype:trojan-activity;sid:84134774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cysoft/winrarx64521sc.exe"; depth:26; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgupdate.exe"; depth:13; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271670/; classtype:trojan-activity;sid:84134770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msbd.exe"; depth:9; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271671/; classtype:trojan-activity;sid:84134771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hdtune.exe"; depth:11; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fping.exe"; depth:10; endswith; nocase; http.host; content:"ywxww.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271669/; classtype:trojan-activity;sid:84134769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zwyw.txt"; depth:9; endswith; nocase; http.host; content:"ywxww.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271667/; classtype:trojan-activity;sid:84134767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost1.exe"; depth:13; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271668/; classtype:trojan-activity;sid:84134768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wblog.exe"; depth:10; endswith; nocase; http.host; content:"123.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xww.exe"; depth:8; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271665/; classtype:trojan-activity;sid:84134765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steam.txt"; depth:10; endswith; nocase; http.host; content:"ftp.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwwupdate.exe"; depth:14; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271661/; classtype:trojan-activity;sid:84134761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zwywupdate.exe"; depth:15; endswith; nocase; http.host; content:"ywxww.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271662/; classtype:trojan-activity;sid:84134762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"123.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bxupdate.exe"; depth:13; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271654/; classtype:trojan-activity;sid:84134754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bxn.exe"; depth:8; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271655/; classtype:trojan-activity;sid:84134755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zwyw.exe"; depth:9; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271656/; classtype:trojan-activity;sid:84134756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sg.exe"; depth:7; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271657/; classtype:trojan-activity;sid:84134757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sgupdate.exe"; depth:13; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271658/; classtype:trojan-activity;sid:84134758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cpie.exe"; depth:9; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271659/; classtype:trojan-activity;sid:84134759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xconfig.txt"; depth:12; endswith; nocase; http.host; content:"123.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271660/; classtype:trojan-activity;sid:84134760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgn.exe"; depth:8; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271652/; classtype:trojan-activity;sid:84134752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wljc.exe"; depth:9; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271653/; classtype:trojan-activity;sid:84134753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbgjn.exe"; depth:10; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271651/; classtype:trojan-activity;sid:84134751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xconfig.txt"; depth:12; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271648/; classtype:trojan-activity;sid:84134748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wg.txt"; depth:7; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271649/; classtype:trojan-activity;sid:84134749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx.txt"; depth:7; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271650/; classtype:trojan-activity;sid:84134750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sg.txt"; depth:7; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271646/; classtype:trojan-activity;sid:84134746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbgj.txt"; depth:9; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271647/; classtype:trojan-activity;sid:84134747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/uimrgarabato/svchost.exe"; depth:34; endswith; nocase; http.host; content:"panel.mrgarabato.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271645/; classtype:trojan-activity;sid:84134745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/run64/svchost.exe"; depth:20; endswith; nocase; http.host; content:"156.245.12.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271644/; classtype:trojan-activity;sid:84134744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"52.194.243.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271643/; classtype:trojan-activity;sid:84134743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"safe.ywxww.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271642/; classtype:trojan-activity;sid:84134742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/privacy/www/svchost.exe"; depth:24; endswith; nocase; http.host; content:"gf94.gaf.ni.ac.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271640/; classtype:trojan-activity;sid:84134740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tzxss/svchost.exe"; depth:18; endswith; nocase; http.host; content:"niniaaaaa.alwaysdata.net"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271641/; classtype:trojan-activity;sid:84134741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"coindiscussion.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271639/; classtype:trojan-activity;sid:84134739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.8.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271638/; classtype:trojan-activity;sid:84134738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/c9310se4us/svchost.exe"; depth:28; endswith; nocase; http.host; content:"cdn.abz.lol"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271637/; classtype:trojan-activity;sid:84134737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.21.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271636/; classtype:trojan-activity;sid:84134736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.113.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271635/; classtype:trojan-activity;sid:84134735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271633/; classtype:trojan-activity;sid:84134733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271632/; classtype:trojan-activity;sid:84134732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271630/; classtype:trojan-activity;sid:84134730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271631/; classtype:trojan-activity;sid:84134731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271626/; classtype:trojan-activity;sid:84134726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271627/; classtype:trojan-activity;sid:84134727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/furystorage/api/raw/main/svchost.exe"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271628/; classtype:trojan-activity;sid:84134728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271629/; classtype:trojan-activity;sid:84134729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"zibll.8899006.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271623/; classtype:trojan-activity;sid:84134723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdifru877234/ilu123g5/main/svchost.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"pub-fd29cd63fb8c4b7fb0c7d3fa893212b9.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271625/; classtype:trojan-activity;sid:84134725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"coindiscussion.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271621/; classtype:trojan-activity;sid:84134721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esistdini/xmrig-malware/main/svchost.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271622/; classtype:trojan-activity;sid:84134722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/c9310se4us/svchost.exe"; depth:28; endswith; nocase; http.host; content:"cdn.abz.lol"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271620/; classtype:trojan-activity;sid:84134720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"litexcheats.netlify.app"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271619/; classtype:trojan-activity;sid:84134719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"122.51.183.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271618/; classtype:trojan-activity;sid:84134718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2backside/stealercentral/refs/heads/main/svchost.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271616/; classtype:trojan-activity;sid:84134716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stezxyz/svchost.exe/main/client-built.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271615/; classtype:trojan-activity;sid:84134715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chokopie333/doom/main/svchost.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artem674118/erterytry/main/svchost.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charshop/sigma-nonrat/main/svchost.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271613/; classtype:trojan-activity;sid:84134713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charshop/tempspooferxx/main/svchost.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271608/; classtype:trojan-activity;sid:84134708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/furystorage/api/main/svchost.exe"; depth:39; endswith; nocase; http.host; content:"media.githubusercontent.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271607/; classtype:trojan-activity;sid:84134707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.10.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271606/; classtype:trojan-activity;sid:84134706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271602/; classtype:trojan-activity;sid:84134702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271603/; classtype:trojan-activity;sid:84134703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271604/; classtype:trojan-activity;sid:84134704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271601/; classtype:trojan-activity;sid:84134701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user337666/brow666/raw/main/svchost.exe"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271599/; classtype:trojan-activity;sid:84134699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esistdini/xmrig-malware/raw/main/svchost.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271600/; classtype:trojan-activity;sid:84134700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thomson101/thomson101/releases/download/role/svchost.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271597/; classtype:trojan-activity;sid:84134697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271598/; classtype:trojan-activity;sid:84134698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/furystorage/api/raw/main/svchost.exe"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271591/; classtype:trojan-activity;sid:84134691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/692-ez/ratta/raw/refs/heads/main/svchost.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271592/; classtype:trojan-activity;sid:84134692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stezxyz/svchost.exe/raw/main/client-built.exe"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271593/; classtype:trojan-activity;sid:84134693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artem674118/erterytry/raw/main/svchost.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271595/; classtype:trojan-activity;sid:84134695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stezxyz/svchost.exe/raw/main/xclient.exe/"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271585/; classtype:trojan-activity;sid:84134685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chokopie333/doom/raw/main/svchost.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271588/; classtype:trojan-activity;sid:84134688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charshop/sigma-nonrat/raw/main/svchost.exe/"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271589/; classtype:trojan-activity;sid:84134689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271584/; classtype:trojan-activity;sid:84134684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271583/; classtype:trojan-activity;sid:84134683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.189.10.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271582/; classtype:trojan-activity;sid:84134682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271581/; classtype:trojan-activity;sid:84134681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.25.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271580/; classtype:trojan-activity;sid:84134680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dnlib.exe"; depth:10; endswith; nocase; http.host; content:"194.58.33.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271577/; classtype:trojan-activity;sid:84134677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dnlib.exe"; depth:10; endswith; nocase; http.host; content:"fdute32sdajfsda.hopto.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271578/; classtype:trojan-activity;sid:84134678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr0niums/repo/raw/refs/heads/main/nvidia.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271579/; classtype:trojan-activity;sid:84134679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.21.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271576/; classtype:trojan-activity;sid:84134676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.92.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271575/; classtype:trojan-activity;sid:84134675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.139.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271574/; classtype:trojan-activity;sid:84134674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.25.225.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271573/; classtype:trojan-activity;sid:84134673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.16.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271572/; classtype:trojan-activity;sid:84134672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.80.82.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271570/; classtype:trojan-activity;sid:84134670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/clean.exe"; depth:18; endswith; nocase; http.host; content:"orange-loris-425181.hostingersite.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271571/; classtype:trojan-activity;sid:84134671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/plugins/stealer.dll"; depth:28; endswith; nocase; http.host; content:"fdute32sdajfsda.hopto.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271569/; classtype:trojan-activity;sid:84134669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/plugins/stealer.dll"; depth:28; endswith; nocase; http.host; content:"194.58.33.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271568/; classtype:trojan-activity;sid:84134668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.71.85.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271567/; classtype:trojan-activity;sid:84134667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.64.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271566/; classtype:trojan-activity;sid:84134666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271565/; classtype:trojan-activity;sid:84134665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.232.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271564/; classtype:trojan-activity;sid:84134664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.54.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271563/; classtype:trojan-activity;sid:84134663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.174.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271562/; classtype:trojan-activity;sid:84134662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.80.82.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271560/; classtype:trojan-activity;sid:84134660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.60.222.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271561/; classtype:trojan-activity;sid:84134661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loadernew.exe"; depth:14; endswith; nocase; http.host; content:"alternativehack.tech"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271558/; classtype:trojan-activity;sid:84134658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loadernew.exe"; depth:14; endswith; nocase; http.host; content:"alternativehack.tech"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271559/; classtype:trojan-activity;sid:84134659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.114.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271557/; classtype:trojan-activity;sid:84134657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.138.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271556/; classtype:trojan-activity;sid:84134656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php"; depth:13; endswith; nocase; http.host; content:"alternativehack.tech"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271555/; classtype:trojan-activity;sid:84134655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/preold.dll"; depth:18; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271554/; classtype:trojan-activity;sid:84134654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/rust.dll"; depth:16; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271553/; classtype:trojan-activity;sid:84134653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/r.dll"; depth:13; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271550/; classtype:trojan-activity;sid:84134650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/xexe.dll"; depth:16; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271551/; classtype:trojan-activity;sid:84134651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/old.dll"; depth:15; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271552/; classtype:trojan-activity;sid:84134652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/roblox.dll"; depth:18; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271549/; classtype:trojan-activity;sid:84134649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/sxgeo.php"; depth:17; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271543/; classtype:trojan-activity;sid:84134643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/structure.php"; depth:21; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271544/; classtype:trojan-activity;sid:84134644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/authentication.php"; depth:26; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271545/; classtype:trojan-activity;sid:84134645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/activation.php"; depth:22; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271546/; classtype:trojan-activity;sid:84134646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/injectrust.php"; depth:22; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271547/; classtype:trojan-activity;sid:84134647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/version.php"; depth:19; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271548/; classtype:trojan-activity;sid:84134648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client/settings.php"; depth:20; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271542/; classtype:trojan-activity;sid:84134642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/td2-otc.zip"; depth:15; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271541/; classtype:trojan-activity;sid:84134641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/loader-ca.zip"; depth:17; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271540/; classtype:trojan-activity;sid:84134640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-cs2.zip"; depth:14; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271539/; classtype:trojan-activity;sid:84134639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/apex.zip"; depth:12; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271538/; classtype:trojan-activity;sid:84134638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-pubg-wh.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271537/; classtype:trojan-activity;sid:84134637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/cleaner.zip"; depth:15; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271535/; classtype:trojan-activity;sid:84134635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/finals.zip"; depth:14; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271536/; classtype:trojan-activity;sid:84134636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/mw3-mw2.zip"; depth:15; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271534/; classtype:trojan-activity;sid:84134634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/system.zip"; depth:14; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271533/; classtype:trojan-activity;sid:84134633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/paladins.zip"; depth:16; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271529/; classtype:trojan-activity;sid:84134629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-ark-wh.zip"; depth:17; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271530/; classtype:trojan-activity;sid:84134630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tmloader.exe"; depth:16; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271531/; classtype:trojan-activity;sid:84134631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/apex-priv.zip"; depth:17; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271532/; classtype:trojan-activity;sid:84134632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/simple-esp.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271528/; classtype:trojan-activity;sid:84134628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-dayz-wh.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271527/; classtype:trojan-activity;sid:84134627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.25.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271522/; classtype:trojan-activity;sid:84134622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-spoofer.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271523/; classtype:trojan-activity;sid:84134623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/bh.zip"; depth:10; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271524/; classtype:trojan-activity;sid:84134624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/palworld-wh.zip"; depth:19; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271525/; classtype:trojan-activity;sid:84134625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-pubg-ct.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271526/; classtype:trojan-activity;sid:84134626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/td2-otc.zip"; depth:15; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271521/; classtype:trojan-activity;sid:84134621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-cs2.zip"; depth:14; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271520/; classtype:trojan-activity;sid:84134620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/system.zip"; depth:14; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271519/; classtype:trojan-activity;sid:84134619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/mw3-mw2.zip"; depth:15; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271518/; classtype:trojan-activity;sid:84134618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/finals.zip"; depth:14; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271515/; classtype:trojan-activity;sid:84134615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/cleaner.zip"; depth:15; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271516/; classtype:trojan-activity;sid:84134616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/loader-ca.zip"; depth:17; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271517/; classtype:trojan-activity;sid:84134617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/apex.zip"; depth:12; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271514/; classtype:trojan-activity;sid:84134614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-spoofer.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271509/; classtype:trojan-activity;sid:84134609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/bh.zip"; depth:10; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271510/; classtype:trojan-activity;sid:84134610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/paladins.zip"; depth:16; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271511/; classtype:trojan-activity;sid:84134611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-pubg-wh.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271512/; classtype:trojan-activity;sid:84134612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-pubg-ct.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271513/; classtype:trojan-activity;sid:84134613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/apex-priv.zip"; depth:17; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271507/; classtype:trojan-activity;sid:84134607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/palworld-wh.zip"; depth:19; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271508/; classtype:trojan-activity;sid:84134608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-ark-wh.zip"; depth:17; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271503/; classtype:trojan-activity;sid:84134603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/simple-esp.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271504/; classtype:trojan-activity;sid:84134604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tm-dayz-wh.zip"; depth:18; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271505/; classtype:trojan-activity;sid:84134605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm/tmloader.exe"; depth:16; endswith; nocase; http.host; content:"tmhacks22.ovh"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271506/; classtype:trojan-activity;sid:84134606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.112.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271502/; classtype:trojan-activity;sid:84134602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlw_mconly/dullwave.bin"; depth:24; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271501/; classtype:trojan-activity;sid:84134601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.232.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271500/; classtype:trojan-activity;sid:84134600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlw_filebase/cod/bootstrup.exe"; depth:31; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271497/; classtype:trojan-activity;sid:84134597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlw_filebase/finals/bootstrup.exe"; depth:34; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271498/; classtype:trojan-activity;sid:84134598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlw_mconly/dullwave.bin"; depth:24; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271499/; classtype:trojan-activity;sid:84134599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.131.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271496/; classtype:trojan-activity;sid:84134596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.14.78.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271495/; classtype:trojan-activity;sid:84134595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.123.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271494/; classtype:trojan-activity;sid:84134594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.144.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271493/; classtype:trojan-activity;sid:84134593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271491/; classtype:trojan-activity;sid:84134591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.80.82.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271492/; classtype:trojan-activity;sid:84134592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.214.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271490/; classtype:trojan-activity;sid:84134590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.71.85.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271489/; classtype:trojan-activity;sid:84134589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.64.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271488/; classtype:trojan-activity;sid:84134588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.232.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271487/; classtype:trojan-activity;sid:84134587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.83.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271486/; classtype:trojan-activity;sid:84134586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.98.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271485/; classtype:trojan-activity;sid:84134585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271484/; classtype:trojan-activity;sid:84134584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.78.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271483/; classtype:trojan-activity;sid:84134583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/ecosystem/installer/installer.exe"; depth:41; endswith; nocase; http.host; content:"nmtsocial.uno"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271482/; classtype:trojan-activity;sid:84134582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.112.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271481/; classtype:trojan-activity;sid:84134581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgfhfg/lgmeqcgpft.dll"; depth:22; endswith; nocase; http.host; content:"mycocojamboo.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271480/; classtype:trojan-activity;sid:84134580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.50.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271479/; classtype:trojan-activity;sid:84134579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.121.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271478/; classtype:trojan-activity;sid:84134578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlw_filebase/finals/bootstrup.exe"; depth:34; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271477/; classtype:trojan-activity;sid:84134577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.125.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271476/; classtype:trojan-activity;sid:84134576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271475/; classtype:trojan-activity;sid:84134575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.197.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271474/; classtype:trojan-activity;sid:84134574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.211.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271473/; classtype:trojan-activity;sid:84134573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/download/farlight|7c|26|7c|action=start"; depth:44; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271472/; classtype:trojan-activity;sid:84134572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/download/rust|7c|26|7c|action=start"; depth:40; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271470/; classtype:trojan-activity;sid:84134570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlw_filebase/cod/bootstrup.exe"; depth:31; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271471/; classtype:trojan-activity;sid:84134571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlw_filebase/valorant/bootstrup.exe"; depth:36; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271469/; classtype:trojan-activity;sid:84134569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/download/valorant|7c|26|7c|action=start"; depth:44; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271466/; classtype:trojan-activity;sid:84134566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/download/mw|7c|26|7c|action=start"; depth:38; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271467/; classtype:trojan-activity;sid:84134567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/download/dayz|7c|26|7c|action=start"; depth:40; endswith; nocase; http.host; content:"dullwave.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271468/; classtype:trojan-activity;sid:84134568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/loader.exe"; depth:20; endswith; nocase; http.host; content:"89.208.104.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271465/; classtype:trojan-activity;sid:84134565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/steamsetup.exe"; depth:25; endswith; nocase; http.host; content:"5.42.102.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271464/; classtype:trojan-activity;sid:84134564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/steamsetup.rar"; depth:25; endswith; nocase; http.host; content:"5.42.102.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271462/; classtype:trojan-activity;sid:84134562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/steamsetup.7z"; depth:24; endswith; nocase; http.host; content:"5.42.102.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271463/; classtype:trojan-activity;sid:84134563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php"; depth:13; endswith; nocase; http.host; content:"77.232.142.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271461/; classtype:trojan-activity;sid:84134561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pghtsata/lspthasw.exe"; depth:22; endswith; nocase; http.host; content:"178.236.247.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271460/; classtype:trojan-activity;sid:84134560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/nonagon_staff_legacy.exe"; depth:32; endswith; nocase; http.host; content:"147.45.70.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271459/; classtype:trojan-activity;sid:84134559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/nonagon_staff.exe"; depth:25; endswith; nocase; http.host; content:"147.45.70.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271458/; classtype:trojan-activity;sid:84134558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.195.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271457/; classtype:trojan-activity;sid:84134557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.111.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271456/; classtype:trojan-activity;sid:84134556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.167.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271454/; classtype:trojan-activity;sid:84134554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271455/; classtype:trojan-activity;sid:84134555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.158.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271453/; classtype:trojan-activity;sid:84134553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.73.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271452/; classtype:trojan-activity;sid:84134552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.114.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271451/; classtype:trojan-activity;sid:84134551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.0.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271450/; classtype:trojan-activity;sid:84134550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.183.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271449/; classtype:trojan-activity;sid:84134549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271448/; classtype:trojan-activity;sid:84134548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.181.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271447/; classtype:trojan-activity;sid:84134547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.31.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271446/; classtype:trojan-activity;sid:84134546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.101.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271445/; classtype:trojan-activity;sid:84134545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.156.200.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271444/; classtype:trojan-activity;sid:84134544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.107.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271443/; classtype:trojan-activity;sid:84134543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271442/; classtype:trojan-activity;sid:84134542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.111.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271441/; classtype:trojan-activity;sid:84134541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.158.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271440/; classtype:trojan-activity;sid:84134540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271439/; classtype:trojan-activity;sid:84134539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.13.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271438/; classtype:trojan-activity;sid:84134538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.58.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271437/; classtype:trojan-activity;sid:84134537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.7.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271436/; classtype:trojan-activity;sid:84134536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.181.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271435/; classtype:trojan-activity;sid:84134535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.156.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271434/; classtype:trojan-activity;sid:84134534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.252.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271433/; classtype:trojan-activity;sid:84134533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.96.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271432/; classtype:trojan-activity;sid:84134532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.84.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271431/; classtype:trojan-activity;sid:84134531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.100.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271430/; classtype:trojan-activity;sid:84134530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.13.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271429/; classtype:trojan-activity;sid:84134529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271428/; classtype:trojan-activity;sid:84134528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271427/; classtype:trojan-activity;sid:84134527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.98.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271426/; classtype:trojan-activity;sid:84134526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.244.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271425/; classtype:trojan-activity;sid:84134525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.125.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271424/; classtype:trojan-activity;sid:84134524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.10.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271423/; classtype:trojan-activity;sid:84134523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271422/; classtype:trojan-activity;sid:84134522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.243.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271421/; classtype:trojan-activity;sid:84134521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.240.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271420/; classtype:trojan-activity;sid:84134520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.166.62.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271419/; classtype:trojan-activity;sid:84134519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271418/; classtype:trojan-activity;sid:84134518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271417/; classtype:trojan-activity;sid:84134517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.68.57.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271416/; classtype:trojan-activity;sid:84134516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.79.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271415/; classtype:trojan-activity;sid:84134515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.198.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271414/; classtype:trojan-activity;sid:84134514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.14.251"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271413/; classtype:trojan-activity;sid:84134513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.243.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271412/; classtype:trojan-activity;sid:84134512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271411/; classtype:trojan-activity;sid:84134511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.93.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271410/; classtype:trojan-activity;sid:84134510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.188.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271409/; classtype:trojan-activity;sid:84134509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.8.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271408/; classtype:trojan-activity;sid:84134508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271403/; classtype:trojan-activity;sid:84134503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271404/; classtype:trojan-activity;sid:84134504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271405/; classtype:trojan-activity;sid:84134505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271406/; classtype:trojan-activity;sid:84134506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"154.216.19.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271407/; classtype:trojan-activity;sid:84134507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271397/; classtype:trojan-activity;sid:84134497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271398/; classtype:trojan-activity;sid:84134498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271399/; classtype:trojan-activity;sid:84134499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271400/; classtype:trojan-activity;sid:84134500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271401/; classtype:trojan-activity;sid:84134501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271402/; classtype:trojan-activity;sid:84134502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkbfi86"; depth:8; endswith; nocase; http.host; content:"server3.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271395/; classtype:trojan-activity;sid:84134495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.228.19.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271396/; classtype:trojan-activity;sid:84134496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271392/; classtype:trojan-activity;sid:84134492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.185.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271393/; classtype:trojan-activity;sid:84134493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.91.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271394/; classtype:trojan-activity;sid:84134494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.145.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271391/; classtype:trojan-activity;sid:84134491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.224.171.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271390/; classtype:trojan-activity;sid:84134490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.79.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271389/; classtype:trojan-activity;sid:84134489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.250.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271388/; classtype:trojan-activity;sid:84134488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.246.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271387/; classtype:trojan-activity;sid:84134487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.41.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271386/; classtype:trojan-activity;sid:84134486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.243.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271385/; classtype:trojan-activity;sid:84134485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.180.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271384/; classtype:trojan-activity;sid:84134484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.198.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271383/; classtype:trojan-activity;sid:84134483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.93.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271382/; classtype:trojan-activity;sid:84134482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edalathamrah.apk"; depth:17; endswith; nocase; http.host; content:"bsjsjkskd.org.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271381/; classtype:trojan-activity;sid:84134481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.245.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271380/; classtype:trojan-activity;sid:84134480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271379/; classtype:trojan-activity;sid:84134479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.46.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271378/; classtype:trojan-activity;sid:84134478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.53.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271377/; classtype:trojan-activity;sid:84134477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.228.19.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271376/; classtype:trojan-activity;sid:84134476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d00mt3l/xworm-5.6/raw/refs/heads/main/xwormloader.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271375/; classtype:trojan-activity;sid:84134475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naruto0827/roblox-blox-fruits-script-2024/refs/heads/main/loader.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271374/; classtype:trojan-activity;sid:84134474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.100.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271371/; classtype:trojan-activity;sid:84134471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naruto0827/roblox-blox-fruits-script-2024/raw/refs/heads/main/loader.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271372/; classtype:trojan-activity;sid:84134472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/schavvanl3/eulen/raw/refs/heads/main/loader.exe"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271373/; classtype:trojan-activity;sid:84134473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.62.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271363/; classtype:trojan-activity;sid:84134463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/landonpasana21/roblox-blox-fruits-script-2024/refs/heads/main/loader.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271364/; classtype:trojan-activity;sid:84134464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.91.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271365/; classtype:trojan-activity;sid:84134465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shen0shod/cfx-bypass/refs/heads/main/cfxbypass.exe"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271367/; classtype:trojan-activity;sid:84134467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/landonpasana21/roblox-blox-fruits-script-2024/raw/refs/heads/main/loader.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271368/; classtype:trojan-activity;sid:84134468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stressedb/redengine/main/loader.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271370/; classtype:trojan-activity;sid:84134470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.93.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271362/; classtype:trojan-activity;sid:84134462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.145.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271361/; classtype:trojan-activity;sid:84134461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.87.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271360/; classtype:trojan-activity;sid:84134460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.127.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271359/; classtype:trojan-activity;sid:84134459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.21.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271358/; classtype:trojan-activity;sid:84134458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271355/; classtype:trojan-activity;sid:84134455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271356/; classtype:trojan-activity;sid:84134456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271357/; classtype:trojan-activity;sid:84134457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.77.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271354/; classtype:trojan-activity;sid:84134454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.125.119.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271353/; classtype:trojan-activity;sid:84134453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.22.157"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271352/; classtype:trojan-activity;sid:84134452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.18.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271351/; classtype:trojan-activity;sid:84134451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.220.154.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271348/; classtype:trojan-activity;sid:84134448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.37.51.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271349/; classtype:trojan-activity;sid:84134449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271350/; classtype:trojan-activity;sid:84134450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271347/; classtype:trojan-activity;sid:84134447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271346/; classtype:trojan-activity;sid:84134446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.64.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271345/; classtype:trojan-activity;sid:84134445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271344/; classtype:trojan-activity;sid:84134444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.146.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271343/; classtype:trojan-activity;sid:84134443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.62.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271342/; classtype:trojan-activity;sid:84134442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.180.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271341/; classtype:trojan-activity;sid:84134441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.22.157"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271340/; classtype:trojan-activity;sid:84134440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.100.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271339/; classtype:trojan-activity;sid:84134439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.49.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271338/; classtype:trojan-activity;sid:84134438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.127.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271337/; classtype:trojan-activity;sid:84134437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.157.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271336/; classtype:trojan-activity;sid:84134436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.173.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271335/; classtype:trojan-activity;sid:84134435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.97.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271334/; classtype:trojan-activity;sid:84134434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.118.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271333/; classtype:trojan-activity;sid:84134433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.96.4"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271332/; classtype:trojan-activity;sid:84134432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.231.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271331/; classtype:trojan-activity;sid:84134431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.64.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271330/; classtype:trojan-activity;sid:84134430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.62.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271329/; classtype:trojan-activity;sid:84134429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.206.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271328/; classtype:trojan-activity;sid:84134428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.162.239.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271327/; classtype:trojan-activity;sid:84134427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.35.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271326/; classtype:trojan-activity;sid:84134426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271325/; classtype:trojan-activity;sid:84134425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271324/; classtype:trojan-activity;sid:84134424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.207.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271323/; classtype:trojan-activity;sid:84134423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.81.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271322/; classtype:trojan-activity;sid:84134422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.98.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271321/; classtype:trojan-activity;sid:84134421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.98.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271320/; classtype:trojan-activity;sid:84134420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.98.195.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271319/; classtype:trojan-activity;sid:84134419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.157.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271318/; classtype:trojan-activity;sid:84134418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.25.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271317/; classtype:trojan-activity;sid:84134417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271316/; classtype:trojan-activity;sid:84134416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.149.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271315/; classtype:trojan-activity;sid:84134415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271314/; classtype:trojan-activity;sid:84134414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271313/; classtype:trojan-activity;sid:84134413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.247.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271312/; classtype:trojan-activity;sid:84134412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.190.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271311/; classtype:trojan-activity;sid:84134411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.62.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271310/; classtype:trojan-activity;sid:84134410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.32.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271309/; classtype:trojan-activity;sid:84134409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.202.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271308/; classtype:trojan-activity;sid:84134408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.255.192.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271307/; classtype:trojan-activity;sid:84134407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.162.239.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271306/; classtype:trojan-activity;sid:84134406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.35.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271305/; classtype:trojan-activity;sid:84134405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.183.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271304/; classtype:trojan-activity;sid:84134404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.81.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271303/; classtype:trojan-activity;sid:84134403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.27.32.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271302/; classtype:trojan-activity;sid:84134402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.190.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271301/; classtype:trojan-activity;sid:84134401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.26.84.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271300/; classtype:trojan-activity;sid:84134400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.134.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271299/; classtype:trojan-activity;sid:84134399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.113.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271298/; classtype:trojan-activity;sid:84134398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.49.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271297/; classtype:trojan-activity;sid:84134397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.41.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271296/; classtype:trojan-activity;sid:84134396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.32.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271295/; classtype:trojan-activity;sid:84134395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.57.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271294/; classtype:trojan-activity;sid:84134394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271293/; classtype:trojan-activity;sid:84134393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271292/; classtype:trojan-activity;sid:84134392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.160.30.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271291/; classtype:trojan-activity;sid:84134391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/-/project/21762009/uploads/c4f32a8d91f0b95a33e7d8a2715f2c1c/slunkcrypt.2024-06-08.windows.zip"; depth:94; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271290/; classtype:trojan-activity;sid:84134390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.255.192.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271289/; classtype:trojan-activity;sid:84134389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.110.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271288/; classtype:trojan-activity;sid:84134388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.123.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271287/; classtype:trojan-activity;sid:84134387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271286/; classtype:trojan-activity;sid:84134386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.126.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271285/; classtype:trojan-activity;sid:84134385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.38.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271284/; classtype:trojan-activity;sid:84134384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.209.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271283/; classtype:trojan-activity;sid:84134383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.26.84.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271282/; classtype:trojan-activity;sid:84134382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.233.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271281/; classtype:trojan-activity;sid:84134381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/install.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271280/; classtype:trojan-activity;sid:84134380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.41.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271278/; classtype:trojan-activity;sid:84134378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.207.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271279/; classtype:trojan-activity;sid:84134379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.213.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271277/; classtype:trojan-activity;sid:84134377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271276/; classtype:trojan-activity;sid:84134376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271275/; classtype:trojan-activity;sid:84134375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.255.107.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271274/; classtype:trojan-activity;sid:84134374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271273/; classtype:trojan-activity;sid:84134373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.0.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271272/; classtype:trojan-activity;sid:84134372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.117.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271271/; classtype:trojan-activity;sid:84134371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271270/; classtype:trojan-activity;sid:84134370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.31.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271269/; classtype:trojan-activity;sid:84134369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aegis/mcron-vip-1"; depth:18; endswith; nocase; http.host; content:"0889.org"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271267/; classtype:trojan-activity;sid:84134367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aegis/grub"; depth:11; endswith; nocase; http.host; content:"0889.org"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271268/; classtype:trojan-activity;sid:84134368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aegis/10000"; depth:12; endswith; nocase; http.host; content:"0889.org"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271266/; classtype:trojan-activity;sid:84134366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.102.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271265/; classtype:trojan-activity;sid:84134365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.119.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271264/; classtype:trojan-activity;sid:84134364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.65.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271263/; classtype:trojan-activity;sid:84134363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnrtb.zip"; depth:10; endswith; nocase; http.host; content:"vptriathloninc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271262/; classtype:trojan-activity;sid:84134362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isensys.zip"; depth:12; endswith; nocase; http.host; content:"vptriathloninc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271261/; classtype:trojan-activity;sid:84134361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pxle.zip"; depth:9; endswith; nocase; http.host; content:"vptriathloninc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271260/; classtype:trojan-activity;sid:84134360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line/invoice_03849e.lnk"; depth:24; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271253/; classtype:trojan-activity;sid:84134353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pchert.zip"; depth:11; endswith; nocase; http.host; content:"vptriathloninc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271254/; classtype:trojan-activity;sid:84134354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eur/invoice_no_00609879_pdf.lnk"; depth:32; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271255/; classtype:trojan-activity;sid:84134355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rechaung/rechnung%20609879%20pdf.lnk"; depth:37; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271256/; classtype:trojan-activity;sid:84134356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line/park.bat"; depth:14; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271257/; classtype:trojan-activity;sid:84134357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line/invoice_03849edq.lnk"; depth:26; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271258/; classtype:trojan-activity;sid:84134358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca/ups%20invoice%20no%2030%20pdf.lnk"; depth:37; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271259/; classtype:trojan-activity;sid:84134359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amay.bat"; depth:9; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271248/; classtype:trojan-activity;sid:84134348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca-sp.bat"; depth:10; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271249/; classtype:trojan-activity;sid:84134349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4gplus.bat"; depth:11; endswith; nocase; http.host; content:"vonhelmsgrouped.org"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271250/; classtype:trojan-activity;sid:84134350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/103024.vbs"; depth:11; endswith; nocase; http.host; content:"vptriathloninc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271251/; classtype:trojan-activity;sid:84134351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caprus.vbs"; depth:11; endswith; nocase; http.host; content:"vptriathloninc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271252/; classtype:trojan-activity;sid:84134352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.248.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271247/; classtype:trojan-activity;sid:84134347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/instructions/wscript.txt"; depth:25; endswith; nocase; http.host; content:"creainovada.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271246/; classtype:trojan-activity;sid:84134346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/ncdul/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271238/; classtype:trojan-activity;sid:84134338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/storage/buckets/6691819100140b6d723b/files/66da00e900016ea93f89/download|3f|project=66918061000c606d3ef1|7c|26|7c|project=66918061000c606d3ef1|7c|26|7c|mode=admin"; depth:166; endswith; nocase; http.host; content:"cloud.appwrite.io"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271239/; classtype:trojan-activity;sid:84134339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/storage/buckets/6691819100140b6d723b/files/66da00e900016ea93f89/view|3f|project=66918061000c606d3ef1|7c|26|7c|project=66918061000c606d3ef1|7c|26|7c|mode=admin"; depth:162; endswith; nocase; http.host; content:"cloud.appwrite.io"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271240/; classtype:trojan-activity;sid:84134340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/juxai7cy"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271241/; classtype:trojan-activity;sid:84134341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/hnzhj/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271242/; classtype:trojan-activity;sid:84134342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/annak/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271243/; classtype:trojan-activity;sid:84134343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/uvqgi/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271244/; classtype:trojan-activity;sid:84134344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/msd0nng4"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271245/; classtype:trojan-activity;sid:84134345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.233.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271236/; classtype:trojan-activity;sid:84134336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgdfgre/fwqfqw/downloads/brbondd.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271237/; classtype:trojan-activity;sid:84134337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsxj/steverags.txt"; depth:19; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271235/; classtype:trojan-activity;sid:84134335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bf3nfafj"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271231/; classtype:trojan-activity;sid:84134331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/zc37hk17"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271232/; classtype:trojan-activity;sid:84134332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89999999999999/7777777/downloads/pe.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271233/; classtype:trojan-activity;sid:84134333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/sostedcrat.txt"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271234/; classtype:trojan-activity;sid:84134334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isensys.zip"; depth:12; endswith; nocase; http.host; content:"shippingalerts.online"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271230/; classtype:trojan-activity;sid:84134330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pxle.zip"; depth:9; endswith; nocase; http.host; content:"shippingalerts.online"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271228/; classtype:trojan-activity;sid:84134328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnrtb.zip"; depth:10; endswith; nocase; http.host; content:"shippingalerts.online"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271229/; classtype:trojan-activity;sid:84134329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pchert.zip"; depth:11; endswith; nocase; http.host; content:"shippingalerts.online"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271227/; classtype:trojan-activity;sid:84134327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/103024.vbs"; depth:11; endswith; nocase; http.host; content:"shippingalerts.online"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271226/; classtype:trojan-activity;sid:84134326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca/ups%20invoice%20no%2030%20pdf.lnk"; depth:37; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271224/; classtype:trojan-activity;sid:84134324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eur/invoice_no_00609879_pdf.lnk"; depth:32; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271225/; classtype:trojan-activity;sid:84134325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.148.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271223/; classtype:trojan-activity;sid:84134323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amay.bat"; depth:9; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271220/; classtype:trojan-activity;sid:84134320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line/invoice_03849edq.lnk"; depth:26; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271221/; classtype:trojan-activity;sid:84134321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line/park.bat"; depth:14; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271222/; classtype:trojan-activity;sid:84134322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rechaung/rechnung%20609879%20pdf.lnk"; depth:37; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271218/; classtype:trojan-activity;sid:84134318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/line/invoice_03849e.lnk"; depth:24; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271219/; classtype:trojan-activity;sid:84134319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4gplus.bat"; depth:11; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271216/; classtype:trojan-activity;sid:84134316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca-sp.bat"; depth:10; endswith; nocase; http.host; content:"medcolemantang.nl"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271217/; classtype:trojan-activity;sid:84134317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.136.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271215/; classtype:trojan-activity;sid:84134315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.55.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271214/; classtype:trojan-activity;sid:84134314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.70.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271213/; classtype:trojan-activity;sid:84134313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.172.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271212/; classtype:trojan-activity;sid:84134312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.98.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271211/; classtype:trojan-activity;sid:84134311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.242.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271210/; classtype:trojan-activity;sid:84134310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.231.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271209/; classtype:trojan-activity;sid:84134309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.193.243.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271207/; classtype:trojan-activity;sid:84134307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.188.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271208/; classtype:trojan-activity;sid:84134308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/yk6ic/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271201/; classtype:trojan-activity;sid:84134301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1410.txt"; depth:9; endswith; nocase; http.host; content:"pub-9c95ff56c7ba44c98ae7daad95f5689d.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271202/; classtype:trojan-activity;sid:84134302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/cognac/smsinc.txt"; depth:37; endswith; nocase; http.host; content:"sbelegi.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271203/; classtype:trojan-activity;sid:84134303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/3en1u/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271204/; classtype:trojan-activity;sid:84134304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/4ngy7/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271205/; classtype:trojan-activity;sid:84134305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; depth:108; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ywds3/clients.txt"; depth:18; endswith; nocase; http.host; content:"in-houselegal.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271200/; classtype:trojan-activity;sid:84134300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ywds3/wealthserver.txt"; depth:23; endswith; nocase; http.host; content:"in-houselegal.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271196/; classtype:trojan-activity;sid:84134296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/remconoviembre.txt"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271197/; classtype:trojan-activity;sid:84134297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.154.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271198/; classtype:trojan-activity;sid:84134298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/envioss/agosto/downloads/soste15oct.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271199/; classtype:trojan-activity;sid:84134299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.201.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271195/; classtype:trojan-activity;sid:84134295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.119.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271194/; classtype:trojan-activity;sid:84134294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.172.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271193/; classtype:trojan-activity;sid:84134293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.105.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271191/; classtype:trojan-activity;sid:84134291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.216.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271192/; classtype:trojan-activity;sid:84134292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.156.200.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271190/; classtype:trojan-activity;sid:84134290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.241.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271189/; classtype:trojan-activity;sid:84134289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.106.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271188/; classtype:trojan-activity;sid:84134288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.202.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271187/; classtype:trojan-activity;sid:84134287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.145.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271186/; classtype:trojan-activity;sid:84134286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.225.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271185/; classtype:trojan-activity;sid:84134285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.56.147.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271184/; classtype:trojan-activity;sid:84134284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271174/; classtype:trojan-activity;sid:84134274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271175/; classtype:trojan-activity;sid:84134275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271176/; classtype:trojan-activity;sid:84134276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271177/; classtype:trojan-activity;sid:84134277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271178/; classtype:trojan-activity;sid:84134278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271179/; classtype:trojan-activity;sid:84134279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271180/; classtype:trojan-activity;sid:84134280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271181/; classtype:trojan-activity;sid:84134281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271182/; classtype:trojan-activity;sid:84134282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271183/; classtype:trojan-activity;sid:84134283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271173/; classtype:trojan-activity;sid:84134273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aboriginal/downloads/binaries/cross-compiler-m68k.tar.gz"; depth:57; endswith; nocase; http.host; content:"landley.net"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271172/; classtype:trojan-activity;sid:84134272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.70.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271171/; classtype:trojan-activity;sid:84134271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"154.216.19.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271169/; classtype:trojan-activity;sid:84134269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.188.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271170/; classtype:trojan-activity;sid:84134270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.236.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271168/; classtype:trojan-activity;sid:84134268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271167/; classtype:trojan-activity;sid:84134267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.65.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271166/; classtype:trojan-activity;sid:84134266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.216.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271165/; classtype:trojan-activity;sid:84134265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.176.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271164/; classtype:trojan-activity;sid:84134264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.14.78.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271162/; classtype:trojan-activity;sid:84134262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.185.16.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271163/; classtype:trojan-activity;sid:84134263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271161/; classtype:trojan-activity;sid:84134261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.74.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271160/; classtype:trojan-activity;sid:84134260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.185.16.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271159/; classtype:trojan-activity;sid:84134259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271158/; classtype:trojan-activity;sid:84134258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.102.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271157/; classtype:trojan-activity;sid:84134257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.106.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271156/; classtype:trojan-activity;sid:84134256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.90.3.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271155/; classtype:trojan-activity;sid:84134255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.202.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271154/; classtype:trojan-activity;sid:84134254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.156.200.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271153/; classtype:trojan-activity;sid:84134253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.185.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271152/; classtype:trojan-activity;sid:84134252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.243.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271151/; classtype:trojan-activity;sid:84134251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.104.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271150/; classtype:trojan-activity;sid:84134250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.194.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271149/; classtype:trojan-activity;sid:84134249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.14.78.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271148/; classtype:trojan-activity;sid:84134248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.62.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271147/; classtype:trojan-activity;sid:84134247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271145/; classtype:trojan-activity;sid:84134245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.92.240.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271146/; classtype:trojan-activity;sid:84134246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.154.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271144/; classtype:trojan-activity;sid:84134244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.6.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271143/; classtype:trojan-activity;sid:84134243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.117.210.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271142/; classtype:trojan-activity;sid:84134242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.211.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271141/; classtype:trojan-activity;sid:84134241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.65.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271140/; classtype:trojan-activity;sid:84134240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.53.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271139/; classtype:trojan-activity;sid:84134239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.213.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271138/; classtype:trojan-activity;sid:84134238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.139.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271137/; classtype:trojan-activity;sid:84134237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.42.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271136/; classtype:trojan-activity;sid:84134236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.27.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271135/; classtype:trojan-activity;sid:84134235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.205.181.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271133/; classtype:trojan-activity;sid:84134233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.102.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271134/; classtype:trojan-activity;sid:84134234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.42.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271132/; classtype:trojan-activity;sid:84134232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.108.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271131/; classtype:trojan-activity;sid:84134231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.187.156.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271130/; classtype:trojan-activity;sid:84134230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.170.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271129/; classtype:trojan-activity;sid:84134229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.185.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271128/; classtype:trojan-activity;sid:84134228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271127/; classtype:trojan-activity;sid:84134227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271126/; classtype:trojan-activity;sid:84134226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.140.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271125/; classtype:trojan-activity;sid:84134225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271124/; classtype:trojan-activity;sid:84134224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.2.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271123/; classtype:trojan-activity;sid:84134223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.53.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271122/; classtype:trojan-activity;sid:84134222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.42.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271121/; classtype:trojan-activity;sid:84134221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.68.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271120/; classtype:trojan-activity;sid:84134220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.103.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271119/; classtype:trojan-activity;sid:84134219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.234.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271118/; classtype:trojan-activity;sid:84134218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/panel/uploads/luvzkkz.mp4"; depth:26; endswith; nocase; http.host; content:"wasni.care"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271117/; classtype:trojan-activity;sid:84134217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.248.82.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271116/; classtype:trojan-activity;sid:84134216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.249.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271115/; classtype:trojan-activity;sid:84134215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.239.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271114/; classtype:trojan-activity;sid:84134214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271113/; classtype:trojan-activity;sid:84134213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.196.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271112/; classtype:trojan-activity;sid:84134212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.124.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271111/; classtype:trojan-activity;sid:84134211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.98.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271110/; classtype:trojan-activity;sid:84134210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.110.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271108/; classtype:trojan-activity;sid:84134208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.85.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271109/; classtype:trojan-activity;sid:84134209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.82.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271107/; classtype:trojan-activity;sid:84134207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.119.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271106/; classtype:trojan-activity;sid:84134206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.30.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271105/; classtype:trojan-activity;sid:84134205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.132.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271104/; classtype:trojan-activity;sid:84134204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.119.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271103/; classtype:trojan-activity;sid:84134203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.182.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271102/; classtype:trojan-activity;sid:84134202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271101/; classtype:trojan-activity;sid:84134201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.81.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271100/; classtype:trojan-activity;sid:84134200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.51.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271099/; classtype:trojan-activity;sid:84134199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//6725c86d7fae4/6725c86d7fc7f.vbs"; depth:33; endswith; nocase; http.host; content:"adjunto.pdfxml.store"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271098/; classtype:trojan-activity;sid:84134198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//6725c86d7fae4/6725c86d7fc7b.vbs"; depth:33; endswith; nocase; http.host; content:"adjunto.pdfxml.store"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271097/; classtype:trojan-activity;sid:84134197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.225.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271096/; classtype:trojan-activity;sid:84134196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//6725c86d7fae4/%e2%9d%89ver%20cuenta%e2%9d%89_%e2%91%a4%e2%91%a6%e2%91%a0%e2%91%a2%e2%91%a3%e2%91%a0%e2%91%a6%e2%91%a2.zip"; depth:123; endswith; nocase; http.host; content:"adjunto.pdfxml.store"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271094/; classtype:trojan-activity;sid:84134194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.219.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271095/; classtype:trojan-activity;sid:84134195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//6725c86d7fae4/js/6725c86d7fa55.js"; depth:35; endswith; nocase; http.host; content:"adjunto.pdfxml.store"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271092/; classtype:trojan-activity;sid:84134192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271093/; classtype:trojan-activity;sid:84134193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271087/; classtype:trojan-activity;sid:84134187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.45.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271086/; classtype:trojan-activity;sid:84134186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mx01/cancun01.zip"; depth:18; endswith; nocase; http.host; content:"62.113.116.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271085/; classtype:trojan-activity;sid:84134185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.49.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271084/; classtype:trojan-activity;sid:84134184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.80.154.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271083/; classtype:trojan-activity;sid:84134183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.192.56.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271082/; classtype:trojan-activity;sid:84134182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.7.166"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271081/; classtype:trojan-activity;sid:84134181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271080/; classtype:trojan-activity;sid:84134180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271079/; classtype:trojan-activity;sid:84134179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02ef6bfefc170701/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271078/; classtype:trojan-activity;sid:84134178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02ef6bfefc170701/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"95.215.207.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271075/; classtype:trojan-activity;sid:84134175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02ef6bfefc170701/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.207.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271076/; classtype:trojan-activity;sid:84134176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02ef6bfefc170701/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"95.215.207.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271077/; classtype:trojan-activity;sid:84134177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.254.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271070/; classtype:trojan-activity;sid:84134170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.117.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271071/; classtype:trojan-activity;sid:84134171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02ef6bfefc170701/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271072/; classtype:trojan-activity;sid:84134172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02ef6bfefc170701/nss3.dll"; depth:26; endswith; nocase; http.host; content:"95.215.207.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271073/; classtype:trojan-activity;sid:84134173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02ef6bfefc170701/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271074/; classtype:trojan-activity;sid:84134174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.85.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271069/; classtype:trojan-activity;sid:84134169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.94.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271068/; classtype:trojan-activity;sid:84134168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.241.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271067/; classtype:trojan-activity;sid:84134167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.68.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271066/; classtype:trojan-activity;sid:84134166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.95.237"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271065/; classtype:trojan-activity;sid:84134165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271064/; classtype:trojan-activity;sid:84134164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.201.135.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271063/; classtype:trojan-activity;sid:84134163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.228.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271062/; classtype:trojan-activity;sid:84134162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.100.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271061/; classtype:trojan-activity;sid:84134161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.208.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271060/; classtype:trojan-activity;sid:84134160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.80.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271059/; classtype:trojan-activity;sid:84134159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271058/; classtype:trojan-activity;sid:84134158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.108.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271057/; classtype:trojan-activity;sid:84134157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.22.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271056/; classtype:trojan-activity;sid:84134156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.192.56.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271055/; classtype:trojan-activity;sid:84134155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.168.120.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271054/; classtype:trojan-activity;sid:84134154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271053/; classtype:trojan-activity;sid:84134153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.46.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271052/; classtype:trojan-activity;sid:84134152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.94.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271051/; classtype:trojan-activity;sid:84134151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.17.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271050/; classtype:trojan-activity;sid:84134150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.228.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271049/; classtype:trojan-activity;sid:84134149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.117.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271048/; classtype:trojan-activity;sid:84134148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.110.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271047/; classtype:trojan-activity;sid:84134147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.207.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271045/; classtype:trojan-activity;sid:84134145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.142.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271046/; classtype:trojan-activity;sid:84134146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.203.200.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271043/; classtype:trojan-activity;sid:84134143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.136.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271044/; classtype:trojan-activity;sid:84134144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.157.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271042/; classtype:trojan-activity;sid:84134142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.99.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271041/; classtype:trojan-activity;sid:84134141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.106.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271039/; classtype:trojan-activity;sid:84134139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.131.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271040/; classtype:trojan-activity;sid:84134140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.71.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271037/; classtype:trojan-activity;sid:84134137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.85.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271038/; classtype:trojan-activity;sid:84134138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.10.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271036/; classtype:trojan-activity;sid:84134136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.80.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271035/; classtype:trojan-activity;sid:84134135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271034/; classtype:trojan-activity;sid:84134134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.72.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271033/; classtype:trojan-activity;sid:84134133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.17.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271032/; classtype:trojan-activity;sid:84134132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.208.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271031/; classtype:trojan-activity;sid:84134131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.17.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271030/; classtype:trojan-activity;sid:84134130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.100.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271029/; classtype:trojan-activity;sid:84134129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.197.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271028/; classtype:trojan-activity;sid:84134128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.193.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271027/; classtype:trojan-activity;sid:84134127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.81.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271026/; classtype:trojan-activity;sid:84134126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.208.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271025/; classtype:trojan-activity;sid:84134125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.198.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271024/; classtype:trojan-activity;sid:84134124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.10.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271023/; classtype:trojan-activity;sid:84134123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.219.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271022/; classtype:trojan-activity;sid:84134122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.203.200.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271021/; classtype:trojan-activity;sid:84134121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.244.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271020/; classtype:trojan-activity;sid:84134120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.193.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271019/; classtype:trojan-activity;sid:84134119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.31.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271018/; classtype:trojan-activity;sid:84134118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.56.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271017/; classtype:trojan-activity;sid:84134117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.18.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271016/; classtype:trojan-activity;sid:84134116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.106.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271015/; classtype:trojan-activity;sid:84134115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.211.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271014/; classtype:trojan-activity;sid:84134114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.49.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271013/; classtype:trojan-activity;sid:84134113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.10.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271012/; classtype:trojan-activity;sid:84134112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.91.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271011/; classtype:trojan-activity;sid:84134111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.116.68.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271010/; classtype:trojan-activity;sid:84134110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.74.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271009/; classtype:trojan-activity;sid:84134109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.49.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271008/; classtype:trojan-activity;sid:84134108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.103.160.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271007/; classtype:trojan-activity;sid:84134107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doma/stone.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271006/; classtype:trojan-activity;sid:84134106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/yxrd0ob7.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271005/; classtype:trojan-activity;sid:84134105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271004/; classtype:trojan-activity;sid:84134104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.10.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271003/; classtype:trojan-activity;sid:84134103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.116.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271002/; classtype:trojan-activity;sid:84134102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.47.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271001/; classtype:trojan-activity;sid:84134101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270999/; classtype:trojan-activity;sid:84134099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.155.222.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271000/; classtype:trojan-activity;sid:84134100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.252.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270998/; classtype:trojan-activity;sid:84134098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270997/; classtype:trojan-activity;sid:84134097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/panel/uploads/fwkdsz.exe"; depth:25; endswith; nocase; http.host; content:"wasni.care"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270996/; classtype:trojan-activity;sid:84134096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.254.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270995/; classtype:trojan-activity;sid:84134095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.142.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270994/; classtype:trojan-activity;sid:84134094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270993/; classtype:trojan-activity;sid:84134093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.196.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270992/; classtype:trojan-activity;sid:84134092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.87.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270991/; classtype:trojan-activity;sid:84134091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270990/; classtype:trojan-activity;sid:84134090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.68.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270988/; classtype:trojan-activity;sid:84134088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.111.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270989/; classtype:trojan-activity;sid:84134089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.108.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270987/; classtype:trojan-activity;sid:84134087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.108.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270984/; classtype:trojan-activity;sid:84134084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.188.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270985/; classtype:trojan-activity;sid:84134085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.161.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270986/; classtype:trojan-activity;sid:84134086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270983/; classtype:trojan-activity;sid:84134083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.63.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270982/; classtype:trojan-activity;sid:84134082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.85.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270981/; classtype:trojan-activity;sid:84134081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.43.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270979/; classtype:trojan-activity;sid:84134079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.222.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270980/; classtype:trojan-activity;sid:84134080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.123.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270978/; classtype:trojan-activity;sid:84134078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.3.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270977/; classtype:trojan-activity;sid:84134077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.156.200.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270976/; classtype:trojan-activity;sid:84134076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.253.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270975/; classtype:trojan-activity;sid:84134075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270974/; classtype:trojan-activity;sid:84134074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.1.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270972/; classtype:trojan-activity;sid:84134072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.40.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270973/; classtype:trojan-activity;sid:84134073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.147.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270971/; classtype:trojan-activity;sid:84134071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.21.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270970/; classtype:trojan-activity;sid:84134070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270968/; classtype:trojan-activity;sid:84134068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/i3xzep1kscpdmj7.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270969/; classtype:trojan-activity;sid:84134069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.131.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270966/; classtype:trojan-activity;sid:84134066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.127.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270967/; classtype:trojan-activity;sid:84134067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.11.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270965/; classtype:trojan-activity;sid:84134065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270964/; classtype:trojan-activity;sid:84134064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.221.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270963/; classtype:trojan-activity;sid:84134063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.14.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270962/; classtype:trojan-activity;sid:84134062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.128.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270961/; classtype:trojan-activity;sid:84134061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.63.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270960/; classtype:trojan-activity;sid:84134060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.68.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270959/; classtype:trojan-activity;sid:84134059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.74.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270958/; classtype:trojan-activity;sid:84134058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.74.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270955/; classtype:trojan-activity;sid:84134055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270956/; classtype:trojan-activity;sid:84134056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270957/; classtype:trojan-activity;sid:84134057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.22.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270954/; classtype:trojan-activity;sid:84134054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.171.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270953/; classtype:trojan-activity;sid:84134053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.141.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270952/; classtype:trojan-activity;sid:84134052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.108.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270951/; classtype:trojan-activity;sid:84134051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.58.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270950/; classtype:trojan-activity;sid:84134050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270949/; classtype:trojan-activity;sid:84134049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.213.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270948/; classtype:trojan-activity;sid:84134048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.185.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270947/; classtype:trojan-activity;sid:84134047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.57.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270946/; classtype:trojan-activity;sid:84134046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.224.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270945/; classtype:trojan-activity;sid:84134045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.22.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270944/; classtype:trojan-activity;sid:84134044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.205.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270943/; classtype:trojan-activity;sid:84134043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.158.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270942/; classtype:trojan-activity;sid:84134042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.40.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270941/; classtype:trojan-activity;sid:84134041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/owo.sh"; depth:7; endswith; nocase; http.host; content:"46.29.162.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270940/; classtype:trojan-activity;sid:84134040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.22.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270939/; classtype:trojan-activity;sid:84134039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.155.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270938/; classtype:trojan-activity;sid:84134038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.157.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270937/; classtype:trojan-activity;sid:84134037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.138.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270936/; classtype:trojan-activity;sid:84134036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.185.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270935/; classtype:trojan-activity;sid:84134035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.201.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270934/; classtype:trojan-activity;sid:84134034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.245.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270933/; classtype:trojan-activity;sid:84134033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.107.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270932/; classtype:trojan-activity;sid:84134032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.128.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270931/; classtype:trojan-activity;sid:84134031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.6.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270930/; classtype:trojan-activity;sid:84134030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.72.228.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270929/; classtype:trojan-activity;sid:84134029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270928/; classtype:trojan-activity;sid:84134028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.4.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270926/; classtype:trojan-activity;sid:84134026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.152.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270927/; classtype:trojan-activity;sid:84134027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.141.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270925/; classtype:trojan-activity;sid:84134025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.180.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270924/; classtype:trojan-activity;sid:84134024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270923/; classtype:trojan-activity;sid:84134023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.39.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270922/; classtype:trojan-activity;sid:84134022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.192.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270921/; classtype:trojan-activity;sid:84134021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270920/; classtype:trojan-activity;sid:84134020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.42.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270918/; classtype:trojan-activity;sid:84134018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.156.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270919/; classtype:trojan-activity;sid:84134019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.196.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270915/; classtype:trojan-activity;sid:84134015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.78.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270916/; classtype:trojan-activity;sid:84134016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.74.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270917/; classtype:trojan-activity;sid:84134017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.163.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270914/; classtype:trojan-activity;sid:84134014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.14.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270913/; classtype:trojan-activity;sid:84134013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.123.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270912/; classtype:trojan-activity;sid:84134012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270911/; classtype:trojan-activity;sid:84134011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.107.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270910/; classtype:trojan-activity;sid:84134010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.158.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270909/; classtype:trojan-activity;sid:84134009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270906/; classtype:trojan-activity;sid:84134006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270907/; classtype:trojan-activity;sid:84134007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.125.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270908/; classtype:trojan-activity;sid:84134008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270892/; classtype:trojan-activity;sid:84133992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270893/; classtype:trojan-activity;sid:84133993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270894/; classtype:trojan-activity;sid:84133994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270895/; classtype:trojan-activity;sid:84133995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270896/; classtype:trojan-activity;sid:84133996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270897/; classtype:trojan-activity;sid:84133997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270898/; classtype:trojan-activity;sid:84133998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270899/; classtype:trojan-activity;sid:84133999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270900/; classtype:trojan-activity;sid:84134000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270901/; classtype:trojan-activity;sid:84134001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270902/; classtype:trojan-activity;sid:84134002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270903/; classtype:trojan-activity;sid:84134003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270904/; classtype:trojan-activity;sid:84134004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"93.123.85.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270905/; classtype:trojan-activity;sid:84134005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.140.190.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270891/; classtype:trojan-activity;sid:84133991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.58.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270890/; classtype:trojan-activity;sid:84133990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270889/; classtype:trojan-activity;sid:84133989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.83.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270888/; classtype:trojan-activity;sid:84133988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270887/; classtype:trojan-activity;sid:84133987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.54.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270885/; classtype:trojan-activity;sid:84133985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.74.112.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270886/; classtype:trojan-activity;sid:84133986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.185.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270884/; classtype:trojan-activity;sid:84133984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270882/; classtype:trojan-activity;sid:84133982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270883/; classtype:trojan-activity;sid:84133983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270880/; classtype:trojan-activity;sid:84133980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270881/; classtype:trojan-activity;sid:84133981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270878/; classtype:trojan-activity;sid:84133978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270879/; classtype:trojan-activity;sid:84133979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270876/; classtype:trojan-activity;sid:84133976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270877/; classtype:trojan-activity;sid:84133977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270872/; classtype:trojan-activity;sid:84133972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270873/; classtype:trojan-activity;sid:84133973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270874/; classtype:trojan-activity;sid:84133974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270875/; classtype:trojan-activity;sid:84133975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm6"; depth:26; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270871/; classtype:trojan-activity;sid:84133971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.sh4"; depth:25; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270870/; classtype:trojan-activity;sid:84133970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm6"; depth:26; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270863/; classtype:trojan-activity;sid:84133963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mips"; depth:26; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270864/; classtype:trojan-activity;sid:84133964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.spc"; depth:25; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270865/; classtype:trojan-activity;sid:84133965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm7"; depth:26; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270866/; classtype:trojan-activity;sid:84133966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mpsl"; depth:26; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270867/; classtype:trojan-activity;sid:84133967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86"; depth:25; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270868/; classtype:trojan-activity;sid:84133968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm"; depth:25; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270869/; classtype:trojan-activity;sid:84133969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.m68k"; depth:26; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270850/; classtype:trojan-activity;sid:84133950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.x86"; depth:25; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270851/; classtype:trojan-activity;sid:84133951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.ppc"; depth:25; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270852/; classtype:trojan-activity;sid:84133952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm5"; depth:26; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270853/; classtype:trojan-activity;sid:84133953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm"; depth:25; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270854/; classtype:trojan-activity;sid:84133954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.sh4"; depth:25; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270855/; classtype:trojan-activity;sid:84133955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mpsl"; depth:26; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270856/; classtype:trojan-activity;sid:84133956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.ppc"; depth:25; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270857/; classtype:trojan-activity;sid:84133957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.spc"; depth:25; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270858/; classtype:trojan-activity;sid:84133958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm7"; depth:26; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270859/; classtype:trojan-activity;sid:84133959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.mips"; depth:26; endswith; nocase; http.host; content:"164.92.178.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270860/; classtype:trojan-activity;sid:84133960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.arm5"; depth:26; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270861/; classtype:trojan-activity;sid:84133961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389242390482/nuklear.m68k"; depth:26; endswith; nocase; http.host; content:"erp.solvatec.ma"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270862/; classtype:trojan-activity;sid:84133962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270849/; classtype:trojan-activity;sid:84133949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.149.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270848/; classtype:trojan-activity;sid:84133948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.101.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270847/; classtype:trojan-activity;sid:84133947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.65.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270846/; classtype:trojan-activity;sid:84133946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270845/; classtype:trojan-activity;sid:84133945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.36.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270844/; classtype:trojan-activity;sid:84133944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm"; depth:12; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270842/; classtype:trojan-activity;sid:84133942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mips"; depth:13; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270843/; classtype:trojan-activity;sid:84133943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270838/; classtype:trojan-activity;sid:84133938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270839/; classtype:trojan-activity;sid:84133939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.x86"; depth:12; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270840/; classtype:trojan-activity;sid:84133940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270841/; classtype:trojan-activity;sid:84133941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.46.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270837/; classtype:trojan-activity;sid:84133937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270832/; classtype:trojan-activity;sid:84133932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270833/; classtype:trojan-activity;sid:84133933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270834/; classtype:trojan-activity;sid:84133934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.spc"; depth:12; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270835/; classtype:trojan-activity;sid:84133935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270836/; classtype:trojan-activity;sid:84133936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270830/; classtype:trojan-activity;sid:84133930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.107.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270831/; classtype:trojan-activity;sid:84133931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.208.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270829/; classtype:trojan-activity;sid:84133929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.78.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270828/; classtype:trojan-activity;sid:84133928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.186.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270827/; classtype:trojan-activity;sid:84133927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270826/; classtype:trojan-activity;sid:84133926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.42.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270825/; classtype:trojan-activity;sid:84133925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270824/; classtype:trojan-activity;sid:84133924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270821/; classtype:trojan-activity;sid:84133921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270822/; classtype:trojan-activity;sid:84133922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270823/; classtype:trojan-activity;sid:84133923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270820/; classtype:trojan-activity;sid:84133920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i5"; depth:3; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270819/; classtype:trojan-activity;sid:84133919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270816/; classtype:trojan-activity;sid:84133916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270817/; classtype:trojan-activity;sid:84133917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270818/; classtype:trojan-activity;sid:84133918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.215.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270808/; classtype:trojan-activity;sid:84133908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270809/; classtype:trojan-activity;sid:84133909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.sh"; depth:7; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270810/; classtype:trojan-activity;sid:84133910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270811/; classtype:trojan-activity;sid:84133911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270812/; classtype:trojan-activity;sid:84133912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i6"; depth:3; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270813/; classtype:trojan-activity;sid:84133913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270814/; classtype:trojan-activity;sid:84133914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.163.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270815/; classtype:trojan-activity;sid:84133915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"sqdqsdsq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270807/; classtype:trojan-activity;sid:84133907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.183.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270806/; classtype:trojan-activity;sid:84133906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hi"; depth:3; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270805/; classtype:trojan-activity;sid:84133905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.94.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270804/; classtype:trojan-activity;sid:84133904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiss.arm7"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270803/; classtype:trojan-activity;sid:84133903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.mpsl"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270799/; classtype:trojan-activity;sid:84133899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiss.mips"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270800/; classtype:trojan-activity;sid:84133900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7"; depth:6; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270801/; classtype:trojan-activity;sid:84133901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug"; depth:6; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270802/; classtype:trojan-activity;sid:84133902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep"; depth:4; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270795/; classtype:trojan-activity;sid:84133895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rev"; depth:4; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270796/; classtype:trojan-activity;sid:84133896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiss.mpsl"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270797/; classtype:trojan-activity;sid:84133897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiss.arm5"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270798/; classtype:trojan-activity;sid:84133898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web"; depth:4; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270791/; classtype:trojan-activity;sid:84133891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm5"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270792/; classtype:trojan-activity;sid:84133892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiss.arm"; depth:9; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270793/; classtype:trojan-activity;sid:84133893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270794/; classtype:trojan-activity;sid:84133894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.49.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270788/; classtype:trojan-activity;sid:84133888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm"; depth:9; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270789/; classtype:trojan-activity;sid:84133889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270790/; classtype:trojan-activity;sid:84133890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdb"; depth:4; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270787/; classtype:trojan-activity;sid:84133887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.mips"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270784/; classtype:trojan-activity;sid:84133884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm7"; depth:10; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270785/; classtype:trojan-activity;sid:84133885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pi"; depth:3; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270786/; classtype:trojan-activity;sid:84133886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.0.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270783/; classtype:trojan-activity;sid:84133883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"mundiprep.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270782/; classtype:trojan-activity;sid:84133882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"dailyfragrancedeals.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270780/; classtype:trojan-activity;sid:84133880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"vinsaca.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270781/; classtype:trojan-activity;sid:84133881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"becreativemind.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270778/; classtype:trojan-activity;sid:84133878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"omegaarea.site"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270779/; classtype:trojan-activity;sid:84133879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"hdlclub2.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270777/; classtype:trojan-activity;sid:84133877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/work/das.php"; depth:13; endswith; nocase; http.host; content:"cosdfdfrefdch.best"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270776/; classtype:trojan-activity;sid:84133876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.104.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270775/; classtype:trojan-activity;sid:84133875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270774/; classtype:trojan-activity;sid:84133874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.191.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270773/; classtype:trojan-activity;sid:84133873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.193.201.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270772/; classtype:trojan-activity;sid:84133872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.83.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270771/; classtype:trojan-activity;sid:84133871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.28.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270770/; classtype:trojan-activity;sid:84133870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aisuru.mips"; depth:12; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270769/; classtype:trojan-activity;sid:84133869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270768/; classtype:trojan-activity;sid:84133868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.101.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270767/; classtype:trojan-activity;sid:84133867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm7"; depth:10; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270766/; classtype:trojan-activity;sid:84133866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm"; depth:9; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270765/; classtype:trojan-activity;sid:84133865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm5"; depth:10; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270762/; classtype:trojan-activity;sid:84133862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hi"; depth:3; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270763/; classtype:trojan-activity;sid:84133863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-armv5l"; depth:15; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270764/; classtype:trojan-activity;sid:84133864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.7.206"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270759/; classtype:trojan-activity;sid:84133859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m"; depth:2; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270760/; classtype:trojan-activity;sid:84133860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.sh"; depth:5; endswith; nocase; http.host; content:"receba-pix.today"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270761/; classtype:trojan-activity;sid:84133861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.51.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270757/; classtype:trojan-activity;sid:84133857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hi"; depth:3; endswith; nocase; http.host; content:"45.140.192.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270758/; classtype:trojan-activity;sid:84133858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-armv5l"; depth:15; endswith; nocase; http.host; content:"45.140.192.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270756/; classtype:trojan-activity;sid:84133856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.sh"; depth:5; endswith; nocase; http.host; content:"45.140.192.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270754/; classtype:trojan-activity;sid:84133854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m"; depth:2; endswith; nocase; http.host; content:"45.140.192.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270755/; classtype:trojan-activity;sid:84133855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.178.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270753/; classtype:trojan-activity;sid:84133853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"65.172.242.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270752/; classtype:trojan-activity;sid:84133852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.92.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270751/; classtype:trojan-activity;sid:84133851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.50.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270750/; classtype:trojan-activity;sid:84133850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.149.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270749/; classtype:trojan-activity;sid:84133849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc3.sh"; depth:8; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc2.sh"; depth:8; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc1.sh"; depth:8; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270746/; classtype:trojan-activity;sid:84133846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.31.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270745/; classtype:trojan-activity;sid:84133845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270743/; classtype:trojan-activity;sid:84133843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.173.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270742/; classtype:trojan-activity;sid:84133842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.236.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270740/; classtype:trojan-activity;sid:84133840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.146.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270739/; classtype:trojan-activity;sid:84133839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.150.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270738/; classtype:trojan-activity;sid:84133838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm5"; depth:10; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270735/; classtype:trojan-activity;sid:84133835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.x86_64"; depth:12; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270736/; classtype:trojan-activity;sid:84133836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mipsel"; depth:12; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270737/; classtype:trojan-activity;sid:84133837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.ppc"; depth:9; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270733/; classtype:trojan-activity;sid:84133833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270734/; classtype:trojan-activity;sid:84133834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.i486"; depth:10; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270731/; classtype:trojan-activity;sid:84133831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.i686"; depth:10; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270732/; classtype:trojan-activity;sid:84133832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm7"; depth:10; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270728/; classtype:trojan-activity;sid:84133828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mips64"; depth:12; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270729/; classtype:trojan-activity;sid:84133829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm6"; depth:10; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270730/; classtype:trojan-activity;sid:84133830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm"; depth:9; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270724/; classtype:trojan-activity;sid:84133824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mips"; depth:10; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270725/; classtype:trojan-activity;sid:84133825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.sh4"; depth:9; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270726/; classtype:trojan-activity;sid:84133826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.m68k"; depth:10; endswith; nocase; http.host; content:"www.chrismccaw.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270727/; classtype:trojan-activity;sid:84133827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.sh4"; depth:9; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270723/; classtype:trojan-activity;sid:84133823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mipsel"; depth:12; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270722/; classtype:trojan-activity;sid:84133822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.i686"; depth:10; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270718/; classtype:trojan-activity;sid:84133818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mips64"; depth:12; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270719/; classtype:trojan-activity;sid:84133819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.i486"; depth:10; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270720/; classtype:trojan-activity;sid:84133820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.x86_64"; depth:12; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270721/; classtype:trojan-activity;sid:84133821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.236.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270717/; classtype:trojan-activity;sid:84133817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.33.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270716/; classtype:trojan-activity;sid:84133816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.215.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270715/; classtype:trojan-activity;sid:84133815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.121.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270714/; classtype:trojan-activity;sid:84133814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.x8"; depth:27; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270710/; classtype:trojan-activity;sid:84133810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.x86"; depth:28; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270711/; classtype:trojan-activity;sid:84133811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/arm7"; depth:27; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270712/; classtype:trojan-activity;sid:84133812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.39.19.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270713/; classtype:trojan-activity;sid:84133813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/ppc64"; depth:28; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270698/; classtype:trojan-activity;sid:84133798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/arm"; depth:26; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270699/; classtype:trojan-activity;sid:84133799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.arm7"; depth:29; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270700/; classtype:trojan-activity;sid:84133800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/x86_64"; depth:29; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270701/; classtype:trojan-activity;sid:84133801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.mips"; depth:29; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270702/; classtype:trojan-activity;sid:84133802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/arm5"; depth:27; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270703/; classtype:trojan-activity;sid:84133803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/mipsel"; depth:29; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270704/; classtype:trojan-activity;sid:84133804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.arm"; depth:28; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270705/; classtype:trojan-activity;sid:84133805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.arm5"; depth:29; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270706/; classtype:trojan-activity;sid:84133806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/mips64"; depth:29; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270707/; classtype:trojan-activity;sid:84133807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/mips"; depth:27; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270708/; classtype:trojan-activity;sid:84133808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/x86"; depth:26; endswith; nocase; http.host; content:"soft93.eu.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270709/; classtype:trojan-activity;sid:84133809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270697/; classtype:trojan-activity;sid:84133797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270694/; classtype:trojan-activity;sid:84133794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270695/; classtype:trojan-activity;sid:84133795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.33.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270696/; classtype:trojan-activity;sid:84133796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.56.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270693/; classtype:trojan-activity;sid:84133793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270692/; classtype:trojan-activity;sid:84133792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux.server"; depth:13; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270691/; classtype:trojan-activity;sid:84133791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270689/; classtype:trojan-activity;sid:84133789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270690/; classtype:trojan-activity;sid:84133790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270686/; classtype:trojan-activity;sid:84133786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270687/; classtype:trojan-activity;sid:84133787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270688/; classtype:trojan-activity;sid:84133788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270685/; classtype:trojan-activity;sid:84133785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270683/; classtype:trojan-activity;sid:84133783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"dosecnc.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270684/; classtype:trojan-activity;sid:84133784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.110.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270682/; classtype:trojan-activity;sid:84133782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.4.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270681/; classtype:trojan-activity;sid:84133781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.62.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270680/; classtype:trojan-activity;sid:84133780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270679/; classtype:trojan-activity;sid:84133779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.250.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270664/; classtype:trojan-activity;sid:84133764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.arm"; depth:28; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270662/; classtype:trojan-activity;sid:84133762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/mips64"; depth:29; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270649/; classtype:trojan-activity;sid:84133749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/x86_64"; depth:29; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270650/; classtype:trojan-activity;sid:84133750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/arm7"; depth:27; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270651/; classtype:trojan-activity;sid:84133751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.x86_64"; depth:31; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270652/; classtype:trojan-activity;sid:84133752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.arm5"; depth:29; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270653/; classtype:trojan-activity;sid:84133753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/mips"; depth:27; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270654/; classtype:trojan-activity;sid:84133754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/x86"; depth:26; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270655/; classtype:trojan-activity;sid:84133755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/ppc64"; depth:28; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270656/; classtype:trojan-activity;sid:84133756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.mips"; depth:29; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270657/; classtype:trojan-activity;sid:84133757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/arm"; depth:26; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270658/; classtype:trojan-activity;sid:84133758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/arm5"; depth:27; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270659/; classtype:trojan-activity;sid:84133759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.x86"; depth:28; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270660/; classtype:trojan-activity;sid:84133760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/mipsel"; depth:29; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270661/; classtype:trojan-activity;sid:84133761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.77.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270648/; classtype:trojan-activity;sid:84133748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.62.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270647/; classtype:trojan-activity;sid:84133747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.21.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270646/; classtype:trojan-activity;sid:84133746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.146.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270645/; classtype:trojan-activity;sid:84133745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.212.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270644/; classtype:trojan-activity;sid:84133744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270642/; classtype:trojan-activity;sid:84133742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.121.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270643/; classtype:trojan-activity;sid:84133743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead"; depth:8; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270627/; classtype:trojan-activity;sid:84133727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyxel"; depth:6; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270628/; classtype:trojan-activity;sid:84133728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.30.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270629/; classtype:trojan-activity;sid:84133729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270630/; classtype:trojan-activity;sid:84133730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.221.235.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270631/; classtype:trojan-activity;sid:84133731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270632/; classtype:trojan-activity;sid:84133732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.111.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270633/; classtype:trojan-activity;sid:84133733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huawei"; depth:7; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270634/; classtype:trojan-activity;sid:84133734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thinkphp"; depth:9; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270635/; classtype:trojan-activity;sid:84133735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lg"; depth:3; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270636/; classtype:trojan-activity;sid:84133736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeros6x.sh"; depth:11; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270637/; classtype:trojan-activity;sid:84133737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.48.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270638/; classtype:trojan-activity;sid:84133738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aws"; depth:4; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270639/; classtype:trojan-activity;sid:84133739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek"; depth:8; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270640/; classtype:trojan-activity;sid:84133740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon443"; depth:8; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270641/; classtype:trojan-activity;sid:84133741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.236.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270626/; classtype:trojan-activity;sid:84133726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270625/; classtype:trojan-activity;sid:84133725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.42.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270624/; classtype:trojan-activity;sid:84133724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.148.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270623/; classtype:trojan-activity;sid:84133723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.arm5"; depth:8; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270621/; classtype:trojan-activity;sid:84133721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xi.arm"; depth:7; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270622/; classtype:trojan-activity;sid:84133722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.98.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270620/; classtype:trojan-activity;sid:84133720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270619/; classtype:trojan-activity;sid:84133719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270608/; classtype:trojan-activity;sid:84133708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270609/; classtype:trojan-activity;sid:84133709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270610/; classtype:trojan-activity;sid:84133710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270611/; classtype:trojan-activity;sid:84133711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270612/; classtype:trojan-activity;sid:84133712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270613/; classtype:trojan-activity;sid:84133713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270614/; classtype:trojan-activity;sid:84133714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270615/; classtype:trojan-activity;sid:84133715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.93.94.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270616/; classtype:trojan-activity;sid:84133716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270617/; classtype:trojan-activity;sid:84133717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"103.192.179.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270618/; classtype:trojan-activity;sid:84133718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.121.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270607/; classtype:trojan-activity;sid:84133707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/la.bot.arc"; depth:14; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270606/; classtype:trojan-activity;sid:84133706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.arc"; depth:14; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270605/; classtype:trojan-activity;sid:84133705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.49.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270604/; classtype:trojan-activity;sid:84133704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.4.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270603/; classtype:trojan-activity;sid:84133703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.187.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270602/; classtype:trojan-activity;sid:84133702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.253.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270601/; classtype:trojan-activity;sid:84133701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.186.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270600/; classtype:trojan-activity;sid:84133700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arc"; depth:16; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270599/; classtype:trojan-activity;sid:84133699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.175.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270598/; classtype:trojan-activity;sid:84133698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270597/; classtype:trojan-activity;sid:84133697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.116.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270596/; classtype:trojan-activity;sid:84133696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.166.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270595/; classtype:trojan-activity;sid:84133695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.77.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270594/; classtype:trojan-activity;sid:84133694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.144.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270593/; classtype:trojan-activity;sid:84133693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.125.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270592/; classtype:trojan-activity;sid:84133692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.147.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270591/; classtype:trojan-activity;sid:84133691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.137.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270590/; classtype:trojan-activity;sid:84133690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.194.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270589/; classtype:trojan-activity;sid:84133689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.228.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270588/; classtype:trojan-activity;sid:84133688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.148.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270587/; classtype:trojan-activity;sid:84133687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.172.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270586/; classtype:trojan-activity;sid:84133686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270585/; classtype:trojan-activity;sid:84133685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.41.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270584/; classtype:trojan-activity;sid:84133684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.197.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270582/; classtype:trojan-activity;sid:84133682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.196.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270583/; classtype:trojan-activity;sid:84133683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.175.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270581/; classtype:trojan-activity;sid:84133681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.253.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270580/; classtype:trojan-activity;sid:84133680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270579/; classtype:trojan-activity;sid:84133679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"cot.our.openarmscv.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270578/; classtype:trojan-activity;sid:84133678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.194.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270577/; classtype:trojan-activity;sid:84133677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.93.94.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270576/; classtype:trojan-activity;sid:84133676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.196.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270574/; classtype:trojan-activity;sid:84133674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.82.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270575/; classtype:trojan-activity;sid:84133675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.241.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270573/; classtype:trojan-activity;sid:84133673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270572/; classtype:trojan-activity;sid:84133672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.107.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270571/; classtype:trojan-activity;sid:84133671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.116.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270570/; classtype:trojan-activity;sid:84133670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270569/; classtype:trojan-activity;sid:84133669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.248.12.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270568/; classtype:trojan-activity;sid:84133668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.144.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270567/; classtype:trojan-activity;sid:84133667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.143.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270566/; classtype:trojan-activity;sid:84133666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.17.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270562/; classtype:trojan-activity;sid:84133662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.175.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270563/; classtype:trojan-activity;sid:84133663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.121.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270564/; classtype:trojan-activity;sid:84133664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.236.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270565/; classtype:trojan-activity;sid:84133665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.113.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270561/; classtype:trojan-activity;sid:84133661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.125.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270560/; classtype:trojan-activity;sid:84133660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.201.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270559/; classtype:trojan-activity;sid:84133659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.51.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270557/; classtype:trojan-activity;sid:84133657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.42.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270558/; classtype:trojan-activity;sid:84133658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.246.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270556/; classtype:trojan-activity;sid:84133656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.194.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270555/; classtype:trojan-activity;sid:84133655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.78.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270552/; classtype:trojan-activity;sid:84133652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.220.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270553/; classtype:trojan-activity;sid:84133653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.189.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270554/; classtype:trojan-activity;sid:84133654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.147.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270551/; classtype:trojan-activity;sid:84133651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270550/; classtype:trojan-activity;sid:84133650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270549/; classtype:trojan-activity;sid:84133649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.10.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270548/; classtype:trojan-activity;sid:84133648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.71.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270547/; classtype:trojan-activity;sid:84133647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.175.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270546/; classtype:trojan-activity;sid:84133646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270545/; classtype:trojan-activity;sid:84133645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.111.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270544/; classtype:trojan-activity;sid:84133644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270543/; classtype:trojan-activity;sid:84133643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.186.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270542/; classtype:trojan-activity;sid:84133642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.196.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270541/; classtype:trojan-activity;sid:84133641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.30.177"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270540/; classtype:trojan-activity;sid:84133640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.189.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270539/; classtype:trojan-activity;sid:84133639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.246.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270538/; classtype:trojan-activity;sid:84133638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270537/; classtype:trojan-activity;sid:84133637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.49.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270536/; classtype:trojan-activity;sid:84133636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.220.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270535/; classtype:trojan-activity;sid:84133635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.51.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270534/; classtype:trojan-activity;sid:84133634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.231.203.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270533/; classtype:trojan-activity;sid:84133633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.201.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270532/; classtype:trojan-activity;sid:84133632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.80.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270531/; classtype:trojan-activity;sid:84133631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.250.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270530/; classtype:trojan-activity;sid:84133630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.137.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270529/; classtype:trojan-activity;sid:84133629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.111.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270527/; classtype:trojan-activity;sid:84133627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.131.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270528/; classtype:trojan-activity;sid:84133628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.87.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270526/; classtype:trojan-activity;sid:84133626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.103.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270525/; classtype:trojan-activity;sid:84133625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.218.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270524/; classtype:trojan-activity;sid:84133624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.163.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270523/; classtype:trojan-activity;sid:84133623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.103.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270522/; classtype:trojan-activity;sid:84133622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.31.154"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270521/; classtype:trojan-activity;sid:84133621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.99.201.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270520/; classtype:trojan-activity;sid:84133620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.73.55.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270519/; classtype:trojan-activity;sid:84133619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.66.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270518/; classtype:trojan-activity;sid:84133618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.18.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270517/; classtype:trojan-activity;sid:84133617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.172.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270516/; classtype:trojan-activity;sid:84133616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270515/; classtype:trojan-activity;sid:84133615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270514/; classtype:trojan-activity;sid:84133614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"yuqnq.range.cccinvolve.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270513/; classtype:trojan-activity;sid:84133613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.241.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270512/; classtype:trojan-activity;sid:84133612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270511/; classtype:trojan-activity;sid:84133611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.244.133.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270509/; classtype:trojan-activity;sid:84133609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.116.68.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270510/; classtype:trojan-activity;sid:84133610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270507/; classtype:trojan-activity;sid:84133607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270508/; classtype:trojan-activity;sid:84133608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270506/; classtype:trojan-activity;sid:84133606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.240.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270505/; classtype:trojan-activity;sid:84133605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.214.61.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270504/; classtype:trojan-activity;sid:84133604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.255.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270503/; classtype:trojan-activity;sid:84133603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.83.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270502/; classtype:trojan-activity;sid:84133602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.201.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270501/; classtype:trojan-activity;sid:84133601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.111.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270500/; classtype:trojan-activity;sid:84133600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.3.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270499/; classtype:trojan-activity;sid:84133599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270498/; classtype:trojan-activity;sid:84133598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.70.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270497/; classtype:trojan-activity;sid:84133597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.34.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270496/; classtype:trojan-activity;sid:84133596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.163.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270495/; classtype:trojan-activity;sid:84133595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.231.203.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270494/; classtype:trojan-activity;sid:84133594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.113.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270493/; classtype:trojan-activity;sid:84133593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.172.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270492/; classtype:trojan-activity;sid:84133592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.103.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270491/; classtype:trojan-activity;sid:84133591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.125.119.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270490/; classtype:trojan-activity;sid:84133590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270489/; classtype:trojan-activity;sid:84133589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.242.106.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270486/; classtype:trojan-activity;sid:84133586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.31.101.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270487/; classtype:trojan-activity;sid:84133587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"76.177.199.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270488/; classtype:trojan-activity;sid:84133588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.95.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270485/; classtype:trojan-activity;sid:84133585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.235.163.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270484/; classtype:trojan-activity;sid:84133584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.209.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270483/; classtype:trojan-activity;sid:84133583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270482/; classtype:trojan-activity;sid:84133582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.241.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270481/; classtype:trojan-activity;sid:84133581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.220.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270480/; classtype:trojan-activity;sid:84133580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.108.231.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270479/; classtype:trojan-activity;sid:84133579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.190.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270478/; classtype:trojan-activity;sid:84133578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.182.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270477/; classtype:trojan-activity;sid:84133577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.172.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270476/; classtype:trojan-activity;sid:84133576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.116.68.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270475/; classtype:trojan-activity;sid:84133575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.226.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270473/; classtype:trojan-activity;sid:84133573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270474/; classtype:trojan-activity;sid:84133574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.240.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270472/; classtype:trojan-activity;sid:84133572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.173.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270471/; classtype:trojan-activity;sid:84133571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.96.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270470/; classtype:trojan-activity;sid:84133570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.113.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270469/; classtype:trojan-activity;sid:84133569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.3.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270468/; classtype:trojan-activity;sid:84133568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.80.35.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270467/; classtype:trojan-activity;sid:84133567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.129.103.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270466/; classtype:trojan-activity;sid:84133566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.86.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270465/; classtype:trojan-activity;sid:84133565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.246.94.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270464/; classtype:trojan-activity;sid:84133564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270463/; classtype:trojan-activity;sid:84133563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.27.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270462/; classtype:trojan-activity;sid:84133562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.221.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270460/; classtype:trojan-activity;sid:84133560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270461/; classtype:trojan-activity;sid:84133561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.51.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270458/; classtype:trojan-activity;sid:84133558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.158.125.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270459/; classtype:trojan-activity;sid:84133559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.252.65.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270457/; classtype:trojan-activity;sid:84133557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.41.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270456/; classtype:trojan-activity;sid:84133556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.125.119.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270455/; classtype:trojan-activity;sid:84133555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.34.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270454/; classtype:trojan-activity;sid:84133554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270453/; classtype:trojan-activity;sid:84133553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.117.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270452/; classtype:trojan-activity;sid:84133552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.248.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270451/; classtype:trojan-activity;sid:84133551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.163.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270450/; classtype:trojan-activity;sid:84133550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.220.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270449/; classtype:trojan-activity;sid:84133549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.196.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270448/; classtype:trojan-activity;sid:84133548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.47.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270447/; classtype:trojan-activity;sid:84133547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.221.89.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270446/; classtype:trojan-activity;sid:84133546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.231.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270445/; classtype:trojan-activity;sid:84133545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.237.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270444/; classtype:trojan-activity;sid:84133544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.190.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270443/; classtype:trojan-activity;sid:84133543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.231.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270442/; classtype:trojan-activity;sid:84133542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.108.231.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270441/; classtype:trojan-activity;sid:84133541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.7.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270440/; classtype:trojan-activity;sid:84133540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.180.177.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270439/; classtype:trojan-activity;sid:84133539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.49.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270438/; classtype:trojan-activity;sid:84133538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.62.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270437/; classtype:trojan-activity;sid:84133537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.117.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270436/; classtype:trojan-activity;sid:84133536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.205.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270435/; classtype:trojan-activity;sid:84133535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.140.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270434/; classtype:trojan-activity;sid:84133534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.192.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270433/; classtype:trojan-activity;sid:84133533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.248.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270431/; classtype:trojan-activity;sid:84133531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.exe"; depth:6; endswith; nocase; http.host; content:"45.149.241.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270432/; classtype:trojan-activity;sid:84133532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.218.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270430/; classtype:trojan-activity;sid:84133530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.48.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270429/; classtype:trojan-activity;sid:84133529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.8.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270428/; classtype:trojan-activity;sid:84133528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.196.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270427/; classtype:trojan-activity;sid:84133527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270426/; classtype:trojan-activity;sid:84133526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.47.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270425/; classtype:trojan-activity;sid:84133525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.42.127.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270424/; classtype:trojan-activity;sid:84133524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.201.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270423/; classtype:trojan-activity;sid:84133523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.218.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270422/; classtype:trojan-activity;sid:84133522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.92.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270421/; classtype:trojan-activity;sid:84133521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.148.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270420/; classtype:trojan-activity;sid:84133520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.15.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270419/; classtype:trojan-activity;sid:84133519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270418/; classtype:trojan-activity;sid:84133518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.172.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270417/; classtype:trojan-activity;sid:84133517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.228.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270415/; classtype:trojan-activity;sid:84133515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.56.201.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270416/; classtype:trojan-activity;sid:84133516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.11.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270414/; classtype:trojan-activity;sid:84133514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.239.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270413/; classtype:trojan-activity;sid:84133513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.74.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270411/; classtype:trojan-activity;sid:84133511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.164.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270412/; classtype:trojan-activity;sid:84133512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.205.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270410/; classtype:trojan-activity;sid:84133510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.29.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270409/; classtype:trojan-activity;sid:84133509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.241.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270408/; classtype:trojan-activity;sid:84133508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.144.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270407/; classtype:trojan-activity;sid:84133507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.111.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270406/; classtype:trojan-activity;sid:84133506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.244.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270404/; classtype:trojan-activity;sid:84133504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.82.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270405/; classtype:trojan-activity;sid:84133505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.156.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270402/; classtype:trojan-activity;sid:84133502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.59.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270403/; classtype:trojan-activity;sid:84133503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.176.223.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270401/; classtype:trojan-activity;sid:84133501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.48.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270400/; classtype:trojan-activity;sid:84133500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.18.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270399/; classtype:trojan-activity;sid:84133499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.151.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270398/; classtype:trojan-activity;sid:84133498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.159.176.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270397/; classtype:trojan-activity;sid:84133497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.143.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270396/; classtype:trojan-activity;sid:84133496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.176.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270395/; classtype:trojan-activity;sid:84133495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.91.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270393/; classtype:trojan-activity;sid:84133493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.239.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270394/; classtype:trojan-activity;sid:84133494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.exe"; depth:6; endswith; nocase; http.host; content:"45.149.241.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270392/; classtype:trojan-activity;sid:84133492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.29.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270391/; classtype:trojan-activity;sid:84133491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.11.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270390/; classtype:trojan-activity;sid:84133490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.47.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270389/; classtype:trojan-activity;sid:84133489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.244.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270388/; classtype:trojan-activity;sid:84133488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.148.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270386/; classtype:trojan-activity;sid:84133486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.164.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270387/; classtype:trojan-activity;sid:84133487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.83.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270385/; classtype:trojan-activity;sid:84133485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.182.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270384/; classtype:trojan-activity;sid:84133484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.11.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270383/; classtype:trojan-activity;sid:84133483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.211.128.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270382/; classtype:trojan-activity;sid:84133482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.127.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270381/; classtype:trojan-activity;sid:84133481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.77.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270380/; classtype:trojan-activity;sid:84133480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.175.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270379/; classtype:trojan-activity;sid:84133479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.122.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270378/; classtype:trojan-activity;sid:84133478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.164.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270377/; classtype:trojan-activity;sid:84133477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.18.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270376/; classtype:trojan-activity;sid:84133476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.80.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270375/; classtype:trojan-activity;sid:84133475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.35.76"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270374/; classtype:trojan-activity;sid:84133474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.82.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270373/; classtype:trojan-activity;sid:84133473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.130.19.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270372/; classtype:trojan-activity;sid:84133472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.69.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270371/; classtype:trojan-activity;sid:84133471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.237.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270370/; classtype:trojan-activity;sid:84133470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.159.176.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270369/; classtype:trojan-activity;sid:84133469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.192.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270368/; classtype:trojan-activity;sid:84133468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.77.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270367/; classtype:trojan-activity;sid:84133467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.225.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270366/; classtype:trojan-activity;sid:84133466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.103.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270365/; classtype:trojan-activity;sid:84133465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270364/; classtype:trojan-activity;sid:84133464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.6.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270363/; classtype:trojan-activity;sid:84133463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.164.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270362/; classtype:trojan-activity;sid:84133462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.139.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270360/; classtype:trojan-activity;sid:84133460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.145.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270361/; classtype:trojan-activity;sid:84133461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.192.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270359/; classtype:trojan-activity;sid:84133459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.29.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270358/; classtype:trojan-activity;sid:84133458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.132.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270357/; classtype:trojan-activity;sid:84133457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.144.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270356/; classtype:trojan-activity;sid:84133456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.184.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270355/; classtype:trojan-activity;sid:84133455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.47.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270354/; classtype:trojan-activity;sid:84133454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"62.211.128.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270352/; classtype:trojan-activity;sid:84133452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.127.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270353/; classtype:trojan-activity;sid:84133453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.175.180.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270351/; classtype:trojan-activity;sid:84133451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/555.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270350/; classtype:trojan-activity;sid:84133450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.254.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270349/; classtype:trojan-activity;sid:84133449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.154.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270348/; classtype:trojan-activity;sid:84133448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.11.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270347/; classtype:trojan-activity;sid:84133447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.195.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270346/; classtype:trojan-activity;sid:84133446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270345/; classtype:trojan-activity;sid:84133445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.84.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270344/; classtype:trojan-activity;sid:84133444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.172.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270343/; classtype:trojan-activity;sid:84133443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.235.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270342/; classtype:trojan-activity;sid:84133442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.90.153"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270341/; classtype:trojan-activity;sid:84133441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.225.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270339/; classtype:trojan-activity;sid:84133439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.91.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270340/; classtype:trojan-activity;sid:84133440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.156.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270338/; classtype:trojan-activity;sid:84133438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.244.163.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270337/; classtype:trojan-activity;sid:84133437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.11.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270336/; classtype:trojan-activity;sid:84133436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.132.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270335/; classtype:trojan-activity;sid:84133435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.163.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270333/; classtype:trojan-activity;sid:84133433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.234.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270334/; classtype:trojan-activity;sid:84133434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.154.255.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270332/; classtype:trojan-activity;sid:84133432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.38.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270331/; classtype:trojan-activity;sid:84133431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.111.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270330/; classtype:trojan-activity;sid:84133430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270329/; classtype:trojan-activity;sid:84133429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.142.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270328/; classtype:trojan-activity;sid:84133428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.69.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270327/; classtype:trojan-activity;sid:84133427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.94.193.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270326/; classtype:trojan-activity;sid:84133426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.29.69"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270325/; classtype:trojan-activity;sid:84133425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.174.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270324/; classtype:trojan-activity;sid:84133424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.184.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270323/; classtype:trojan-activity;sid:84133423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270321/; classtype:trojan-activity;sid:84133421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.90.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270322/; classtype:trojan-activity;sid:84133422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270320/; classtype:trojan-activity;sid:84133420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270319/; classtype:trojan-activity;sid:84133419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.47.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270318/; classtype:trojan-activity;sid:84133418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.154.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270317/; classtype:trojan-activity;sid:84133417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270316/; classtype:trojan-activity;sid:84133416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270315/; classtype:trojan-activity;sid:84133415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.41.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270314/; classtype:trojan-activity;sid:84133414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.135.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270313/; classtype:trojan-activity;sid:84133413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.90.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270312/; classtype:trojan-activity;sid:84133412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.198.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270311/; classtype:trojan-activity;sid:84133411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.249.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270309/; classtype:trojan-activity;sid:84133409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.32.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270310/; classtype:trojan-activity;sid:84133410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.18.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270308/; classtype:trojan-activity;sid:84133408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.241.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270307/; classtype:trojan-activity;sid:84133407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.247.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270305/; classtype:trojan-activity;sid:84133405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.90.153"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270306/; classtype:trojan-activity;sid:84133406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.163.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270304/; classtype:trojan-activity;sid:84133404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.91.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270303/; classtype:trojan-activity;sid:84133403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e4tr5hrde/setup1.exe"; depth:21; endswith; nocase; http.host; content:"sunny-lai.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270302/; classtype:trojan-activity;sid:84133402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.186.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270301/; classtype:trojan-activity;sid:84133401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.98.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270299/; classtype:trojan-activity;sid:84133399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.27.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270300/; classtype:trojan-activity;sid:84133400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.126.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270298/; classtype:trojan-activity;sid:84133398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270297/; classtype:trojan-activity;sid:84133397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.8.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270296/; classtype:trojan-activity;sid:84133396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.15.22.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270295/; classtype:trojan-activity;sid:84133395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.245.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270294/; classtype:trojan-activity;sid:84133394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.15.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270293/; classtype:trojan-activity;sid:84133393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.182.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270292/; classtype:trojan-activity;sid:84133392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.247.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270291/; classtype:trojan-activity;sid:84133391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.9.124"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270290/; classtype:trojan-activity;sid:84133390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.172.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270289/; classtype:trojan-activity;sid:84133389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.121.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270288/; classtype:trojan-activity;sid:84133388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm5"; depth:9; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270287/; classtype:trojan-activity;sid:84133387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.230.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270286/; classtype:trojan-activity;sid:84133386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.186.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270285/; classtype:trojan-activity;sid:84133385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270282/; classtype:trojan-activity;sid:84133382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.116.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270283/; classtype:trojan-activity;sid:84133383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.81.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270284/; classtype:trojan-activity;sid:84133384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/mpsl"; depth:9; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270280/; classtype:trojan-activity;sid:84133380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/m68k"; depth:9; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270281/; classtype:trojan-activity;sid:84133381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/mips"; depth:9; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270279/; classtype:trojan-activity;sid:84133379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/ppc"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270276/; classtype:trojan-activity;sid:84133376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/x86"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270277/; classtype:trojan-activity;sid:84133377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/sh4"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270278/; classtype:trojan-activity;sid:84133378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm7"; depth:9; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270274/; classtype:trojan-activity;sid:84133374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270275/; classtype:trojan-activity;sid:84133375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.90.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270272/; classtype:trojan-activity;sid:84133372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm6"; depth:9; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270273/; classtype:trojan-activity;sid:84133373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270271/; classtype:trojan-activity;sid:84133371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.118.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270270/; classtype:trojan-activity;sid:84133370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.144.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270269/; classtype:trojan-activity;sid:84133369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.132.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270267/; classtype:trojan-activity;sid:84133367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.87.62"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270268/; classtype:trojan-activity;sid:84133368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.80.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270266/; classtype:trojan-activity;sid:84133366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.123.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270265/; classtype:trojan-activity;sid:84133365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.15.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270264/; classtype:trojan-activity;sid:84133364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.141.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270263/; classtype:trojan-activity;sid:84133363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.113.226.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270262/; classtype:trojan-activity;sid:84133362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.68.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270261/; classtype:trojan-activity;sid:84133361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.148.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270260/; classtype:trojan-activity;sid:84133360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.86.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270257/; classtype:trojan-activity;sid:84133357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.214.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270258/; classtype:trojan-activity;sid:84133358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270259/; classtype:trojan-activity;sid:84133359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.186.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270256/; classtype:trojan-activity;sid:84133356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.142.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270255/; classtype:trojan-activity;sid:84133355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.98.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270254/; classtype:trojan-activity;sid:84133354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.126.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270253/; classtype:trojan-activity;sid:84133353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.50.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270252/; classtype:trojan-activity;sid:84133352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.247.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270251/; classtype:trojan-activity;sid:84133351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.231.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270250/; classtype:trojan-activity;sid:84133350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.82.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270249/; classtype:trojan-activity;sid:84133349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.116.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270248/; classtype:trojan-activity;sid:84133348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.27.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270247/; classtype:trojan-activity;sid:84133347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/mpsl"; depth:9; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270246/; classtype:trojan-activity;sid:84133346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/x86"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270245/; classtype:trojan-activity;sid:84133345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270244/; classtype:trojan-activity;sid:84133344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270242/; classtype:trojan-activity;sid:84133342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm5"; depth:9; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270243/; classtype:trojan-activity;sid:84133343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm6"; depth:9; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270236/; classtype:trojan-activity;sid:84133336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/arm7"; depth:9; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270237/; classtype:trojan-activity;sid:84133337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/ppc"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270238/; classtype:trojan-activity;sid:84133338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/mips"; depth:9; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270239/; classtype:trojan-activity;sid:84133339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/sh4"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270240/; classtype:trojan-activity;sid:84133340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oth/m68k"; depth:9; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270241/; classtype:trojan-activity;sid:84133341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.86.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270235/; classtype:trojan-activity;sid:84133335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270234/; classtype:trojan-activity;sid:84133334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.98.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270233/; classtype:trojan-activity;sid:84133333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.21.175.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270232/; classtype:trojan-activity;sid:84133332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.38.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270231/; classtype:trojan-activity;sid:84133331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270230/; classtype:trojan-activity;sid:84133330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.232.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270229/; classtype:trojan-activity;sid:84133329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270228/; classtype:trojan-activity;sid:84133328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/100pcs.exe"; depth:14; endswith; nocase; http.host; content:"fiestagrandefm.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270226/; classtype:trojan-activity;sid:84133326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/passwordrecovery32exe.exe"; depth:29; endswith; nocase; http.host; content:"fiestagrandefm.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270227/; classtype:trojan-activity;sid:84133327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/bb.exe"; depth:10; endswith; nocase; http.host; content:"fiestagrandefm.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270224/; classtype:trojan-activity;sid:84133324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/passwordrecovery64exe.exe"; depth:29; endswith; nocase; http.host; content:"fiestagrandefm.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270225/; classtype:trojan-activity;sid:84133325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.108.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270223/; classtype:trojan-activity;sid:84133323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.32.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270222/; classtype:trojan-activity;sid:84133322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.106.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270221/; classtype:trojan-activity;sid:84133321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.207.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270220/; classtype:trojan-activity;sid:84133320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/cpu44/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270218/; classtype:trojan-activity;sid:84133318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/233_qzzgbhhaaml"; depth:20; endswith; nocase; http.host; content:"maan2u.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270219/; classtype:trojan-activity;sid:84133319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r/eebvo"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270214/; classtype:trojan-activity;sid:84133314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.31.134.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270215/; classtype:trojan-activity;sid:84133315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/brf4lern"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270216/; classtype:trojan-activity;sid:84133316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xvkdr4md"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270217/; classtype:trojan-activity;sid:84133317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/lnuky"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270213/; classtype:trojan-activity;sid:84133313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.66.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270212/; classtype:trojan-activity;sid:84133312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.164.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270211/; classtype:trojan-activity;sid:84133311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.144.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270210/; classtype:trojan-activity;sid:84133310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.54.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270209/; classtype:trojan-activity;sid:84133309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270208/; classtype:trojan-activity;sid:84133308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.199.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270207/; classtype:trojan-activity;sid:84133307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.233.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270206/; classtype:trojan-activity;sid:84133306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270205/; classtype:trojan-activity;sid:84133305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.98.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270204/; classtype:trojan-activity;sid:84133304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.31.134.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270203/; classtype:trojan-activity;sid:84133303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.57.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270202/; classtype:trojan-activity;sid:84133302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.131.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270201/; classtype:trojan-activity;sid:84133301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3pool/winring0x64.sys"; depth:23; endswith; nocase; http.host; content:"c3poolbat2.oss-ap-northeast-1.aliyuncs.com"; depth:42; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270200/; classtype:trojan-activity;sid:84133300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winring0x64.sys"; depth:16; endswith; nocase; http.host; content:"77.91.66.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270199/; classtype:trojan-activity;sid:84133299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; depth:45; endswith; nocase; http.host; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.160.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270197/; classtype:trojan-activity;sid:84133297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novocrm/static/winring0x64.sys"; depth:31; endswith; nocase; http.host; content:"118.189.172.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; depth:68; endswith; nocase; http.host; content:"shqdown.ggzuhao.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unvd01/unvmain/raw/refs/heads/main/cmn/ucpusys.dat"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270194/; classtype:trojan-activity;sid:84133294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/silenthashik/winring/raw/main/winring0x64.sys"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winring0x64.sys"; depth:16; endswith; nocase; http.host; content:"mymin11.oss-cn-hangzhou.aliyuncs.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270190/; classtype:trojan-activity;sid:84133290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows/winring0x64.sys"; depth:24; endswith; nocase; http.host; content:"206.217.142.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270182/; classtype:trojan-activity;sid:84133282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sopranotech/dimeo/main/winring0x64.sys"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abrissyy/min/main/winring0x64.sys"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/error/xteam30.exe"; depth:18; endswith; nocase; http.host; content:"tp2.5ee.mytemp.website"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270181/; classtype:trojan-activity;sid:84133281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.7.206"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270180/; classtype:trojan-activity;sid:84133280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.199.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270179/; classtype:trojan-activity;sid:84133279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.30.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270178/; classtype:trojan-activity;sid:84133278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.207.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270177/; classtype:trojan-activity;sid:84133277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.252.106.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270176/; classtype:trojan-activity;sid:84133276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.35.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270175/; classtype:trojan-activity;sid:84133275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.233.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270174/; classtype:trojan-activity;sid:84133274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270173/; classtype:trojan-activity;sid:84133273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"185.196.10.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270172/; classtype:trojan-activity;sid:84133272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.145.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270170/; classtype:trojan-activity;sid:84133270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idja/5wrhyo8grfuzsqh.exe"; depth:25; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270171/; classtype:trojan-activity;sid:84133271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/hwidkeychanger.exe"; depth:22; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270162/; classtype:trojan-activity;sid:84133262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/z/bypass.dll"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270163/; classtype:trojan-activity;sid:84133263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/r3nzskin.dll"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270164/; classtype:trojan-activity;sid:84133264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/vz/cheat.dll"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270165/; classtype:trojan-activity;sid:84133265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/cslol-manager-windows.exe"; depth:29; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270166/; classtype:trojan-activity;sid:84133266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/sh/sechex-gui.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270167/; classtype:trojan-activity;sid:84133267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/ww/cheat.dll"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270168/; classtype:trojan-activity;sid:84133268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/bluefirecolorbot.exe"; depth:24; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270169/; classtype:trojan-activity;sid:84133269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/z/launcher.exe"; depth:18; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270151/; classtype:trojan-activity;sid:84133251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/sechex-gui.exe"; depth:18; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270152/; classtype:trojan-activity;sid:84133252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/hpsrspoof.exe"; depth:17; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270153/; classtype:trojan-activity;sid:84133253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/r6/r6recoil.exe"; depth:19; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270154/; classtype:trojan-activity;sid:84133254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/forza-mods-aio.exe"; depth:22; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270155/; classtype:trojan-activity;sid:84133255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/r3nzskin_injector.exe"; depth:25; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270156/; classtype:trojan-activity;sid:84133256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/forza_horizon_5_trainer.exe"; depth:31; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270157/; classtype:trojan-activity;sid:84133257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/speedautoclicker.exe"; depth:24; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270158/; classtype:trojan-activity;sid:84133258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/speedautoclicker.exe"; depth:24; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270159/; classtype:trojan-activity;sid:84133259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/bluefirecolorbot.exe"; depth:24; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270160/; classtype:trojan-activity;sid:84133260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/r6/r6recoil.exe"; depth:19; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270161/; classtype:trojan-activity;sid:84133261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/forza-mods-aio.exe"; depth:22; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270121/; classtype:trojan-activity;sid:84133221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/z/launcher.exe"; depth:18; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270122/; classtype:trojan-activity;sid:84133222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/vz/cheat.dll"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270123/; classtype:trojan-activity;sid:84133223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/alani_nu.exe"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270124/; classtype:trojan-activity;sid:84133224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/sh/sechex-gui.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270125/; classtype:trojan-activity;sid:84133225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/z/cheat.dll"; depth:15; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270126/; classtype:trojan-activity;sid:84133226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/hpsrspoof.exe"; depth:17; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270127/; classtype:trojan-activity;sid:84133227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/valyse.exe"; depth:14; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270128/; classtype:trojan-activity;sid:84133228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/lunarinjector.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270129/; classtype:trojan-activity;sid:84133229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/ww/cheat.dll"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270130/; classtype:trojan-activity;sid:84133230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/sechex-gui.exe"; depth:18; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270131/; classtype:trojan-activity;sid:84133231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/assistant.exe"; depth:17; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270132/; classtype:trojan-activity;sid:84133232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/r6/r6injector.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270133/; classtype:trojan-activity;sid:84133233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/kdmapper_release.exe"; depth:24; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270134/; classtype:trojan-activity;sid:84133234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/waveinstaller.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270135/; classtype:trojan-activity;sid:84133235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/forza_horizon_5_trainer.exe"; depth:31; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270136/; classtype:trojan-activity;sid:84133236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/hwidkeychanger.exe"; depth:22; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270137/; classtype:trojan-activity;sid:84133237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/alani_nu.exe"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270138/; classtype:trojan-activity;sid:84133238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/valyse.exe"; depth:14; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270139/; classtype:trojan-activity;sid:84133239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/cslol-manager-windows.exe"; depth:29; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270140/; classtype:trojan-activity;sid:84133240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/waveinstaller.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270141/; classtype:trojan-activity;sid:84133241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/z/cheat.dll"; depth:15; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270142/; classtype:trojan-activity;sid:84133242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/netflix-x86_64.exe"; depth:22; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270143/; classtype:trojan-activity;sid:84133243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/lunarinjector.exe"; depth:21; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270144/; classtype:trojan-activity;sid:84133244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/saphireskins.exe"; depth:20; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270145/; classtype:trojan-activity;sid:84133245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/z/bypass.dll"; depth:16; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270146/; classtype:trojan-activity;sid:84133246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/mw3_unlocker.exe"; depth:20; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270147/; classtype:trojan-activity;sid:84133247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/mw3_unlocker.exe"; depth:20; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270148/; classtype:trojan-activity;sid:84133248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/netflix-x86_64.exe"; depth:22; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270149/; classtype:trojan-activity;sid:84133249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/kdmapper_release.exe"; depth:24; endswith; nocase; http.host; content:"downloadsparrow.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270150/; classtype:trojan-activity;sid:84133250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.217.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270120/; classtype:trojan-activity;sid:84133220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.49.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270119/; classtype:trojan-activity;sid:84133219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.196.175.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270117/; classtype:trojan-activity;sid:84133217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.209.109.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270118/; classtype:trojan-activity;sid:84133218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.30.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270116/; classtype:trojan-activity;sid:84133216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/error/xteam30.hta"; depth:18; endswith; nocase; http.host; content:"tp2.5ee.mytemp.website"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270114/; classtype:trojan-activity;sid:84133214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/error/join%20our%20team%20as%20a%20paid%20advertising%20specialist.docx"; depth:72; endswith; nocase; http.host; content:"tp2.5ee.mytemp.website"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270115/; classtype:trojan-activity;sid:84133215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c97fe797-45c1-473b-a2f8-3c0c8bb431af/5.hta"; depth:43; endswith; nocase; http.host; content:"cdn.glitch.global"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270113/; classtype:trojan-activity;sid:84133213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.47.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270112/; classtype:trojan-activity;sid:84133212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0072eaa8-5487-460c-9a1e-184c9e9cd32a/upb.hta"; depth:45; endswith; nocase; http.host; content:"cdn.glitch.global"; depth:17; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270111/; classtype:trojan-activity;sid:84133211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.80.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270110/; classtype:trojan-activity;sid:84133210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idja/projekt%20nr%209215441244.hta"; depth:35; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270109/; classtype:trojan-activity;sid:84133209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/never.hta"; depth:10; endswith; nocase; http.host; content:"210.56.13.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270108/; classtype:trojan-activity;sid:84133208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"149.30.202.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270107/; classtype:trojan-activity;sid:84133207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.11.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270106/; classtype:trojan-activity;sid:84133206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"205.185.113.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270105/; classtype:trojan-activity;sid:84133205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"104.244.72.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270104/; classtype:trojan-activity;sid:84133204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"205.185.113.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270103/; classtype:trojan-activity;sid:84133203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.10.17.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270102/; classtype:trojan-activity;sid:84133202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.248.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270101/; classtype:trojan-activity;sid:84133201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/222.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270100/; classtype:trojan-activity;sid:84133200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.112.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270099/; classtype:trojan-activity;sid:84133199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.30.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270098/; classtype:trojan-activity;sid:84133198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.45.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270097/; classtype:trojan-activity;sid:84133197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.67.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270096/; classtype:trojan-activity;sid:84133196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghsjfsgfjsyhsfhzgbdfbgzgfb/yugygfyjsbdfoesrjfzbhffbserhbwdewbrtsnbdjkfbrhjgvghvhgvhgvhgvhfgcnchgfcnhchgchgcngfcngcgdcngchcngch/jhbhfbjadhghjvgfcxhhfcjtgvkhdfskjdkbzhdfhmzdkydbfvhzdfjgvhzvg/tfvjtcfgchgcgchcgcftjcgtygvgftrdcjfcgkhvgcjfcxhfcjgvk/chfgcx.exe"; depth:254; endswith; nocase; http.host; content:"45.149.241.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270095/; classtype:trojan-activity;sid:84133195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/arenamain.exe"; depth:23; endswith; nocase; http.host; content:"193.169.105.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270094/; classtype:trojan-activity;sid:84133194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.31.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270092/; classtype:trojan-activity;sid:84133192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/akrproliv.exe"; depth:23; endswith; nocase; http.host; content:"193.169.105.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270093/; classtype:trojan-activity;sid:84133193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.173.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270091/; classtype:trojan-activity;sid:84133191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.82.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270090/; classtype:trojan-activity;sid:84133190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.137.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270089/; classtype:trojan-activity;sid:84133189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.210.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270088/; classtype:trojan-activity;sid:84133188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.15.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270087/; classtype:trojan-activity;sid:84133187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.255.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270086/; classtype:trojan-activity;sid:84133186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.45.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270085/; classtype:trojan-activity;sid:84133185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.55.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270084/; classtype:trojan-activity;sid:84133184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.74.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270083/; classtype:trojan-activity;sid:84133183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.98.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270082/; classtype:trojan-activity;sid:84133182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.30.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270081/; classtype:trojan-activity;sid:84133181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/j86piuq9.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270080/; classtype:trojan-activity;sid:84133180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bwapp.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270079/; classtype:trojan-activity;sid:84133179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/0b44ippu.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270077/; classtype:trojan-activity;sid:84133177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5gevcp8z.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270078/; classtype:trojan-activity;sid:84133178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270075/; classtype:trojan-activity;sid:84133175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/chicken123.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270076/; classtype:trojan-activity;sid:84133176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dsds.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270073/; classtype:trojan-activity;sid:84133173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/final.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270074/; classtype:trojan-activity;sid:84133174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xyaw4fkp.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270072/; classtype:trojan-activity;sid:84133172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/setup8.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270070/; classtype:trojan-activity;sid:84133170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/golden.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270071/; classtype:trojan-activity;sid:84133171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/do.ps1"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270069/; classtype:trojan-activity;sid:84133169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.19.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270068/; classtype:trojan-activity;sid:84133168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.8.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270067/; classtype:trojan-activity;sid:84133167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.60.222.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270066/; classtype:trojan-activity;sid:84133166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.26.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270065/; classtype:trojan-activity;sid:84133165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270064/; classtype:trojan-activity;sid:84133164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.167.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270063/; classtype:trojan-activity;sid:84133163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.173.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270062/; classtype:trojan-activity;sid:84133162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.92.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270061/; classtype:trojan-activity;sid:84133161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.173.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270060/; classtype:trojan-activity;sid:84133160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.255.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270059/; classtype:trojan-activity;sid:84133159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irons.exe"; depth:10; endswith; nocase; http.host; content:"185.216.214.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270058/; classtype:trojan-activity;sid:84133158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/q1wnx5ir.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270055/; classtype:trojan-activity;sid:84133155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kp8dnpa9.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270056/; classtype:trojan-activity;sid:84133156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zts.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270057/; classtype:trojan-activity;sid:84133157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.236.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270054/; classtype:trojan-activity;sid:84133154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btdtnq121.bin"; depth:14; endswith; nocase; http.host; content:"212.162.149.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270053/; classtype:trojan-activity;sid:84133153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/h5a71wdy.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270052/; classtype:trojan-activity;sid:84133152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.74.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270050/; classtype:trojan-activity;sid:84133150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.42.127.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270051/; classtype:trojan-activity;sid:84133151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1758bf3d6d1a39/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270048/; classtype:trojan-activity;sid:84133148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1758bf3d6d1a39/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270049/; classtype:trojan-activity;sid:84133149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1758bf3d6d1a39/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270046/; classtype:trojan-activity;sid:84133146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1758bf3d6d1a39/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270047/; classtype:trojan-activity;sid:84133147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1758bf3d6d1a39/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270043/; classtype:trojan-activity;sid:84133143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1758bf3d6d1a39/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270044/; classtype:trojan-activity;sid:84133144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1758bf3d6d1a39/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270045/; classtype:trojan-activity;sid:84133145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.170.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270042/; classtype:trojan-activity;sid:84133142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.37.51.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270041/; classtype:trojan-activity;sid:84133141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.182.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270040/; classtype:trojan-activity;sid:84133140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.200.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270039/; classtype:trojan-activity;sid:84133139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.55.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270038/; classtype:trojan-activity;sid:84133138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.98.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270037/; classtype:trojan-activity;sid:84133137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270036/; classtype:trojan-activity;sid:84133136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.49.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270035/; classtype:trojan-activity;sid:84133135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"149.30.202.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270033/; classtype:trojan-activity;sid:84133133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"149.30.202.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270034/; classtype:trojan-activity;sid:84133134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.1.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270032/; classtype:trojan-activity;sid:84133132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.8.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270030/; classtype:trojan-activity;sid:84133130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.7.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270031/; classtype:trojan-activity;sid:84133131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"149.30.202.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270028/; classtype:trojan-activity;sid:84133128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.10.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270029/; classtype:trojan-activity;sid:84133129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"104.244.75.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270025/; classtype:trojan-activity;sid:84133125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.12.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270026/; classtype:trojan-activity;sid:84133126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"104.244.79.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270027/; classtype:trojan-activity;sid:84133127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.6.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270021/; classtype:trojan-activity;sid:84133121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"149.30.202.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270022/; classtype:trojan-activity;sid:84133122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.5.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270023/; classtype:trojan-activity;sid:84133123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.31.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270024/; classtype:trojan-activity;sid:84133124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"104.244.79.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270019/; classtype:trojan-activity;sid:84133119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/nxpkd5tqcmsfcge/download"; depth:27; endswith; nocase; http.host; content:"i0004.clarodrive.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270020/; classtype:trojan-activity;sid:84133120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"104.244.76.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270017/; classtype:trojan-activity;sid:84133117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.4.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270018/; classtype:trojan-activity;sid:84133118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.10.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270016/; classtype:trojan-activity;sid:84133116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.29.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270015/; classtype:trojan-activity;sid:84133115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"104.244.78.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270014/; classtype:trojan-activity;sid:84133114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.29.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270013/; classtype:trojan-activity;sid:84133113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.5.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270011/; classtype:trojan-activity;sid:84133111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/gov.apk"; depth:12; endswith; nocase; http.host; content:"107.189.2.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270012/; classtype:trojan-activity;sid:84133112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk.gov.apk"; depth:12; endswith; nocase; http.host; content:"104.244.72.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270010/; classtype:trojan-activity;sid:84133110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.78.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270009/; classtype:trojan-activity;sid:84133109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270008/; classtype:trojan-activity;sid:84133108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.211.23.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270007/; classtype:trojan-activity;sid:84133107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270006/; classtype:trojan-activity;sid:84133106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.182.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270005/; classtype:trojan-activity;sid:84133105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.122.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270003/; classtype:trojan-activity;sid:84133103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.8.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270004/; classtype:trojan-activity;sid:84133104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plqvfd4d5/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"45.202.35.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270000/; classtype:trojan-activity;sid:84133100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"api.garageserviceoperation.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270001/; classtype:trojan-activity;sid:84133101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plqvfd4d5/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"45.202.35.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270002/; classtype:trojan-activity;sid:84133102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plqvfd4d5/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"45.202.35.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269996/; classtype:trojan-activity;sid:84133096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.26.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269997/; classtype:trojan-activity;sid:84133097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8djjd3shf2/plugins/cred.dll"; depth:28; endswith; nocase; http.host; content:"185.208.159.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269998/; classtype:trojan-activity;sid:84133098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8djjd3shf2/plugins/cred64.dll"; depth:30; endswith; nocase; http.host; content:"185.208.159.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269999/; classtype:trojan-activity;sid:84133099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8djjd3shf2/plugins/clip64.dll"; depth:30; endswith; nocase; http.host; content:"185.208.159.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269993/; classtype:trojan-activity;sid:84133093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"api.garageserviceoperation.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269994/; classtype:trojan-activity;sid:84133094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred64.dll"; depth:27; endswith; nocase; http.host; content:"api.garageserviceoperation.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269995/; classtype:trojan-activity;sid:84133095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.190.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269992/; classtype:trojan-activity;sid:84133092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plqvfd4d5/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"45.202.35.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269990/; classtype:trojan-activity;sid:84133090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8djjd3shf2/plugins/clip.dll"; depth:28; endswith; nocase; http.host; content:"185.208.159.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269991/; classtype:trojan-activity;sid:84133091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip.dll"; depth:25; endswith; nocase; http.host; content:"api.garageserviceoperation.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269989/; classtype:trojan-activity;sid:84133089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.19.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269988/; classtype:trojan-activity;sid:84133088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.223.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269987/; classtype:trojan-activity;sid:84133087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.167.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269986/; classtype:trojan-activity;sid:84133086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.103.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269985/; classtype:trojan-activity;sid:84133085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269984/; classtype:trojan-activity;sid:84133084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.92.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269983/; classtype:trojan-activity;sid:84133083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.87.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269982/; classtype:trojan-activity;sid:84133082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.43.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269980/; classtype:trojan-activity;sid:84133080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.164.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269981/; classtype:trojan-activity;sid:84133081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.170.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269979/; classtype:trojan-activity;sid:84133079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.63.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269978/; classtype:trojan-activity;sid:84133078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.182.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269977/; classtype:trojan-activity;sid:84133077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.174.137.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269976/; classtype:trojan-activity;sid:84133076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.235.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269975/; classtype:trojan-activity;sid:84133075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.78.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269974/; classtype:trojan-activity;sid:84133074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.233.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269973/; classtype:trojan-activity;sid:84133073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.77.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269972/; classtype:trojan-activity;sid:84133072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.143.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269971/; classtype:trojan-activity;sid:84133071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.244.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269970/; classtype:trojan-activity;sid:84133070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.31.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269969/; classtype:trojan-activity;sid:84133069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.104.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269968/; classtype:trojan-activity;sid:84133068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.93.45.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269967/; classtype:trojan-activity;sid:84133067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.244.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269966/; classtype:trojan-activity;sid:84133066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.103.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269965/; classtype:trojan-activity;sid:84133065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.82.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269964/; classtype:trojan-activity;sid:84133064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269963/; classtype:trojan-activity;sid:84133063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.68.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269962/; classtype:trojan-activity;sid:84133062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.27.13.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269961/; classtype:trojan-activity;sid:84133061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.150.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269960/; classtype:trojan-activity;sid:84133060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.244.133.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269959/; classtype:trojan-activity;sid:84133059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.164.140.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269958/; classtype:trojan-activity;sid:84133058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97c9beb737884d93a1899766d9f4e34c:gostired/512411kjads.zip"; depth:58; endswith; nocase; http.host; content:"eu2.contabostorage.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269957/; classtype:trojan-activity;sid:84133057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.168.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269956/; classtype:trojan-activity;sid:84133056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.200.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269955/; classtype:trojan-activity;sid:84133055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/tn8cdkzn.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269954/; classtype:trojan-activity;sid:84133054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.17.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269953/; classtype:trojan-activity;sid:84133053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.235.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269952/; classtype:trojan-activity;sid:84133052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.71.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269951/; classtype:trojan-activity;sid:84133051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.233.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269950/; classtype:trojan-activity;sid:84133050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.150.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269949/; classtype:trojan-activity;sid:84133049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.248.174.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269948/; classtype:trojan-activity;sid:84133048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.48.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269947/; classtype:trojan-activity;sid:84133047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.164.140.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269946/; classtype:trojan-activity;sid:84133046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.cod"; depth:6; endswith; nocase; http.host; content:"ftp.alphaglobal.pt"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269945/; classtype:trojan-activity;sid:84133045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.exe"; depth:6; endswith; nocase; http.host; content:"ftp.alphaglobal.pt"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269944/; classtype:trojan-activity;sid:84133044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nfjxzzz8jn/plugins/cred64.dll"; depth:30; endswith; nocase; http.host; content:"dukastotranza.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269943/; classtype:trojan-activity;sid:84133043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.55.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269942/; classtype:trojan-activity;sid:84133042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.27.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269941/; classtype:trojan-activity;sid:84133041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.7.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269940/; classtype:trojan-activity;sid:84133040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nfjxzzz8jn/plugins/clip64.dll"; depth:30; endswith; nocase; http.host; content:"dukastotranza.click"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269939/; classtype:trojan-activity;sid:84133039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.101.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269938/; classtype:trojan-activity;sid:84133038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.160.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269937/; classtype:trojan-activity;sid:84133037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.235.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269936/; classtype:trojan-activity;sid:84133036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.31.81"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269935/; classtype:trojan-activity;sid:84133035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.146.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269934/; classtype:trojan-activity;sid:84133034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.12.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269933/; classtype:trojan-activity;sid:84133033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.106.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269932/; classtype:trojan-activity;sid:84133032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.96.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269931/; classtype:trojan-activity;sid:84133031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.239.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269930/; classtype:trojan-activity;sid:84133030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcruntime140.dll"; depth:17; endswith; nocase; http.host; content:"213.159.76.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269928/; classtype:trojan-activity;sid:84133028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba0f11c06102c3bc/nss3.dll"; depth:26; endswith; nocase; http.host; content:"5.188.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269929/; classtype:trojan-activity;sid:84133029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"45.86.230.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269922/; classtype:trojan-activity;sid:84133022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba0f11c06102c3bc/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"5.188.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269923/; classtype:trojan-activity;sid:84133023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c1dd8f9bb7d11a/nss3.dll"; depth:26; endswith; nocase; http.host; content:"5.252.155.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269924/; classtype:trojan-activity;sid:84133024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"45.86.230.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269925/; classtype:trojan-activity;sid:84133025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c1dd8f9bb7d11a/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"5.252.155.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269926/; classtype:trojan-activity;sid:84133026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"45.143.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269927/; classtype:trojan-activity;sid:84133027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ffb0d4b87b11580/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"5.178.1.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269916/; classtype:trojan-activity;sid:84133016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba0f11c06102c3bc/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"5.188.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269917/; classtype:trojan-activity;sid:84133017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c1dd8f9bb7d11a/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"5.252.155.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269918/; classtype:trojan-activity;sid:84133018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"209.141.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269919/; classtype:trojan-activity;sid:84133019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.216.71.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269920/; classtype:trojan-activity;sid:84133020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ffb0d4b87b11580/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"5.178.1.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269921/; classtype:trojan-activity;sid:84133021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/nss3.dll"; depth:26; endswith; nocase; http.host; content:"154.216.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269913/; classtype:trojan-activity;sid:84133013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"209.141.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269914/; classtype:trojan-activity;sid:84133014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c1dd8f9bb7d11a/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"5.252.155.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269915/; classtype:trojan-activity;sid:84133015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"209.141.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269911/; classtype:trojan-activity;sid:84133011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/nss3.dll"; depth:26; endswith; nocase; http.host; content:"45.143.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269912/; classtype:trojan-activity;sid:84133012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"209.141.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269908/; classtype:trojan-activity;sid:84133008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/nss3.dll"; depth:26; endswith; nocase; http.host; content:"45.86.230.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269909/; classtype:trojan-activity;sid:84133009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"209.141.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269910/; classtype:trojan-activity;sid:84133010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/nss3.dll"; depth:26; endswith; nocase; http.host; content:"209.141.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269907/; classtype:trojan-activity;sid:84133007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqlite3.dll"; depth:12; endswith; nocase; http.host; content:"213.159.76.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269900/; classtype:trojan-activity;sid:84133000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"45.86.230.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269901/; classtype:trojan-activity;sid:84133001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softokn3.dll"; depth:13; endswith; nocase; http.host; content:"213.159.76.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269902/; classtype:trojan-activity;sid:84133002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freebl3.dll"; depth:12; endswith; nocase; http.host; content:"213.159.76.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269903/; classtype:trojan-activity;sid:84133003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozglue.dll"; depth:12; endswith; nocase; http.host; content:"213.159.76.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269904/; classtype:trojan-activity;sid:84133004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msvcp140.dll"; depth:13; endswith; nocase; http.host; content:"213.159.76.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269905/; classtype:trojan-activity;sid:84133005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nss3.dll"; depth:9; endswith; nocase; http.host; content:"213.159.76.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269906/; classtype:trojan-activity;sid:84133006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"209.141.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269895/; classtype:trojan-activity;sid:84132995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.86.230.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269896/; classtype:trojan-activity;sid:84132996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"45.143.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269897/; classtype:trojan-activity;sid:84132997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"45.86.230.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269898/; classtype:trojan-activity;sid:84132998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"45.86.230.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269899/; classtype:trojan-activity;sid:84132999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c1dd8f9bb7d11a/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"5.252.155.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269890/; classtype:trojan-activity;sid:84132990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c1dd8f9bb7d11a/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"5.252.155.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269891/; classtype:trojan-activity;sid:84132991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"154.216.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269892/; classtype:trojan-activity;sid:84132992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"154.216.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269893/; classtype:trojan-activity;sid:84132993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"154.216.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269894/; classtype:trojan-activity;sid:84132994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"45.143.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269887/; classtype:trojan-activity;sid:84132987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c1dd8f9bb7d11a/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"5.252.155.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269888/; classtype:trojan-activity;sid:84132988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"154.216.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269889/; classtype:trojan-activity;sid:84132989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"154.216.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269886/; classtype:trojan-activity;sid:84132986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.216.71.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269881/; classtype:trojan-activity;sid:84132981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"45.143.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269882/; classtype:trojan-activity;sid:84132982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0853a005e18f0946/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"154.216.18.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269883/; classtype:trojan-activity;sid:84132983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.143.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269884/; classtype:trojan-activity;sid:84132984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55145c8889ec57f2/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"45.143.166.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269885/; classtype:trojan-activity;sid:84132985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba0f11c06102c3bc/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"5.188.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269880/; classtype:trojan-activity;sid:84132980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ffb0d4b87b11580/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"5.178.1.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269879/; classtype:trojan-activity;sid:84132979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba0f11c06102c3bc/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"5.188.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269878/; classtype:trojan-activity;sid:84132978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba0f11c06102c3bc/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"5.188.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269876/; classtype:trojan-activity;sid:84132976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba0f11c06102c3bc/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"5.188.87.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269877/; classtype:trojan-activity;sid:84132977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ffb0d4b87b11580/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"5.178.1.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269875/; classtype:trojan-activity;sid:84132975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.73.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269873/; classtype:trojan-activity;sid:84132973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/9c1mbus0"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269874/; classtype:trojan-activity;sid:84132974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.99.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269872/; classtype:trojan-activity;sid:84132972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269871/; classtype:trojan-activity;sid:84132971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.160.30.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269870/; classtype:trojan-activity;sid:84132970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.198.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269869/; classtype:trojan-activity;sid:84132969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269868/; classtype:trojan-activity;sid:84132968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.96.93"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269867/; classtype:trojan-activity;sid:84132967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.239.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269866/; classtype:trojan-activity;sid:84132966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269865/; classtype:trojan-activity;sid:84132965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.53.204.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269864/; classtype:trojan-activity;sid:84132964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.89.232.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269863/; classtype:trojan-activity;sid:84132963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.69.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269862/; classtype:trojan-activity;sid:84132962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.101.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269861/; classtype:trojan-activity;sid:84132961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.99.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269860/; classtype:trojan-activity;sid:84132960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.74.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269859/; classtype:trojan-activity;sid:84132959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.226.168.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269858/; classtype:trojan-activity;sid:84132958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269857/; classtype:trojan-activity;sid:84132957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.106.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269856/; classtype:trojan-activity;sid:84132956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.121.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269855/; classtype:trojan-activity;sid:84132955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.131.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269854/; classtype:trojan-activity;sid:84132954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269853/; classtype:trojan-activity;sid:84132953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.254.231.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269852/; classtype:trojan-activity;sid:84132952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.15.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269851/; classtype:trojan-activity;sid:84132951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.111.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269850/; classtype:trojan-activity;sid:84132950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.106.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269849/; classtype:trojan-activity;sid:84132949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.201.135.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269848/; classtype:trojan-activity;sid:84132948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/offnewhere.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269847/; classtype:trojan-activity;sid:84132947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70d63ca8a5be6cc3/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269845/; classtype:trojan-activity;sid:84132945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269846/; classtype:trojan-activity;sid:84132946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70d63ca8a5be6cc3/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"95.215.207.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269844/; classtype:trojan-activity;sid:84132944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70d63ca8a5be6cc3/nss3.dll"; depth:26; endswith; nocase; http.host; content:"95.215.207.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269839/; classtype:trojan-activity;sid:84132939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269840/; classtype:trojan-activity;sid:84132940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70d63ca8a5be6cc3/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269841/; classtype:trojan-activity;sid:84132941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70d63ca8a5be6cc3/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"95.215.207.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269842/; classtype:trojan-activity;sid:84132942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70d63ca8a5be6cc3/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"95.215.207.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269843/; classtype:trojan-activity;sid:84132943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269838/; classtype:trojan-activity;sid:84132938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269833/; classtype:trojan-activity;sid:84132933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269834/; classtype:trojan-activity;sid:84132934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269835/; classtype:trojan-activity;sid:84132935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70d63ca8a5be6cc3/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"95.215.207.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269836/; classtype:trojan-activity;sid:84132936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/v7wa24td.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269837/; classtype:trojan-activity;sid:84132937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269832/; classtype:trojan-activity;sid:84132932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/new_v8.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269831/; classtype:trojan-activity;sid:84132931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.212.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269826/; classtype:trojan-activity;sid:84132926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rdx123456.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269827/; classtype:trojan-activity;sid:84132927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gold1234.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269828/; classtype:trojan-activity;sid:84132928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269829/; classtype:trojan-activity;sid:84132929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/30.exe"; depth:13; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269830/; classtype:trojan-activity;sid:84132930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.145.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269825/; classtype:trojan-activity;sid:84132925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babadura123/banana/refs/heads/main/xclient.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269824/; classtype:trojan-activity;sid:84132924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient543/upgraded-sniffle/main/xclient.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269823/; classtype:trojan-activity;sid:84132923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nomorelife1/te/raw/main/xclient.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269814/; classtype:trojan-activity;sid:84132914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bytrosyt/xuy/releases/download/dick/xclient.exe"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269815/; classtype:trojan-activity;sid:84132915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uspat/capybara_jar/main/xclient.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269816/; classtype:trojan-activity;sid:84132916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uspat/cripting/main/xclient.exe"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269817/; classtype:trojan-activity;sid:84132917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smerttb2/xvpn/raw/main/xclient.exe"; depth:35; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269818/; classtype:trojan-activity;sid:84132918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot1/refs/heads/main/xclient.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269819/; classtype:trojan-activity;sid:84132919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uspat/capybara_jar/raw/main/xclient.exe"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269820/; classtype:trojan-activity;sid:84132920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tubocdev/ratbuildpenis/raw/main/xclient.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269821/; classtype:trojan-activity;sid:84132921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269822/; classtype:trojan-activity;sid:84132922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/makslalp123/rakdj213/master/xclient.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269788/; classtype:trojan-activity;sid:84132888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/framzzzzz/dont-use/main/xclient.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stezxyz/svchost.exe/main/xclient.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269790/; classtype:trojan-activity;sid:84132890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stezxyz/svchost.exe/raw/main/xclient.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269791/; classtype:trojan-activity;sid:84132891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodyblazexaa/dll/main/xclient.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269792/; classtype:trojan-activity;sid:84132892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient.exe"; depth:12; endswith; nocase; http.host; content:"startling-daffodil-420b77.netlify.app"; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269793/; classtype:trojan-activity;sid:84132893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient.exe"; depth:12; endswith; nocase; http.host; content:"154.197.69.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269794/; classtype:trojan-activity;sid:84132894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269795/; classtype:trojan-activity;sid:84132895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269796/; classtype:trojan-activity;sid:84132896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2backside/stealercentral/raw/refs/heads/main/xclient.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269797/; classtype:trojan-activity;sid:84132897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u6iko/do5a/raw/main/xclient.exe"; depth:32; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269798/; classtype:trojan-activity;sid:84132898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2backside/stealercentral/refs/heads/main/xclient.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269799/; classtype:trojan-activity;sid:84132899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helelehelafsdf163/batata/refs/heads/main/xclient.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269800/; classtype:trojan-activity;sid:84132900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bypick/pitch/main/xclient.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269801/; classtype:trojan-activity;sid:84132901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot2/refs/heads/main/xclient.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269802/; classtype:trojan-activity;sid:84132902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe/"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269803/; classtype:trojan-activity;sid:84132903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analhacker/-/raw/main/xclient.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269804/; classtype:trojan-activity;sid:84132904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient.exe/"; depth:13; endswith; nocase; http.host; content:"startling-daffodil-420b77.netlify.app"; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269805/; classtype:trojan-activity;sid:84132905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bypick/pitch/raw/main/xclient.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269806/; classtype:trojan-activity;sid:84132906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smerttb2/xvpn/main/xclient.exe"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269807/; classtype:trojan-activity;sid:84132907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analhacker/-/main/xclient.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269808/; classtype:trojan-activity;sid:84132908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269809/; classtype:trojan-activity;sid:84132909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269810/; classtype:trojan-activity;sid:84132910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269811/; classtype:trojan-activity;sid:84132911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tubocdev/ratbuildpenis/main/xclient.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269812/; classtype:trojan-activity;sid:84132912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analhacker/htt/raw/main/xclient.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269813/; classtype:trojan-activity;sid:84132913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269784/; classtype:trojan-activity;sid:84132884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269785/; classtype:trojan-activity;sid:84132885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdulah345/pizdaporc/refs/heads/main/xclient.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269786/; classtype:trojan-activity;sid:84132886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u6iko/do5a/raw/main/xclient.exe/"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269787/; classtype:trojan-activity;sid:84132887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/e43c33649eef6eb8a5898fc2b09274fb/xclient.exe/"; depth:50; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269783/; classtype:trojan-activity;sid:84132883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269782/; classtype:trojan-activity;sid:84132882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.80.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269781/; classtype:trojan-activity;sid:84132881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269780/; classtype:trojan-activity;sid:84132880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269779/; classtype:trojan-activity;sid:84132879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.80.76.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269778/; classtype:trojan-activity;sid:84132878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.6.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269776/; classtype:trojan-activity;sid:84132876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.211.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269777/; classtype:trojan-activity;sid:84132877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.53.204.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269775/; classtype:trojan-activity;sid:84132875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.254.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269774/; classtype:trojan-activity;sid:84132874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.178.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269772/; classtype:trojan-activity;sid:84132872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269773/; classtype:trojan-activity;sid:84132873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269771/; classtype:trojan-activity;sid:84132871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intestio/xworm-rat/zip/refs/tags/xworm"; depth:39; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269770/; classtype:trojan-activity;sid:84132870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crysiz2631/xworm-3.1/zip/refs/heads/main"; depth:41; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269768/; classtype:trojan-activity;sid:84132868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d00mt3l/xworm-5.6/zip/refs/heads/main"; depth:38; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269769/; classtype:trojan-activity;sid:84132869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/looooolaasa/xworm-5.6/refs/heads/main/xworm-5.6.rar"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269767/; classtype:trojan-activity;sid:84132867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trafisg/xworm-5.2-/zip/refs/heads/main"; depth:39; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269766/; classtype:trojan-activity;sid:84132866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/zip/refs/heads/main"; depth:65; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269765/; classtype:trojan-activity;sid:84132865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.69.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269764/; classtype:trojan-activity;sid:84132864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peszok/xworm-remote-access-tool/refs/heads/main/xworm.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269763/; classtype:trojan-activity;sid:84132863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jpntr/xworm-v5.2/zip/refs/heads/main"; depth:37; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269762/; classtype:trojan-activity;sid:84132862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d00mt3l/xworm-5.6/archive/refs/heads/main.zip"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269760/; classtype:trojan-activity;sid:84132860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smokeloader/xworm-v5.3/releases/download/xworm/xworm.v5.3.optimized.bin.7z"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269757/; classtype:trojan-activity;sid:84132857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d00mt3l/xworm-5.6/zip/refs/heads/main|3f|token=a4br4vo3xliqjaedb6a2s43hensuu"; depth:77; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269758/; classtype:trojan-activity;sid:84132858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269756/; classtype:trojan-activity;sid:84132856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/archive/refs/heads/main.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269755/; classtype:trojan-activity;sid:84132855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.exe"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269750/; classtype:trojan-activity;sid:84132850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gv1rygit/xworm-v5.2/raw/refs/heads/main/xsploitlauncher.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269751/; classtype:trojan-activity;sid:84132851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269752/; classtype:trojan-activity;sid:84132852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/ucrtbased.dll"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269753/; classtype:trojan-activity;sid:84132853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/rnp.exe"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269754/; classtype:trojan-activity;sid:84132854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peszok/xworm-remote-access-tool/blob/main/xworm.exe|3f|raw=true"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269748/; classtype:trojan-activity;sid:84132848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xworm/x64.txt"; depth:14; endswith; nocase; http.host; content:"dataxx.netlify.app"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269749/; classtype:trojan-activity;sid:84132849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/shedulservv2.exe"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269747/; classtype:trojan-activity;sid:84132847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/ucrtbased.dll"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269744/; classtype:trojan-activity;sid:84132844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/shdtsk.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269745/; classtype:trojan-activity;sid:84132845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.18.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269746/; classtype:trojan-activity;sid:84132846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269740/; classtype:trojan-activity;sid:84132840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar/"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269741/; classtype:trojan-activity;sid:84132841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/msrv.exe"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269742/; classtype:trojan-activity;sid:84132842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/pwman.exe"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269743/; classtype:trojan-activity;sid:84132843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peszok/xworm-remote-access-tool/raw/main/xworm.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269738/; classtype:trojan-activity;sid:84132838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/shedulservv2.exe"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269739/; classtype:trojan-activity;sid:84132839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/disas.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269729/; classtype:trojan-activity;sid:84132829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptedexefiles/xworm.exe.dead"; depth:31; endswith; nocase; http.host; content:"dataxx.netlify.app"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269730/; classtype:trojan-activity;sid:84132830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/disastum.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269731/; classtype:trojan-activity;sid:84132831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/shedultaskv3.exe"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269732/; classtype:trojan-activity;sid:84132832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/shedultaskv3.exe"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269733/; classtype:trojan-activity;sid:84132833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/vcruntime140d.dll"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269734/; classtype:trojan-activity;sid:84132834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/msrv.exe"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269735/; classtype:trojan-activity;sid:84132835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/rnp.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269736/; classtype:trojan-activity;sid:84132836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/seftali.exe"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269737/; classtype:trojan-activity;sid:84132837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/disastum.exe"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269714/; classtype:trojan-activity;sid:84132814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exefiles/xworm.exe"; depth:19; endswith; nocase; http.host; content:"dataxx.netlify.app"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269716/; classtype:trojan-activity;sid:84132816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/sff.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269717/; classtype:trojan-activity;sid:84132817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/shdtsk.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269718/; classtype:trojan-activity;sid:84132818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/akbyp.exe"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269719/; classtype:trojan-activity;sid:84132819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/akbyp.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269720/; classtype:trojan-activity;sid:84132820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/xwormui.exe"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269721/; classtype:trojan-activity;sid:84132821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gv1rygit/xworm-v5.2/refs/heads/main/xsploitlauncher.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269722/; classtype:trojan-activity;sid:84132822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/akbyp.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269723/; classtype:trojan-activity;sid:84132823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/pwman.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269724/; classtype:trojan-activity;sid:84132824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/sff.exe"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269725/; classtype:trojan-activity;sid:84132825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/seftali.exe"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269726/; classtype:trojan-activity;sid:84132826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/raw/main/vcruntime140d.dll"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269727/; classtype:trojan-activity;sid:84132827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/errias/xworm-rat-remote-administration-tool-/main/disas.exe"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269728/; classtype:trojan-activity;sid:84132828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/a5e446e1b2b011676e7d1f50487732a5/xworm_v5.2_password_1234.rar"; depth:66; endswith; nocase; http.host; content:"download.oxy.st"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269713/; classtype:trojan-activity;sid:84132813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269709/; classtype:trojan-activity;sid:84132809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269710/; classtype:trojan-activity;sid:84132810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269711/; classtype:trojan-activity;sid:84132811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269712/; classtype:trojan-activity;sid:84132812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269708/; classtype:trojan-activity;sid:84132808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269706/; classtype:trojan-activity;sid:84132806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269707/; classtype:trojan-activity;sid:84132807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.117.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269705/; classtype:trojan-activity;sid:84132805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.40.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269704/; classtype:trojan-activity;sid:84132804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.111.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269703/; classtype:trojan-activity;sid:84132803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269702/; classtype:trojan-activity;sid:84132802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.30.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269701/; classtype:trojan-activity;sid:84132801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.38.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269700/; classtype:trojan-activity;sid:84132800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.120.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269699/; classtype:trojan-activity;sid:84132799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.245.60.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269698/; classtype:trojan-activity;sid:84132798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.89.232.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269697/; classtype:trojan-activity;sid:84132797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.23"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269696/; classtype:trojan-activity;sid:84132796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fd1371474/js/6724fd1371402.js"; depth:34; endswith; nocase; http.host; content:"download-202482522810.online"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269694/; classtype:trojan-activity;sid:84132794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fd1371474/js/6724fd1371402.js"; depth:34; endswith; nocase; http.host; content:"www.download-202482522810.online"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269695/; classtype:trojan-activity;sid:84132795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fd1371474/6724fd1371613.vbs"; depth:32; endswith; nocase; http.host; content:"www.download-202482522810.online"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269691/; classtype:trojan-activity;sid:84132791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fd1371474/%e2%9d%89alvarafuncionamento%e2%9d%89_%e2%91%a7%e2%91%a7%e2%91%a2%e2%91%a3%e2%91%a7%e2%91%a6%e2%91%a5%e2%91%a0.zip"; depth:129; endswith; nocase; http.host; content:"download-202482522810.online"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269692/; classtype:trojan-activity;sid:84132792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fd1371474/%e2%9d%89alvarafuncionamento%e2%9d%89_%e2%91%a7%e2%91%a7%e2%91%a2%e2%91%a3%e2%91%a7%e2%91%a6%e2%91%a5%e2%91%a0.zip"; depth:129; endswith; nocase; http.host; content:"www.download-202482522810.online"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269693/; classtype:trojan-activity;sid:84132793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fd1371474/6724fd1371610.vbs"; depth:32; endswith; nocase; http.host; content:"www.download-202482522810.online"; depth:32; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269690/; classtype:trojan-activity;sid:84132790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fc8a3816b/%e2%9d%89processo%e2%9d%892024_zkwfpj1d.zip"; depth:58; endswith; nocase; http.host; content:"download-32898257239.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269689/; classtype:trojan-activity;sid:84132789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fc8a3816b/js/6724fc8a38116.js"; depth:34; endswith; nocase; http.host; content:"www.download-32898257239.pro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269686/; classtype:trojan-activity;sid:84132786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fc8a3816b/js/6724fc8a38116.js"; depth:34; endswith; nocase; http.host; content:"download-32898257239.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269687/; classtype:trojan-activity;sid:84132787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fc8a3816b/%e2%9d%89processo%e2%9d%892024_zkwfpj1d.zip"; depth:58; endswith; nocase; http.host; content:"www.download-32898257239.pro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269688/; classtype:trojan-activity;sid:84132788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269685/; classtype:trojan-activity;sid:84132785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fc8a3816b/6724fc8a3828b.vbs"; depth:32; endswith; nocase; http.host; content:"download-32898257239.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269684/; classtype:trojan-activity;sid:84132784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724fc8a3816b/6724fc8a38289.vbs"; depth:32; endswith; nocase; http.host; content:"www.download-32898257239.pro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269683/; classtype:trojan-activity;sid:84132783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/sostedcrat.txt"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269682/; classtype:trojan-activity;sid:84132782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/rrk2f/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269680/; classtype:trojan-activity;sid:84132780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/remconoviembre.txt"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269681/; classtype:trojan-activity;sid:84132781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/29-envio_copia_de_la_notificacion_electronica_juzgado_penal_del_circuito_de_rama_judicial.tar.cab.tar.001"; depth:130; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269678/; classtype:trojan-activity;sid:84132778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89999999999999/0/downloads/dsfd.txt"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269679/; classtype:trojan-activity;sid:84132779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/4b83lcvu"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269675/; classtype:trojan-activity;sid:84132775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shqm6g9p/raw"; depth:13; endswith; nocase; http.host; content:"rentry.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269676/; classtype:trojan-activity;sid:84132776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/1.url"; depth:30; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269677/; classtype:trojan-activity;sid:84132777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.108.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269674/; classtype:trojan-activity;sid:84132774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.106.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269673/; classtype:trojan-activity;sid:84132773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.179.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269672/; classtype:trojan-activity;sid:84132772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.120.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269671/; classtype:trojan-activity;sid:84132771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/%e2%9d%89processo%e2%9d%89_%e2%91%a4%e2%91%a1%e2%91%a7%e2%91%a5%e2%91%a2%e2%91%a3%e2%91%a7%e2%91%a1.zip"; depth:118; endswith; nocase; http.host; content:"processoeconsulta.online"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269670/; classtype:trojan-activity;sid:84132770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/%e2%9d%89processo%e2%9d%89_%e2%91%a4%e2%91%a1%e2%91%a7%e2%91%a5%e2%91%a2%e2%91%a3%e2%91%a7%e2%91%a1.zip"; depth:118; endswith; nocase; http.host; content:"www.processoeconsulta.online"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269669/; classtype:trojan-activity;sid:84132769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/js/6724f91d7b351.js"; depth:34; endswith; nocase; http.host; content:"www.processoeconsulta.online"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269667/; classtype:trojan-activity;sid:84132767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/js/6724f91d7b351.js"; depth:34; endswith; nocase; http.host; content:"processoeconsulta.online"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269668/; classtype:trojan-activity;sid:84132768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65ewe.zip"; depth:10; endswith; nocase; http.host; content:"64.190.113.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269666/; classtype:trojan-activity;sid:84132766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new21.zip"; depth:10; endswith; nocase; http.host; content:"167.88.165.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269665/; classtype:trojan-activity;sid:84132765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4454w.zip"; depth:11; endswith; nocase; http.host; content:"64.94.85.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269664/; classtype:trojan-activity;sid:84132764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/6724f91d7b54a.vbs"; depth:32; endswith; nocase; http.host; content:"www.processoeconsulta.online"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269662/; classtype:trojan-activity;sid:84132762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/6724f91d7b54a.vbs"; depth:32; endswith; nocase; http.host; content:"processoeconsulta.online"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269663/; classtype:trojan-activity;sid:84132763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/6724f91d7b548.vbs"; depth:32; endswith; nocase; http.host; content:"processoeconsulta.online"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269660/; classtype:trojan-activity;sid:84132760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724f91d7b3cb/6724f91d7b548.vbs"; depth:32; endswith; nocase; http.host; content:"www.processoeconsulta.online"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269661/; classtype:trojan-activity;sid:84132761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4454w.zip"; depth:11; endswith; nocase; http.host; content:"64.94.85.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269659/; classtype:trojan-activity;sid:84132759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.101.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269658/; classtype:trojan-activity;sid:84132758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269657/; classtype:trojan-activity;sid:84132757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.153.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269656/; classtype:trojan-activity;sid:84132756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.109.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269654/; classtype:trojan-activity;sid:84132754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269655/; classtype:trojan-activity;sid:84132755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.94.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269653/; classtype:trojan-activity;sid:84132753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.129.145.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269652/; classtype:trojan-activity;sid:84132752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.65.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269651/; classtype:trojan-activity;sid:84132751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.96.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269650/; classtype:trojan-activity;sid:84132750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269649/; classtype:trojan-activity;sid:84132749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkdjdjj888.arm7"; depth:16; endswith; nocase; http.host; content:"31.172.80.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269648/; classtype:trojan-activity;sid:84132748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269647/; classtype:trojan-activity;sid:84132747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"95.164.4.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269646/; classtype:trojan-activity;sid:84132746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow.arm7"; depth:10; endswith; nocase; http.host; content:"172.105.209.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269645/; classtype:trojan-activity;sid:84132745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269644/; classtype:trojan-activity;sid:84132744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7/"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269643/; classtype:trojan-activity;sid:84132743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnets/thunderloader/h.arm7"; depth:29; endswith; nocase; http.host; content:"194.163.169.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269642/; classtype:trojan-activity;sid:84132742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.0.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269641/; classtype:trojan-activity;sid:84132741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.108.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269640/; classtype:trojan-activity;sid:84132740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.195.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269639/; classtype:trojan-activity;sid:84132739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269638/; classtype:trojan-activity;sid:84132738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269637/; classtype:trojan-activity;sid:84132737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.4.38"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269636/; classtype:trojan-activity;sid:84132736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.85.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269635/; classtype:trojan-activity;sid:84132735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.144.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269634/; classtype:trojan-activity;sid:84132734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/tpb-1.exe"; depth:17; endswith; nocase; http.host; content:"utorrent-backup-server.top"; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269633/; classtype:trojan-activity;sid:84132733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.198.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269632/; classtype:trojan-activity;sid:84132732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.153.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269631/; classtype:trojan-activity;sid:84132731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.111.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269630/; classtype:trojan-activity;sid:84132730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.220.247.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269629/; classtype:trojan-activity;sid:84132729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1337/torrentold-1.exe"; depth:22; endswith; nocase; http.host; content:"utorrent-servers.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269628/; classtype:trojan-activity;sid:84132728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.177.142.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269627/; classtype:trojan-activity;sid:84132727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.174.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269625/; classtype:trojan-activity;sid:84132725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/tpb-1.exe"; depth:17; endswith; nocase; http.host; content:"185.99.135.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269626/; classtype:trojan-activity;sid:84132726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/tpb-1.exe"; depth:17; endswith; nocase; http.host; content:"microsoft-auth-network.cc"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269624/; classtype:trojan-activity;sid:84132724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269623/; classtype:trojan-activity;sid:84132723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.96.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269622/; classtype:trojan-activity;sid:84132722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.9.248.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269621/; classtype:trojan-activity;sid:84132721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269620/; classtype:trojan-activity;sid:84132720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"47.76.72.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269619/; classtype:trojan-activity;sid:84132719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.237.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269618/; classtype:trojan-activity;sid:84132718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"47.243.23.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269617/; classtype:trojan-activity;sid:84132717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"125.124.96.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269616/; classtype:trojan-activity;sid:84132716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"159.203.130.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269615/; classtype:trojan-activity;sid:84132715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.4.38"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269614/; classtype:trojan-activity;sid:84132714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.112.100.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269613/; classtype:trojan-activity;sid:84132713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.75.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269612/; classtype:trojan-activity;sid:84132712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.221.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269611/; classtype:trojan-activity;sid:84132711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.213.241.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269610/; classtype:trojan-activity;sid:84132710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269609/; classtype:trojan-activity;sid:84132709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.204.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269608/; classtype:trojan-activity;sid:84132708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269607/; classtype:trojan-activity;sid:84132707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.94.34.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269606/; classtype:trojan-activity;sid:84132706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269605/; classtype:trojan-activity;sid:84132705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.240.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269603/; classtype:trojan-activity;sid:84132703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.175.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269604/; classtype:trojan-activity;sid:84132704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.137.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269602/; classtype:trojan-activity;sid:84132702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.11.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269600/; classtype:trojan-activity;sid:84132700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.3.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269601/; classtype:trojan-activity;sid:84132701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.57.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269599/; classtype:trojan-activity;sid:84132699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.213.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269598/; classtype:trojan-activity;sid:84132698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.111.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269597/; classtype:trojan-activity;sid:84132697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.144.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269596/; classtype:trojan-activity;sid:84132696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.9.248.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269594/; classtype:trojan-activity;sid:84132694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.61.29.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269595/; classtype:trojan-activity;sid:84132695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.237.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269593/; classtype:trojan-activity;sid:84132693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.164.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269592/; classtype:trojan-activity;sid:84132692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.160.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269591/; classtype:trojan-activity;sid:84132691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.132.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269590/; classtype:trojan-activity;sid:84132690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.14.78.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269589/; classtype:trojan-activity;sid:84132689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269588/; classtype:trojan-activity;sid:84132688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.13.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269587/; classtype:trojan-activity;sid:84132687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.97.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269586/; classtype:trojan-activity;sid:84132686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.23.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269585/; classtype:trojan-activity;sid:84132685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269584/; classtype:trojan-activity;sid:84132684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.138.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269583/; classtype:trojan-activity;sid:84132683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.145.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269582/; classtype:trojan-activity;sid:84132682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.111.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269581/; classtype:trojan-activity;sid:84132681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.90.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269580/; classtype:trojan-activity;sid:84132680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.247.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269579/; classtype:trojan-activity;sid:84132679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.219.127.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269578/; classtype:trojan-activity;sid:84132678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.213.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269577/; classtype:trojan-activity;sid:84132677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.177.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269576/; classtype:trojan-activity;sid:84132676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.11.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269575/; classtype:trojan-activity;sid:84132675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.90.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269574/; classtype:trojan-activity;sid:84132674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269573/; classtype:trojan-activity;sid:84132673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.254.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269572/; classtype:trojan-activity;sid:84132672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.186.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269571/; classtype:trojan-activity;sid:84132671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269570/; classtype:trojan-activity;sid:84132670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.133.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269569/; classtype:trojan-activity;sid:84132669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.129.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269567/; classtype:trojan-activity;sid:84132667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269568/; classtype:trojan-activity;sid:84132668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.147.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269566/; classtype:trojan-activity;sid:84132666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.215.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269565/; classtype:trojan-activity;sid:84132665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_131.exe"; depth:15; endswith; nocase; http.host; content:"perseverclinic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269564/; classtype:trojan-activity;sid:84132664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269563/; classtype:trojan-activity;sid:84132663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.138.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269562/; classtype:trojan-activity;sid:84132662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.234.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269561/; classtype:trojan-activity;sid:84132661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269560/; classtype:trojan-activity;sid:84132660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.113.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269559/; classtype:trojan-activity;sid:84132659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm6"; depth:13; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269558/; classtype:trojan-activity;sid:84132658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.m68k"; depth:13; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269557/; classtype:trojan-activity;sid:84132657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269555/; classtype:trojan-activity;sid:84132655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.16.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269556/; classtype:trojan-activity;sid:84132656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269539/; classtype:trojan-activity;sid:84132639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269540/; classtype:trojan-activity;sid:84132640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269541/; classtype:trojan-activity;sid:84132641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.sh4"; depth:12; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269542/; classtype:trojan-activity;sid:84132642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269543/; classtype:trojan-activity;sid:84132643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269544/; classtype:trojan-activity;sid:84132644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.x86"; depth:12; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269545/; classtype:trojan-activity;sid:84132645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269546/; classtype:trojan-activity;sid:84132646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gppc"; depth:5; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269547/; classtype:trojan-activity;sid:84132647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrppc"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269548/; classtype:trojan-activity;sid:84132648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.16.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269549/; classtype:trojan-activity;sid:84132649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm6"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269550/; classtype:trojan-activity;sid:84132650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269551/; classtype:trojan-activity;sid:84132651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm5"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269552/; classtype:trojan-activity;sid:84132652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269553/; classtype:trojan-activity;sid:84132653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269554/; classtype:trojan-activity;sid:84132654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269535/; classtype:trojan-activity;sid:84132635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269536/; classtype:trojan-activity;sid:84132636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.133.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269537/; classtype:trojan-activity;sid:84132637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm7"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269538/; classtype:trojan-activity;sid:84132638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/uacvoniwd2kpo0uftoujpzec9iaohtkjzo"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269530/; classtype:trojan-activity;sid:84132630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269531/; classtype:trojan-activity;sid:84132631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269532/; classtype:trojan-activity;sid:84132632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269533/; classtype:trojan-activity;sid:84132633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wxbhztvgbwhnj8m1w941eskm8eregez9mm"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269534/; classtype:trojan-activity;sid:84132634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269523/; classtype:trojan-activity;sid:84132623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269524/; classtype:trojan-activity;sid:84132624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm"; depth:12; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269525/; classtype:trojan-activity;sid:84132625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.spc"; depth:12; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269526/; classtype:trojan-activity;sid:84132626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm5"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269527/; classtype:trojan-activity;sid:84132627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mpsl"; depth:13; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269528/; classtype:trojan-activity;sid:84132628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gomips"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269529/; classtype:trojan-activity;sid:84132629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smips"; depth:6; endswith; nocase; http.host; content:"154.216.19.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269511/; classtype:trojan-activity;sid:84132611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269512/; classtype:trojan-activity;sid:84132612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86_64"; depth:12; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269513/; classtype:trojan-activity;sid:84132613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269514/; classtype:trojan-activity;sid:84132614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"154.216.16.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269515/; classtype:trojan-activity;sid:84132615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269516/; classtype:trojan-activity;sid:84132616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.sh4"; depth:9; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269517/; classtype:trojan-activity;sid:84132617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269518/; classtype:trojan-activity;sid:84132618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm"; depth:5; endswith; nocase; http.host; content:"154.216.19.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269519/; classtype:trojan-activity;sid:84132619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ixikzc1pvao8odwsk7xhd8lcjtavcvgb4u"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269520/; classtype:trojan-activity;sid:84132620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269521/; classtype:trojan-activity;sid:84132621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"154.216.16.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269522/; classtype:trojan-activity;sid:84132622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269505/; classtype:trojan-activity;sid:84132605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86"; depth:9; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269506/; classtype:trojan-activity;sid:84132606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269507/; classtype:trojan-activity;sid:84132607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269508/; classtype:trojan-activity;sid:84132608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269509/; classtype:trojan-activity;sid:84132609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269510/; classtype:trojan-activity;sid:84132610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm7"; depth:6; endswith; nocase; http.host; content:"154.216.19.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269494/; classtype:trojan-activity;sid:84132594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269495/; classtype:trojan-activity;sid:84132595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269496/; classtype:trojan-activity;sid:84132596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269497/; classtype:trojan-activity;sid:84132597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269498/; classtype:trojan-activity;sid:84132598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wzjmiv7n4vrpkxtctqoevvnt2ppjcfxtpt"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269499/; classtype:trojan-activity;sid:84132599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269500/; classtype:trojan-activity;sid:84132600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x7ghcn7tdqt21vh65w2y0vt6xclditgame"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269501/; classtype:trojan-activity;sid:84132601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smips"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269502/; classtype:trojan-activity;sid:84132602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269503/; classtype:trojan-activity;sid:84132603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"154.216.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269504/; classtype:trojan-activity;sid:84132604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269491/; classtype:trojan-activity;sid:84132591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nlxfnwjvl5zcf32asdeihvcqtkqceaqzvu"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269492/; classtype:trojan-activity;sid:84132592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrmips"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269493/; classtype:trojan-activity;sid:84132593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.ppc"; depth:9; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269485/; classtype:trojan-activity;sid:84132585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wofv0gachqq3oog1mbm5bddrn7hgdvxhes"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269486/; classtype:trojan-activity;sid:84132586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269487/; classtype:trojan-activity;sid:84132587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269488/; classtype:trojan-activity;sid:84132588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm6"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269489/; classtype:trojan-activity;sid:84132589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iy3pdrqaoppvwtyy3bwfmefbw6kzvczmb7"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269490/; classtype:trojan-activity;sid:84132590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269481/; classtype:trojan-activity;sid:84132581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269482/; classtype:trojan-activity;sid:84132582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mips"; depth:10; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269483/; classtype:trojan-activity;sid:84132583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269484/; classtype:trojan-activity;sid:84132584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xv97htqnohubdy2tldz50dx4llwiiokuux"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269470/; classtype:trojan-activity;sid:84132570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm6"; depth:6; endswith; nocase; http.host; content:"154.216.19.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269471/; classtype:trojan-activity;sid:84132571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm6"; depth:10; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269472/; classtype:trojan-activity;sid:84132572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrsh4"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269473/; classtype:trojan-activity;sid:84132573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269474/; classtype:trojan-activity;sid:84132574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm7"; depth:13; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269475/; classtype:trojan-activity;sid:84132575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269476/; classtype:trojan-activity;sid:84132576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm5"; depth:10; endswith; nocase; http.host; content:"154.216.16.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269477/; classtype:trojan-activity;sid:84132577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm"; depth:5; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269478/; classtype:trojan-activity;sid:84132578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/0auirkabdibxkrxx6a855rzwcpfvqephpu"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269479/; classtype:trojan-activity;sid:84132579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm5"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269480/; classtype:trojan-activity;sid:84132580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrarm7"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269460/; classtype:trojan-activity;sid:84132560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269461/; classtype:trojan-activity;sid:84132561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.arm5"; depth:13; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269462/; classtype:trojan-activity;sid:84132562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.ppc"; depth:12; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269463/; classtype:trojan-activity;sid:84132563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm7"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269464/; classtype:trojan-activity;sid:84132564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269465/; classtype:trojan-activity;sid:84132565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr/dlr.mips"; depth:13; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269466/; classtype:trojan-activity;sid:84132566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm6"; depth:6; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269467/; classtype:trojan-activity;sid:84132567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269468/; classtype:trojan-activity;sid:84132568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smpsl"; depth:6; endswith; nocase; http.host; content:"154.216.19.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269469/; classtype:trojan-activity;sid:84132569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269454/; classtype:trojan-activity;sid:84132554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269455/; classtype:trojan-activity;sid:84132555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smpsl"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269456/; classtype:trojan-activity;sid:84132556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm"; depth:5; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269457/; classtype:trojan-activity;sid:84132557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm5"; depth:6; endswith; nocase; http.host; content:"154.216.19.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269458/; classtype:trojan-activity;sid:84132558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.20.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269459/; classtype:trojan-activity;sid:84132559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269453/; classtype:trojan-activity;sid:84132553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/go8guv4v77mwdbecusb4xtggohohylgesu"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269452/; classtype:trojan-activity;sid:84132552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269449/; classtype:trojan-activity;sid:84132549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269450/; classtype:trojan-activity;sid:84132550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"156.238.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269451/; classtype:trojan-activity;sid:84132551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/h2ekxkemhtctzcc4gyvjwzsibe3g2294hb"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269448/; classtype:trojan-activity;sid:84132548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hjiy0kcc8q7pj5fhuhyrtgl0lojd5opw8l"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269446/; classtype:trojan-activity;sid:84132546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/32waes7m7kfm1sxdxdkrw3ulpdmc2kk2es"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269447/; classtype:trojan-activity;sid:84132547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.210.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269445/; classtype:trojan-activity;sid:84132545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269444/; classtype:trojan-activity;sid:84132544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.175.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269443/; classtype:trojan-activity;sid:84132543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.54.149.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269442/; classtype:trojan-activity;sid:84132542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.140.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269441/; classtype:trojan-activity;sid:84132541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.234.77.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269440/; classtype:trojan-activity;sid:84132540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269439/; classtype:trojan-activity;sid:84132539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.241.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269438/; classtype:trojan-activity;sid:84132538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269437/; classtype:trojan-activity;sid:84132537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.189.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269436/; classtype:trojan-activity;sid:84132536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.236.65.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269435/; classtype:trojan-activity;sid:84132535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.47.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269434/; classtype:trojan-activity;sid:84132534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.113.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269433/; classtype:trojan-activity;sid:84132533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.88.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269432/; classtype:trojan-activity;sid:84132532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.186.45.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269431/; classtype:trojan-activity;sid:84132531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.133.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269430/; classtype:trojan-activity;sid:84132530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.142.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269429/; classtype:trojan-activity;sid:84132529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.75.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269428/; classtype:trojan-activity;sid:84132528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269427/; classtype:trojan-activity;sid:84132527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.3.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269426/; classtype:trojan-activity;sid:84132526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269425/; classtype:trojan-activity;sid:84132525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.210.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269424/; classtype:trojan-activity;sid:84132524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.3.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269423/; classtype:trojan-activity;sid:84132523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.234.77.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269422/; classtype:trojan-activity;sid:84132522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269421/; classtype:trojan-activity;sid:84132521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.88.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269420/; classtype:trojan-activity;sid:84132520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.97.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269419/; classtype:trojan-activity;sid:84132519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/giganticurtain.exe"; depth:25; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269418/; classtype:trojan-activity;sid:84132518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.232.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269416/; classtype:trojan-activity;sid:84132516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.121.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269417/; classtype:trojan-activity;sid:84132517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.57.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269415/; classtype:trojan-activity;sid:84132515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.75.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269414/; classtype:trojan-activity;sid:84132514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.227.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269413/; classtype:trojan-activity;sid:84132513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.142.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269412/; classtype:trojan-activity;sid:84132512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.210.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269411/; classtype:trojan-activity;sid:84132511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.197.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269409/; classtype:trojan-activity;sid:84132509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.130.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269410/; classtype:trojan-activity;sid:84132510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.54.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269408/; classtype:trojan-activity;sid:84132508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.13.58.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269407/; classtype:trojan-activity;sid:84132507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.42.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269406/; classtype:trojan-activity;sid:84132506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.159.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269405/; classtype:trojan-activity;sid:84132505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.122.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269404/; classtype:trojan-activity;sid:84132504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"hpa.range.cccinvolve.org"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269403/; classtype:trojan-activity;sid:84132503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269402/; classtype:trojan-activity;sid:84132502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269401/; classtype:trojan-activity;sid:84132501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.97.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269400/; classtype:trojan-activity;sid:84132500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.188.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269399/; classtype:trojan-activity;sid:84132499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.41.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269397/; classtype:trojan-activity;sid:84132497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269398/; classtype:trojan-activity;sid:84132498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.161.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269396/; classtype:trojan-activity;sid:84132496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.90.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269395/; classtype:trojan-activity;sid:84132495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"121.233.205.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269393/; classtype:trojan-activity;sid:84132493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.253.80.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269394/; classtype:trojan-activity;sid:84132494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.130.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269392/; classtype:trojan-activity;sid:84132492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.54.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269391/; classtype:trojan-activity;sid:84132491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.149.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269389/; classtype:trojan-activity;sid:84132489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.215.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269390/; classtype:trojan-activity;sid:84132490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/js/6724c67fe2542.js"; depth:34; endswith; nocase; http.host; content:"analisardocumento.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269383/; classtype:trojan-activity;sid:84132483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/js/6724c67fe2542.js"; depth:34; endswith; nocase; http.host; content:"www.analisardocumento.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269384/; classtype:trojan-activity;sid:84132484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.255.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269385/; classtype:trojan-activity;sid:84132485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.121.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269386/; classtype:trojan-activity;sid:84132486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/%e2%9d%89analisar_documento%e2%9d%89_%e2%91%a0%e2%91%a5%e2%91%a0%e2%91%a3%e2%91%a7%e2%91%a0%e2%91%a0%e2%91%a5.zip"; depth:128; endswith; nocase; http.host; content:"analisardocumento.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269387/; classtype:trojan-activity;sid:84132487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/%e2%9d%89analisar_documento%e2%9d%89_%e2%91%a0%e2%91%a5%e2%91%a0%e2%91%a3%e2%91%a7%e2%91%a0%e2%91%a0%e2%91%a5.zip"; depth:128; endswith; nocase; http.host; content:"www.analisardocumento.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269388/; classtype:trojan-activity;sid:84132488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/6724c67fe2636.vbs"; depth:32; endswith; nocase; http.host; content:"analisardocumento.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269382/; classtype:trojan-activity;sid:84132482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/6724c67fe2636.vbs"; depth:32; endswith; nocase; http.host; content:"www.analisardocumento.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269381/; classtype:trojan-activity;sid:84132481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/6724c67fe2634.vbs"; depth:32; endswith; nocase; http.host; content:"analisardocumento.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269379/; classtype:trojan-activity;sid:84132479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c67fe2573/6724c67fe2634.vbs"; depth:32; endswith; nocase; http.host; content:"www.analisardocumento.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269380/; classtype:trojan-activity;sid:84132480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65ewe.zip"; depth:10; endswith; nocase; http.host; content:"64.190.113.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269378/; classtype:trojan-activity;sid:84132478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.159.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269377/; classtype:trojan-activity;sid:84132477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.8.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269376/; classtype:trojan-activity;sid:84132476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.234.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269375/; classtype:trojan-activity;sid:84132475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.209.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269374/; classtype:trojan-activity;sid:84132474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.73.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269373/; classtype:trojan-activity;sid:84132473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.55.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269372/; classtype:trojan-activity;sid:84132472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.188.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269371/; classtype:trojan-activity;sid:84132471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/js/6724c4d040dc9.js"; depth:34; endswith; nocase; http.host; content:"www.download-20248257239.pro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269370/; classtype:trojan-activity;sid:84132470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/js/6724c4d040dc9.js"; depth:34; endswith; nocase; http.host; content:"download-20248257239.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269369/; classtype:trojan-activity;sid:84132469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/%e2%9d%89danfe%e2%9d%89_%e2%91%a6%e2%91%a4%e2%91%a4%e2%91%a2%e2%91%a6%e2%91%a5%e2%91%a3%e2%91%a0.zip"; depth:115; endswith; nocase; http.host; content:"www.download-20248257239.pro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269368/; classtype:trojan-activity;sid:84132468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/%e2%9d%89danfe%e2%9d%89_%e2%91%a6%e2%91%a4%e2%91%a4%e2%91%a2%e2%91%a6%e2%91%a5%e2%91%a3%e2%91%a0.zip"; depth:115; endswith; nocase; http.host; content:"download-20248257239.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269366/; classtype:trojan-activity;sid:84132466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/6724c4d04135e.vbs"; depth:32; endswith; nocase; http.host; content:"www.download-20248257239.pro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269367/; classtype:trojan-activity;sid:84132467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/6724c4d04135e.vbs"; depth:32; endswith; nocase; http.host; content:"download-20248257239.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269365/; classtype:trojan-activity;sid:84132465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/6724c4d04135c.vbs"; depth:32; endswith; nocase; http.host; content:"download-20248257239.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269363/; classtype:trojan-activity;sid:84132463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6724c4d040e29/6724c4d04135c.vbs"; depth:32; endswith; nocase; http.host; content:"www.download-20248257239.pro"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269364/; classtype:trojan-activity;sid:84132464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new21.zip"; depth:10; endswith; nocase; http.host; content:"167.88.165.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269362/; classtype:trojan-activity;sid:84132462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269361/; classtype:trojan-activity;sid:84132461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.216.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269360/; classtype:trojan-activity;sid:84132460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269359/; classtype:trojan-activity;sid:84132459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.111.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269358/; classtype:trojan-activity;sid:84132458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.89.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269357/; classtype:trojan-activity;sid:84132457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.204.75.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269356/; classtype:trojan-activity;sid:84132456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.140.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269355/; classtype:trojan-activity;sid:84132455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.255.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269354/; classtype:trojan-activity;sid:84132454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.10.166.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269353/; classtype:trojan-activity;sid:84132453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.149.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269352/; classtype:trojan-activity;sid:84132452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.186.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269351/; classtype:trojan-activity;sid:84132451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.55.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269350/; classtype:trojan-activity;sid:84132450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269349/; classtype:trojan-activity;sid:84132449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.215.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269348/; classtype:trojan-activity;sid:84132448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269347/; classtype:trojan-activity;sid:84132447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269345/; classtype:trojan-activity;sid:84132445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.161.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269346/; classtype:trojan-activity;sid:84132446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.27.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269344/; classtype:trojan-activity;sid:84132444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.114.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269343/; classtype:trojan-activity;sid:84132443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.68.198"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269342/; classtype:trojan-activity;sid:84132442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.83.178.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269341/; classtype:trojan-activity;sid:84132441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.48.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269340/; classtype:trojan-activity;sid:84132440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.33.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269339/; classtype:trojan-activity;sid:84132439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"210.10.166.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269338/; classtype:trojan-activity;sid:84132438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.88.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269337/; classtype:trojan-activity;sid:84132437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269336/; classtype:trojan-activity;sid:84132436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.36.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269335/; classtype:trojan-activity;sid:84132435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.81.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269334/; classtype:trojan-activity;sid:84132434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.215.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269333/; classtype:trojan-activity;sid:84132433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.32.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269332/; classtype:trojan-activity;sid:84132432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/fontcreator.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269331/; classtype:trojan-activity;sid:84132431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.136.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269330/; classtype:trojan-activity;sid:84132430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269329/; classtype:trojan-activity;sid:84132429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269328/; classtype:trojan-activity;sid:84132428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.139.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269327/; classtype:trojan-activity;sid:84132427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.26.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269326/; classtype:trojan-activity;sid:84132426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.102.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269325/; classtype:trojan-activity;sid:84132425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269324/; classtype:trojan-activity;sid:84132424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.96.74"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269323/; classtype:trojan-activity;sid:84132423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.10.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269322/; classtype:trojan-activity;sid:84132422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.5.89"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269321/; classtype:trojan-activity;sid:84132421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.221.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269320/; classtype:trojan-activity;sid:84132420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.122.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269319/; classtype:trojan-activity;sid:84132419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.77.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269318/; classtype:trojan-activity;sid:84132418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.69.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269317/; classtype:trojan-activity;sid:84132417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.16.155.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269316/; classtype:trojan-activity;sid:84132416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269315/; classtype:trojan-activity;sid:84132415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.136.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269314/; classtype:trojan-activity;sid:84132414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.10.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269313/; classtype:trojan-activity;sid:84132413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.102.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269312/; classtype:trojan-activity;sid:84132412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.221.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269311/; classtype:trojan-activity;sid:84132411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.26.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269310/; classtype:trojan-activity;sid:84132410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.22.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269309/; classtype:trojan-activity;sid:84132409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.174.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269307/; classtype:trojan-activity;sid:84132407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.189.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269308/; classtype:trojan-activity;sid:84132408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.111.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269306/; classtype:trojan-activity;sid:84132406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.58.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269305/; classtype:trojan-activity;sid:84132405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.248.185.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269303/; classtype:trojan-activity;sid:84132403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269304/; classtype:trojan-activity;sid:84132404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.248.174.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269302/; classtype:trojan-activity;sid:84132402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.69.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269301/; classtype:trojan-activity;sid:84132401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.173"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269300/; classtype:trojan-activity;sid:84132400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.211.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269299/; classtype:trojan-activity;sid:84132399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.223.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269298/; classtype:trojan-activity;sid:84132398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.147.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269297/; classtype:trojan-activity;sid:84132397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.198.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269295/; classtype:trojan-activity;sid:84132395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.253.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269296/; classtype:trojan-activity;sid:84132396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.18.129"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269294/; classtype:trojan-activity;sid:84132394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.147.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269293/; classtype:trojan-activity;sid:84132393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269291/; classtype:trojan-activity;sid:84132391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.171.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269292/; classtype:trojan-activity;sid:84132392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.22.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269290/; classtype:trojan-activity;sid:84132390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.240.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269289/; classtype:trojan-activity;sid:84132389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.16.155.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269288/; classtype:trojan-activity;sid:84132388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.13.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269287/; classtype:trojan-activity;sid:84132387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.140.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269286/; classtype:trojan-activity;sid:84132386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.0.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269285/; classtype:trojan-activity;sid:84132385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.85.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269284/; classtype:trojan-activity;sid:84132384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.92.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269283/; classtype:trojan-activity;sid:84132383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.80.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269282/; classtype:trojan-activity;sid:84132382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.123.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269281/; classtype:trojan-activity;sid:84132381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.36.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269280/; classtype:trojan-activity;sid:84132380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.211.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269279/; classtype:trojan-activity;sid:84132379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.242.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269278/; classtype:trojan-activity;sid:84132378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.66.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269277/; classtype:trojan-activity;sid:84132377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.26.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269276/; classtype:trojan-activity;sid:84132376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.139.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269275/; classtype:trojan-activity;sid:84132375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.223.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269272/; classtype:trojan-activity;sid:84132372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.242.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269273/; classtype:trojan-activity;sid:84132373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269274/; classtype:trojan-activity;sid:84132374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.121.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269271/; classtype:trojan-activity;sid:84132371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.147.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269267/; classtype:trojan-activity;sid:84132367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.254.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269268/; classtype:trojan-activity;sid:84132368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.254.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269269/; classtype:trojan-activity;sid:84132369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269270/; classtype:trojan-activity;sid:84132370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269251/; classtype:trojan-activity;sid:84132351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269252/; classtype:trojan-activity;sid:84132352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.39.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269253/; classtype:trojan-activity;sid:84132353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.211.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269254/; classtype:trojan-activity;sid:84132354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.19.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269255/; classtype:trojan-activity;sid:84132355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.182.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269256/; classtype:trojan-activity;sid:84132356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.167.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269257/; classtype:trojan-activity;sid:84132357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.20.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269258/; classtype:trojan-activity;sid:84132358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269259/; classtype:trojan-activity;sid:84132359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.141.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269260/; classtype:trojan-activity;sid:84132360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.203.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269261/; classtype:trojan-activity;sid:84132361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.115.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269262/; classtype:trojan-activity;sid:84132362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.237.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269263/; classtype:trojan-activity;sid:84132363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.46.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269264/; classtype:trojan-activity;sid:84132364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.73.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269265/; classtype:trojan-activity;sid:84132365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.249.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269266/; classtype:trojan-activity;sid:84132366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.242.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269250/; classtype:trojan-activity;sid:84132350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.202.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269249/; classtype:trojan-activity;sid:84132349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.100.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269245/; classtype:trojan-activity;sid:84132345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.118.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269246/; classtype:trojan-activity;sid:84132346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.106.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269247/; classtype:trojan-activity;sid:84132347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.137.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269248/; classtype:trojan-activity;sid:84132348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/fontcreator.exe"; depth:22; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269244/; classtype:trojan-activity;sid:84132344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269239/; classtype:trojan-activity;sid:84132339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269240/; classtype:trojan-activity;sid:84132340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.79.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269241/; classtype:trojan-activity;sid:84132341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.46.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269242/; classtype:trojan-activity;sid:84132342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.76.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269243/; classtype:trojan-activity;sid:84132343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269238/; classtype:trojan-activity;sid:84132338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.13.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269237/; classtype:trojan-activity;sid:84132337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.226.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269236/; classtype:trojan-activity;sid:84132336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.60.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269235/; classtype:trojan-activity;sid:84132335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.13.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269234/; classtype:trojan-activity;sid:84132334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.237.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269233/; classtype:trojan-activity;sid:84132333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.245.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269232/; classtype:trojan-activity;sid:84132332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.237.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269231/; classtype:trojan-activity;sid:84132331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.173.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269230/; classtype:trojan-activity;sid:84132330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269229/; classtype:trojan-activity;sid:84132329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.246.227.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269228/; classtype:trojan-activity;sid:84132328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.107.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269227/; classtype:trojan-activity;sid:84132327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269226/; classtype:trojan-activity;sid:84132326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.27.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269225/; classtype:trojan-activity;sid:84132325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.203.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269224/; classtype:trojan-activity;sid:84132324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.60.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269223/; classtype:trojan-activity;sid:84132323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"191.240.80.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269222/; classtype:trojan-activity;sid:84132322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.16.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269221/; classtype:trojan-activity;sid:84132321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.112.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269220/; classtype:trojan-activity;sid:84132320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.216.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269219/; classtype:trojan-activity;sid:84132319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.78.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269216/; classtype:trojan-activity;sid:84132316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.241.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269217/; classtype:trojan-activity;sid:84132317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.90.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269218/; classtype:trojan-activity;sid:84132318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.42.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269215/; classtype:trojan-activity;sid:84132315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.149.245.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269214/; classtype:trojan-activity;sid:84132314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.47.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269213/; classtype:trojan-activity;sid:84132313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.27.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269212/; classtype:trojan-activity;sid:84132312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.119.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269211/; classtype:trojan-activity;sid:84132311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.124.1.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269210/; classtype:trojan-activity;sid:84132310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.163.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269209/; classtype:trojan-activity;sid:84132309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.19.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269208/; classtype:trojan-activity;sid:84132308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269207/; classtype:trojan-activity;sid:84132307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.211.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269206/; classtype:trojan-activity;sid:84132306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.237.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269205/; classtype:trojan-activity;sid:84132305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.72.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269204/; classtype:trojan-activity;sid:84132304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.46.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269203/; classtype:trojan-activity;sid:84132303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.228.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269202/; classtype:trojan-activity;sid:84132302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.231.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269201/; classtype:trojan-activity;sid:84132301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.78.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269200/; classtype:trojan-activity;sid:84132300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.27.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269199/; classtype:trojan-activity;sid:84132299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.39.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269198/; classtype:trojan-activity;sid:84132298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.167.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269197/; classtype:trojan-activity;sid:84132297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.172.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269195/; classtype:trojan-activity;sid:84132295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.68.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269196/; classtype:trojan-activity;sid:84132296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.90.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269193/; classtype:trojan-activity;sid:84132293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.120.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269194/; classtype:trojan-activity;sid:84132294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.26.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269192/; classtype:trojan-activity;sid:84132292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269191/; classtype:trojan-activity;sid:84132291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.18.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269190/; classtype:trojan-activity;sid:84132290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.97.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269189/; classtype:trojan-activity;sid:84132289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.151.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269188/; classtype:trojan-activity;sid:84132288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269187/; classtype:trojan-activity;sid:84132287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.111.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269186/; classtype:trojan-activity;sid:84132286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.178.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269184/; classtype:trojan-activity;sid:84132284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.22.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269185/; classtype:trojan-activity;sid:84132285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.74.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269183/; classtype:trojan-activity;sid:84132283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.10.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269182/; classtype:trojan-activity;sid:84132282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.78.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269181/; classtype:trojan-activity;sid:84132281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.99.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269180/; classtype:trojan-activity;sid:84132280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.80.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269179/; classtype:trojan-activity;sid:84132279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.72.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269178/; classtype:trojan-activity;sid:84132278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.146.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269177/; classtype:trojan-activity;sid:84132277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.172.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269176/; classtype:trojan-activity;sid:84132276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.91.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269175/; classtype:trojan-activity;sid:84132275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.178.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269174/; classtype:trojan-activity;sid:84132274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.198.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269172/; classtype:trojan-activity;sid:84132272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269173/; classtype:trojan-activity;sid:84132273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.236.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269171/; classtype:trojan-activity;sid:84132271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.16.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269170/; classtype:trojan-activity;sid:84132270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.120.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269169/; classtype:trojan-activity;sid:84132269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.46.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269168/; classtype:trojan-activity;sid:84132268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.18.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269167/; classtype:trojan-activity;sid:84132267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.19.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269166/; classtype:trojan-activity;sid:84132266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.230.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269165/; classtype:trojan-activity;sid:84132265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hi.exe"; depth:7; endswith; nocase; http.host; content:"onedomainpro.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269164/; classtype:trojan-activity;sid:84132264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.10.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269163/; classtype:trojan-activity;sid:84132263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.100.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269162/; classtype:trojan-activity;sid:84132262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.29.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269161/; classtype:trojan-activity;sid:84132261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.39.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269160/; classtype:trojan-activity;sid:84132260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.182.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269159/; classtype:trojan-activity;sid:84132259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.99.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269158/; classtype:trojan-activity;sid:84132258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saclkvrengmyaqcekqhvn198.bin"; depth:29; endswith; nocase; http.host; content:"84.38.133.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269156/; classtype:trojan-activity;sid:84132256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fzbmqqqpasdj30.bin"; depth:19; endswith; nocase; http.host; content:"84.38.133.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269157/; classtype:trojan-activity;sid:84132257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.195.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269155/; classtype:trojan-activity;sid:84132255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.47.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269154/; classtype:trojan-activity;sid:84132254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.89.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269153/; classtype:trojan-activity;sid:84132253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.27.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269152/; classtype:trojan-activity;sid:84132252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.35.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269151/; classtype:trojan-activity;sid:84132251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.80.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269150/; classtype:trojan-activity;sid:84132250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.239.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269149/; classtype:trojan-activity;sid:84132249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.180.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269148/; classtype:trojan-activity;sid:84132248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.243.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269147/; classtype:trojan-activity;sid:84132247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.55.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269146/; classtype:trojan-activity;sid:84132246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.46.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269144/; classtype:trojan-activity;sid:84132244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.19.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269145/; classtype:trojan-activity;sid:84132245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.198.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269142/; classtype:trojan-activity;sid:84132242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.21.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269143/; classtype:trojan-activity;sid:84132243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.29.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269141/; classtype:trojan-activity;sid:84132241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.36.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269140/; classtype:trojan-activity;sid:84132240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.234.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269139/; classtype:trojan-activity;sid:84132239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.55.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269138/; classtype:trojan-activity;sid:84132238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269137/; classtype:trojan-activity;sid:84132237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7acd19bd2aaad7bb/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"213.159.79.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269136/; classtype:trojan-activity;sid:84132236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bdcdc3545a160aa/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.235.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269135/; classtype:trojan-activity;sid:84132235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bdcdc3545a160aa/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.235.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269129/; classtype:trojan-activity;sid:84132229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bdcdc3545a160aa/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.235.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269130/; classtype:trojan-activity;sid:84132230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bdcdc3545a160aa/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.235.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269131/; classtype:trojan-activity;sid:84132231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bdcdc3545a160aa/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.235.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269132/; classtype:trojan-activity;sid:84132232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bdcdc3545a160aa/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.235.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269133/; classtype:trojan-activity;sid:84132233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bdcdc3545a160aa/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.235.128.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269134/; classtype:trojan-activity;sid:84132234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269128/; classtype:trojan-activity;sid:84132228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.244.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269127/; classtype:trojan-activity;sid:84132227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.220.145.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269126/; classtype:trojan-activity;sid:84132226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.100.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269125/; classtype:trojan-activity;sid:84132225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.87.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269124/; classtype:trojan-activity;sid:84132224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.130.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269123/; classtype:trojan-activity;sid:84132223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.72.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269122/; classtype:trojan-activity;sid:84132222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.89.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269120/; classtype:trojan-activity;sid:84132220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.245.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269121/; classtype:trojan-activity;sid:84132221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.126.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269119/; classtype:trojan-activity;sid:84132219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.35.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269118/; classtype:trojan-activity;sid:84132218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.178.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269117/; classtype:trojan-activity;sid:84132217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269116/; classtype:trojan-activity;sid:84132216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.221.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269115/; classtype:trojan-activity;sid:84132215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269114/; classtype:trojan-activity;sid:84132214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f79.svg"; depth:8; endswith; nocase; http.host; content:"azure-getrequest.icu"; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269112/; classtype:trojan-activity;sid:84132212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.94.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269110/; classtype:trojan-activity;sid:84132210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1g-mwt_cmahrwemquyiys2wga-gkihkgp|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:94; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269109/; classtype:trojan-activity;sid:84132209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/y4v6hav4urviybjgepvua/notificaci-n-electr-nica-cendo-rama-judicial-del-poder-p-blico-esm-confirmar-recibido.tar.cab.tar.001|3f|rlkey=cyrv2bs10cm8036w817c3z37i|7c|26|7c|st=e72a71gw|7c|26|7c|dl=0"; depth:201; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269108/; classtype:trojan-activity;sid:84132208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.25.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269107/; classtype:trojan-activity;sid:84132207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1heg2vhp8xbeyth9kegbmwsns2rhwb8al"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269105/; classtype:trojan-activity;sid:84132205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1qf-ma8blmbvxpo4jr7wgcwzkxzvenhra|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269106/; classtype:trojan-activity;sid:84132206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.232.57.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269104/; classtype:trojan-activity;sid:84132204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.87.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269103/; classtype:trojan-activity;sid:84132203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.27.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269102/; classtype:trojan-activity;sid:84132202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.104.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269101/; classtype:trojan-activity;sid:84132201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269100/; classtype:trojan-activity;sid:84132200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.126.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269098/; classtype:trojan-activity;sid:84132198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.146.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269099/; classtype:trojan-activity;sid:84132199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.32.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269097/; classtype:trojan-activity;sid:84132197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.25.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269096/; classtype:trojan-activity;sid:84132196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.198.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269095/; classtype:trojan-activity;sid:84132195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.19.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269094/; classtype:trojan-activity;sid:84132194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.245.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269093/; classtype:trojan-activity;sid:84132193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.42.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269092/; classtype:trojan-activity;sid:84132192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.77.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269091/; classtype:trojan-activity;sid:84132191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.218.192.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269090/; classtype:trojan-activity;sid:84132190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.168.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269089/; classtype:trojan-activity;sid:84132189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.121.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269088/; classtype:trojan-activity;sid:84132188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269087/; classtype:trojan-activity;sid:84132187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.90.245.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269086/; classtype:trojan-activity;sid:84132186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.208.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269085/; classtype:trojan-activity;sid:84132185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.243.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269084/; classtype:trojan-activity;sid:84132184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.113.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269083/; classtype:trojan-activity;sid:84132183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.133.184.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269082/; classtype:trojan-activity;sid:84132182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.242.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269081/; classtype:trojan-activity;sid:84132181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.5.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269080/; classtype:trojan-activity;sid:84132180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269079/; classtype:trojan-activity;sid:84132179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.104.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269078/; classtype:trojan-activity;sid:84132178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.27.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269077/; classtype:trojan-activity;sid:84132177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.232.57.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269076/; classtype:trojan-activity;sid:84132176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/nfef2debp7q52qq.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269075/; classtype:trojan-activity;sid:84132175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.216.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269074/; classtype:trojan-activity;sid:84132174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.146.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269073/; classtype:trojan-activity;sid:84132173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.91.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269072/; classtype:trojan-activity;sid:84132172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.209.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269071/; classtype:trojan-activity;sid:84132171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.1.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269070/; classtype:trojan-activity;sid:84132170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.89.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269069/; classtype:trojan-activity;sid:84132169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.113.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269068/; classtype:trojan-activity;sid:84132168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.184.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269067/; classtype:trojan-activity;sid:84132167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269066/; classtype:trojan-activity;sid:84132166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.1.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269064/; classtype:trojan-activity;sid:84132164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.46.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269065/; classtype:trojan-activity;sid:84132165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.13.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269063/; classtype:trojan-activity;sid:84132163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269061/; classtype:trojan-activity;sid:84132161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.210.139.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269062/; classtype:trojan-activity;sid:84132162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.69.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269060/; classtype:trojan-activity;sid:84132160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.95.76.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269059/; classtype:trojan-activity;sid:84132159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.192.62.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269058/; classtype:trojan-activity;sid:84132158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.68.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269057/; classtype:trojan-activity;sid:84132157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.144.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269056/; classtype:trojan-activity;sid:84132156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.130.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269055/; classtype:trojan-activity;sid:84132155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.90.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269054/; classtype:trojan-activity;sid:84132154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.62.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269053/; classtype:trojan-activity;sid:84132153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.133.184.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269052/; classtype:trojan-activity;sid:84132152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269051/; classtype:trojan-activity;sid:84132151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.110.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269050/; classtype:trojan-activity;sid:84132150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.243.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269049/; classtype:trojan-activity;sid:84132149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269048/; classtype:trojan-activity;sid:84132148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.84.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269047/; classtype:trojan-activity;sid:84132147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.215.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269046/; classtype:trojan-activity;sid:84132146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.90.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269045/; classtype:trojan-activity;sid:84132145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.54.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269044/; classtype:trojan-activity;sid:84132144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.122.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269043/; classtype:trojan-activity;sid:84132143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.101.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269042/; classtype:trojan-activity;sid:84132142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.138.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269040/; classtype:trojan-activity;sid:84132140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.31.101.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269041/; classtype:trojan-activity;sid:84132141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.224.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269038/; classtype:trojan-activity;sid:84132138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"jpa.range.cccinvolve.org"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269039/; classtype:trojan-activity;sid:84132139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269036/; classtype:trojan-activity;sid:84132136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.93.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269037/; classtype:trojan-activity;sid:84132137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.26.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269034/; classtype:trojan-activity;sid:84132134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.216.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269035/; classtype:trojan-activity;sid:84132135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.206.18.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269033/; classtype:trojan-activity;sid:84132133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.11.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269032/; classtype:trojan-activity;sid:84132132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.174.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269030/; classtype:trojan-activity;sid:84132130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.144.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269031/; classtype:trojan-activity;sid:84132131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.80.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269029/; classtype:trojan-activity;sid:84132129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.59.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269026/; classtype:trojan-activity;sid:84132126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.98.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269027/; classtype:trojan-activity;sid:84132127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.133.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269028/; classtype:trojan-activity;sid:84132128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.236.182.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269025/; classtype:trojan-activity;sid:84132125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.123.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269024/; classtype:trojan-activity;sid:84132124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.122.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269023/; classtype:trojan-activity;sid:84132123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.194.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269022/; classtype:trojan-activity;sid:84132122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.49.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269021/; classtype:trojan-activity;sid:84132121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269020/; classtype:trojan-activity;sid:84132120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.62.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269019/; classtype:trojan-activity;sid:84132119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper64.exe"; depth:14; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269018/; classtype:trojan-activity;sid:84132118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.136.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269016/; classtype:trojan-activity;sid:84132116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.93.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269017/; classtype:trojan-activity;sid:84132117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.172.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269015/; classtype:trojan-activity;sid:84132115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.45.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269012/; classtype:trojan-activity;sid:84132112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269013/; classtype:trojan-activity;sid:84132113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.28.220"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269014/; classtype:trojan-activity;sid:84132114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/zo7yvjlvmdji9aj.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269011/; classtype:trojan-activity;sid:84132111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.242.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269010/; classtype:trojan-activity;sid:84132110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.110.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269009/; classtype:trojan-activity;sid:84132109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.44.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269008/; classtype:trojan-activity;sid:84132108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.12.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269006/; classtype:trojan-activity;sid:84132106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.26.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269007/; classtype:trojan-activity;sid:84132107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.98.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269005/; classtype:trojan-activity;sid:84132105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.224.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269004/; classtype:trojan-activity;sid:84132104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.12.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269003/; classtype:trojan-activity;sid:84132103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.230.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269001/; classtype:trojan-activity;sid:84132101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.93.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269002/; classtype:trojan-activity;sid:84132102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.151.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269000/; classtype:trojan-activity;sid:84132100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.194.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268999/; classtype:trojan-activity;sid:84132099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.30.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268998/; classtype:trojan-activity;sid:84132098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268997/; classtype:trojan-activity;sid:84132097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.39.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268996/; classtype:trojan-activity;sid:84132096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.160.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268995/; classtype:trojan-activity;sid:84132095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.123.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268994/; classtype:trojan-activity;sid:84132094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.122.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268993/; classtype:trojan-activity;sid:84132093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.44.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268992/; classtype:trojan-activity;sid:84132092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.200.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268991/; classtype:trojan-activity;sid:84132091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.18.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268990/; classtype:trojan-activity;sid:84132090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.93.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268989/; classtype:trojan-activity;sid:84132089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.233.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268988/; classtype:trojan-activity;sid:84132088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.31.101.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268987/; classtype:trojan-activity;sid:84132087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268986/; classtype:trojan-activity;sid:84132086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.72.184.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268985/; classtype:trojan-activity;sid:84132085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.32.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268984/; classtype:trojan-activity;sid:84132084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.236.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268983/; classtype:trojan-activity;sid:84132083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.90.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268982/; classtype:trojan-activity;sid:84132082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268981/; classtype:trojan-activity;sid:84132081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.151.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268980/; classtype:trojan-activity;sid:84132080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.6.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268979/; classtype:trojan-activity;sid:84132079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.138.222.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268978/; classtype:trojan-activity;sid:84132078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.122.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268977/; classtype:trojan-activity;sid:84132077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.134.213.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268976/; classtype:trojan-activity;sid:84132076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268975/; classtype:trojan-activity;sid:84132075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.24.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268974/; classtype:trojan-activity;sid:84132074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.190.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268973/; classtype:trojan-activity;sid:84132073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.39.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268972/; classtype:trojan-activity;sid:84132072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.207.85.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268971/; classtype:trojan-activity;sid:84132071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.98.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268970/; classtype:trojan-activity;sid:84132070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.22.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268969/; classtype:trojan-activity;sid:84132069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.215.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268968/; classtype:trojan-activity;sid:84132068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.226.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268967/; classtype:trojan-activity;sid:84132067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.83.155"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268966/; classtype:trojan-activity;sid:84132066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.32.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268964/; classtype:trojan-activity;sid:84132064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.70.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268965/; classtype:trojan-activity;sid:84132065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.133.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268963/; classtype:trojan-activity;sid:84132063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.179.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268962/; classtype:trojan-activity;sid:84132062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.27.13.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268961/; classtype:trojan-activity;sid:84132061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.9.51"; depth:9; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268960/; classtype:trojan-activity;sid:84132060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.236.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268959/; classtype:trojan-activity;sid:84132059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.255.201.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268958/; classtype:trojan-activity;sid:84132058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.124.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268957/; classtype:trojan-activity;sid:84132057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268956/; classtype:trojan-activity;sid:84132056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.179.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268954/; classtype:trojan-activity;sid:84132054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.224.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268955/; classtype:trojan-activity;sid:84132055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.95.45"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268953/; classtype:trojan-activity;sid:84132053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.105.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268952/; classtype:trojan-activity;sid:84132052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.183.103.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268951/; classtype:trojan-activity;sid:84132051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.238.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268950/; classtype:trojan-activity;sid:84132050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268949/; classtype:trojan-activity;sid:84132049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.24.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268948/; classtype:trojan-activity;sid:84132048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.138.222.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268947/; classtype:trojan-activity;sid:84132047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.177.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268946/; classtype:trojan-activity;sid:84132046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.70.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268945/; classtype:trojan-activity;sid:84132045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.251.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268944/; classtype:trojan-activity;sid:84132044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268940/; classtype:trojan-activity;sid:84132040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268941/; classtype:trojan-activity;sid:84132041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268942/; classtype:trojan-activity;sid:84132042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/armv5l"; depth:13; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268943/; classtype:trojan-activity;sid:84132043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/m68k"; depth:11; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268939/; classtype:trojan-activity;sid:84132039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/armv7l"; depth:13; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268938/; classtype:trojan-activity;sid:84132038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268921/; classtype:trojan-activity;sid:84132021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/mips"; depth:11; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268922/; classtype:trojan-activity;sid:84132022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268923/; classtype:trojan-activity;sid:84132023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268924/; classtype:trojan-activity;sid:84132024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/armv6l"; depth:13; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268925/; classtype:trojan-activity;sid:84132025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268926/; classtype:trojan-activity;sid:84132026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268927/; classtype:trojan-activity;sid:84132027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268928/; classtype:trojan-activity;sid:84132028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/sparc"; depth:12; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268929/; classtype:trojan-activity;sid:84132029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268930/; classtype:trojan-activity;sid:84132030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268931/; classtype:trojan-activity;sid:84132031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.214.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268932/; classtype:trojan-activity;sid:84132032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/ur0a.sh"; depth:14; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268933/; classtype:trojan-activity;sid:84132033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/x86_64"; depth:13; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268934/; classtype:trojan-activity;sid:84132034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/armv4l"; depth:13; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268935/; classtype:trojan-activity;sid:84132035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/mipsel"; depth:13; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268936/; classtype:trojan-activity;sid:84132036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/i586"; depth:11; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268937/; classtype:trojan-activity;sid:84132037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268919/; classtype:trojan-activity;sid:84132019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/mips64"; depth:13; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268920/; classtype:trojan-activity;sid:84132020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"5.253.247.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268918/; classtype:trojan-activity;sid:84132018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/powerpc"; depth:14; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268917/; classtype:trojan-activity;sid:84132017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simps/i686"; depth:11; endswith; nocase; http.host; content:"181.214.231.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268916/; classtype:trojan-activity;sid:84132016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.200.168.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268915/; classtype:trojan-activity;sid:84132015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.183.103.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268914/; classtype:trojan-activity;sid:84132014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.107.97.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268913/; classtype:trojan-activity;sid:84132013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268912/; classtype:trojan-activity;sid:84132012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268911/; classtype:trojan-activity;sid:84132011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.209.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268910/; classtype:trojan-activity;sid:84132010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.49.34.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268909/; classtype:trojan-activity;sid:84132009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.124.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268908/; classtype:trojan-activity;sid:84132008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.154.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268907/; classtype:trojan-activity;sid:84132007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.95.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268906/; classtype:trojan-activity;sid:84132006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.121.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268905/; classtype:trojan-activity;sid:84132005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svcsvr.exe"; depth:11; endswith; nocase; http.host; content:"gdx.o7lab.me"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268904/; classtype:trojan-activity;sid:84132004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/iwqopplghcvzxmy.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268902/; classtype:trojan-activity;sid:84132002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.95.45"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268903/; classtype:trojan-activity;sid:84132003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.133.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268901/; classtype:trojan-activity;sid:84132001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pzqo/2.exe"; depth:11; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268900/; classtype:trojan-activity;sid:84132000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.105.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268899/; classtype:trojan-activity;sid:84131999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.7.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268898/; classtype:trojan-activity;sid:84131998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.255.201.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268897/; classtype:trojan-activity;sid:84131997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.21.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268896/; classtype:trojan-activity;sid:84131996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.145.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268895/; classtype:trojan-activity;sid:84131995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268894/; classtype:trojan-activity;sid:84131994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.128.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268893/; classtype:trojan-activity;sid:84131993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.177.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268892/; classtype:trojan-activity;sid:84131992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.242.254.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268891/; classtype:trojan-activity;sid:84131991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.33.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268890/; classtype:trojan-activity;sid:84131990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.60.204"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268889/; classtype:trojan-activity;sid:84131989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.103.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268888/; classtype:trojan-activity;sid:84131988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268887/; classtype:trojan-activity;sid:84131987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.82.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268886/; classtype:trojan-activity;sid:84131986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.209.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268885/; classtype:trojan-activity;sid:84131985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.251.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268884/; classtype:trojan-activity;sid:84131984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.179.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268883/; classtype:trojan-activity;sid:84131983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.107.97.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268882/; classtype:trojan-activity;sid:84131982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.149.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268881/; classtype:trojan-activity;sid:84131981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.249.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268880/; classtype:trojan-activity;sid:84131980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.10.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268879/; classtype:trojan-activity;sid:84131979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.228.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268877/; classtype:trojan-activity;sid:84131977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.241.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268878/; classtype:trojan-activity;sid:84131978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.17.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268876/; classtype:trojan-activity;sid:84131976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.80.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268875/; classtype:trojan-activity;sid:84131975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.226.90.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268874/; classtype:trojan-activity;sid:84131974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.84.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268873/; classtype:trojan-activity;sid:84131973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.89.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268871/; classtype:trojan-activity;sid:84131971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.19.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268872/; classtype:trojan-activity;sid:84131972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.145.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268867/; classtype:trojan-activity;sid:84131967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268868/; classtype:trojan-activity;sid:84131968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.92.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268869/; classtype:trojan-activity;sid:84131969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.129.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268870/; classtype:trojan-activity;sid:84131970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.92.207.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268866/; classtype:trojan-activity;sid:84131966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.165.104.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268865/; classtype:trojan-activity;sid:84131965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.54.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268864/; classtype:trojan-activity;sid:84131964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.247.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268863/; classtype:trojan-activity;sid:84131963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.173.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268862/; classtype:trojan-activity;sid:84131962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.57.235.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268861/; classtype:trojan-activity;sid:84131961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.58.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268860/; classtype:trojan-activity;sid:84131960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.230.66.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268859/; classtype:trojan-activity;sid:84131959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.41.108.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268858/; classtype:trojan-activity;sid:84131958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.196.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268857/; classtype:trojan-activity;sid:84131957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.30.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268856/; classtype:trojan-activity;sid:84131956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268855/; classtype:trojan-activity;sid:84131955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"2.194.64.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268854/; classtype:trojan-activity;sid:84131954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.86.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268853/; classtype:trojan-activity;sid:84131953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.36.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268852/; classtype:trojan-activity;sid:84131952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.74.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268849/; classtype:trojan-activity;sid:84131949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.90.245.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268850/; classtype:trojan-activity;sid:84131950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.181.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268851/; classtype:trojan-activity;sid:84131951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.42.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268848/; classtype:trojan-activity;sid:84131948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.161.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268847/; classtype:trojan-activity;sid:84131947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.82.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268846/; classtype:trojan-activity;sid:84131946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.249.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268845/; classtype:trojan-activity;sid:84131945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.121.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268844/; classtype:trojan-activity;sid:84131944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.182.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268843/; classtype:trojan-activity;sid:84131943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.27.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268842/; classtype:trojan-activity;sid:84131942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.27.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268841/; classtype:trojan-activity;sid:84131941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.228.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268840/; classtype:trojan-activity;sid:84131940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.136.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268839/; classtype:trojan-activity;sid:84131939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268838/; classtype:trojan-activity;sid:84131938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268837/; classtype:trojan-activity;sid:84131937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.241.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268836/; classtype:trojan-activity;sid:84131936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.149.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268835/; classtype:trojan-activity;sid:84131935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.43.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268834/; classtype:trojan-activity;sid:84131934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.5.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268833/; classtype:trojan-activity;sid:84131933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.92.207.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268832/; classtype:trojan-activity;sid:84131932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.195.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268831/; classtype:trojan-activity;sid:84131931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268830/; classtype:trojan-activity;sid:84131930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.90.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268829/; classtype:trojan-activity;sid:84131929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.90.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268828/; classtype:trojan-activity;sid:84131928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.21.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268827/; classtype:trojan-activity;sid:84131927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.219.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268826/; classtype:trojan-activity;sid:84131926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.151.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268825/; classtype:trojan-activity;sid:84131925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.115.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268824/; classtype:trojan-activity;sid:84131924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.235.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268823/; classtype:trojan-activity;sid:84131923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.56.147.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268822/; classtype:trojan-activity;sid:84131922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.184.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268821/; classtype:trojan-activity;sid:84131921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"174.76.179.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268820/; classtype:trojan-activity;sid:84131920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268819/; classtype:trojan-activity;sid:84131919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268818/; classtype:trojan-activity;sid:84131918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.27.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268817/; classtype:trojan-activity;sid:84131917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.79.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268816/; classtype:trojan-activity;sid:84131916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.127.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268815/; classtype:trojan-activity;sid:84131915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.111.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268814/; classtype:trojan-activity;sid:84131914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268813/; classtype:trojan-activity;sid:84131913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.140.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268812/; classtype:trojan-activity;sid:84131912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268811/; classtype:trojan-activity;sid:84131911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.136.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268810/; classtype:trojan-activity;sid:84131910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.211.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268809/; classtype:trojan-activity;sid:84131909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.22.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268808/; classtype:trojan-activity;sid:84131908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.5.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268807/; classtype:trojan-activity;sid:84131907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.149.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268806/; classtype:trojan-activity;sid:84131906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.121.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268805/; classtype:trojan-activity;sid:84131905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.148.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268804/; classtype:trojan-activity;sid:84131904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.168.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268803/; classtype:trojan-activity;sid:84131903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.198.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268802/; classtype:trojan-activity;sid:84131902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.193.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268799/; classtype:trojan-activity;sid:84131899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268800/; classtype:trojan-activity;sid:84131900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.28.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268801/; classtype:trojan-activity;sid:84131901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.15.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268798/; classtype:trojan-activity;sid:84131898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.149.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268796/; classtype:trojan-activity;sid:84131896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.73.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268797/; classtype:trojan-activity;sid:84131897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.90.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268795/; classtype:trojan-activity;sid:84131895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.111.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268793/; classtype:trojan-activity;sid:84131893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.58.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268794/; classtype:trojan-activity;sid:84131894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.148.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268792/; classtype:trojan-activity;sid:84131892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.75.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268791/; classtype:trojan-activity;sid:84131891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"174.76.179.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268790/; classtype:trojan-activity;sid:84131890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.232.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268788/; classtype:trojan-activity;sid:84131888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.127.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268789/; classtype:trojan-activity;sid:84131889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.79.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268787/; classtype:trojan-activity;sid:84131887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.224.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268786/; classtype:trojan-activity;sid:84131886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.140.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268785/; classtype:trojan-activity;sid:84131885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268784/; classtype:trojan-activity;sid:84131884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.184.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268783/; classtype:trojan-activity;sid:84131883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268782/; classtype:trojan-activity;sid:84131882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.180.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268781/; classtype:trojan-activity;sid:84131881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.42.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268780/; classtype:trojan-activity;sid:84131880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.233.170.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268779/; classtype:trojan-activity;sid:84131879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.120.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268778/; classtype:trojan-activity;sid:84131878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.211.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268777/; classtype:trojan-activity;sid:84131877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.58.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268776/; classtype:trojan-activity;sid:84131876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.84.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268775/; classtype:trojan-activity;sid:84131875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.247.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268774/; classtype:trojan-activity;sid:84131874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.129.145.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268773/; classtype:trojan-activity;sid:84131873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.93.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268772/; classtype:trojan-activity;sid:84131872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.148.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268771/; classtype:trojan-activity;sid:84131871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.99.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268770/; classtype:trojan-activity;sid:84131870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268769/; classtype:trojan-activity;sid:84131869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268768/; classtype:trojan-activity;sid:84131868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.186.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268767/; classtype:trojan-activity;sid:84131867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.73.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268766/; classtype:trojan-activity;sid:84131866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.31.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268765/; classtype:trojan-activity;sid:84131865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.17.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268764/; classtype:trojan-activity;sid:84131864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.31.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268763/; classtype:trojan-activity;sid:84131863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.233.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268762/; classtype:trojan-activity;sid:84131862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.116.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268759/; classtype:trojan-activity;sid:84131859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268760/; classtype:trojan-activity;sid:84131860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.224.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268761/; classtype:trojan-activity;sid:84131861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.155.209.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268758/; classtype:trojan-activity;sid:84131858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.166.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268757/; classtype:trojan-activity;sid:84131857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.73.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268756/; classtype:trojan-activity;sid:84131856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.93.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268755/; classtype:trojan-activity;sid:84131855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.176.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268754/; classtype:trojan-activity;sid:84131854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.84.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268752/; classtype:trojan-activity;sid:84131852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.127.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268753/; classtype:trojan-activity;sid:84131853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.219.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268751/; classtype:trojan-activity;sid:84131851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.194.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268750/; classtype:trojan-activity;sid:84131850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.177.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268748/; classtype:trojan-activity;sid:84131848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.195.81.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268749/; classtype:trojan-activity;sid:84131849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.186.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268747/; classtype:trojan-activity;sid:84131847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.217.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268746/; classtype:trojan-activity;sid:84131846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.6.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268745/; classtype:trojan-activity;sid:84131845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.166.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268744/; classtype:trojan-activity;sid:84131844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.115.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268743/; classtype:trojan-activity;sid:84131843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.183.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268742/; classtype:trojan-activity;sid:84131842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268741/; classtype:trojan-activity;sid:84131841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.153.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268740/; classtype:trojan-activity;sid:84131840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.51.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268739/; classtype:trojan-activity;sid:84131839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.132.221.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268738/; classtype:trojan-activity;sid:84131838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.5.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268737/; classtype:trojan-activity;sid:84131837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.109.164.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268736/; classtype:trojan-activity;sid:84131836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.219.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268735/; classtype:trojan-activity;sid:84131835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.97.55"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268734/; classtype:trojan-activity;sid:84131834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.105.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268733/; classtype:trojan-activity;sid:84131833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.155.209.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268732/; classtype:trojan-activity;sid:84131832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.240.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268731/; classtype:trojan-activity;sid:84131831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.200.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268730/; classtype:trojan-activity;sid:84131830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.111.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268729/; classtype:trojan-activity;sid:84131829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.54.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268728/; classtype:trojan-activity;sid:84131828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.176.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268727/; classtype:trojan-activity;sid:84131827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.105.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268726/; classtype:trojan-activity;sid:84131826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"hmb.range.cccinvolve.org"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268725/; classtype:trojan-activity;sid:84131825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"gcm.range.cccinvolve.org"; depth:24; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268724/; classtype:trojan-activity;sid:84131824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.168.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268723/; classtype:trojan-activity;sid:84131823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.166.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268722/; classtype:trojan-activity;sid:84131822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.85.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268720/; classtype:trojan-activity;sid:84131820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.14.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268721/; classtype:trojan-activity;sid:84131821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.212.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268719/; classtype:trojan-activity;sid:84131819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268718/; classtype:trojan-activity;sid:84131818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.109.164.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268717/; classtype:trojan-activity;sid:84131817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.92.168.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268716/; classtype:trojan-activity;sid:84131816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268715/; classtype:trojan-activity;sid:84131815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.5.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268714/; classtype:trojan-activity;sid:84131814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.35.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268712/; classtype:trojan-activity;sid:84131812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.239.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268713/; classtype:trojan-activity;sid:84131813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.71.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268711/; classtype:trojan-activity;sid:84131811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.66.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268710/; classtype:trojan-activity;sid:84131810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.8.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268709/; classtype:trojan-activity;sid:84131809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.115.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268708/; classtype:trojan-activity;sid:84131808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.55.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268707/; classtype:trojan-activity;sid:84131807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.126.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268706/; classtype:trojan-activity;sid:84131806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.43.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268705/; classtype:trojan-activity;sid:84131805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.240.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268704/; classtype:trojan-activity;sid:84131804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.5.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268703/; classtype:trojan-activity;sid:84131803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.54.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268702/; classtype:trojan-activity;sid:84131802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.101.35.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268701/; classtype:trojan-activity;sid:84131801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.252.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268700/; classtype:trojan-activity;sid:84131800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268699/; classtype:trojan-activity;sid:84131799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.206.57.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268698/; classtype:trojan-activity;sid:84131798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.212.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268697/; classtype:trojan-activity;sid:84131797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.168.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268696/; classtype:trojan-activity;sid:84131796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268695/; classtype:trojan-activity;sid:84131795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268693/; classtype:trojan-activity;sid:84131793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm4"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268694/; classtype:trojan-activity;sid:84131794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268686/; classtype:trojan-activity;sid:84131786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268687/; classtype:trojan-activity;sid:84131787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/create.py"; depth:10; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268688/; classtype:trojan-activity;sid:84131788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268689/; classtype:trojan-activity;sid:84131789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268690/; classtype:trojan-activity;sid:84131790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268691/; classtype:trojan-activity;sid:84131791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268692/; classtype:trojan-activity;sid:84131792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asd"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268678/; classtype:trojan-activity;sid:84131778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268679/; classtype:trojan-activity;sid:84131779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wg.sh"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268680/; classtype:trojan-activity;sid:84131780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268681/; classtype:trojan-activity;sid:84131781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268682/; classtype:trojan-activity;sid:84131782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268683/; classtype:trojan-activity;sid:84131783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268684/; classtype:trojan-activity;sid:84131784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268685/; classtype:trojan-activity;sid:84131785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268673/; classtype:trojan-activity;sid:84131773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268674/; classtype:trojan-activity;sid:84131774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268675/; classtype:trojan-activity;sid:84131775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268676/; classtype:trojan-activity;sid:84131776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268677/; classtype:trojan-activity;sid:84131777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268671/; classtype:trojan-activity;sid:84131771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268672/; classtype:trojan-activity;sid:84131772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268667/; classtype:trojan-activity;sid:84131767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mag"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268668/; classtype:trojan-activity;sid:84131768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268669/; classtype:trojan-activity;sid:84131769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmr"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268670/; classtype:trojan-activity;sid:84131770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5"; depth:3; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268642/; classtype:trojan-activity;sid:84131742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz"; depth:3; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268643/; classtype:trojan-activity;sid:84131743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268644/; classtype:trojan-activity;sid:84131744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268645/; classtype:trojan-activity;sid:84131745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268646/; classtype:trojan-activity;sid:84131746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268647/; classtype:trojan-activity;sid:84131747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268648/; classtype:trojan-activity;sid:84131748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdt"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268649/; classtype:trojan-activity;sid:84131749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268650/; classtype:trojan-activity;sid:84131750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268651/; classtype:trojan-activity;sid:84131751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268652/; classtype:trojan-activity;sid:84131752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc"; depth:3; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268653/; classtype:trojan-activity;sid:84131753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268654/; classtype:trojan-activity;sid:84131754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268655/; classtype:trojan-activity;sid:84131755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm6"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268656/; classtype:trojan-activity;sid:84131756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268657/; classtype:trojan-activity;sid:84131757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boatnet.mpsl"; depth:13; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268658/; classtype:trojan-activity;sid:84131758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wag"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268659/; classtype:trojan-activity;sid:84131759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm5"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268660/; classtype:trojan-activity;sid:84131760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmips"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268661/; classtype:trojan-activity;sid:84131761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268662/; classtype:trojan-activity;sid:84131762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268663/; classtype:trojan-activity;sid:84131763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268664/; classtype:trojan-activity;sid:84131764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268665/; classtype:trojan-activity;sid:84131765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268666/; classtype:trojan-activity;sid:84131766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268632/; classtype:trojan-activity;sid:84131732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268633/; classtype:trojan-activity;sid:84131733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268634/; classtype:trojan-activity;sid:84131734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268635/; classtype:trojan-activity;sid:84131735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268636/; classtype:trojan-activity;sid:84131736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268637/; classtype:trojan-activity;sid:84131737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268638/; classtype:trojan-activity;sid:84131738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268639/; classtype:trojan-activity;sid:84131739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268640/; classtype:trojan-activity;sid:84131740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268641/; classtype:trojan-activity;sid:84131741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268631/; classtype:trojan-activity;sid:84131731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.85.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268630/; classtype:trojan-activity;sid:84131730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.108.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268629/; classtype:trojan-activity;sid:84131729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.239.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268628/; classtype:trojan-activity;sid:84131728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/segura.vbs"; depth:11; endswith; nocase; http.host; content:"152.204.165.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268627/; classtype:trojan-activity;sid:84131727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268626/; classtype:trojan-activity;sid:84131726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.37.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268625/; classtype:trojan-activity;sid:84131725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.223.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268623/; classtype:trojan-activity;sid:84131723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.168.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268624/; classtype:trojan-activity;sid:84131724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.131.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268622/; classtype:trojan-activity;sid:84131722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.135.250.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268621/; classtype:trojan-activity;sid:84131721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.125.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268620/; classtype:trojan-activity;sid:84131720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268619/; classtype:trojan-activity;sid:84131719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.229.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268618/; classtype:trojan-activity;sid:84131718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.108.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268617/; classtype:trojan-activity;sid:84131717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.8.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268616/; classtype:trojan-activity;sid:84131716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.1.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3268615/; classtype:trojan-activity;sid:84131715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.55.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268614/; classtype:trojan-activity;sid:84131714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.16.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268613/; classtype:trojan-activity;sid:84131713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.115.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268612/; classtype:trojan-activity;sid:84131712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.114.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268611/; classtype:trojan-activity;sid:84131711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.171.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268610/; classtype:trojan-activity;sid:84131710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.208.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268609/; classtype:trojan-activity;sid:84131709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.243.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268608/; classtype:trojan-activity;sid:84131708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asegurar.vbs"; depth:13; endswith; nocase; http.host; content:"152.204.165.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268606/; classtype:trojan-activity;sid:84131706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpdw-constraints111111111111111.vbs"; depth:36; endswith; nocase; http.host; content:"152.204.165.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268605/; classtype:trojan-activity;sid:84131705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.161.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268604/; classtype:trojan-activity;sid:84131704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.14.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268603/; classtype:trojan-activity;sid:84131703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.42.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268601/; classtype:trojan-activity;sid:84131701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.27.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268602/; classtype:trojan-activity;sid:84131702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.159.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268600/; classtype:trojan-activity;sid:84131700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268599/; classtype:trojan-activity;sid:84131699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.ppc"; depth:16; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268598/; classtype:trojan-activity;sid:84131698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268597/; classtype:trojan-activity;sid:84131697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.arm4"; depth:17; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268596/; classtype:trojan-activity;sid:84131696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.127.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268595/; classtype:trojan-activity;sid:84131695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.mips"; depth:17; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268594/; classtype:trojan-activity;sid:84131694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.40.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268593/; classtype:trojan-activity;sid:84131693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.arm5"; depth:17; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268591/; classtype:trojan-activity;sid:84131691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.x86"; depth:16; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268592/; classtype:trojan-activity;sid:84131692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.sh"; depth:15; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268588/; classtype:trojan-activity;sid:84131688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.arm6"; depth:17; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268589/; classtype:trojan-activity;sid:84131689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shngijernbh.mpsl"; depth:17; endswith; nocase; http.host; content:"143.47.38.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268590/; classtype:trojan-activity;sid:84131690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.0.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268587/; classtype:trojan-activity;sid:84131687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268586/; classtype:trojan-activity;sid:84131686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.127.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268585/; classtype:trojan-activity;sid:84131685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268584/; classtype:trojan-activity;sid:84131684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.195.81.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268583/; classtype:trojan-activity;sid:84131683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.108.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268582/; classtype:trojan-activity;sid:84131682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.236.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268581/; classtype:trojan-activity;sid:84131681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268580/; classtype:trojan-activity;sid:84131680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.208.63.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268579/; classtype:trojan-activity;sid:84131679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.4.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268578/; classtype:trojan-activity;sid:84131678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.27.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268577/; classtype:trojan-activity;sid:84131677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.108.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268576/; classtype:trojan-activity;sid:84131676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.100.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268575/; classtype:trojan-activity;sid:84131675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.119.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268574/; classtype:trojan-activity;sid:84131674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.243.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268573/; classtype:trojan-activity;sid:84131673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.91.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268572/; classtype:trojan-activity;sid:84131672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.17.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268571/; classtype:trojan-activity;sid:84131671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.128.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268570/; classtype:trojan-activity;sid:84131670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skm09--pdf01.lnk"; depth:17; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268568/; classtype:trojan-activity;sid:84131668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invoice_6546.lnk"; depth:17; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268569/; classtype:trojan-activity;sid:84131669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.86.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268567/; classtype:trojan-activity;sid:84131667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.162.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268566/; classtype:trojan-activity;sid:84131666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bas.bat"; depth:8; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268564/; classtype:trojan-activity;sid:84131664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wad.bat"; depth:8; endswith; nocase; http.host; content:"62.146.227.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268563/; classtype:trojan-activity;sid:84131663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.191.189.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268562/; classtype:trojan-activity;sid:84131662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.10.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268561/; classtype:trojan-activity;sid:84131661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.236.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268560/; classtype:trojan-activity;sid:84131660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.121.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268559/; classtype:trojan-activity;sid:84131659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.51.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268558/; classtype:trojan-activity;sid:84131658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268557/; classtype:trojan-activity;sid:84131657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.42.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268556/; classtype:trojan-activity;sid:84131656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.136.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268555/; classtype:trojan-activity;sid:84131655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.236.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268554/; classtype:trojan-activity;sid:84131654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.222.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268553/; classtype:trojan-activity;sid:84131653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.104.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268552/; classtype:trojan-activity;sid:84131652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.136.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268551/; classtype:trojan-activity;sid:84131651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268550/; classtype:trojan-activity;sid:84131650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.253.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268549/; classtype:trojan-activity;sid:84131649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.92.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268548/; classtype:trojan-activity;sid:84131648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.90.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268547/; classtype:trojan-activity;sid:84131647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.100.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268546/; classtype:trojan-activity;sid:84131646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.41.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268545/; classtype:trojan-activity;sid:84131645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.62.52.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268543/; classtype:trojan-activity;sid:84131643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.91.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268544/; classtype:trojan-activity;sid:84131644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.30.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268542/; classtype:trojan-activity;sid:84131642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.208.63.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268541/; classtype:trojan-activity;sid:84131641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.13.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268540/; classtype:trojan-activity;sid:84131640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.154.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268539/; classtype:trojan-activity;sid:84131639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.191.189.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268538/; classtype:trojan-activity;sid:84131638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.220.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268537/; classtype:trojan-activity;sid:84131637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.109.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268536/; classtype:trojan-activity;sid:84131636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.136.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268535/; classtype:trojan-activity;sid:84131635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.249.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268534/; classtype:trojan-activity;sid:84131634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.222.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268533/; classtype:trojan-activity;sid:84131633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.80.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268532/; classtype:trojan-activity;sid:84131632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.66.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268531/; classtype:trojan-activity;sid:84131631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.80.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268530/; classtype:trojan-activity;sid:84131630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.190.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268529/; classtype:trojan-activity;sid:84131629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268528/; classtype:trojan-activity;sid:84131628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.218.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268527/; classtype:trojan-activity;sid:84131627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.50.70.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268526/; classtype:trojan-activity;sid:84131626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.185.140.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268525/; classtype:trojan-activity;sid:84131625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.8.12"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268523/; classtype:trojan-activity;sid:84131623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.253.55.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268524/; classtype:trojan-activity;sid:84131624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.168.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268522/; classtype:trojan-activity;sid:84131622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.85.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268519/; classtype:trojan-activity;sid:84131619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.31.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268520/; classtype:trojan-activity;sid:84131620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.62.79.230"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268521/; classtype:trojan-activity;sid:84131621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.241.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268518/; classtype:trojan-activity;sid:84131618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268517/; classtype:trojan-activity;sid:84131617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.197.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268516/; classtype:trojan-activity;sid:84131616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.220.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268515/; classtype:trojan-activity;sid:84131615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268514/; classtype:trojan-activity;sid:84131614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268513/; classtype:trojan-activity;sid:84131613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268512/; classtype:trojan-activity;sid:84131612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.93.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268511/; classtype:trojan-activity;sid:84131611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.230.95.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268510/; classtype:trojan-activity;sid:84131610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.190.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268509/; classtype:trojan-activity;sid:84131609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.145.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268508/; classtype:trojan-activity;sid:84131608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.177.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268507/; classtype:trojan-activity;sid:84131607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.223.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268506/; classtype:trojan-activity;sid:84131606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.8.12"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268505/; classtype:trojan-activity;sid:84131605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.212.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268504/; classtype:trojan-activity;sid:84131604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.43.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268503/; classtype:trojan-activity;sid:84131603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.184.62.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268502/; classtype:trojan-activity;sid:84131602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.110.147.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268501/; classtype:trojan-activity;sid:84131601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.151.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268500/; classtype:trojan-activity;sid:84131600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.7.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268499/; classtype:trojan-activity;sid:84131599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268498/; classtype:trojan-activity;sid:84131598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.93.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268497/; classtype:trojan-activity;sid:84131597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268496/; classtype:trojan-activity;sid:84131596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.223.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268495/; classtype:trojan-activity;sid:84131595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.113.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268494/; classtype:trojan-activity;sid:84131594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.252.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268493/; classtype:trojan-activity;sid:84131593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.90.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268492/; classtype:trojan-activity;sid:84131592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.81.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268491/; classtype:trojan-activity;sid:84131591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.106.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268490/; classtype:trojan-activity;sid:84131590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.55.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268489/; classtype:trojan-activity;sid:84131589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/americ_test.exe"; depth:19; endswith; nocase; http.host; content:"185.208.156.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268488/; classtype:trojan-activity;sid:84131588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.49.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268487/; classtype:trojan-activity;sid:84131587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.151.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268486/; classtype:trojan-activity;sid:84131586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268485/; classtype:trojan-activity;sid:84131585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.226.192.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268484/; classtype:trojan-activity;sid:84131584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268483/; classtype:trojan-activity;sid:84131583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.214.109.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268481/; classtype:trojan-activity;sid:84131581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.43.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268482/; classtype:trojan-activity;sid:84131582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.23.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268480/; classtype:trojan-activity;sid:84131580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.162.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268479/; classtype:trojan-activity;sid:84131579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.53.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268478/; classtype:trojan-activity;sid:84131578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.141.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268477/; classtype:trojan-activity;sid:84131577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268476/; classtype:trojan-activity;sid:84131576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.186.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268475/; classtype:trojan-activity;sid:84131575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.7.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268474/; classtype:trojan-activity;sid:84131574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.93.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268473/; classtype:trojan-activity;sid:84131573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.207.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268472/; classtype:trojan-activity;sid:84131572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268471/; classtype:trojan-activity;sid:84131571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.108.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268470/; classtype:trojan-activity;sid:84131570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.41.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268469/; classtype:trojan-activity;sid:84131569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.99.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268468/; classtype:trojan-activity;sid:84131568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.162.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268467/; classtype:trojan-activity;sid:84131567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.81.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268466/; classtype:trojan-activity;sid:84131566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.160.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268465/; classtype:trojan-activity;sid:84131565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.126.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268464/; classtype:trojan-activity;sid:84131564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.157.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268463/; classtype:trojan-activity;sid:84131563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.49.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268462/; classtype:trojan-activity;sid:84131562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.112.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268461/; classtype:trojan-activity;sid:84131561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268460/; classtype:trojan-activity;sid:84131560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic2.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268459/; classtype:trojan-activity;sid:84131559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic1.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268458/; classtype:trojan-activity;sid:84131558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic8.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268457/; classtype:trojan-activity;sid:84131557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic7.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268455/; classtype:trojan-activity;sid:84131555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic5.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268456/; classtype:trojan-activity;sid:84131556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic4.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268452/; classtype:trojan-activity;sid:84131552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic6.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268453/; classtype:trojan-activity;sid:84131553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/good.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268454/; classtype:trojan-activity;sid:84131554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic3.jpg"; depth:27; endswith; nocase; http.host; content:"idealnauticare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268451/; classtype:trojan-activity;sid:84131551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268450/; classtype:trojan-activity;sid:84131550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.181.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268449/; classtype:trojan-activity;sid:84131549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268448/; classtype:trojan-activity;sid:84131548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.27.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268447/; classtype:trojan-activity;sid:84131547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbjc3fkse/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"154.216.18.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268446/; classtype:trojan-activity;sid:84131546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbjc3fkse/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"154.216.18.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268445/; classtype:trojan-activity;sid:84131545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.203.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268444/; classtype:trojan-activity;sid:84131544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.31.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268443/; classtype:trojan-activity;sid:84131543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.222.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268441/; classtype:trojan-activity;sid:84131541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.50.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268442/; classtype:trojan-activity;sid:84131542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.41.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268440/; classtype:trojan-activity;sid:84131540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8bddsv3dk2ff/plugins/cred64.dll"; depth:32; endswith; nocase; http.host; content:"152.89.198.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268439/; classtype:trojan-activity;sid:84131539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.50.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268438/; classtype:trojan-activity;sid:84131538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plqvfd4d5/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"em3r30.updateexpert.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268437/; classtype:trojan-activity;sid:84131537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/str.exe"; depth:8; endswith; nocase; http.host; content:"sosipisos.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268435/; classtype:trojan-activity;sid:84131535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.13.35.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268436/; classtype:trojan-activity;sid:84131536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8bddsv3dk2ff/plugins/clip.dll"; depth:30; endswith; nocase; http.host; content:"152.89.198.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268432/; classtype:trojan-activity;sid:84131532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ndshog3cwa/plugins/clip64.dll"; depth:31; endswith; nocase; http.host; content:"45.93.20.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268433/; classtype:trojan-activity;sid:84131533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ndshog3cwa/plugins/cred64.dll"; depth:31; endswith; nocase; http.host; content:"45.93.20.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268434/; classtype:trojan-activity;sid:84131534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper.zip"; depth:12; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268429/; classtype:trojan-activity;sid:84131529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8bddsv3dk2ff/plugins/cred.dll"; depth:30; endswith; nocase; http.host; content:"152.89.198.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268430/; classtype:trojan-activity;sid:84131530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8bddsv3dk2ff/plugins/clip64.dll"; depth:32; endswith; nocase; http.host; content:"152.89.198.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268431/; classtype:trojan-activity;sid:84131531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.19.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268428/; classtype:trojan-activity;sid:84131528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.108.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268427/; classtype:trojan-activity;sid:84131527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268426/; classtype:trojan-activity;sid:84131526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.153.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268425/; classtype:trojan-activity;sid:84131525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.22.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268424/; classtype:trojan-activity;sid:84131524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.192.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268422/; classtype:trojan-activity;sid:84131522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.238.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268423/; classtype:trojan-activity;sid:84131523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.112.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268421/; classtype:trojan-activity;sid:84131521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.114.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268420/; classtype:trojan-activity;sid:84131520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.80.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268419/; classtype:trojan-activity;sid:84131519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.141.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268418/; classtype:trojan-activity;sid:84131518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.196.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268417/; classtype:trojan-activity;sid:84131517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.125.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268416/; classtype:trojan-activity;sid:84131516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268415/; classtype:trojan-activity;sid:84131515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.181.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268414/; classtype:trojan-activity;sid:84131514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/buildfi.exe"; depth:15; endswith; nocase; http.host; content:"185.208.156.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268413/; classtype:trojan-activity;sid:84131513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/buildfinal.exe"; depth:18; endswith; nocase; http.host; content:"185.208.156.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268412/; classtype:trojan-activity;sid:84131512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.86.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268411/; classtype:trojan-activity;sid:84131511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268410/; classtype:trojan-activity;sid:84131510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.73.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268409/; classtype:trojan-activity;sid:84131509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.45.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268408/; classtype:trojan-activity;sid:84131508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.215.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268407/; classtype:trojan-activity;sid:84131507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.50.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268406/; classtype:trojan-activity;sid:84131506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.238.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268405/; classtype:trojan-activity;sid:84131505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.124.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268404/; classtype:trojan-activity;sid:84131504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.220.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268402/; classtype:trojan-activity;sid:84131502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.209.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268403/; classtype:trojan-activity;sid:84131503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.21.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268401/; classtype:trojan-activity;sid:84131501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.114.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268400/; classtype:trojan-activity;sid:84131500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.129.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268399/; classtype:trojan-activity;sid:84131499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268398/; classtype:trojan-activity;sid:84131498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.88.7.206"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268397/; classtype:trojan-activity;sid:84131497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.172.8.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268396/; classtype:trojan-activity;sid:84131496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.191.189.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268395/; classtype:trojan-activity;sid:84131495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.180.71.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268394/; classtype:trojan-activity;sid:84131494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.139.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268393/; classtype:trojan-activity;sid:84131493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.11.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268392/; classtype:trojan-activity;sid:84131492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.44.216.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268391/; classtype:trojan-activity;sid:84131491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268390/; classtype:trojan-activity;sid:84131490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.67.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268386/; classtype:trojan-activity;sid:84131486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/gb/greatthingswithmegoods.hta"; depth:33; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268387/; classtype:trojan-activity;sid:84131487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.245.60.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268388/; classtype:trojan-activity;sid:84131488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/wrrfgdrd.txt"; depth:16; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268389/; classtype:trojan-activity;sid:84131489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cummmconstraints.vbs"; depth:21; endswith; nocase; http.host; content:"45.149.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268385/; classtype:trojan-activity;sid:84131485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.166.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268384/; classtype:trojan-activity;sid:84131484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dududududud.txt"; depth:16; endswith; nocase; http.host; content:"45.149.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268383/; classtype:trojan-activity;sid:84131483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/nc/createbestthingswithmegoodthingswithgoodthings.hta"; depth:57; endswith; nocase; http.host; content:"66.42.65.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268373/; classtype:trojan-activity;sid:84131473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/wrrfdvc.txt"; depth:15; endswith; nocase; http.host; content:"66.42.65.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268371/; classtype:trojan-activity;sid:84131471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/picturewithgreatthingstogetmebackwithentirethings.tif"; depth:57; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268372/; classtype:trojan-activity;sid:84131472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/picturewithgreatthingsgoodideaplanningfor.tif"; depth:50; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268368/; classtype:trojan-activity;sid:84131468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.96.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268369/; classtype:trojan-activity;sid:84131469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/picturewithgreatthingswithnewthingswithmesee.tif"; depth:52; endswith; nocase; http.host; content:"66.42.65.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268370/; classtype:trojan-activity;sid:84131470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65/hb/creatednewthingsformee.hta"; depth:33; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268362/; classtype:trojan-activity;sid:84131462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/llorg.txt"; depth:13; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268363/; classtype:trojan-activity;sid:84131463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/130/greenthingswithgreatnewsforgetmeback.hta"; depth:45; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268364/; classtype:trojan-activity;sid:84131464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65/smplllk.txt"; depth:15; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268365/; classtype:trojan-activity;sid:84131465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/drnnfd.txt"; depth:15; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268366/; classtype:trojan-activity;sid:84131466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120/bc/seethebestthingswithgreatthingshrewithme.hta"; depth:52; endswith; nocase; http.host; content:"107.175.130.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268367/; classtype:trojan-activity;sid:84131467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.126.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268361/; classtype:trojan-activity;sid:84131461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/seemethebestthingswithgreatneedswithgoodformewith.tif"; depth:57; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268359/; classtype:trojan-activity;sid:84131459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65/seethebesthtingswithmewhichgivegreatoutputofmegood.tif"; depth:58; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268360/; classtype:trojan-activity;sid:84131460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpdw-constraints.vbs"; depth:21; endswith; nocase; http.host; content:"45.149.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268358/; classtype:trojan-activity;sid:84131458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.67.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268357/; classtype:trojan-activity;sid:84131457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.72.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268356/; classtype:trojan-activity;sid:84131456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.188.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268355/; classtype:trojan-activity;sid:84131455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.194.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268354/; classtype:trojan-activity;sid:84131454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268353/; classtype:trojan-activity;sid:84131453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.227.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268352/; classtype:trojan-activity;sid:84131452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/schweppesoo.exe"; depth:19; endswith; nocase; http.host; content:"185.208.156.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268351/; classtype:trojan-activity;sid:84131451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268350/; classtype:trojan-activity;sid:84131450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/koober.exe"; depth:14; endswith; nocase; http.host; content:"185.208.156.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268349/; classtype:trojan-activity;sid:84131449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.222.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268348/; classtype:trojan-activity;sid:84131448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.40.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268347/; classtype:trojan-activity;sid:84131447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tura/norm.exe"; depth:14; endswith; nocase; http.host; content:"31.41.244.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268346/; classtype:trojan-activity;sid:84131446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.198.186.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268345/; classtype:trojan-activity;sid:84131445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268344/; classtype:trojan-activity;sid:84131444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.251.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268343/; classtype:trojan-activity;sid:84131443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268342/; classtype:trojan-activity;sid:84131442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.3.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268341/; classtype:trojan-activity;sid:84131441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.213.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268340/; classtype:trojan-activity;sid:84131440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.86.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268339/; classtype:trojan-activity;sid:84131439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"huwst.range.cccinvolve.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268337/; classtype:trojan-activity;sid:84131437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268338/; classtype:trojan-activity;sid:84131438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.194.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268336/; classtype:trojan-activity;sid:84131436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268335/; classtype:trojan-activity;sid:84131435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.68.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268334/; classtype:trojan-activity;sid:84131434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.13.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268333/; classtype:trojan-activity;sid:84131433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.49.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268332/; classtype:trojan-activity;sid:84131432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268331/; classtype:trojan-activity;sid:84131431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.12.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268329/; classtype:trojan-activity;sid:84131429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.123.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268330/; classtype:trojan-activity;sid:84131430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.245.60.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268328/; classtype:trojan-activity;sid:84131428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.122.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268327/; classtype:trojan-activity;sid:84131427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.40.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268326/; classtype:trojan-activity;sid:84131426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.223.34.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268325/; classtype:trojan-activity;sid:84131425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268317/; classtype:trojan-activity;sid:84131417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268318/; classtype:trojan-activity;sid:84131418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268319/; classtype:trojan-activity;sid:84131419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268320/; classtype:trojan-activity;sid:84131420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268321/; classtype:trojan-activity;sid:84131421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268322/; classtype:trojan-activity;sid:84131422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268323/; classtype:trojan-activity;sid:84131423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268324/; classtype:trojan-activity;sid:84131424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268307/; classtype:trojan-activity;sid:84131407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268308/; classtype:trojan-activity;sid:84131408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268309/; classtype:trojan-activity;sid:84131409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268310/; classtype:trojan-activity;sid:84131410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268311/; classtype:trojan-activity;sid:84131411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268312/; classtype:trojan-activity;sid:84131412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268313/; classtype:trojan-activity;sid:84131413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268314/; classtype:trojan-activity;sid:84131414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268304/; classtype:trojan-activity;sid:84131404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268305/; classtype:trojan-activity;sid:84131405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268306/; classtype:trojan-activity;sid:84131406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268303/; classtype:trojan-activity;sid:84131403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268296/; classtype:trojan-activity;sid:84131396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268297/; classtype:trojan-activity;sid:84131397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268298/; classtype:trojan-activity;sid:84131398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268299/; classtype:trojan-activity;sid:84131399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268300/; classtype:trojan-activity;sid:84131400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268301/; classtype:trojan-activity;sid:84131401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"www.tigervip.vip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268302/; classtype:trojan-activity;sid:84131402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"tigervip.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268295/; classtype:trojan-activity;sid:84131395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.55.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268294/; classtype:trojan-activity;sid:84131394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.27.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268293/; classtype:trojan-activity;sid:84131393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.160.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268292/; classtype:trojan-activity;sid:84131392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268291/; classtype:trojan-activity;sid:84131391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.213.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268290/; classtype:trojan-activity;sid:84131390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.68.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268289/; classtype:trojan-activity;sid:84131389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.13.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268288/; classtype:trojan-activity;sid:84131388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.250.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268287/; classtype:trojan-activity;sid:84131387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.54.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268286/; classtype:trojan-activity;sid:84131386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268284/; classtype:trojan-activity;sid:84131384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268285/; classtype:trojan-activity;sid:84131385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268281/; classtype:trojan-activity;sid:84131381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268282/; classtype:trojan-activity;sid:84131382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268283/; classtype:trojan-activity;sid:84131383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268280/; classtype:trojan-activity;sid:84131380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268277/; classtype:trojan-activity;sid:84131377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268278/; classtype:trojan-activity;sid:84131378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268279/; classtype:trojan-activity;sid:84131379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268272/; classtype:trojan-activity;sid:84131372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268273/; classtype:trojan-activity;sid:84131373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268274/; classtype:trojan-activity;sid:84131374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268275/; classtype:trojan-activity;sid:84131375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"37.221.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268276/; classtype:trojan-activity;sid:84131376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.2.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268271/; classtype:trojan-activity;sid:84131371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.140.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268270/; classtype:trojan-activity;sid:84131370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.182.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268269/; classtype:trojan-activity;sid:84131369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.102.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268268/; classtype:trojan-activity;sid:84131368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.173.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268265/; classtype:trojan-activity;sid:84131365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.217.120.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268266/; classtype:trojan-activity;sid:84131366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.51.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268267/; classtype:trojan-activity;sid:84131367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.235.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268264/; classtype:trojan-activity;sid:84131364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.25.233.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268263/; classtype:trojan-activity;sid:84131363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.23.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268262/; classtype:trojan-activity;sid:84131362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268261/; classtype:trojan-activity;sid:84131361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.142.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268260/; classtype:trojan-activity;sid:84131360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.183.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268259/; classtype:trojan-activity;sid:84131359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.250.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268258/; classtype:trojan-activity;sid:84131358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.214.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268257/; classtype:trojan-activity;sid:84131357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.156.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268256/; classtype:trojan-activity;sid:84131356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.223.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268255/; classtype:trojan-activity;sid:84131355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.104.208.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268254/; classtype:trojan-activity;sid:84131354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.89.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268253/; classtype:trojan-activity;sid:84131353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.218.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268252/; classtype:trojan-activity;sid:84131352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.118.160.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268250/; classtype:trojan-activity;sid:84131350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268251/; classtype:trojan-activity;sid:84131351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.81.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268249/; classtype:trojan-activity;sid:84131349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.118.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268248/; classtype:trojan-activity;sid:84131348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.14.78.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268247/; classtype:trojan-activity;sid:84131347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268246/; classtype:trojan-activity;sid:84131346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.128.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268243/; classtype:trojan-activity;sid:84131343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.106.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268244/; classtype:trojan-activity;sid:84131344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.140.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268245/; classtype:trojan-activity;sid:84131345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"162.219.216.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268242/; classtype:trojan-activity;sid:84131342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.189.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268241/; classtype:trojan-activity;sid:84131341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.173.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268239/; classtype:trojan-activity;sid:84131339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.5.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268240/; classtype:trojan-activity;sid:84131340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.51.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268238/; classtype:trojan-activity;sid:84131338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.173.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268237/; classtype:trojan-activity;sid:84131337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.160.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268235/; classtype:trojan-activity;sid:84131335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.13.35.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268236/; classtype:trojan-activity;sid:84131336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.222.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268234/; classtype:trojan-activity;sid:84131334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.156.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268233/; classtype:trojan-activity;sid:84131333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.227.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268232/; classtype:trojan-activity;sid:84131332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.29.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268231/; classtype:trojan-activity;sid:84131331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.218.41.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268230/; classtype:trojan-activity;sid:84131330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.46.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268229/; classtype:trojan-activity;sid:84131329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.160.244.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268228/; classtype:trojan-activity;sid:84131328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.97.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268227/; classtype:trojan-activity;sid:84131327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.61.181.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268226/; classtype:trojan-activity;sid:84131326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.231.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268225/; classtype:trojan-activity;sid:84131325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268224/; classtype:trojan-activity;sid:84131324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.193.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268223/; classtype:trojan-activity;sid:84131323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.122.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268222/; classtype:trojan-activity;sid:84131322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268221/; classtype:trojan-activity;sid:84131321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268220/; classtype:trojan-activity;sid:84131320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268219/; classtype:trojan-activity;sid:84131319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adjunts/chrome_131.exe"; depth:23; endswith; nocase; http.host; content:"osteo9.esalnuvol.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268218/; classtype:trojan-activity;sid:84131318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.222.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268217/; classtype:trojan-activity;sid:84131317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.0.205"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268216/; classtype:trojan-activity;sid:84131316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.220.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268215/; classtype:trojan-activity;sid:84131315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.61.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268214/; classtype:trojan-activity;sid:84131314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.228.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268213/; classtype:trojan-activity;sid:84131313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.232.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268212/; classtype:trojan-activity;sid:84131312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268211/; classtype:trojan-activity;sid:84131311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268210/; classtype:trojan-activity;sid:84131310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.46.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268209/; classtype:trojan-activity;sid:84131309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.29.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268208/; classtype:trojan-activity;sid:84131308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268207/; classtype:trojan-activity;sid:84131307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.216.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268206/; classtype:trojan-activity;sid:84131306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.13.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268205/; classtype:trojan-activity;sid:84131305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.176.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268204/; classtype:trojan-activity;sid:84131304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.128.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268203/; classtype:trojan-activity;sid:84131303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.0.205"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268202/; classtype:trojan-activity;sid:84131302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.232.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268201/; classtype:trojan-activity;sid:84131301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.61.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268200/; classtype:trojan-activity;sid:84131300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268199/; classtype:trojan-activity;sid:84131299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.225.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268198/; classtype:trojan-activity;sid:84131298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.210.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268197/; classtype:trojan-activity;sid:84131297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.9.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268196/; classtype:trojan-activity;sid:84131296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.228.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268195/; classtype:trojan-activity;sid:84131295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"65.172.242.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268194/; classtype:trojan-activity;sid:84131294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.40.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268193/; classtype:trojan-activity;sid:84131293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268192/; classtype:trojan-activity;sid:84131292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.85.236.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268190/; classtype:trojan-activity;sid:84131290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.105.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268191/; classtype:trojan-activity;sid:84131291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.5.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268189/; classtype:trojan-activity;sid:84131289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.65.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268188/; classtype:trojan-activity;sid:84131288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.41.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268187/; classtype:trojan-activity;sid:84131287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268186/; classtype:trojan-activity;sid:84131286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268183/; classtype:trojan-activity;sid:84131283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268184/; classtype:trojan-activity;sid:84131284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268185/; classtype:trojan-activity;sid:84131285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.251.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268182/; classtype:trojan-activity;sid:84131282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/kjrhjijawdkrjhh.exe"; depth:26; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268181/; classtype:trojan-activity;sid:84131281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.8.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268180/; classtype:trojan-activity;sid:84131280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.23.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268179/; classtype:trojan-activity;sid:84131279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r/5tqze"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268177/; classtype:trojan-activity;sid:84131277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/uzzk4/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268178/; classtype:trojan-activity;sid:84131278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/ciunw"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268175/; classtype:trojan-activity;sid:84131275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/savyi"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268176/; classtype:trojan-activity;sid:84131276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.151.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268174/; classtype:trojan-activity;sid:84131274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.210.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268172/; classtype:trojan-activity;sid:84131272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.104.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268173/; classtype:trojan-activity;sid:84131273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.179.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268171/; classtype:trojan-activity;sid:84131271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.78.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268170/; classtype:trojan-activity;sid:84131270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.237.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268169/; classtype:trojan-activity;sid:84131269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.9.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268168/; classtype:trojan-activity;sid:84131268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.15.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268167/; classtype:trojan-activity;sid:84131267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.28.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268166/; classtype:trojan-activity;sid:84131266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.85.236.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268165/; classtype:trojan-activity;sid:84131265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.85.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268164/; classtype:trojan-activity;sid:84131264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.40.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268163/; classtype:trojan-activity;sid:84131263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.105.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268162/; classtype:trojan-activity;sid:84131262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.3.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268161/; classtype:trojan-activity;sid:84131261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.165.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268160/; classtype:trojan-activity;sid:84131260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268159/; classtype:trojan-activity;sid:84131259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268158/; classtype:trojan-activity;sid:84131258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.178.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268157/; classtype:trojan-activity;sid:84131257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.195.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268156/; classtype:trojan-activity;sid:84131256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.45.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268154/; classtype:trojan-activity;sid:84131254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.175.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268155/; classtype:trojan-activity;sid:84131255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.19.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268153/; classtype:trojan-activity;sid:84131253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.216.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268152/; classtype:trojan-activity;sid:84131252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.237.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268151/; classtype:trojan-activity;sid:84131251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.193.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268150/; classtype:trojan-activity;sid:84131250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.7.102"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268149/; classtype:trojan-activity;sid:84131249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.177.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268147/; classtype:trojan-activity;sid:84131247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.221.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268148/; classtype:trojan-activity;sid:84131248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.43.36.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268146/; classtype:trojan-activity;sid:84131246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.28.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268145/; classtype:trojan-activity;sid:84131245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268144/; classtype:trojan-activity;sid:84131244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.143.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268143/; classtype:trojan-activity;sid:84131243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.139.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268142/; classtype:trojan-activity;sid:84131242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.3.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268141/; classtype:trojan-activity;sid:84131241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.6.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268140/; classtype:trojan-activity;sid:84131240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.32.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268139/; classtype:trojan-activity;sid:84131239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268138/; classtype:trojan-activity;sid:84131238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.211.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268137/; classtype:trojan-activity;sid:84131237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.29.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268136/; classtype:trojan-activity;sid:84131236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.76.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268133/; classtype:trojan-activity;sid:84131233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.68.34.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268134/; classtype:trojan-activity;sid:84131234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.164.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268132/; classtype:trojan-activity;sid:84131232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.19.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268131/; classtype:trojan-activity;sid:84131231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.36.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268130/; classtype:trojan-activity;sid:84131230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.139.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268129/; classtype:trojan-activity;sid:84131229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.144.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268128/; classtype:trojan-activity;sid:84131228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.3.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268127/; classtype:trojan-activity;sid:84131227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.9.94"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268126/; classtype:trojan-activity;sid:84131226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.5.235"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268125/; classtype:trojan-activity;sid:84131225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.45.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268124/; classtype:trojan-activity;sid:84131224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.99.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268123/; classtype:trojan-activity;sid:84131223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.90.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268122/; classtype:trojan-activity;sid:84131222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.32.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268121/; classtype:trojan-activity;sid:84131221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.250.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268120/; classtype:trojan-activity;sid:84131220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/classik.exe"; depth:12; endswith; nocase; http.host; content:"bethewinner.online"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268119/; classtype:trojan-activity;sid:84131219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268117/; classtype:trojan-activity;sid:84131217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.94.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268118/; classtype:trojan-activity;sid:84131218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.211.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268116/; classtype:trojan-activity;sid:84131216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.246.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268115/; classtype:trojan-activity;sid:84131215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.209.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268114/; classtype:trojan-activity;sid:84131214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268113/; classtype:trojan-activity;sid:84131213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.26.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268112/; classtype:trojan-activity;sid:84131212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.84.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268110/; classtype:trojan-activity;sid:84131210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.243.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268111/; classtype:trojan-activity;sid:84131211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.36.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268109/; classtype:trojan-activity;sid:84131209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.52.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268108/; classtype:trojan-activity;sid:84131208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.107.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268107/; classtype:trojan-activity;sid:84131207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268097/; classtype:trojan-activity;sid:84131197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268098/; classtype:trojan-activity;sid:84131198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268099/; classtype:trojan-activity;sid:84131199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268100/; classtype:trojan-activity;sid:84131200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268101/; classtype:trojan-activity;sid:84131201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268102/; classtype:trojan-activity;sid:84131202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268103/; classtype:trojan-activity;sid:84131203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268104/; classtype:trojan-activity;sid:84131204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268105/; classtype:trojan-activity;sid:84131205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268106/; classtype:trojan-activity;sid:84131206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"ddy333.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268096/; classtype:trojan-activity;sid:84131196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.109.203.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268095/; classtype:trojan-activity;sid:84131195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.19.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268093/; classtype:trojan-activity;sid:84131193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.17.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268094/; classtype:trojan-activity;sid:84131194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.193.47.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268092/; classtype:trojan-activity;sid:84131192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268091/; classtype:trojan-activity;sid:84131191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.43.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268090/; classtype:trojan-activity;sid:84131190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268083/; classtype:trojan-activity;sid:84131183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268084/; classtype:trojan-activity;sid:84131184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268085/; classtype:trojan-activity;sid:84131185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268086/; classtype:trojan-activity;sid:84131186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268087/; classtype:trojan-activity;sid:84131187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268088/; classtype:trojan-activity;sid:84131188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268089/; classtype:trojan-activity;sid:84131189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.112.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268082/; classtype:trojan-activity;sid:84131182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268080/; classtype:trojan-activity;sid:84131180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.193.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268081/; classtype:trojan-activity;sid:84131181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268071/; classtype:trojan-activity;sid:84131171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268072/; classtype:trojan-activity;sid:84131172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268073/; classtype:trojan-activity;sid:84131173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268074/; classtype:trojan-activity;sid:84131174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268075/; classtype:trojan-activity;sid:84131175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268076/; classtype:trojan-activity;sid:84131176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268077/; classtype:trojan-activity;sid:84131177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268078/; classtype:trojan-activity;sid:84131178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"38.242.197.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268079/; classtype:trojan-activity;sid:84131179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268068/; classtype:trojan-activity;sid:84131168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268069/; classtype:trojan-activity;sid:84131169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268070/; classtype:trojan-activity;sid:84131170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268066/; classtype:trojan-activity;sid:84131166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"27.100.39.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268067/; classtype:trojan-activity;sid:84131167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268065/; classtype:trojan-activity;sid:84131165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.246.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268064/; classtype:trojan-activity;sid:84131164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.90.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268063/; classtype:trojan-activity;sid:84131163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.210.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268061/; classtype:trojan-activity;sid:84131161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.115.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268062/; classtype:trojan-activity;sid:84131162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.209.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268060/; classtype:trojan-activity;sid:84131160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v10/ukyh.php|3f|jspo=35|7c|26|7c|xvgj=egh3cs56axa%3d"; depth:53; endswith; nocase; http.host; content:"178.215.224.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268058/; classtype:trojan-activity;sid:84131158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v10/ukyh.php|3f|jspo=35|7c|26|7c|xvgj=cxl1cc56axa%3d"; depth:53; endswith; nocase; http.host; content:"178.215.224.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268059/; classtype:trojan-activity;sid:84131159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.219.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268057/; classtype:trojan-activity;sid:84131157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268055/; classtype:trojan-activity;sid:84131155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.246.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268056/; classtype:trojan-activity;sid:84131156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268053/; classtype:trojan-activity;sid:84131153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.164.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268054/; classtype:trojan-activity;sid:84131154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.245.2.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268052/; classtype:trojan-activity;sid:84131152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268051/; classtype:trojan-activity;sid:84131151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.hta"; depth:6; endswith; nocase; http.host; content:"www.newshostingsupdate.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268047/; classtype:trojan-activity;sid:84131147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xc.exe"; depth:7; endswith; nocase; http.host; content:"45.200.148.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268048/; classtype:trojan-activity;sid:84131148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.hta"; depth:6; endswith; nocase; http.host; content:"www.newshostingsupdate.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268049/; classtype:trojan-activity;sid:84131149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.hta"; depth:6; endswith; nocase; http.host; content:"newshostingsupdate.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268050/; classtype:trojan-activity;sid:84131150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.hta"; depth:6; endswith; nocase; http.host; content:"newshostingsupdate.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268046/; classtype:trojan-activity;sid:84131146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.126.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268045/; classtype:trojan-activity;sid:84131145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome.zip"; depth:11; endswith; nocase; http.host; content:"31.214.157.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268044/; classtype:trojan-activity;sid:84131144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/calibre_installer.exe"; depth:27; endswith; nocase; http.host; content:"154.216.19.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268042/; classtype:trojan-activity;sid:84131142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgvnjgug_o0dafsov_uetbi6cn.txt"; depth:31; endswith; nocase; http.host; content:"31.214.157.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268043/; classtype:trojan-activity;sid:84131143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.112.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268041/; classtype:trojan-activity;sid:84131141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.52.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268040/; classtype:trojan-activity;sid:84131140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.10.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268039/; classtype:trojan-activity;sid:84131139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268038/; classtype:trojan-activity;sid:84131138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.37.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268036/; classtype:trojan-activity;sid:84131136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.30.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268037/; classtype:trojan-activity;sid:84131137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.186.52.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268034/; classtype:trojan-activity;sid:84131134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268035/; classtype:trojan-activity;sid:84131135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.31.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268033/; classtype:trojan-activity;sid:84131133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.165.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268032/; classtype:trojan-activity;sid:84131132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.32.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268031/; classtype:trojan-activity;sid:84131131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/mc2g1iv62ca2e4v66vz6c/fattura-202423277.zip|3f|rlkey=afbw5qnngt3xgewzlty72vur8|7c|26|7c|st=a4gllymm|7c|26|7c|dl=0"; depth:121; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268030/; classtype:trojan-activity;sid:84131130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/mc2g1iv62ca2e4v66vz6c/fattura-202423277.zip|3f|rlkey=afbw5qnngt3xgewzlty72vur8|7c|26|7c|st=a4gllymm|7c|26|7c|dl=0"; depth:121; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268029/; classtype:trojan-activity;sid:84131129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/electrum-bch-4.2.8.exe"; depth:32; endswith; nocase; http.host; content:"bch-electrum.org"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268028/; classtype:trojan-activity;sid:84131128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.9.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268026/; classtype:trojan-activity;sid:84131126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/date.exe"; depth:9; endswith; nocase; http.host; content:"potok.cash"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268025/; classtype:trojan-activity;sid:84131125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/123321.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268024/; classtype:trojan-activity;sid:84131124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuts.bat"; depth:9; endswith; nocase; http.host; content:"triangle-publications-tennessee-double.trycloudflare.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268023/; classtype:trojan-activity;sid:84131123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto.zip"; depth:9; endswith; nocase; http.host; content:"terrorists-cultures-wallpaper-tabs.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268022/; classtype:trojan-activity;sid:84131122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cam.zip"; depth:8; endswith; nocase; http.host; content:"terrorists-cultures-wallpaper-tabs.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268020/; classtype:trojan-activity;sid:84131120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bab.zip"; depth:8; endswith; nocase; http.host; content:"terrorists-cultures-wallpaper-tabs.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268021/; classtype:trojan-activity;sid:84131121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/dkm-019256pdf.lnk"; depth:21; endswith; nocase; http.host; content:"triangle-publications-tennessee-double.trycloudflare.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268019/; classtype:trojan-activity;sid:84131119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.bat"; depth:11; endswith; nocase; http.host; content:"terrorists-cultures-wallpaper-tabs.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268018/; classtype:trojan-activity;sid:84131118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/free_photoshop_download.exe"; depth:34; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268017/; classtype:trojan-activity;sid:84131117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.20.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268016/; classtype:trojan-activity;sid:84131116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.24.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268015/; classtype:trojan-activity;sid:84131115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268014/; classtype:trojan-activity;sid:84131114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/123vd.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268013/; classtype:trojan-activity;sid:84131113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/dsdpi.exe"; depth:19; endswith; nocase; http.host; content:"193.169.105.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268012/; classtype:trojan-activity;sid:84131112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268011/; classtype:trojan-activity;sid:84131111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268009/; classtype:trojan-activity;sid:84131109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268010/; classtype:trojan-activity;sid:84131110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268008/; classtype:trojan-activity;sid:84131108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268007/; classtype:trojan-activity;sid:84131107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268002/; classtype:trojan-activity;sid:84131102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268003/; classtype:trojan-activity;sid:84131103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268004/; classtype:trojan-activity;sid:84131104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268005/; classtype:trojan-activity;sid:84131105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.16.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268006/; classtype:trojan-activity;sid:84131106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268000/; classtype:trojan-activity;sid:84131100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268001/; classtype:trojan-activity;sid:84131101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267999/; classtype:trojan-activity;sid:84131099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67236827ce9fb/67236827ceb4d.vbs"; depth:32; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267998/; classtype:trojan-activity;sid:84131098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67236827ce9fb/67236827ceb48.vbs"; depth:32; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267996/; classtype:trojan-activity;sid:84131096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67236827ce9fb/%e2%9d%89ver%20cuenta%e2%9d%89_%e2%91%a4%e2%91%a6%e2%91%a6%e2%91%a3%e2%91%a3%e2%91%a6%e2%91%a1%e2%91%a3.zip"; depth:122; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267997/; classtype:trojan-activity;sid:84131097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67236827ce9fb/js/67236827ce96a.js"; depth:34; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267995/; classtype:trojan-activity;sid:84131095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloaded_6723661d0a6fd.zip"; depth:29; endswith; nocase; http.host; content:"endesa.click"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267994/; classtype:trojan-activity;sid:84131094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672365339188b/6723653391970.vbs"; depth:32; endswith; nocase; http.host; content:"endesa.click"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267992/; classtype:trojan-activity;sid:84131092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672365339188b/672365339196e.vbs"; depth:32; endswith; nocase; http.host; content:"endesa.click"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267991/; classtype:trojan-activity;sid:84131091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672365339188b/%e2%9d%89factura_%e2%9d%89_%e2%91%a2%e2%91%a5%e2%91%a0%e2%91%a3%e2%91%a3%e2%91%a0%e2%91%a2%e2%91%a1.zip"; depth:118; endswith; nocase; http.host; content:"endesa.click"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267990/; classtype:trojan-activity;sid:84131090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/672365339188b/js/6723653391837.js"; depth:34; endswith; nocase; http.host; content:"endesa.click"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267989/; classtype:trojan-activity;sid:84131089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.223.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267988/; classtype:trojan-activity;sid:84131088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.153.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267987/; classtype:trojan-activity;sid:84131087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.141.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267985/; classtype:trojan-activity;sid:84131085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6723637d10aa6/js/6723637d10a3e.js"; depth:34; endswith; nocase; http.host; content:"descargassdownloadmx.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267986/; classtype:trojan-activity;sid:84131086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.97.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267984/; classtype:trojan-activity;sid:84131084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6723637d10aa6/6723637d10bb3.vbs"; depth:32; endswith; nocase; http.host; content:"descargassdownloadmx.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267983/; classtype:trojan-activity;sid:84131083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.98.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267980/; classtype:trojan-activity;sid:84131080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6723637d10aa6/%e2%9d%89ver_archivo%e2%9d%89_%e2%91%a7%e2%91%a4%e2%91%a5%e2%91%a5%e2%91%a6%e2%91%a1%e2%91%a6%e2%91%a3.zip"; depth:121; endswith; nocase; http.host; content:"descargassdownloadmx.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267981/; classtype:trojan-activity;sid:84131081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver_archivo_6723637d1113d.zip"; depth:30; endswith; nocase; http.host; content:"descargassdownloadmx.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267982/; classtype:trojan-activity;sid:84131082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6723637d10aa6/6723637d10bb1.vbs"; depth:32; endswith; nocase; http.host; content:"descargassdownloadmx.pro"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267979/; classtype:trojan-activity;sid:84131079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.52.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267978/; classtype:trojan-activity;sid:84131078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.4.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267977/; classtype:trojan-activity;sid:84131077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.77.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267976/; classtype:trojan-activity;sid:84131076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.156.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267975/; classtype:trojan-activity;sid:84131075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.206.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267974/; classtype:trojan-activity;sid:84131074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.216.166.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267973/; classtype:trojan-activity;sid:84131073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/xnsjjxja.exe"; depth:18; endswith; nocase; http.host; content:"newvideo.link"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267972/; classtype:trojan-activity;sid:84131072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.253.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267971/; classtype:trojan-activity;sid:84131071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.98.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267970/; classtype:trojan-activity;sid:84131070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.26.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267969/; classtype:trojan-activity;sid:84131069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.76.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267968/; classtype:trojan-activity;sid:84131068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267967/; classtype:trojan-activity;sid:84131067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.97.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267966/; classtype:trojan-activity;sid:84131066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.118.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267965/; classtype:trojan-activity;sid:84131065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.89.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267964/; classtype:trojan-activity;sid:84131064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.193.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267963/; classtype:trojan-activity;sid:84131063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267962/; classtype:trojan-activity;sid:84131062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.54.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267961/; classtype:trojan-activity;sid:84131061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.40.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267960/; classtype:trojan-activity;sid:84131060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.25.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267959/; classtype:trojan-activity;sid:84131059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.249.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267957/; classtype:trojan-activity;sid:84131057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267958/; classtype:trojan-activity;sid:84131058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.141.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267956/; classtype:trojan-activity;sid:84131056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.216.166.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267955/; classtype:trojan-activity;sid:84131055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267949/; classtype:trojan-activity;sid:84131049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.89.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267950/; classtype:trojan-activity;sid:84131050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267951/; classtype:trojan-activity;sid:84131051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267952/; classtype:trojan-activity;sid:84131052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267953/; classtype:trojan-activity;sid:84131053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267954/; classtype:trojan-activity;sid:84131054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267948/; classtype:trojan-activity;sid:84131048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.229.168.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267947/; classtype:trojan-activity;sid:84131047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267946/; classtype:trojan-activity;sid:84131046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267945/; classtype:trojan-activity;sid:84131045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.49.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267944/; classtype:trojan-activity;sid:84131044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267943/; classtype:trojan-activity;sid:84131043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.83.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267942/; classtype:trojan-activity;sid:84131042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.172.57.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267941/; classtype:trojan-activity;sid:84131041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euiafs.exe"; depth:11; endswith; nocase; http.host; content:"62.60.157.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267940/; classtype:trojan-activity;sid:84131040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267939/; classtype:trojan-activity;sid:84131039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267937/; classtype:trojan-activity;sid:84131037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.11.88.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267938/; classtype:trojan-activity;sid:84131038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.arm7"; depth:15; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267936/; classtype:trojan-activity;sid:84131036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.232.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267935/; classtype:trojan-activity;sid:84131035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.mips"; depth:15; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267934/; classtype:trojan-activity;sid:84131034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.x86"; depth:14; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267929/; classtype:trojan-activity;sid:84131029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.i586"; depth:15; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267930/; classtype:trojan-activity;sid:84131030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.sh4"; depth:14; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267931/; classtype:trojan-activity;sid:84131031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.mpsl"; depth:15; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267932/; classtype:trojan-activity;sid:84131032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.9.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267933/; classtype:trojan-activity;sid:84131033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.76.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267928/; classtype:trojan-activity;sid:84131028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.40.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267927/; classtype:trojan-activity;sid:84131027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.m68k"; depth:15; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267924/; classtype:trojan-activity;sid:84131024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.arm6"; depth:15; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267925/; classtype:trojan-activity;sid:84131025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.88.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267926/; classtype:trojan-activity;sid:84131026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.97.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267923/; classtype:trojan-activity;sid:84131023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.ppc"; depth:14; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267922/; classtype:trojan-activity;sid:84131022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.x32"; depth:14; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267921/; classtype:trojan-activity;sid:84131021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.243.151.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267918/; classtype:trojan-activity;sid:84131018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.202.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267916/; classtype:trojan-activity;sid:84131016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.111.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267917/; classtype:trojan-activity;sid:84131017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.127.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267915/; classtype:trojan-activity;sid:84131015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyo2831qq.sh"; depth:13; endswith; nocase; http.host; content:"109.120.156.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267913/; classtype:trojan-activity;sid:84131013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.210.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267914/; classtype:trojan-activity;sid:84131014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.44.216.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267912/; classtype:trojan-activity;sid:84131012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.232.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267911/; classtype:trojan-activity;sid:84131011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.11.88.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267910/; classtype:trojan-activity;sid:84131010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.62.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267909/; classtype:trojan-activity;sid:84131009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.89.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267908/; classtype:trojan-activity;sid:84131008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267907/; classtype:trojan-activity;sid:84131007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.24.36.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267906/; classtype:trojan-activity;sid:84131006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.229.168.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267905/; classtype:trojan-activity;sid:84131005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267904/; classtype:trojan-activity;sid:84131004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.90.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267902/; classtype:trojan-activity;sid:84131002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.249.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267903/; classtype:trojan-activity;sid:84131003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.26.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267901/; classtype:trojan-activity;sid:84131001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.50.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267900/; classtype:trojan-activity;sid:84131000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.143.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267899/; classtype:trojan-activity;sid:84130999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.232.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267898/; classtype:trojan-activity;sid:84130998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download_672354c85284b.zip"; depth:27; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267897/; classtype:trojan-activity;sid:84130997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.43.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267896/; classtype:trojan-activity;sid:84130996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.92.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267895/; classtype:trojan-activity;sid:84130995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adsa.exe"; depth:9; endswith; nocase; http.host; content:"62.60.157.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267894/; classtype:trojan-activity;sid:84130994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.232.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267893/; classtype:trojan-activity;sid:84130993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//672350cabd2c8/672350cabd42b.vbs"; depth:33; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267891/; classtype:trojan-activity;sid:84130991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.97.145.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267892/; classtype:trojan-activity;sid:84130992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//672350cabd2c8/js/672350cabd242.js"; depth:35; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267889/; classtype:trojan-activity;sid:84130989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//672350cabd2c8/672350cabd427.vbs"; depth:33; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267890/; classtype:trojan-activity;sid:84130990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267888/; classtype:trojan-activity;sid:84130988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//672350cabd2c8/%e2%9d%89ver%20cuenta%e2%9d%89_%e2%91%a3%e2%91%a6%e2%91%a7%e2%91%a0%e2%91%a0%e2%91%a5%e2%91%a6%e2%91%a4.zip"; depth:123; endswith; nocase; http.host; content:"acess.mailcffemx.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267887/; classtype:trojan-activity;sid:84130987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267886/; classtype:trojan-activity;sid:84130986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.224.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267885/; classtype:trojan-activity;sid:84130985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.118.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267883/; classtype:trojan-activity;sid:84130983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.202.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267882/; classtype:trojan-activity;sid:84130982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.50.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267881/; classtype:trojan-activity;sid:84130981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.62.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267880/; classtype:trojan-activity;sid:84130980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.229.179.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267879/; classtype:trojan-activity;sid:84130979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267878/; classtype:trojan-activity;sid:84130978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.25.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267877/; classtype:trojan-activity;sid:84130977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.191.189.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267876/; classtype:trojan-activity;sid:84130976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.18.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267875/; classtype:trojan-activity;sid:84130975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.173.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267874/; classtype:trojan-activity;sid:84130974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.120.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267873/; classtype:trojan-activity;sid:84130973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.198.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267870/; classtype:trojan-activity;sid:84130970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.164.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267871/; classtype:trojan-activity;sid:84130971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.37.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267872/; classtype:trojan-activity;sid:84130972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.120.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267869/; classtype:trojan-activity;sid:84130969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.92.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267868/; classtype:trojan-activity;sid:84130968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pzqo/clientssss.exe"; depth:20; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267867/; classtype:trojan-activity;sid:84130967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.102.107.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267866/; classtype:trojan-activity;sid:84130966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.157.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267865/; classtype:trojan-activity;sid:84130965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.122.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267864/; classtype:trojan-activity;sid:84130964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.97.145.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267863/; classtype:trojan-activity;sid:84130963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.224.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267862/; classtype:trojan-activity;sid:84130962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.208.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267861/; classtype:trojan-activity;sid:84130961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267860/; classtype:trojan-activity;sid:84130960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.184.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267859/; classtype:trojan-activity;sid:84130959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.13.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267858/; classtype:trojan-activity;sid:84130958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.15.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267857/; classtype:trojan-activity;sid:84130957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.156.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267855/; classtype:trojan-activity;sid:84130955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.197.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267856/; classtype:trojan-activity;sid:84130956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.191.189.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267854/; classtype:trojan-activity;sid:84130954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.166.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267853/; classtype:trojan-activity;sid:84130953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.229.179.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267852/; classtype:trojan-activity;sid:84130952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.106.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267851/; classtype:trojan-activity;sid:84130951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.80.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267850/; classtype:trojan-activity;sid:84130950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.113.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267849/; classtype:trojan-activity;sid:84130949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.158.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267848/; classtype:trojan-activity;sid:84130948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.176.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267847/; classtype:trojan-activity;sid:84130947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.60.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267846/; classtype:trojan-activity;sid:84130946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.208.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267845/; classtype:trojan-activity;sid:84130945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267844/; classtype:trojan-activity;sid:84130944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.205.47.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267843/; classtype:trojan-activity;sid:84130943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267842/; classtype:trojan-activity;sid:84130942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.125.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267841/; classtype:trojan-activity;sid:84130941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.221.235.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267840/; classtype:trojan-activity;sid:84130940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.174.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267839/; classtype:trojan-activity;sid:84130939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.53.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267838/; classtype:trojan-activity;sid:84130938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.74.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267837/; classtype:trojan-activity;sid:84130937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.34.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267835/; classtype:trojan-activity;sid:84130935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.18.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267836/; classtype:trojan-activity;sid:84130936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.173.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267834/; classtype:trojan-activity;sid:84130934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.68.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267833/; classtype:trojan-activity;sid:84130933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.5.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267832/; classtype:trojan-activity;sid:84130932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267831/; classtype:trojan-activity;sid:84130931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.27.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267830/; classtype:trojan-activity;sid:84130930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.8.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267829/; classtype:trojan-activity;sid:84130929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267828/; classtype:trojan-activity;sid:84130928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.39.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267827/; classtype:trojan-activity;sid:84130927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.69.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267826/; classtype:trojan-activity;sid:84130926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.54.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267825/; classtype:trojan-activity;sid:84130925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.34.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267824/; classtype:trojan-activity;sid:84130924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.131.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267823/; classtype:trojan-activity;sid:84130923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.75.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267822/; classtype:trojan-activity;sid:84130922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.38.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267821/; classtype:trojan-activity;sid:84130921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267820/; classtype:trojan-activity;sid:84130920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.115.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267819/; classtype:trojan-activity;sid:84130919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267818/; classtype:trojan-activity;sid:84130918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267816/; classtype:trojan-activity;sid:84130916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.17.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267817/; classtype:trojan-activity;sid:84130917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.252.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267815/; classtype:trojan-activity;sid:84130915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.30.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267814/; classtype:trojan-activity;sid:84130914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.28.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267813/; classtype:trojan-activity;sid:84130913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.111.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267812/; classtype:trojan-activity;sid:84130912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.5.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267811/; classtype:trojan-activity;sid:84130911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.214.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267810/; classtype:trojan-activity;sid:84130910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.242.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267809/; classtype:trojan-activity;sid:84130909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.214.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267807/; classtype:trojan-activity;sid:84130907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.54.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267808/; classtype:trojan-activity;sid:84130908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.190.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267806/; classtype:trojan-activity;sid:84130906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.69.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267805/; classtype:trojan-activity;sid:84130905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.142.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267804/; classtype:trojan-activity;sid:84130904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.28.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267803/; classtype:trojan-activity;sid:84130903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.225.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267802/; classtype:trojan-activity;sid:84130902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.232.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267801/; classtype:trojan-activity;sid:84130901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.134.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267800/; classtype:trojan-activity;sid:84130900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.28.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267798/; classtype:trojan-activity;sid:84130898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.208.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267799/; classtype:trojan-activity;sid:84130899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.55.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267797/; classtype:trojan-activity;sid:84130897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"103.200.86.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267796/; classtype:trojan-activity;sid:84130896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.232.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267795/; classtype:trojan-activity;sid:84130895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shib"; depth:5; endswith; nocase; http.host; content:"14.18.233.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267794/; classtype:trojan-activity;sid:84130894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.17.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267793/; classtype:trojan-activity;sid:84130893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.33.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267792/; classtype:trojan-activity;sid:84130892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.2.56"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267791/; classtype:trojan-activity;sid:84130891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.17.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267790/; classtype:trojan-activity;sid:84130890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.203.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267789/; classtype:trojan-activity;sid:84130889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.28.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267788/; classtype:trojan-activity;sid:84130888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.236.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267787/; classtype:trojan-activity;sid:84130887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.215.53.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267786/; classtype:trojan-activity;sid:84130886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asegurar.vbs"; depth:13; endswith; nocase; http.host; content:"181.236.112.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267785/; classtype:trojan-activity;sid:84130885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/segura.vbs"; depth:11; endswith; nocase; http.host; content:"181.236.112.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267784/; classtype:trojan-activity;sid:84130884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/j6urjzrv"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267783/; classtype:trojan-activity;sid:84130883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsm4ofxs/raw"; depth:13; endswith; nocase; http.host; content:"rentry.org"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267782/; classtype:trojan-activity;sid:84130882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.113.194.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267781/; classtype:trojan-activity;sid:84130881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.0.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267780/; classtype:trojan-activity;sid:84130880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.192.56.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267779/; classtype:trojan-activity;sid:84130879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.194.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267778/; classtype:trojan-activity;sid:84130878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.149.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267777/; classtype:trojan-activity;sid:84130877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.138.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267776/; classtype:trojan-activity;sid:84130876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.49.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267774/; classtype:trojan-activity;sid:84130874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.215.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267775/; classtype:trojan-activity;sid:84130875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.33.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267773/; classtype:trojan-activity;sid:84130873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.92.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267772/; classtype:trojan-activity;sid:84130872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.23.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267771/; classtype:trojan-activity;sid:84130871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.208.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267768/; classtype:trojan-activity;sid:84130868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.149.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267769/; classtype:trojan-activity;sid:84130869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.122.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267770/; classtype:trojan-activity;sid:84130870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.77.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267767/; classtype:trojan-activity;sid:84130867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.0.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267766/; classtype:trojan-activity;sid:84130866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.235.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267765/; classtype:trojan-activity;sid:84130865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.32.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267764/; classtype:trojan-activity;sid:84130864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.56.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267763/; classtype:trojan-activity;sid:84130863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.6.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267762/; classtype:trojan-activity;sid:84130862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.20.237"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267761/; classtype:trojan-activity;sid:84130861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.52.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267760/; classtype:trojan-activity;sid:84130860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.90.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267759/; classtype:trojan-activity;sid:84130859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.244.163.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267758/; classtype:trojan-activity;sid:84130858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.145.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267757/; classtype:trojan-activity;sid:84130857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.215.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267756/; classtype:trojan-activity;sid:84130856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.72.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267755/; classtype:trojan-activity;sid:84130855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.89.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267754/; classtype:trojan-activity;sid:84130854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.90.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267753/; classtype:trojan-activity;sid:84130853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.222.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267752/; classtype:trojan-activity;sid:84130852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/po.bin"; depth:7; endswith; nocase; http.host; content:"lm.hoteqm4.sa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267751/; classtype:trojan-activity;sid:84130851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.42.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267750/; classtype:trojan-activity;sid:84130850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uhmfz101.bin"; depth:13; endswith; nocase; http.host; content:"hlduplooyplant.co.za"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267749/; classtype:trojan-activity;sid:84130849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf2400fcdb97982/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.105.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267748/; classtype:trojan-activity;sid:84130848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf2400fcdb97982/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"45.88.105.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267747/; classtype:trojan-activity;sid:84130847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf2400fcdb97982/nss3.dll"; depth:26; endswith; nocase; http.host; content:"45.88.105.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267746/; classtype:trojan-activity;sid:84130846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf2400fcdb97982/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"45.88.105.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267742/; classtype:trojan-activity;sid:84130842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf2400fcdb97982/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"45.88.105.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267743/; classtype:trojan-activity;sid:84130843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf2400fcdb97982/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.105.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267744/; classtype:trojan-activity;sid:84130844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caf2400fcdb97982/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"45.88.105.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267745/; classtype:trojan-activity;sid:84130845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.149.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267741/; classtype:trojan-activity;sid:84130841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267740/; classtype:trojan-activity;sid:84130840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.122.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267739/; classtype:trojan-activity;sid:84130839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.234.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267738/; classtype:trojan-activity;sid:84130838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.6.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267737/; classtype:trojan-activity;sid:84130837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.56.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267736/; classtype:trojan-activity;sid:84130836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.147.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267735/; classtype:trojan-activity;sid:84130835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.98.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267733/; classtype:trojan-activity;sid:84130833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.156.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267734/; classtype:trojan-activity;sid:84130834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.169.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267732/; classtype:trojan-activity;sid:84130832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.105.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267731/; classtype:trojan-activity;sid:84130831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.181.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267730/; classtype:trojan-activity;sid:84130830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.120.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267729/; classtype:trojan-activity;sid:84130829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.145.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267728/; classtype:trojan-activity;sid:84130828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.202.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267727/; classtype:trojan-activity;sid:84130827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.215.53.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267726/; classtype:trojan-activity;sid:84130826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.119.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267725/; classtype:trojan-activity;sid:84130825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.20.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267724/; classtype:trojan-activity;sid:84130824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.126.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267723/; classtype:trojan-activity;sid:84130823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267722/; classtype:trojan-activity;sid:84130822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.207.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267721/; classtype:trojan-activity;sid:84130821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.126.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267720/; classtype:trojan-activity;sid:84130820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.156.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267719/; classtype:trojan-activity;sid:84130819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.167.175.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267718/; classtype:trojan-activity;sid:84130818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.19.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267717/; classtype:trojan-activity;sid:84130817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.119.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267716/; classtype:trojan-activity;sid:84130816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.156.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267715/; classtype:trojan-activity;sid:84130815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.104.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267714/; classtype:trojan-activity;sid:84130814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.7.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267713/; classtype:trojan-activity;sid:84130813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.184.35.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267711/; classtype:trojan-activity;sid:84130811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.141.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267712/; classtype:trojan-activity;sid:84130812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.120.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267710/; classtype:trojan-activity;sid:84130810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267709/; classtype:trojan-activity;sid:84130809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.23.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267708/; classtype:trojan-activity;sid:84130808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.6.190.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267707/; classtype:trojan-activity;sid:84130807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.224.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267706/; classtype:trojan-activity;sid:84130806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.194.55.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267705/; classtype:trojan-activity;sid:84130805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.14.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267704/; classtype:trojan-activity;sid:84130804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.213.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267703/; classtype:trojan-activity;sid:84130803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.158.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267702/; classtype:trojan-activity;sid:84130802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.93.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267701/; classtype:trojan-activity;sid:84130801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.92.14.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267700/; classtype:trojan-activity;sid:84130800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.74.13.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267699/; classtype:trojan-activity;sid:84130799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.104.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267698/; classtype:trojan-activity;sid:84130798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.230.66.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267697/; classtype:trojan-activity;sid:84130797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.42.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267696/; classtype:trojan-activity;sid:84130796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.32.155.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267693/; classtype:trojan-activity;sid:84130793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267694/; classtype:trojan-activity;sid:84130794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.36.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267695/; classtype:trojan-activity;sid:84130795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.147.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267692/; classtype:trojan-activity;sid:84130792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.118.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267688/; classtype:trojan-activity;sid:84130788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267689/; classtype:trojan-activity;sid:84130789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267690/; classtype:trojan-activity;sid:84130790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267691/; classtype:trojan-activity;sid:84130791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.111.75.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267687/; classtype:trojan-activity;sid:84130787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.87.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267686/; classtype:trojan-activity;sid:84130786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.202.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267684/; classtype:trojan-activity;sid:84130784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.253.169.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267685/; classtype:trojan-activity;sid:84130785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.226.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267683/; classtype:trojan-activity;sid:84130783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.170.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267679/; classtype:trojan-activity;sid:84130779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.27.80"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267680/; classtype:trojan-activity;sid:84130780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267681/; classtype:trojan-activity;sid:84130781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.242.128.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267682/; classtype:trojan-activity;sid:84130782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.119.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267678/; classtype:trojan-activity;sid:84130778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.152.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267677/; classtype:trojan-activity;sid:84130777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.130.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267676/; classtype:trojan-activity;sid:84130776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.48.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267675/; classtype:trojan-activity;sid:84130775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.207.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267674/; classtype:trojan-activity;sid:84130774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.22.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267673/; classtype:trojan-activity;sid:84130773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krmhcpcntm.exe"; depth:15; endswith; nocase; http.host; content:"84.32.231.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267672/; classtype:trojan-activity;sid:84130772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5lg7zd"; depth:7; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267667/; classtype:trojan-activity;sid:84130767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bypass.exe"; depth:11; endswith; nocase; http.host; content:"147.189.175.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267668/; classtype:trojan-activity;sid:84130768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spoofer.exe"; depth:12; endswith; nocase; http.host; content:"45.151.91.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267669/; classtype:trojan-activity;sid:84130769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/readme.md"; depth:10; endswith; nocase; http.host; content:"87.120.113.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267670/; classtype:trojan-activity;sid:84130770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuefv1"; depth:7; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267671/; classtype:trojan-activity;sid:84130771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av_hook.exe"; depth:12; endswith; nocase; http.host; content:"147.189.175.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267664/; classtype:trojan-activity;sid:84130764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d3d11_hook.exe"; depth:15; endswith; nocase; http.host; content:"147.189.175.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267665/; classtype:trojan-activity;sid:84130765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/explorer.exe"; depth:13; endswith; nocase; http.host; content:"147.189.175.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267666/; classtype:trojan-activity;sid:84130766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/fgthawd.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267662/; classtype:trojan-activity;sid:84130762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vmpcow"; depth:7; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267663/; classtype:trojan-activity;sid:84130763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/script.exe"; depth:11; endswith; nocase; http.host; content:"87.120.113.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267659/; classtype:trojan-activity;sid:84130759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reup.exe"; depth:9; endswith; nocase; http.host; content:"87.120.113.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267660/; classtype:trojan-activity;sid:84130760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.exe"; depth:10; endswith; nocase; http.host; content:"87.120.113.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267661/; classtype:trojan-activity;sid:84130761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.29.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267655/; classtype:trojan-activity;sid:84130755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.126.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267656/; classtype:trojan-activity;sid:84130756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/read.md"; depth:8; endswith; nocase; http.host; content:"87.120.113.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267657/; classtype:trojan-activity;sid:84130757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re.exe"; depth:7; endswith; nocase; http.host; content:"87.120.113.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267658/; classtype:trojan-activity;sid:84130758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/jthusjefth.exe"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267646/; classtype:trojan-activity;sid:84130746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/hbfgjhhesfd.exe"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267647/; classtype:trojan-activity;sid:84130747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/khtoawdltrha.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267648/; classtype:trojan-activity;sid:84130748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/hnfsefawd.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267649/; classtype:trojan-activity;sid:84130749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/jerniuiopu.exe"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267650/; classtype:trojan-activity;sid:84130750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/hdawuithjawe.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267651/; classtype:trojan-activity;sid:84130751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/opthjdkawrtgh.exe"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267652/; classtype:trojan-activity;sid:84130752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/yjadyjasfdtj.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267653/; classtype:trojan-activity;sid:84130753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/ktyhpldea.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267654/; classtype:trojan-activity;sid:84130754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/mhbiwejrtgha.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267632/; classtype:trojan-activity;sid:84130732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/ptihjawdthas.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267633/; classtype:trojan-activity;sid:84130733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/pthjadh.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267634/; classtype:trojan-activity;sid:84130734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/gawdrgasd.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267635/; classtype:trojan-activity;sid:84130735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/ltpohpadw.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267636/; classtype:trojan-activity;sid:84130736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/ksfawtyha.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267637/; classtype:trojan-activity;sid:84130737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/jythjadthawed.exe"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267638/; classtype:trojan-activity;sid:84130738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/pdf.exe"; depth:32; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267639/; classtype:trojan-activity;sid:84130739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/session.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267640/; classtype:trojan-activity;sid:84130740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/odrsfgawd.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267641/; classtype:trojan-activity;sid:84130741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/njrtdhadawt.exe"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267642/; classtype:trojan-activity;sid:84130742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/lhoefskghas.exe"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267643/; classtype:trojan-activity;sid:84130743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/sushi.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267644/; classtype:trojan-activity;sid:84130744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/blob/main/khseofk.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267645/; classtype:trojan-activity;sid:84130745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umhtaw.sh"; depth:10; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267631/; classtype:trojan-activity;sid:84130731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela"; depth:10; endswith; nocase; http.host; content:"aaaee.from-me.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267629/; classtype:trojan-activity;sid:84130729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientela"; depth:10; endswith; nocase; http.host; content:"aaaee.selfip.org"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267630/; classtype:trojan-activity;sid:84130730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.6.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267627/; classtype:trojan-activity;sid:84130727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell13231/shella/raw/refs/heads/main/seven_nskjy_x91.2.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267628/; classtype:trojan-activity;sid:84130728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/open|3f|id=1mxizdend6kkt4szl10bsigcsqapkl-ec"; depth:45; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267625/; classtype:trojan-activity;sid:84130725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1n1vz2a1d2kr5gckxz9sqhufyc0j_vqka|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267626/; classtype:trojan-activity;sid:84130726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.25.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267624/; classtype:trojan-activity;sid:84130724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.4.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267623/; classtype:trojan-activity;sid:84130723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.50.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267622/; classtype:trojan-activity;sid:84130722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.190.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267621/; classtype:trojan-activity;sid:84130721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.136.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267620/; classtype:trojan-activity;sid:84130720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267619/; classtype:trojan-activity;sid:84130719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.209.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267618/; classtype:trojan-activity;sid:84130718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.109.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267617/; classtype:trojan-activity;sid:84130717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.92.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267616/; classtype:trojan-activity;sid:84130716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.54.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267615/; classtype:trojan-activity;sid:84130715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.152.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267614/; classtype:trojan-activity;sid:84130714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.91.47.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267613/; classtype:trojan-activity;sid:84130713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267612/; classtype:trojan-activity;sid:84130712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.114.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267611/; classtype:trojan-activity;sid:84130711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.63.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267610/; classtype:trojan-activity;sid:84130710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.124.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267608/; classtype:trojan-activity;sid:84130708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.74.13.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267609/; classtype:trojan-activity;sid:84130709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xc.exe"; depth:7; endswith; nocase; http.host; content:"154.216.17.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267607/; classtype:trojan-activity;sid:84130707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.55.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267606/; classtype:trojan-activity;sid:84130706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.97.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267605/; classtype:trojan-activity;sid:84130705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.126.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267604/; classtype:trojan-activity;sid:84130704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267603/; classtype:trojan-activity;sid:84130703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.74.249"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267602/; classtype:trojan-activity;sid:84130702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.141.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267601/; classtype:trojan-activity;sid:84130701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.70.237.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267600/; classtype:trojan-activity;sid:84130700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.255.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267599/; classtype:trojan-activity;sid:84130699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.32.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267598/; classtype:trojan-activity;sid:84130698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.0.182.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267597/; classtype:trojan-activity;sid:84130697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod-pt30/pt3010.zip"; depth:20; endswith; nocase; http.host; content:"109.234.39.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267596/; classtype:trojan-activity;sid:84130696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.97.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267595/; classtype:trojan-activity;sid:84130695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.111.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267594/; classtype:trojan-activity;sid:84130694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267593/; classtype:trojan-activity;sid:84130693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.109.151.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267592/; classtype:trojan-activity;sid:84130692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.136.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267591/; classtype:trojan-activity;sid:84130691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.213.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267590/; classtype:trojan-activity;sid:84130690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.188.91.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267589/; classtype:trojan-activity;sid:84130689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.63.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267588/; classtype:trojan-activity;sid:84130688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267587/; classtype:trojan-activity;sid:84130687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.194.55.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267586/; classtype:trojan-activity;sid:84130686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.61.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267585/; classtype:trojan-activity;sid:84130685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267584/; classtype:trojan-activity;sid:84130684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.55.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267583/; classtype:trojan-activity;sid:84130683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.232.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267582/; classtype:trojan-activity;sid:84130682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.99.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267581/; classtype:trojan-activity;sid:84130681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.74.249"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267580/; classtype:trojan-activity;sid:84130680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.111.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267579/; classtype:trojan-activity;sid:84130679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.214.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267578/; classtype:trojan-activity;sid:84130678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.97.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267577/; classtype:trojan-activity;sid:84130677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.3.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267576/; classtype:trojan-activity;sid:84130676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.224.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267575/; classtype:trojan-activity;sid:84130675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.236.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267574/; classtype:trojan-activity;sid:84130674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/87f3f2.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267573/; classtype:trojan-activity;sid:84130673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.97.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267572/; classtype:trojan-activity;sid:84130672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.136.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267571/; classtype:trojan-activity;sid:84130671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.10.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267570/; classtype:trojan-activity;sid:84130670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.91.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267568/; classtype:trojan-activity;sid:84130668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267569/; classtype:trojan-activity;sid:84130669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.48.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267567/; classtype:trojan-activity;sid:84130667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267566/; classtype:trojan-activity;sid:84130666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.6.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267565/; classtype:trojan-activity;sid:84130665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.207.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267564/; classtype:trojan-activity;sid:84130664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267563/; classtype:trojan-activity;sid:84130663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.99.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267562/; classtype:trojan-activity;sid:84130662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.44.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267561/; classtype:trojan-activity;sid:84130661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.32.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267560/; classtype:trojan-activity;sid:84130660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.209.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267559/; classtype:trojan-activity;sid:84130659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.95.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267558/; classtype:trojan-activity;sid:84130658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.9.51"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267557/; classtype:trojan-activity;sid:84130657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.32.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267556/; classtype:trojan-activity;sid:84130656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.30.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267555/; classtype:trojan-activity;sid:84130655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.19.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267554/; classtype:trojan-activity;sid:84130654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.25.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267553/; classtype:trojan-activity;sid:84130653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.177.111.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267552/; classtype:trojan-activity;sid:84130652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.91.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267551/; classtype:trojan-activity;sid:84130651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"206.0.182.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267550/; classtype:trojan-activity;sid:84130650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.224.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267549/; classtype:trojan-activity;sid:84130649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.104.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267548/; classtype:trojan-activity;sid:84130648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.6.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267547/; classtype:trojan-activity;sid:84130647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.15.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267546/; classtype:trojan-activity;sid:84130646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.42.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267545/; classtype:trojan-activity;sid:84130645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.50.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267544/; classtype:trojan-activity;sid:84130644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.106.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267543/; classtype:trojan-activity;sid:84130643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.102.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267542/; classtype:trojan-activity;sid:84130642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267541/; classtype:trojan-activity;sid:84130641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.142.75.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267540/; classtype:trojan-activity;sid:84130640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.246.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267538/; classtype:trojan-activity;sid:84130638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.211.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267539/; classtype:trojan-activity;sid:84130639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.241.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267536/; classtype:trojan-activity;sid:84130636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.160.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267537/; classtype:trojan-activity;sid:84130637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.241.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267535/; classtype:trojan-activity;sid:84130635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.32.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267534/; classtype:trojan-activity;sid:84130634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.9.51"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267533/; classtype:trojan-activity;sid:84130633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.184.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267531/; classtype:trojan-activity;sid:84130631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.114.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267532/; classtype:trojan-activity;sid:84130632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.59.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267527/; classtype:trojan-activity;sid:84130627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pzqo/client-built.exe"; depth:22; endswith; nocase; http.host; content:"185.196.11.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267528/; classtype:trojan-activity;sid:84130628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.89.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267529/; classtype:trojan-activity;sid:84130629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.30.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267530/; classtype:trojan-activity;sid:84130630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.64.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267526/; classtype:trojan-activity;sid:84130626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.201.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267524/; classtype:trojan-activity;sid:84130624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.235.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267525/; classtype:trojan-activity;sid:84130625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.241.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267523/; classtype:trojan-activity;sid:84130623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.31.82.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267522/; classtype:trojan-activity;sid:84130622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.114.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267521/; classtype:trojan-activity;sid:84130621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.42.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267520/; classtype:trojan-activity;sid:84130620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.17.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267519/; classtype:trojan-activity;sid:84130619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.15.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267517/; classtype:trojan-activity;sid:84130617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.192.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267518/; classtype:trojan-activity;sid:84130618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267516/; classtype:trojan-activity;sid:84130616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267515/; classtype:trojan-activity;sid:84130615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.60.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267513/; classtype:trojan-activity;sid:84130613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.241.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267514/; classtype:trojan-activity;sid:84130614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267512/; classtype:trojan-activity;sid:84130612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.100.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267511/; classtype:trojan-activity;sid:84130611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.85.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267510/; classtype:trojan-activity;sid:84130610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.24.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267509/; classtype:trojan-activity;sid:84130609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.251.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267508/; classtype:trojan-activity;sid:84130608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.253.125.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267507/; classtype:trojan-activity;sid:84130607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.235.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267506/; classtype:trojan-activity;sid:84130606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.113.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267505/; classtype:trojan-activity;sid:84130605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267504/; classtype:trojan-activity;sid:84130604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.178.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267503/; classtype:trojan-activity;sid:84130603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.48.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267502/; classtype:trojan-activity;sid:84130602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.192.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267501/; classtype:trojan-activity;sid:84130601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.134.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267500/; classtype:trojan-activity;sid:84130600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.119.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267498/; classtype:trojan-activity;sid:84130598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.51.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267499/; classtype:trojan-activity;sid:84130599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.193.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267497/; classtype:trojan-activity;sid:84130597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.119.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267496/; classtype:trojan-activity;sid:84130596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.60.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267495/; classtype:trojan-activity;sid:84130595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.40.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267494/; classtype:trojan-activity;sid:84130594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.161.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267493/; classtype:trojan-activity;sid:84130593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267492/; classtype:trojan-activity;sid:84130592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.206.18.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267491/; classtype:trojan-activity;sid:84130591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.100.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267490/; classtype:trojan-activity;sid:84130590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.110.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267489/; classtype:trojan-activity;sid:84130589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.162.165.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267488/; classtype:trojan-activity;sid:84130588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267487/; classtype:trojan-activity;sid:84130587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.75.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267484/; classtype:trojan-activity;sid:84130584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.93.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267485/; classtype:trojan-activity;sid:84130585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.1.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267486/; classtype:trojan-activity;sid:84130586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267483/; classtype:trojan-activity;sid:84130583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267482/; classtype:trojan-activity;sid:84130582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.41.87.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267481/; classtype:trojan-activity;sid:84130581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.58.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267480/; classtype:trojan-activity;sid:84130580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.195.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267479/; classtype:trojan-activity;sid:84130579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267477/; classtype:trojan-activity;sid:84130577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.48.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267478/; classtype:trojan-activity;sid:84130578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.18.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267476/; classtype:trojan-activity;sid:84130576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.198.225.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267475/; classtype:trojan-activity;sid:84130575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.56.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267473/; classtype:trojan-activity;sid:84130573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.243.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267474/; classtype:trojan-activity;sid:84130574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.210.93.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267469/; classtype:trojan-activity;sid:84130569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.21.160.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267470/; classtype:trojan-activity;sid:84130570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.152.159.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267471/; classtype:trojan-activity;sid:84130571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.195.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267472/; classtype:trojan-activity;sid:84130572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267468/; classtype:trojan-activity;sid:84130568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267466/; classtype:trojan-activity;sid:84130566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.208.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267467/; classtype:trojan-activity;sid:84130567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.222.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267465/; classtype:trojan-activity;sid:84130565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.163.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267463/; classtype:trojan-activity;sid:84130563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267464/; classtype:trojan-activity;sid:84130564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.21.65.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267462/; classtype:trojan-activity;sid:84130562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.222.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267461/; classtype:trojan-activity;sid:84130561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.152.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267460/; classtype:trojan-activity;sid:84130560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acts/chrome_131.exe"; depth:20; endswith; nocase; http.host; content:"gest.llevadonas.es"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267459/; classtype:trojan-activity;sid:84130559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.53.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267458/; classtype:trojan-activity;sid:84130558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.224.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267457/; classtype:trojan-activity;sid:84130557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.41.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267456/; classtype:trojan-activity;sid:84130556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.126.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267455/; classtype:trojan-activity;sid:84130555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.241.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267454/; classtype:trojan-activity;sid:84130554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.232.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267453/; classtype:trojan-activity;sid:84130553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.16.77.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267452/; classtype:trojan-activity;sid:84130552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.119.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267451/; classtype:trojan-activity;sid:84130551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.60.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267450/; classtype:trojan-activity;sid:84130550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.183.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267449/; classtype:trojan-activity;sid:84130549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.81.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267448/; classtype:trojan-activity;sid:84130548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.228.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267447/; classtype:trojan-activity;sid:84130547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.86.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267446/; classtype:trojan-activity;sid:84130546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.235.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267445/; classtype:trojan-activity;sid:84130545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.219.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267444/; classtype:trojan-activity;sid:84130544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.162.165.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267443/; classtype:trojan-activity;sid:84130543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.93.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267442/; classtype:trojan-activity;sid:84130542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.249.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267441/; classtype:trojan-activity;sid:84130541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.94.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267440/; classtype:trojan-activity;sid:84130540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.63.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267438/; classtype:trojan-activity;sid:84130538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.127.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267439/; classtype:trojan-activity;sid:84130539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267437/; classtype:trojan-activity;sid:84130537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.141.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267436/; classtype:trojan-activity;sid:84130536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.41.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267435/; classtype:trojan-activity;sid:84130535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.222.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267434/; classtype:trojan-activity;sid:84130534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267433/; classtype:trojan-activity;sid:84130533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267432/; classtype:trojan-activity;sid:84130532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.156.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267431/; classtype:trojan-activity;sid:84130531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.232.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267430/; classtype:trojan-activity;sid:84130530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.76.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267429/; classtype:trojan-activity;sid:84130529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.249.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267428/; classtype:trojan-activity;sid:84130528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267427/; classtype:trojan-activity;sid:84130527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.22.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267426/; classtype:trojan-activity;sid:84130526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267425/; classtype:trojan-activity;sid:84130525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.232.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267424/; classtype:trojan-activity;sid:84130524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.119.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267423/; classtype:trojan-activity;sid:84130523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.181.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267422/; classtype:trojan-activity;sid:84130522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267421/; classtype:trojan-activity;sid:84130521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.241.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267420/; classtype:trojan-activity;sid:84130520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.228.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267419/; classtype:trojan-activity;sid:84130519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.235.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267418/; classtype:trojan-activity;sid:84130518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267417/; classtype:trojan-activity;sid:84130517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.202.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267416/; classtype:trojan-activity;sid:84130516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.132.148.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267415/; classtype:trojan-activity;sid:84130515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.41.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267414/; classtype:trojan-activity;sid:84130514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.94.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267413/; classtype:trojan-activity;sid:84130513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267412/; classtype:trojan-activity;sid:84130512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.180.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267411/; classtype:trojan-activity;sid:84130511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.140.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267410/; classtype:trojan-activity;sid:84130510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.122.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267409/; classtype:trojan-activity;sid:84130509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267408/; classtype:trojan-activity;sid:84130508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.41.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267407/; classtype:trojan-activity;sid:84130507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267406/; classtype:trojan-activity;sid:84130506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.90.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267405/; classtype:trojan-activity;sid:84130505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.185.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267404/; classtype:trojan-activity;sid:84130504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267403/; classtype:trojan-activity;sid:84130503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.56.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267402/; classtype:trojan-activity;sid:84130502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.121.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267401/; classtype:trojan-activity;sid:84130501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.111.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267398/; classtype:trojan-activity;sid:84130498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.55.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267399/; classtype:trojan-activity;sid:84130499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.115.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267400/; classtype:trojan-activity;sid:84130500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.156.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267397/; classtype:trojan-activity;sid:84130497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.190.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267396/; classtype:trojan-activity;sid:84130496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.75.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267395/; classtype:trojan-activity;sid:84130495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.209.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267394/; classtype:trojan-activity;sid:84130494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.81.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267393/; classtype:trojan-activity;sid:84130493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267392/; classtype:trojan-activity;sid:84130492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.191.189.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267391/; classtype:trojan-activity;sid:84130491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"213.66.44.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267388/; classtype:trojan-activity;sid:84130488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.181.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267389/; classtype:trojan-activity;sid:84130489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.222.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267390/; classtype:trojan-activity;sid:84130490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.218.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267387/; classtype:trojan-activity;sid:84130487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.117.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267386/; classtype:trojan-activity;sid:84130486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.104.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267385/; classtype:trojan-activity;sid:84130485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.155.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267384/; classtype:trojan-activity;sid:84130484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.57.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267383/; classtype:trojan-activity;sid:84130483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.104.126.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267382/; classtype:trojan-activity;sid:84130482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/innoinstaller.exe"; depth:18; endswith; nocase; http.host; content:"41.216.183.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267381/; classtype:trojan-activity;sid:84130481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.61.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267380/; classtype:trojan-activity;sid:84130480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.17.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267379/; classtype:trojan-activity;sid:84130479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267378/; classtype:trojan-activity;sid:84130478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.75.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267377/; classtype:trojan-activity;sid:84130477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.104.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267376/; classtype:trojan-activity;sid:84130476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.56.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267375/; classtype:trojan-activity;sid:84130475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.108.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267374/; classtype:trojan-activity;sid:84130474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.77.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267373/; classtype:trojan-activity;sid:84130473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.94.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267372/; classtype:trojan-activity;sid:84130472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.126.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267371/; classtype:trojan-activity;sid:84130471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.8.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267370/; classtype:trojan-activity;sid:84130470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.60.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267369/; classtype:trojan-activity;sid:84130469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.185.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267368/; classtype:trojan-activity;sid:84130468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.90.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267367/; classtype:trojan-activity;sid:84130467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.237.152.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267366/; classtype:trojan-activity;sid:84130466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.42.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267365/; classtype:trojan-activity;sid:84130465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.237.164.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267364/; classtype:trojan-activity;sid:84130464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.94.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267363/; classtype:trojan-activity;sid:84130463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.41.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267362/; classtype:trojan-activity;sid:84130462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.184.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267361/; classtype:trojan-activity;sid:84130461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.210.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267360/; classtype:trojan-activity;sid:84130460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.249.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267359/; classtype:trojan-activity;sid:84130459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.104.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267358/; classtype:trojan-activity;sid:84130458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.57.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267357/; classtype:trojan-activity;sid:84130457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.171.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267356/; classtype:trojan-activity;sid:84130456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.17.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267355/; classtype:trojan-activity;sid:84130455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.177.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267354/; classtype:trojan-activity;sid:84130454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.217.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267353/; classtype:trojan-activity;sid:84130453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.117.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267352/; classtype:trojan-activity;sid:84130452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.111.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267350/; classtype:trojan-activity;sid:84130450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.9.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267351/; classtype:trojan-activity;sid:84130451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.108.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267349/; classtype:trojan-activity;sid:84130449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.190.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267348/; classtype:trojan-activity;sid:84130448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.217.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267347/; classtype:trojan-activity;sid:84130447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.15.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267346/; classtype:trojan-activity;sid:84130446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.55.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267345/; classtype:trojan-activity;sid:84130445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267344/; classtype:trojan-activity;sid:84130444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.46.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267343/; classtype:trojan-activity;sid:84130443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.74.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267342/; classtype:trojan-activity;sid:84130442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.77.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267341/; classtype:trojan-activity;sid:84130441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.120.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267339/; classtype:trojan-activity;sid:84130439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267340/; classtype:trojan-activity;sid:84130440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.126.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267338/; classtype:trojan-activity;sid:84130438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.230.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267337/; classtype:trojan-activity;sid:84130437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.249.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267336/; classtype:trojan-activity;sid:84130436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.200.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267334/; classtype:trojan-activity;sid:84130434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.91.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267335/; classtype:trojan-activity;sid:84130435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.94.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267333/; classtype:trojan-activity;sid:84130433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.16.109"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267332/; classtype:trojan-activity;sid:84130432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.34.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267331/; classtype:trojan-activity;sid:84130431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.42.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267330/; classtype:trojan-activity;sid:84130430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.46.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267329/; classtype:trojan-activity;sid:84130429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.184.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267328/; classtype:trojan-activity;sid:84130428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267327/; classtype:trojan-activity;sid:84130427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.113.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267326/; classtype:trojan-activity;sid:84130426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.166.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267325/; classtype:trojan-activity;sid:84130425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/loader_seyhhd.exe"; depth:24; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267323/; classtype:trojan-activity;sid:84130423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.211.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267324/; classtype:trojan-activity;sid:84130424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.24.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267322/; classtype:trojan-activity;sid:84130422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.26.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267321/; classtype:trojan-activity;sid:84130421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.58.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267320/; classtype:trojan-activity;sid:84130420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.81.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267319/; classtype:trojan-activity;sid:84130419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.183.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267318/; classtype:trojan-activity;sid:84130418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.46.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267317/; classtype:trojan-activity;sid:84130417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.123.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267316/; classtype:trojan-activity;sid:84130416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.200.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267315/; classtype:trojan-activity;sid:84130415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/configuredinstallerexe.exe"; depth:27; endswith; nocase; http.host; content:"154.216.17.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267314/; classtype:trojan-activity;sid:84130414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.176.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267313/; classtype:trojan-activity;sid:84130413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267311/; classtype:trojan-activity;sid:84130411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.10.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267312/; classtype:trojan-activity;sid:84130412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.83.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267310/; classtype:trojan-activity;sid:84130410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.209.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267309/; classtype:trojan-activity;sid:84130409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267308/; classtype:trojan-activity;sid:84130408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.245.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267307/; classtype:trojan-activity;sid:84130407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.213.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267306/; classtype:trojan-activity;sid:84130406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.162.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267305/; classtype:trojan-activity;sid:84130405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267304/; classtype:trojan-activity;sid:84130404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.247.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267303/; classtype:trojan-activity;sid:84130403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.34.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267302/; classtype:trojan-activity;sid:84130402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.37.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267301/; classtype:trojan-activity;sid:84130401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.58.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267300/; classtype:trojan-activity;sid:84130400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.36.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267299/; classtype:trojan-activity;sid:84130399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.248.114.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267298/; classtype:trojan-activity;sid:84130398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.154.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267297/; classtype:trojan-activity;sid:84130397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.24.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267296/; classtype:trojan-activity;sid:84130396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.9.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267295/; classtype:trojan-activity;sid:84130395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.26.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267294/; classtype:trojan-activity;sid:84130394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.80.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267293/; classtype:trojan-activity;sid:84130393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.86.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267291/; classtype:trojan-activity;sid:84130391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.81.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267292/; classtype:trojan-activity;sid:84130392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.123.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267290/; classtype:trojan-activity;sid:84130390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.245.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267289/; classtype:trojan-activity;sid:84130389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.183.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267288/; classtype:trojan-activity;sid:84130388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267287/; classtype:trojan-activity;sid:84130387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.242.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267286/; classtype:trojan-activity;sid:84130386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.162.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267285/; classtype:trojan-activity;sid:84130385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.78.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267284/; classtype:trojan-activity;sid:84130384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.184.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267283/; classtype:trojan-activity;sid:84130383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.127.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267282/; classtype:trojan-activity;sid:84130382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.8.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267281/; classtype:trojan-activity;sid:84130381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hostname.exe"; depth:13; endswith; nocase; http.host; content:"softwarefile.cc"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267280/; classtype:trojan-activity;sid:84130380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.46.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267279/; classtype:trojan-activity;sid:84130379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267278/; classtype:trojan-activity;sid:84130378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.239.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267277/; classtype:trojan-activity;sid:84130377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.70.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267276/; classtype:trojan-activity;sid:84130376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.24.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267275/; classtype:trojan-activity;sid:84130375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"175.149.106.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267274/; classtype:trojan-activity;sid:84130374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.115.68.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267273/; classtype:trojan-activity;sid:84130373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.68.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267272/; classtype:trojan-activity;sid:84130372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267271/; classtype:trojan-activity;sid:84130371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"174.68.32.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267270/; classtype:trojan-activity;sid:84130370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267269/; classtype:trojan-activity;sid:84130369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.162.8.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267268/; classtype:trojan-activity;sid:84130368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.223.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267267/; classtype:trojan-activity;sid:84130367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.181.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267266/; classtype:trojan-activity;sid:84130366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.15.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267265/; classtype:trojan-activity;sid:84130365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.112.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267264/; classtype:trojan-activity;sid:84130364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.87.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267263/; classtype:trojan-activity;sid:84130363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.7.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267262/; classtype:trojan-activity;sid:84130362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.124.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267261/; classtype:trojan-activity;sid:84130361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.29.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267260/; classtype:trojan-activity;sid:84130360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.36.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267259/; classtype:trojan-activity;sid:84130359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.211.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267258/; classtype:trojan-activity;sid:84130358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.105.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267257/; classtype:trojan-activity;sid:84130357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.195.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3267256/; classtype:trojan-activity;sid:84130356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.65.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267255/; classtype:trojan-activity;sid:84130355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.86.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267254/; classtype:trojan-activity;sid:84130354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267253/; classtype:trojan-activity;sid:84130353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.138.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267252/; classtype:trojan-activity;sid:84130352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.8.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267250/; classtype:trojan-activity;sid:84130350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.71.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267251/; classtype:trojan-activity;sid:84130351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.47.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267249/; classtype:trojan-activity;sid:84130349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.108.143.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267248/; classtype:trojan-activity;sid:84130348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.28.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267246/; classtype:trojan-activity;sid:84130346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.172.50.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267247/; classtype:trojan-activity;sid:84130347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.154.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267245/; classtype:trojan-activity;sid:84130345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.187.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267244/; classtype:trojan-activity;sid:84130344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.36.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267243/; classtype:trojan-activity;sid:84130343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267242/; classtype:trojan-activity;sid:84130342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.253.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267241/; classtype:trojan-activity;sid:84130341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.153.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267240/; classtype:trojan-activity;sid:84130340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.66.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267238/; classtype:trojan-activity;sid:84130338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267239/; classtype:trojan-activity;sid:84130339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.211.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267237/; classtype:trojan-activity;sid:84130337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.77.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267236/; classtype:trojan-activity;sid:84130336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.138.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267235/; classtype:trojan-activity;sid:84130335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.129.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267233/; classtype:trojan-activity;sid:84130333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267234/; classtype:trojan-activity;sid:84130334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.20.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267232/; classtype:trojan-activity;sid:84130332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.77.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267231/; classtype:trojan-activity;sid:84130331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.254.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267230/; classtype:trojan-activity;sid:84130330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.65.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267229/; classtype:trojan-activity;sid:84130329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.107.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267228/; classtype:trojan-activity;sid:84130328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.105.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267227/; classtype:trojan-activity;sid:84130327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.96.248.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267226/; classtype:trojan-activity;sid:84130326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.71.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267225/; classtype:trojan-activity;sid:84130325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.227.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267224/; classtype:trojan-activity;sid:84130324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267223/; classtype:trojan-activity;sid:84130323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267222/; classtype:trojan-activity;sid:84130322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.59.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267221/; classtype:trojan-activity;sid:84130321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.184.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267220/; classtype:trojan-activity;sid:84130320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.150.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267219/; classtype:trojan-activity;sid:84130319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.244.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267218/; classtype:trojan-activity;sid:84130318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.153.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267217/; classtype:trojan-activity;sid:84130317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.22.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267216/; classtype:trojan-activity;sid:84130316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267215/; classtype:trojan-activity;sid:84130315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arda.zip"; depth:9; endswith; nocase; http.host; content:"cloudtransferfile.info"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267214/; classtype:trojan-activity;sid:84130314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arda.zip"; depth:9; endswith; nocase; http.host; content:"185.153.197.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267212/; classtype:trojan-activity;sid:84130312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arda.lnk"; depth:9; endswith; nocase; http.host; content:"cloudtransferfile.info"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267213/; classtype:trojan-activity;sid:84130313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arda.lnk"; depth:9; endswith; nocase; http.host; content:"185.153.197.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267211/; classtype:trojan-activity;sid:84130311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.210.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267210/; classtype:trojan-activity;sid:84130310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267209/; classtype:trojan-activity;sid:84130309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.23.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267208/; classtype:trojan-activity;sid:84130308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.211.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267207/; classtype:trojan-activity;sid:84130307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.77.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267206/; classtype:trojan-activity;sid:84130306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.241.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267205/; classtype:trojan-activity;sid:84130305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.157.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267204/; classtype:trojan-activity;sid:84130304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.66.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267203/; classtype:trojan-activity;sid:84130303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.41.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267202/; classtype:trojan-activity;sid:84130302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.37.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267200/; classtype:trojan-activity;sid:84130300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.111.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267201/; classtype:trojan-activity;sid:84130301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.211.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267199/; classtype:trojan-activity;sid:84130299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267198/; classtype:trojan-activity;sid:84130298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.20.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267197/; classtype:trojan-activity;sid:84130297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.129.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267196/; classtype:trojan-activity;sid:84130296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/canew.ocx"; depth:14; endswith; nocase; http.host; content:"208.85.20.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267195/; classtype:trojan-activity;sid:84130295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.227.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267192/; classtype:trojan-activity;sid:84130292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/jnew.ocx"; depth:13; endswith; nocase; http.host; content:"208.85.20.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267193/; classtype:trojan-activity;sid:84130293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/xapp.ocx"; depth:13; endswith; nocase; http.host; content:"208.85.20.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267194/; classtype:trojan-activity;sid:84130294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/transaction_0125.lnk"; depth:25; endswith; nocase; http.host; content:"208.85.20.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267191/; classtype:trojan-activity;sid:84130291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/opera.lnk"; depth:14; endswith; nocase; http.host; content:"208.85.20.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267190/; classtype:trojan-activity;sid:84130290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267189/; classtype:trojan-activity;sid:84130289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267188/; classtype:trojan-activity;sid:84130288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.91.227.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267187/; classtype:trojan-activity;sid:84130287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.112.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267186/; classtype:trojan-activity;sid:84130286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.244.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267185/; classtype:trojan-activity;sid:84130285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.214.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267184/; classtype:trojan-activity;sid:84130284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.91.180.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267183/; classtype:trojan-activity;sid:84130283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.22.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267182/; classtype:trojan-activity;sid:84130282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.198.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267181/; classtype:trojan-activity;sid:84130281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267180/; classtype:trojan-activity;sid:84130280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.116.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267179/; classtype:trojan-activity;sid:84130279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.210.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267178/; classtype:trojan-activity;sid:84130278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.253.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267177/; classtype:trojan-activity;sid:84130277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267176/; classtype:trojan-activity;sid:84130276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.147.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267174/; classtype:trojan-activity;sid:84130274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.59.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267175/; classtype:trojan-activity;sid:84130275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.9.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267173/; classtype:trojan-activity;sid:84130273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267171/; classtype:trojan-activity;sid:84130271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.99.64.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267172/; classtype:trojan-activity;sid:84130272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.98.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267170/; classtype:trojan-activity;sid:84130270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.180.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267169/; classtype:trojan-activity;sid:84130269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.10.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267168/; classtype:trojan-activity;sid:84130268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.72.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267167/; classtype:trojan-activity;sid:84130267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267166/; classtype:trojan-activity;sid:84130266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.103.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267164/; classtype:trojan-activity;sid:84130264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.134.148"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267165/; classtype:trojan-activity;sid:84130265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.116.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267163/; classtype:trojan-activity;sid:84130263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"softwarefile.cc"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267162/; classtype:trojan-activity;sid:84130262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.245.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267161/; classtype:trojan-activity;sid:84130261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.88.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267160/; classtype:trojan-activity;sid:84130260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.221.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267159/; classtype:trojan-activity;sid:84130259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.198.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267158/; classtype:trojan-activity;sid:84130258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.179.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267157/; classtype:trojan-activity;sid:84130257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.133.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267156/; classtype:trojan-activity;sid:84130256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.248.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267155/; classtype:trojan-activity;sid:84130255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.60.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267153/; classtype:trojan-activity;sid:84130253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267154/; classtype:trojan-activity;sid:84130254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.116.61"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267152/; classtype:trojan-activity;sid:84130252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.83.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267151/; classtype:trojan-activity;sid:84130251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.147.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267150/; classtype:trojan-activity;sid:84130250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.119.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267148/; classtype:trojan-activity;sid:84130248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.105.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267149/; classtype:trojan-activity;sid:84130249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.225.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267147/; classtype:trojan-activity;sid:84130247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.133.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267146/; classtype:trojan-activity;sid:84130246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.99.64.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267145/; classtype:trojan-activity;sid:84130245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.9.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267144/; classtype:trojan-activity;sid:84130244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.22.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267143/; classtype:trojan-activity;sid:84130243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.107.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267142/; classtype:trojan-activity;sid:84130242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.122.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267141/; classtype:trojan-activity;sid:84130241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.139.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267140/; classtype:trojan-activity;sid:84130240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.254.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267139/; classtype:trojan-activity;sid:84130239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267137/; classtype:trojan-activity;sid:84130237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.243.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267138/; classtype:trojan-activity;sid:84130238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.64.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267136/; classtype:trojan-activity;sid:84130236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.71.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267134/; classtype:trojan-activity;sid:84130234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.66.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267135/; classtype:trojan-activity;sid:84130235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/loader_seyhhd.exe"; depth:27; endswith; nocase; http.host; content:"193.169.105.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267133/; classtype:trojan-activity;sid:84130233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.131.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267132/; classtype:trojan-activity;sid:84130232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.97.113.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267131/; classtype:trojan-activity;sid:84130231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.60.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267130/; classtype:trojan-activity;sid:84130230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.119.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267129/; classtype:trojan-activity;sid:84130229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.116.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267128/; classtype:trojan-activity;sid:84130228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267127/; classtype:trojan-activity;sid:84130227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.138.136.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267126/; classtype:trojan-activity;sid:84130226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.219.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267125/; classtype:trojan-activity;sid:84130225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.47.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267124/; classtype:trojan-activity;sid:84130224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pekemum.exe"; depth:12; endswith; nocase; http.host; content:"154.216.17.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267123/; classtype:trojan-activity;sid:84130223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.221.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267122/; classtype:trojan-activity;sid:84130222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.107.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267121/; classtype:trojan-activity;sid:84130221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.221.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267120/; classtype:trojan-activity;sid:84130220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267119/; classtype:trojan-activity;sid:84130219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.111.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267118/; classtype:trojan-activity;sid:84130218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.8.128.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267116/; classtype:trojan-activity;sid:84130216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.202.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267117/; classtype:trojan-activity;sid:84130217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.207.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267115/; classtype:trojan-activity;sid:84130215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.105.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267114/; classtype:trojan-activity;sid:84130214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.233.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267113/; classtype:trojan-activity;sid:84130213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.155.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267112/; classtype:trojan-activity;sid:84130212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.81.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267111/; classtype:trojan-activity;sid:84130211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"iugff.house.zionanakwenze.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267110/; classtype:trojan-activity;sid:84130210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editcontent"; depth:12; endswith; nocase; http.host; content:"drz.glue.oystergardening.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267109/; classtype:trojan-activity;sid:84130209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.138.136.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267108/; classtype:trojan-activity;sid:84130208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.102.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267107/; classtype:trojan-activity;sid:84130207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.18.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267106/; classtype:trojan-activity;sid:84130206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.80.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267104/; classtype:trojan-activity;sid:84130204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.3.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267105/; classtype:trojan-activity;sid:84130205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.64.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267103/; classtype:trojan-activity;sid:84130203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.243.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267101/; classtype:trojan-activity;sid:84130201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.220.154.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267102/; classtype:trojan-activity;sid:84130202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.220.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267100/; classtype:trojan-activity;sid:84130200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267099/; classtype:trojan-activity;sid:84130199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.237.164.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267098/; classtype:trojan-activity;sid:84130198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.36.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267097/; classtype:trojan-activity;sid:84130197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.199.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267096/; classtype:trojan-activity;sid:84130196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.102.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267095/; classtype:trojan-activity;sid:84130195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.233.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267094/; classtype:trojan-activity;sid:84130194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.221.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267093/; classtype:trojan-activity;sid:84130193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/luma.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267092/; classtype:trojan-activity;sid:84130192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.47.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267091/; classtype:trojan-activity;sid:84130191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.157.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267090/; classtype:trojan-activity;sid:84130190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.77.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267089/; classtype:trojan-activity;sid:84130189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.34.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267088/; classtype:trojan-activity;sid:84130188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.196.183.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267087/; classtype:trojan-activity;sid:84130187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.176.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267086/; classtype:trojan-activity;sid:84130186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.36.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267085/; classtype:trojan-activity;sid:84130185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.221.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267084/; classtype:trojan-activity;sid:84130184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.146.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267083/; classtype:trojan-activity;sid:84130183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.107.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267082/; classtype:trojan-activity;sid:84130182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.214.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267081/; classtype:trojan-activity;sid:84130181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.251.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267080/; classtype:trojan-activity;sid:84130180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.0.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267079/; classtype:trojan-activity;sid:84130179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.175.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267078/; classtype:trojan-activity;sid:84130178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.86.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267077/; classtype:trojan-activity;sid:84130177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.187.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267076/; classtype:trojan-activity;sid:84130176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.100.219.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267075/; classtype:trojan-activity;sid:84130175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.77.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267073/; classtype:trojan-activity;sid:84130173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.25.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267074/; classtype:trojan-activity;sid:84130174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.180.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267071/; classtype:trojan-activity;sid:84130171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.199.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267072/; classtype:trojan-activity;sid:84130172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.76.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267070/; classtype:trojan-activity;sid:84130170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.235.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267069/; classtype:trojan-activity;sid:84130169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.47.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267067/; classtype:trojan-activity;sid:84130167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.62.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267068/; classtype:trojan-activity;sid:84130168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267066/; classtype:trojan-activity;sid:84130166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.77.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267065/; classtype:trojan-activity;sid:84130165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.30.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267064/; classtype:trojan-activity;sid:84130164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.196.183.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267063/; classtype:trojan-activity;sid:84130163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.25.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267062/; classtype:trojan-activity;sid:84130162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267061/; classtype:trojan-activity;sid:84130161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.253.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267060/; classtype:trojan-activity;sid:84130160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.62.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267059/; classtype:trojan-activity;sid:84130159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.41.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267057/; classtype:trojan-activity;sid:84130157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.71.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267058/; classtype:trojan-activity;sid:84130158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.168.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267056/; classtype:trojan-activity;sid:84130156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267055/; classtype:trojan-activity;sid:84130155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.94.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267054/; classtype:trojan-activity;sid:84130154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.7.255"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267053/; classtype:trojan-activity;sid:84130153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267052/; classtype:trojan-activity;sid:84130152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.32.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267051/; classtype:trojan-activity;sid:84130151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.160.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267050/; classtype:trojan-activity;sid:84130150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.171.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267049/; classtype:trojan-activity;sid:84130149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.180.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267048/; classtype:trojan-activity;sid:84130148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.77.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267047/; classtype:trojan-activity;sid:84130147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267046/; classtype:trojan-activity;sid:84130146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.34.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267044/; classtype:trojan-activity;sid:84130144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.248.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267045/; classtype:trojan-activity;sid:84130145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.108.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267043/; classtype:trojan-activity;sid:84130143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.165.202.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267042/; classtype:trojan-activity;sid:84130142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267041/; classtype:trojan-activity;sid:84130141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.215.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267040/; classtype:trojan-activity;sid:84130140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.248.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267039/; classtype:trojan-activity;sid:84130139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.229.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267038/; classtype:trojan-activity;sid:84130138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"209.152.118.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267037/; classtype:trojan-activity;sid:84130137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.92.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267036/; classtype:trojan-activity;sid:84130136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.30.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267035/; classtype:trojan-activity;sid:84130135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.46.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267034/; classtype:trojan-activity;sid:84130134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.71.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267033/; classtype:trojan-activity;sid:84130133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267032/; classtype:trojan-activity;sid:84130132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.147.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267031/; classtype:trojan-activity;sid:84130131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267030/; classtype:trojan-activity;sid:84130130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.146.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267029/; classtype:trojan-activity;sid:84130129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.94.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267027/; classtype:trojan-activity;sid:84130127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.212.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267028/; classtype:trojan-activity;sid:84130128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.241.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267026/; classtype:trojan-activity;sid:84130126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267025/; classtype:trojan-activity;sid:84130125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.64.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267024/; classtype:trojan-activity;sid:84130124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.100.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267023/; classtype:trojan-activity;sid:84130123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.201.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267022/; classtype:trojan-activity;sid:84130122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267021/; classtype:trojan-activity;sid:84130121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.192.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267020/; classtype:trojan-activity;sid:84130120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267019/; classtype:trojan-activity;sid:84130119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.113.165.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267018/; classtype:trojan-activity;sid:84130118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.118.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267016/; classtype:trojan-activity;sid:84130116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267017/; classtype:trojan-activity;sid:84130117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm5"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267015/; classtype:trojan-activity;sid:84130115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqkjf64"; depth:8; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267014/; classtype:trojan-activity;sid:84130114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267013/; classtype:trojan-activity;sid:84130113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266998/; classtype:trojan-activity;sid:84130098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266999/; classtype:trojan-activity;sid:84130099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267000/; classtype:trojan-activity;sid:84130100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267001/; classtype:trojan-activity;sid:84130101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm6"; depth:6; endswith; nocase; http.host; content:"154.216.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267002/; classtype:trojan-activity;sid:84130102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm5"; depth:6; endswith; nocase; http.host; content:"154.216.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267003/; classtype:trojan-activity;sid:84130103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smips"; depth:6; endswith; nocase; http.host; content:"154.216.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267004/; classtype:trojan-activity;sid:84130104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267005/; classtype:trojan-activity;sid:84130105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm"; depth:5; endswith; nocase; http.host; content:"154.216.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267006/; classtype:trojan-activity;sid:84130106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267007/; classtype:trojan-activity;sid:84130107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267008/; classtype:trojan-activity;sid:84130108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267009/; classtype:trojan-activity;sid:84130109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267010/; classtype:trojan-activity;sid:84130110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267011/; classtype:trojan-activity;sid:84130111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3267012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3267012/; classtype:trojan-activity;sid:84130112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm7"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266994/; classtype:trojan-activity;sid:84130094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266995/; classtype:trojan-activity;sid:84130095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266996/; classtype:trojan-activity;sid:84130096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266997/; classtype:trojan-activity;sid:84130097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266985/; classtype:trojan-activity;sid:84130085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266986/; classtype:trojan-activity;sid:84130086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/klws3pnbqyak8m0efdudfvjglanq35p7je"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266987/; classtype:trojan-activity;sid:84130087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266988/; classtype:trojan-activity;sid:84130088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smpsl"; depth:6; endswith; nocase; http.host; content:"154.216.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266989/; classtype:trojan-activity;sid:84130089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mgh11ub1a8gxsnfsa5j6a70dxyzdhbi1zz"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266990/; classtype:trojan-activity;sid:84130090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266991/; classtype:trojan-activity;sid:84130091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266992/; classtype:trojan-activity;sid:84130092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266993/; classtype:trojan-activity;sid:84130093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rjffxkj1tzxtqfq7gkuehq1aj2wo4teaow"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266980/; classtype:trojan-activity;sid:84130080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266981/; classtype:trojan-activity;sid:84130081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266982/; classtype:trojan-activity;sid:84130082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266983/; classtype:trojan-activity;sid:84130083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1rgz8gfhrgnpxkn3p6usx0cgm57qyijhsd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266984/; classtype:trojan-activity;sid:84130084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266975/; classtype:trojan-activity;sid:84130075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266976/; classtype:trojan-activity;sid:84130076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266977/; classtype:trojan-activity;sid:84130077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266978/; classtype:trojan-activity;sid:84130078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266979/; classtype:trojan-activity;sid:84130079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrarm7"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266965/; classtype:trojan-activity;sid:84130065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm6"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266966/; classtype:trojan-activity;sid:84130066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266967/; classtype:trojan-activity;sid:84130067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266968/; classtype:trojan-activity;sid:84130068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gomips"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266969/; classtype:trojan-activity;sid:84130069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266970/; classtype:trojan-activity;sid:84130070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrppc"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266971/; classtype:trojan-activity;sid:84130071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266972/; classtype:trojan-activity;sid:84130072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266973/; classtype:trojan-activity;sid:84130073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266974/; classtype:trojan-activity;sid:84130074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266951/; classtype:trojan-activity;sid:84130051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266952/; classtype:trojan-activity;sid:84130052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266953/; classtype:trojan-activity;sid:84130053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zte"; depth:4; endswith; nocase; http.host; content:"209.141.58.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266954/; classtype:trojan-activity;sid:84130054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrsh4"; depth:6; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266955/; classtype:trojan-activity;sid:84130055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266956/; classtype:trojan-activity;sid:84130056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266957/; classtype:trojan-activity;sid:84130057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266958/; classtype:trojan-activity;sid:84130058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.130.46.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266959/; classtype:trojan-activity;sid:84130059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266960/; classtype:trojan-activity;sid:84130060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm7"; depth:6; endswith; nocase; http.host; content:"154.216.20.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266961/; classtype:trojan-activity;sid:84130061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blink"; depth:6; endswith; nocase; http.host; content:"209.141.58.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266962/; classtype:trojan-activity;sid:84130062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266963/; classtype:trojan-activity;sid:84130063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266964/; classtype:trojan-activity;sid:84130064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266939/; classtype:trojan-activity;sid:84130039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266940/; classtype:trojan-activity;sid:84130040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266941/; classtype:trojan-activity;sid:84130041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266942/; classtype:trojan-activity;sid:84130042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266943/; classtype:trojan-activity;sid:84130043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"93.123.109.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266944/; classtype:trojan-activity;sid:84130044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266945/; classtype:trojan-activity;sid:84130045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"178.215.224.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266946/; classtype:trojan-activity;sid:84130046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qild568yj5uqwgj6mopfobyduntg217zrb"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266947/; classtype:trojan-activity;sid:84130047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrmips"; depth:7; endswith; nocase; http.host; content:"185.142.53.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266948/; classtype:trojan-activity;sid:84130048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/9wkswch6udhg4wbmmsvebu4mvg0udbbs9x"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266949/; classtype:trojan-activity;sid:84130049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"45.90.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266950/; classtype:trojan-activity;sid:84130050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266937/; classtype:trojan-activity;sid:84130037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ljv5txwm69y5xc1bvegcgzvv9edhiov6vq"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266938/; classtype:trojan-activity;sid:84130038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.77.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266934/; classtype:trojan-activity;sid:84130034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266935/; classtype:trojan-activity;sid:84130035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266936/; classtype:trojan-activity;sid:84130036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266927/; classtype:trojan-activity;sid:84130027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266928/; classtype:trojan-activity;sid:84130028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266929/; classtype:trojan-activity;sid:84130029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266930/; classtype:trojan-activity;sid:84130030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266931/; classtype:trojan-activity;sid:84130031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266932/; classtype:trojan-activity;sid:84130032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266933/; classtype:trojan-activity;sid:84130033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266920/; classtype:trojan-activity;sid:84130020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266921/; classtype:trojan-activity;sid:84130021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266922/; classtype:trojan-activity;sid:84130022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266923/; classtype:trojan-activity;sid:84130023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266924/; classtype:trojan-activity;sid:84130024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266925/; classtype:trojan-activity;sid:84130025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"93.123.85.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266926/; classtype:trojan-activity;sid:84130026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266918/; classtype:trojan-activity;sid:84130018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/32imaqeoqgonfn01zpr1iwypvowm4roppk"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266919/; classtype:trojan-activity;sid:84130019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266910/; classtype:trojan-activity;sid:84130010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266911/; classtype:trojan-activity;sid:84130011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/asomyuipmfwczc6einfzyiefp6p22k9uis"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266912/; classtype:trojan-activity;sid:84130012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bngkfkxg1kxxvgfk7io4fqos2zzqvmceug"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266913/; classtype:trojan-activity;sid:84130013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ac2liwpdjrci93cg1ui6sob6iaadzu7zhy"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266914/; classtype:trojan-activity;sid:84130014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wrncwqntoxpxoqgfzqbsal7i1bdel7cmsd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266915/; classtype:trojan-activity;sid:84130015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bcgujbpkjiejrkrwl7gzu1k9seeixf5cu8"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266916/; classtype:trojan-activity;sid:84130016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mjbjnbqunbhuahiaj42raayfu5esxfz3gd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266917/; classtype:trojan-activity;sid:84130017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"154.216.20.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266909/; classtype:trojan-activity;sid:84130009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"189.165.202.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266908/; classtype:trojan-activity;sid:84130008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.92.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266907/; classtype:trojan-activity;sid:84130007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.248.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266906/; classtype:trojan-activity;sid:84130006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.44.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266905/; classtype:trojan-activity;sid:84130005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.173.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266904/; classtype:trojan-activity;sid:84130004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.196.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266903/; classtype:trojan-activity;sid:84130003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266902/; classtype:trojan-activity;sid:84130002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.215.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266901/; classtype:trojan-activity;sid:84130001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.46.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266899/; classtype:trojan-activity;sid:84129999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.43.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266900/; classtype:trojan-activity;sid:84130000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.138.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266898/; classtype:trojan-activity;sid:84129998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266897/; classtype:trojan-activity;sid:84129997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.112.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266896/; classtype:trojan-activity;sid:84129996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266895/; classtype:trojan-activity;sid:84129995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.64.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266894/; classtype:trojan-activity;sid:84129994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"209.152.118.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266893/; classtype:trojan-activity;sid:84129993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.68.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266892/; classtype:trojan-activity;sid:84129992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.183.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266891/; classtype:trojan-activity;sid:84129991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.215.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266890/; classtype:trojan-activity;sid:84129990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.44.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266889/; classtype:trojan-activity;sid:84129989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.157.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266888/; classtype:trojan-activity;sid:84129988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.113.165.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266887/; classtype:trojan-activity;sid:84129987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.247.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266886/; classtype:trojan-activity;sid:84129986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.44.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266885/; classtype:trojan-activity;sid:84129985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.138.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266884/; classtype:trojan-activity;sid:84129984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.160.244.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266883/; classtype:trojan-activity;sid:84129983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.243.151.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266882/; classtype:trojan-activity;sid:84129982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.183.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266881/; classtype:trojan-activity;sid:84129981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.90.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266880/; classtype:trojan-activity;sid:84129980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.253.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266879/; classtype:trojan-activity;sid:84129979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.22.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266878/; classtype:trojan-activity;sid:84129978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.153.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266877/; classtype:trojan-activity;sid:84129977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.105.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266876/; classtype:trojan-activity;sid:84129976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.33.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266875/; classtype:trojan-activity;sid:84129975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266874/; classtype:trojan-activity;sid:84129974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266873/; classtype:trojan-activity;sid:84129973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.43.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266872/; classtype:trojan-activity;sid:84129972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.203.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266871/; classtype:trojan-activity;sid:84129971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.68.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266870/; classtype:trojan-activity;sid:84129970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.195.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266869/; classtype:trojan-activity;sid:84129969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.194.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266867/; classtype:trojan-activity;sid:84129967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.214.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266868/; classtype:trojan-activity;sid:84129968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266866/; classtype:trojan-activity;sid:84129966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.0.15"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266865/; classtype:trojan-activity;sid:84129965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266864/; classtype:trojan-activity;sid:84129964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.41.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266863/; classtype:trojan-activity;sid:84129963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.163.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266862/; classtype:trojan-activity;sid:84129962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266861/; classtype:trojan-activity;sid:84129961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.138.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266860/; classtype:trojan-activity;sid:84129960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.90.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266859/; classtype:trojan-activity;sid:84129959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.64.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266857/; classtype:trojan-activity;sid:84129957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.53.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266858/; classtype:trojan-activity;sid:84129958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.59.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266856/; classtype:trojan-activity;sid:84129956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.49.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266855/; classtype:trojan-activity;sid:84129955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.132.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266854/; classtype:trojan-activity;sid:84129954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.49.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266853/; classtype:trojan-activity;sid:84129953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.157.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266852/; classtype:trojan-activity;sid:84129952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.33.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266851/; classtype:trojan-activity;sid:84129951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.203.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266850/; classtype:trojan-activity;sid:84129950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.173.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266849/; classtype:trojan-activity;sid:84129949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.16.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266848/; classtype:trojan-activity;sid:84129948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.118.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266847/; classtype:trojan-activity;sid:84129947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.36.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266846/; classtype:trojan-activity;sid:84129946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.196.78.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266845/; classtype:trojan-activity;sid:84129945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.22.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266844/; classtype:trojan-activity;sid:84129944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.163.68.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266843/; classtype:trojan-activity;sid:84129943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.151.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266841/; classtype:trojan-activity;sid:84129941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.61.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266842/; classtype:trojan-activity;sid:84129942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.221.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266840/; classtype:trojan-activity;sid:84129940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266839/; classtype:trojan-activity;sid:84129939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.113.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266838/; classtype:trojan-activity;sid:84129938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jujy54se262x2ffvzj4xmoq22yuq/sucessodll/sucesso.exe|3f|download=1"; depth:68; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266837/; classtype:trojan-activity;sid:84129937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.138.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266836/; classtype:trojan-activity;sid:84129936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.41.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266834/; classtype:trojan-activity;sid:84129934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266835/; classtype:trojan-activity;sid:84129935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/16.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266832/; classtype:trojan-activity;sid:84129932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/36.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266833/; classtype:trojan-activity;sid:84129933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/28.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266830/; classtype:trojan-activity;sid:84129930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/0.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266831/; classtype:trojan-activity;sid:84129931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/11.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266827/; classtype:trojan-activity;sid:84129927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/25.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266828/; classtype:trojan-activity;sid:84129928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/7.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266829/; classtype:trojan-activity;sid:84129929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/5.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266825/; classtype:trojan-activity;sid:84129925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/23.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266826/; classtype:trojan-activity;sid:84129926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/26.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266824/; classtype:trojan-activity;sid:84129924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/19.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266823/; classtype:trojan-activity;sid:84129923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/4.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266822/; classtype:trojan-activity;sid:84129922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/2.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266821/; classtype:trojan-activity;sid:84129921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/13.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266820/; classtype:trojan-activity;sid:84129920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/14.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266819/; classtype:trojan-activity;sid:84129919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/39.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266818/; classtype:trojan-activity;sid:84129918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/9.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266816/; classtype:trojan-activity;sid:84129916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/29.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266817/; classtype:trojan-activity;sid:84129917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/30.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266814/; classtype:trojan-activity;sid:84129914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/1.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266815/; classtype:trojan-activity;sid:84129915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/15.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266813/; classtype:trojan-activity;sid:84129913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/9.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266812/; classtype:trojan-activity;sid:84129912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/6.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266811/; classtype:trojan-activity;sid:84129911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/22.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266809/; classtype:trojan-activity;sid:84129909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/39.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266810/; classtype:trojan-activity;sid:84129910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/6.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266808/; classtype:trojan-activity;sid:84129908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/10.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266807/; classtype:trojan-activity;sid:84129907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/27.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266806/; classtype:trojan-activity;sid:84129906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/33.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266803/; classtype:trojan-activity;sid:84129903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/37.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266804/; classtype:trojan-activity;sid:84129904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/14.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266805/; classtype:trojan-activity;sid:84129905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/12.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266801/; classtype:trojan-activity;sid:84129901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.237.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266802/; classtype:trojan-activity;sid:84129902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/31.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266800/; classtype:trojan-activity;sid:84129900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/sucesso.exe|3f|download=1"; depth:68; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266799/; classtype:trojan-activity;sid:84129899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/38.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266798/; classtype:trojan-activity;sid:84129898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/5.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266797/; classtype:trojan-activity;sid:84129897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/35.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266795/; classtype:trojan-activity;sid:84129895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/2.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266796/; classtype:trojan-activity;sid:84129896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/7.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266794/; classtype:trojan-activity;sid:84129894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/34.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266791/; classtype:trojan-activity;sid:84129891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/13.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266792/; classtype:trojan-activity;sid:84129892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/24.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266793/; classtype:trojan-activity;sid:84129893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/17.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266786/; classtype:trojan-activity;sid:84129886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/11.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266787/; classtype:trojan-activity;sid:84129887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/18.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266788/; classtype:trojan-activity;sid:84129888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/1.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266789/; classtype:trojan-activity;sid:84129889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/33.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266790/; classtype:trojan-activity;sid:84129890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/29.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266782/; classtype:trojan-activity;sid:84129882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/8.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266783/; classtype:trojan-activity;sid:84129883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/21.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266784/; classtype:trojan-activity;sid:84129884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/24.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266785/; classtype:trojan-activity;sid:84129885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/27.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266781/; classtype:trojan-activity;sid:84129881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/3.dll|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266780/; classtype:trojan-activity;sid:84129880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/26.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266777/; classtype:trojan-activity;sid:84129877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/35.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266778/; classtype:trojan-activity;sid:84129878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/30.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266779/; classtype:trojan-activity;sid:84129879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/16.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266776/; classtype:trojan-activity;sid:84129876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/32.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266775/; classtype:trojan-activity;sid:84129875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/10.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266774/; classtype:trojan-activity;sid:84129874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/20.dll|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266773/; classtype:trojan-activity;sid:84129873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/36.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266770/; classtype:trojan-activity;sid:84129870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/4.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266771/; classtype:trojan-activity;sid:84129871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/12.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266772/; classtype:trojan-activity;sid:84129872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/31.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266767/; classtype:trojan-activity;sid:84129867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/28.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266768/; classtype:trojan-activity;sid:84129868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/34.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266769/; classtype:trojan-activity;sid:84129869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/19.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266762/; classtype:trojan-activity;sid:84129862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/15.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266763/; classtype:trojan-activity;sid:84129863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/17.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266764/; classtype:trojan-activity;sid:84129864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/23.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266765/; classtype:trojan-activity;sid:84129865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/38.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266766/; classtype:trojan-activity;sid:84129866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/32.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266761/; classtype:trojan-activity;sid:84129861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/18.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266759/; classtype:trojan-activity;sid:84129859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/21.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266760/; classtype:trojan-activity;sid:84129860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.223.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266753/; classtype:trojan-activity;sid:84129853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/25.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266754/; classtype:trojan-activity;sid:84129854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/22.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266755/; classtype:trojan-activity;sid:84129855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/3.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266756/; classtype:trojan-activity;sid:84129856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/37.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266757/; classtype:trojan-activity;sid:84129857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/20.msi|3f|download=1"; depth:63; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266758/; classtype:trojan-activity;sid:84129858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/8.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266751/; classtype:trojan-activity;sid:84129851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.188.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266752/; classtype:trojan-activity;sid:84129852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.74.13.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266750/; classtype:trojan-activity;sid:84129850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jx4udt52k3d5pbynaajpgslddlsa/sucessomsi/0.msi|3f|download=1"; depth:62; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266749/; classtype:trojan-activity;sid:84129849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.52.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266748/; classtype:trojan-activity;sid:84129848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266746/; classtype:trojan-activity;sid:84129846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.242.128.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266743/; classtype:trojan-activity;sid:84129843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/30.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266713/; classtype:trojan-activity;sid:84129813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/33.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266714/; classtype:trojan-activity;sid:84129814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/18.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266715/; classtype:trojan-activity;sid:84129815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/12.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266718/; classtype:trojan-activity;sid:84129818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/24.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266721/; classtype:trojan-activity;sid:84129821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/0.dll"; depth:48; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266722/; classtype:trojan-activity;sid:84129822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/19.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266723/; classtype:trojan-activity;sid:84129823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/14.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266724/; classtype:trojan-activity;sid:84129824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/28.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266726/; classtype:trojan-activity;sid:84129826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/11.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266728/; classtype:trojan-activity;sid:84129828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/25.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266729/; classtype:trojan-activity;sid:84129829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/37.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266732/; classtype:trojan-activity;sid:84129832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/10.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266734/; classtype:trojan-activity;sid:84129834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/38.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266736/; classtype:trojan-activity;sid:84129836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/2.dll"; depth:48; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266737/; classtype:trojan-activity;sid:84129837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/4.dll"; depth:48; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266704/; classtype:trojan-activity;sid:84129804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/9.dll"; depth:48; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266705/; classtype:trojan-activity;sid:84129805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/7.dll"; depth:48; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266706/; classtype:trojan-activity;sid:84129806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/23.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266707/; classtype:trojan-activity;sid:84129807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/1.dll"; depth:48; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266708/; classtype:trojan-activity;sid:84129808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/22.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266709/; classtype:trojan-activity;sid:84129809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/3.dll"; depth:48; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266710/; classtype:trojan-activity;sid:84129810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/35.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266711/; classtype:trojan-activity;sid:84129811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/jwsqqoa72lerwh7hkrs25tf3qvca/sucessodll/13.dll"; depth:49; endswith; nocase; http.host; content:"link.storjshare.io"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266712/; classtype:trojan-activity;sid:84129812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/michuuu-5ba22.appspot.com/o/63001311000120020005899.zip|3f|alt=media|7c|26|7c|token=fe019158-45f2-4e53-86a7-2ded415cc332"; depth:126; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266703/; classtype:trojan-activity;sid:84129803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.110.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266702/; classtype:trojan-activity;sid:84129802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.196.78.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266701/; classtype:trojan-activity;sid:84129801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.154.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266700/; classtype:trojan-activity;sid:84129800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.138.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266699/; classtype:trojan-activity;sid:84129799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.68.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266698/; classtype:trojan-activity;sid:84129798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.18.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266697/; classtype:trojan-activity;sid:84129797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.164.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266696/; classtype:trojan-activity;sid:84129796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.54.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266695/; classtype:trojan-activity;sid:84129795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.90.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266694/; classtype:trojan-activity;sid:84129794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.201.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266693/; classtype:trojan-activity;sid:84129793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.59.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266692/; classtype:trojan-activity;sid:84129792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266691/; classtype:trojan-activity;sid:84129791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266690/; classtype:trojan-activity;sid:84129790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.13.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266689/; classtype:trojan-activity;sid:84129789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.142.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266688/; classtype:trojan-activity;sid:84129788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.14.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266687/; classtype:trojan-activity;sid:84129787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.21.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266686/; classtype:trojan-activity;sid:84129786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266685/; classtype:trojan-activity;sid:84129785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.242.128.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266684/; classtype:trojan-activity;sid:84129784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.145.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266683/; classtype:trojan-activity;sid:84129783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.73.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266682/; classtype:trojan-activity;sid:84129782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.233.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266681/; classtype:trojan-activity;sid:84129781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.113.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266680/; classtype:trojan-activity;sid:84129780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.72.225.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266679/; classtype:trojan-activity;sid:84129779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.55.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266678/; classtype:trojan-activity;sid:84129778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.192.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266677/; classtype:trojan-activity;sid:84129777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.161.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266675/; classtype:trojan-activity;sid:84129775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.169.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266676/; classtype:trojan-activity;sid:84129776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.38.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266674/; classtype:trojan-activity;sid:84129774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.59.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266673/; classtype:trojan-activity;sid:84129773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.55.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266671/; classtype:trojan-activity;sid:84129771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contando.exe"; depth:13; endswith; nocase; http.host; content:"dllmicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266672/; classtype:trojan-activity;sid:84129772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9.dll"; depth:6; endswith; nocase; http.host; content:"dllmicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266670/; classtype:trojan-activity;sid:84129770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266668/; classtype:trojan-activity;sid:84129768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266669/; classtype:trojan-activity;sid:84129769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266667/; classtype:trojan-activity;sid:84129767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266662/; classtype:trojan-activity;sid:84129762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266663/; classtype:trojan-activity;sid:84129763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266664/; classtype:trojan-activity;sid:84129764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266665/; classtype:trojan-activity;sid:84129765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266666/; classtype:trojan-activity;sid:84129766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266659/; classtype:trojan-activity;sid:84129759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266660/; classtype:trojan-activity;sid:84129760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266661/; classtype:trojan-activity;sid:84129761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266656/; classtype:trojan-activity;sid:84129756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266657/; classtype:trojan-activity;sid:84129757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266658/; classtype:trojan-activity;sid:84129758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.msi"; depth:6; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266651/; classtype:trojan-activity;sid:84129751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266652/; classtype:trojan-activity;sid:84129752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266653/; classtype:trojan-activity;sid:84129753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266654/; classtype:trojan-activity;sid:84129754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.msi"; depth:7; endswith; nocase; http.host; content:"msimicrosoft.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266655/; classtype:trojan-activity;sid:84129755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.128.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266650/; classtype:trojan-activity;sid:84129750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"yqkd.range.cccinvolve.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266649/; classtype:trojan-activity;sid:84129749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.4.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266648/; classtype:trojan-activity;sid:84129748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.248.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266647/; classtype:trojan-activity;sid:84129747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266646/; classtype:trojan-activity;sid:84129746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.59.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266645/; classtype:trojan-activity;sid:84129745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.155.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266644/; classtype:trojan-activity;sid:84129744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.0.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266642/; classtype:trojan-activity;sid:84129742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.159.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266643/; classtype:trojan-activity;sid:84129743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.145.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266641/; classtype:trojan-activity;sid:84129741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266638/; classtype:trojan-activity;sid:84129738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.36.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266639/; classtype:trojan-activity;sid:84129739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.233.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266640/; classtype:trojan-activity;sid:84129740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.254.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266637/; classtype:trojan-activity;sid:84129737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.200.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266636/; classtype:trojan-activity;sid:84129736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.3.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266635/; classtype:trojan-activity;sid:84129735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.167.175.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266634/; classtype:trojan-activity;sid:84129734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.84.250.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266633/; classtype:trojan-activity;sid:84129733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.26.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266632/; classtype:trojan-activity;sid:84129732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.192.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266631/; classtype:trojan-activity;sid:84129731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.159.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266630/; classtype:trojan-activity;sid:84129730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.35.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266629/; classtype:trojan-activity;sid:84129729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.143.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266628/; classtype:trojan-activity;sid:84129728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266627/; classtype:trojan-activity;sid:84129727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.72.225.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266626/; classtype:trojan-activity;sid:84129726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/refs/heads/main/khtoawdltrha.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266625/; classtype:trojan-activity;sid:84129725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/-pril/blob/main/dwthjadth.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266623/; classtype:trojan-activity;sid:84129723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/-pril/blob/main/kldrgawdtjawd.exe"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266624/; classtype:trojan-activity;sid:84129724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.34.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266622/; classtype:trojan-activity;sid:84129722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.88.109.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266621/; classtype:trojan-activity;sid:84129721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.200.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266620/; classtype:trojan-activity;sid:84129720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.36.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266619/; classtype:trojan-activity;sid:84129719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.134.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266617/; classtype:trojan-activity;sid:84129717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.187.82.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266618/; classtype:trojan-activity;sid:84129718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266616/; classtype:trojan-activity;sid:84129716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.221.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266615/; classtype:trojan-activity;sid:84129715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.62.79.230"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266614/; classtype:trojan-activity;sid:84129714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.254.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266613/; classtype:trojan-activity;sid:84129713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.3.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266612/; classtype:trojan-activity;sid:84129712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266611/; classtype:trojan-activity;sid:84129711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.84.250.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266610/; classtype:trojan-activity;sid:84129710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonuch1/start/raw/refs/heads/main/khtoawdltrha.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266609/; classtype:trojan-activity;sid:84129709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfw_installer.zip"; depth:18; endswith; nocase; http.host; content:"epsemaq.com.pe"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266606/; classtype:trojan-activity;sid:84129706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ekskemi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266605/; classtype:trojan-activity;sid:84129705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ifkrnmg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266598/; classtype:trojan-activity;sid:84129698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/rmoekkn.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266599/; classtype:trojan-activity;sid:84129699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/jdgmgjk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266600/; classtype:trojan-activity;sid:84129700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/agfshda.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266601/; classtype:trojan-activity;sid:84129701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/nemoaea.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266602/; classtype:trojan-activity;sid:84129702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/osimdcc.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266603/; classtype:trojan-activity;sid:84129703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kimidmd.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266604/; classtype:trojan-activity;sid:84129704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/msrhkof.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266592/; classtype:trojan-activity;sid:84129692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/bapaeea.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266593/; classtype:trojan-activity;sid:84129693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/aobjfrp.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266594/; classtype:trojan-activity;sid:84129694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fhboikc.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266595/; classtype:trojan-activity;sid:84129695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/mmkfpmi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266596/; classtype:trojan-activity;sid:84129696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/dreipmm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266597/; classtype:trojan-activity;sid:84129697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fmhfajs.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266586/; classtype:trojan-activity;sid:84129686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/miebjdc.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266587/; classtype:trojan-activity;sid:84129687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/dipahhd.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266588/; classtype:trojan-activity;sid:84129688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/facpkne.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266589/; classtype:trojan-activity;sid:84129689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/mgdikrb.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266590/; classtype:trojan-activity;sid:84129690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/biaiifd.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266591/; classtype:trojan-activity;sid:84129691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ahpfabk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266582/; classtype:trojan-activity;sid:84129682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/jnsffih.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266583/; classtype:trojan-activity;sid:84129683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/adkrinm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266584/; classtype:trojan-activity;sid:84129684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/rikbaoe.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266585/; classtype:trojan-activity;sid:84129685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/nicffck.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266574/; classtype:trojan-activity;sid:84129674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/bmhifoa.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266575/; classtype:trojan-activity;sid:84129675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/skbrdsg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266576/; classtype:trojan-activity;sid:84129676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/mihkmkm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266577/; classtype:trojan-activity;sid:84129677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fcddfdp.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266578/; classtype:trojan-activity;sid:84129678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ordbemi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266579/; classtype:trojan-activity;sid:84129679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/magrdra.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266580/; classtype:trojan-activity;sid:84129680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/gbmpiap.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266581/; classtype:trojan-activity;sid:84129681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fckiffn.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266567/; classtype:trojan-activity;sid:84129667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kkfpmej.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266568/; classtype:trojan-activity;sid:84129668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/anbssss.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266569/; classtype:trojan-activity;sid:84129669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/bmksccp.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266570/; classtype:trojan-activity;sid:84129670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/daishhs.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266571/; classtype:trojan-activity;sid:84129671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/hfffmip.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266572/; classtype:trojan-activity;sid:84129672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/esjnrdg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266573/; classtype:trojan-activity;sid:84129673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/refggdi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266562/; classtype:trojan-activity;sid:84129662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/aemodkg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266563/; classtype:trojan-activity;sid:84129663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ihgaeii.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266564/; classtype:trojan-activity;sid:84129664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/prfkari.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266565/; classtype:trojan-activity;sid:84129665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/gjkrkha.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266566/; classtype:trojan-activity;sid:84129666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fiebagh.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266558/; classtype:trojan-activity;sid:84129658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/mkiormi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266559/; classtype:trojan-activity;sid:84129659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.162.103.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266560/; classtype:trojan-activity;sid:84129660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/idmdpea.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266561/; classtype:trojan-activity;sid:84129661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/phemfee.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266555/; classtype:trojan-activity;sid:84129655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.196.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266556/; classtype:trojan-activity;sid:84129656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kaohkrb.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266557/; classtype:trojan-activity;sid:84129657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/idafmps.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266554/; classtype:trojan-activity;sid:84129654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kmdndce.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266553/; classtype:trojan-activity;sid:84129653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/hmfskka.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266552/; classtype:trojan-activity;sid:84129652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.123.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266551/; classtype:trojan-activity;sid:84129651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.245.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266550/; classtype:trojan-activity;sid:84129650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.143.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266548/; classtype:trojan-activity;sid:84129648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.163.157.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266549/; classtype:trojan-activity;sid:84129649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.94.124.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266547/; classtype:trojan-activity;sid:84129647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266545/; classtype:trojan-activity;sid:84129645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.26.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266546/; classtype:trojan-activity;sid:84129646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool03/plugin2.dll"; depth:20; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266544/; classtype:trojan-activity;sid:84129644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool04/containmarketingpro.zip"; depth:32; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266543/; classtype:trojan-activity;sid:84129643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/effortofficepro.zip"; depth:28; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266542/; classtype:trojan-activity;sid:84129642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool03/plugin1.dll"; depth:20; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266540/; classtype:trojan-activity;sid:84129640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/efforttoffice.exe"; depth:26; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266541/; classtype:trojan-activity;sid:84129641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/jmkjslnf.dat"; depth:21; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266534/; classtype:trojan-activity;sid:84129634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/odgcgoez.wav"; depth:21; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266535/; classtype:trojan-activity;sid:84129635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/vpiwntcglx.mp3"; depth:23; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266536/; classtype:trojan-activity;sid:84129636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskprobr.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266537/; classtype:trojan-activity;sid:84129637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool03/cuyfu.wav"; depth:18; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266538/; classtype:trojan-activity;sid:84129638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskproin.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266539/; classtype:trojan-activity;sid:84129639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/seniorcommunicatepro.exe"; depth:33; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266524/; classtype:trojan-activity;sid:84129624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskpropl.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266525/; classtype:trojan-activity;sid:84129625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskprode.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266526/; classtype:trojan-activity;sid:84129626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/beymyz.mp4"; depth:19; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266527/; classtype:trojan-activity;sid:84129627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool04/dabhw.wav"; depth:18; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266528/; classtype:trojan-activity;sid:84129628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskprogu.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266529/; classtype:trojan-activity;sid:84129629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskprogr.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266530/; classtype:trojan-activity;sid:84129630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskpro.exe"; depth:25; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266531/; classtype:trojan-activity;sid:84129631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskprofl.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266532/; classtype:trojan-activity;sid:84129632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/rhxkjsv.pdf"; depth:20; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266533/; classtype:trojan-activity;sid:84129633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.28.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266515/; classtype:trojan-activity;sid:84129615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskprose.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266516/; classtype:trojan-activity;sid:84129616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskprosr.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266517/; classtype:trojan-activity;sid:84129617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskproae.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266518/; classtype:trojan-activity;sid:84129618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/ewdym.vdf"; depth:18; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266519/; classtype:trojan-activity;sid:84129619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool01/lwtnj.wav"; depth:18; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266520/; classtype:trojan-activity;sid:84129620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool03/plugin3.dll"; depth:20; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266521/; classtype:trojan-activity;sid:84129621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool03/sameconcentratepro.exe"; depth:31; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266522/; classtype:trojan-activity;sid:84129622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spool02/focustaskproby.exe"; depth:27; endswith; nocase; http.host; content:"46.8.237.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266523/; classtype:trojan-activity;sid:84129623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.220.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266514/; classtype:trojan-activity;sid:84129614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.34.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266513/; classtype:trojan-activity;sid:84129613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.229.134.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266512/; classtype:trojan-activity;sid:84129612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.27.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266511/; classtype:trojan-activity;sid:84129611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266510/; classtype:trojan-activity;sid:84129610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.221.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266509/; classtype:trojan-activity;sid:84129609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.117.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266508/; classtype:trojan-activity;sid:84129608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/start/msk.txt"; depth:14; endswith; nocase; http.host; content:"filereadfrst.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266500/; classtype:trojan-activity;sid:84129600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxt/csm.txt"; depth:12; endswith; nocase; http.host; content:"surficingpag.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266501/; classtype:trojan-activity;sid:84129601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xfile.zip"; depth:10; endswith; nocase; http.host; content:"myacpagload.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266502/; classtype:trojan-activity;sid:84129602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.armv6"; depth:11; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266503/; classtype:trojan-activity;sid:84129603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/go/xh.txt"; depth:10; endswith; nocase; http.host; content:"myacpagload.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266504/; classtype:trojan-activity;sid:84129604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cosmo.zip"; depth:10; endswith; nocase; http.host; content:"surficingpag.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266505/; classtype:trojan-activity;sid:84129605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/musk.zip"; depth:9; endswith; nocase; http.host; content:"filereadfrst.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266506/; classtype:trojan-activity;sid:84129606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.arm64"; depth:11; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266507/; classtype:trojan-activity;sid:84129607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.i386"; depth:10; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266499/; classtype:trojan-activity;sid:84129599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mips"; depth:10; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266498/; classtype:trojan-activity;sid:84129598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.x86_64"; depth:12; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266495/; classtype:trojan-activity;sid:84129595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.armv5"; depth:11; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266496/; classtype:trojan-activity;sid:84129596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.arm"; depth:9; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266497/; classtype:trojan-activity;sid:84129597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.i686"; depth:10; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266493/; classtype:trojan-activity;sid:84129593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zone.mipsle"; depth:12; endswith; nocase; http.host; content:"column.mrbasic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266494/; classtype:trojan-activity;sid:84129594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb9cc10e175e1537/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.91.200.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266492/; classtype:trojan-activity;sid:84129592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.8.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266491/; classtype:trojan-activity;sid:84129591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.196.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266490/; classtype:trojan-activity;sid:84129590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.62.79.230"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266489/; classtype:trojan-activity;sid:84129589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.195.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266488/; classtype:trojan-activity;sid:84129588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.194.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266486/; classtype:trojan-activity;sid:84129586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.21.109.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266487/; classtype:trojan-activity;sid:84129587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.5.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266485/; classtype:trojan-activity;sid:84129585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.38.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266484/; classtype:trojan-activity;sid:84129584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.248.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266483/; classtype:trojan-activity;sid:84129583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.97.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266482/; classtype:trojan-activity;sid:84129582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266481/; classtype:trojan-activity;sid:84129581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.70.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266480/; classtype:trojan-activity;sid:84129580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266479/; classtype:trojan-activity;sid:84129579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.190.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266478/; classtype:trojan-activity;sid:84129578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.8.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266477/; classtype:trojan-activity;sid:84129577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.84.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266476/; classtype:trojan-activity;sid:84129576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.107.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266475/; classtype:trojan-activity;sid:84129575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.161.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266474/; classtype:trojan-activity;sid:84129574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.250.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266473/; classtype:trojan-activity;sid:84129573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266472/; classtype:trojan-activity;sid:84129572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.232.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266471/; classtype:trojan-activity;sid:84129571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.126.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266470/; classtype:trojan-activity;sid:84129570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.225.101.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266469/; classtype:trojan-activity;sid:84129569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.98.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266468/; classtype:trojan-activity;sid:84129568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.97.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266467/; classtype:trojan-activity;sid:84129567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.36.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266466/; classtype:trojan-activity;sid:84129566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.169.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266465/; classtype:trojan-activity;sid:84129565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266464/; classtype:trojan-activity;sid:84129564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.1.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266463/; classtype:trojan-activity;sid:84129563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.70.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266462/; classtype:trojan-activity;sid:84129562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.152.9.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266460/; classtype:trojan-activity;sid:84129560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.163.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266461/; classtype:trojan-activity;sid:84129561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.115.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266459/; classtype:trojan-activity;sid:84129559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.104.126.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266458/; classtype:trojan-activity;sid:84129558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.94.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266457/; classtype:trojan-activity;sid:84129557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.126.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266456/; classtype:trojan-activity;sid:84129556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266455/; classtype:trojan-activity;sid:84129555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.191.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266454/; classtype:trojan-activity;sid:84129554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.151.73.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266453/; classtype:trojan-activity;sid:84129553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.29.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266452/; classtype:trojan-activity;sid:84129552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.230.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266451/; classtype:trojan-activity;sid:84129551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.225.101.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266450/; classtype:trojan-activity;sid:84129550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.35.50.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266449/; classtype:trojan-activity;sid:84129549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.127.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266448/; classtype:trojan-activity;sid:84129548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.78.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266447/; classtype:trojan-activity;sid:84129547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266446/; classtype:trojan-activity;sid:84129546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.98.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266445/; classtype:trojan-activity;sid:84129545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.100.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266444/; classtype:trojan-activity;sid:84129544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.95.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266442/; classtype:trojan-activity;sid:84129542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.100.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266443/; classtype:trojan-activity;sid:84129543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266441/; classtype:trojan-activity;sid:84129541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266438/; classtype:trojan-activity;sid:84129538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266439/; classtype:trojan-activity;sid:84129539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266440/; classtype:trojan-activity;sid:84129540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266437/; classtype:trojan-activity;sid:84129537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266436/; classtype:trojan-activity;sid:84129536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.152.9.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266435/; classtype:trojan-activity;sid:84129535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.94.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266434/; classtype:trojan-activity;sid:84129534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.244.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266433/; classtype:trojan-activity;sid:84129533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.35.50.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266432/; classtype:trojan-activity;sid:84129532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.85.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266431/; classtype:trojan-activity;sid:84129531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.180.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266430/; classtype:trojan-activity;sid:84129530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.67.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266429/; classtype:trojan-activity;sid:84129529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.82.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266428/; classtype:trojan-activity;sid:84129528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.133.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266426/; classtype:trojan-activity;sid:84129526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.231.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266427/; classtype:trojan-activity;sid:84129527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.103.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266424/; classtype:trojan-activity;sid:84129524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.67.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266425/; classtype:trojan-activity;sid:84129525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.162.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266423/; classtype:trojan-activity;sid:84129523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.107.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266422/; classtype:trojan-activity;sid:84129522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.23.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266421/; classtype:trojan-activity;sid:84129521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.84.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266420/; classtype:trojan-activity;sid:84129520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266419/; classtype:trojan-activity;sid:84129519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.162.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266418/; classtype:trojan-activity;sid:84129518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.245.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266417/; classtype:trojan-activity;sid:84129517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266416/; classtype:trojan-activity;sid:84129516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.169.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266415/; classtype:trojan-activity;sid:84129515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.61.18.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266414/; classtype:trojan-activity;sid:84129514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.215.252.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266413/; classtype:trojan-activity;sid:84129513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266412/; classtype:trojan-activity;sid:84129512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.100.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266411/; classtype:trojan-activity;sid:84129511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.95.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266410/; classtype:trojan-activity;sid:84129510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.168.41.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266409/; classtype:trojan-activity;sid:84129509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266408/; classtype:trojan-activity;sid:84129508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.214.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266407/; classtype:trojan-activity;sid:84129507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.113.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266406/; classtype:trojan-activity;sid:84129506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.190.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266405/; classtype:trojan-activity;sid:84129505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.162.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266404/; classtype:trojan-activity;sid:84129504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.132.141.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266403/; classtype:trojan-activity;sid:84129503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.100.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266402/; classtype:trojan-activity;sid:84129502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.160.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266400/; classtype:trojan-activity;sid:84129500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.121.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266401/; classtype:trojan-activity;sid:84129501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.67.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266398/; classtype:trojan-activity;sid:84129498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.12.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266399/; classtype:trojan-activity;sid:84129499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266397/; classtype:trojan-activity;sid:84129497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.114.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266396/; classtype:trojan-activity;sid:84129496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.245.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266395/; classtype:trojan-activity;sid:84129495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266394/; classtype:trojan-activity;sid:84129494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.20.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266393/; classtype:trojan-activity;sid:84129493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.201.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266392/; classtype:trojan-activity;sid:84129492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.47.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266390/; classtype:trojan-activity;sid:84129490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.196.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266391/; classtype:trojan-activity;sid:84129491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.183.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266389/; classtype:trojan-activity;sid:84129489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.85.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266388/; classtype:trojan-activity;sid:84129488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.113.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266387/; classtype:trojan-activity;sid:84129487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.125.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266386/; classtype:trojan-activity;sid:84129486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.229.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266385/; classtype:trojan-activity;sid:84129485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.192.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266384/; classtype:trojan-activity;sid:84129484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.58.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266383/; classtype:trojan-activity;sid:84129483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.173.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266382/; classtype:trojan-activity;sid:84129482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.247.88.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266381/; classtype:trojan-activity;sid:84129481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.86.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266380/; classtype:trojan-activity;sid:84129480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.190.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266379/; classtype:trojan-activity;sid:84129479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.25.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266378/; classtype:trojan-activity;sid:84129478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.47.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266377/; classtype:trojan-activity;sid:84129477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.132.141.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266376/; classtype:trojan-activity;sid:84129476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.25.60"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266375/; classtype:trojan-activity;sid:84129475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266374/; classtype:trojan-activity;sid:84129474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.162.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266372/; classtype:trojan-activity;sid:84129472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.190.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266373/; classtype:trojan-activity;sid:84129473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.21.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266371/; classtype:trojan-activity;sid:84129471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpp/chrome_131.exe"; depth:20; endswith; nocase; http.host; content:"gosp.clinicavertigen.com"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266370/; classtype:trojan-activity;sid:84129470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.196.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266369/; classtype:trojan-activity;sid:84129469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.140.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266368/; classtype:trojan-activity;sid:84129468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266364/; classtype:trojan-activity;sid:84129464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266365/; classtype:trojan-activity;sid:84129465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266366/; classtype:trojan-activity;sid:84129466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266367/; classtype:trojan-activity;sid:84129467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266363/; classtype:trojan-activity;sid:84129463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.250.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266362/; classtype:trojan-activity;sid:84129462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266361/; classtype:trojan-activity;sid:84129461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.127.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266359/; classtype:trojan-activity;sid:84129459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266360/; classtype:trojan-activity;sid:84129460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266356/; classtype:trojan-activity;sid:84129456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266357/; classtype:trojan-activity;sid:84129457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"154.216.20.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266358/; classtype:trojan-activity;sid:84129458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.145.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266355/; classtype:trojan-activity;sid:84129455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.190.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266354/; classtype:trojan-activity;sid:84129454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.86.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266353/; classtype:trojan-activity;sid:84129453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrigdaemon"; depth:12; endswith; nocase; http.host; content:"45.202.35.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266351/; classtype:trojan-activity;sid:84129451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266352/; classtype:trojan-activity;sid:84129452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.174.69.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266349/; classtype:trojan-activity;sid:84129449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrigminer"; depth:11; endswith; nocase; http.host; content:"45.202.35.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266350/; classtype:trojan-activity;sid:84129450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266348/; classtype:trojan-activity;sid:84129448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266347/; classtype:trojan-activity;sid:84129447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.247.88.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266346/; classtype:trojan-activity;sid:84129446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.210.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266345/; classtype:trojan-activity;sid:84129445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.224.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266344/; classtype:trojan-activity;sid:84129444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266343/; classtype:trojan-activity;sid:84129443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.132.148.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266342/; classtype:trojan-activity;sid:84129442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266341/; classtype:trojan-activity;sid:84129441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.190.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266340/; classtype:trojan-activity;sid:84129440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.42.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266339/; classtype:trojan-activity;sid:84129439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.24.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266338/; classtype:trojan-activity;sid:84129438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.210.237.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266337/; classtype:trojan-activity;sid:84129437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.55.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266336/; classtype:trojan-activity;sid:84129436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.177.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266335/; classtype:trojan-activity;sid:84129435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.174.69.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266334/; classtype:trojan-activity;sid:84129434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266333/; classtype:trojan-activity;sid:84129433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.163.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266332/; classtype:trojan-activity;sid:84129432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.142.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266331/; classtype:trojan-activity;sid:84129431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.19.234"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266330/; classtype:trojan-activity;sid:84129430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266329/; classtype:trojan-activity;sid:84129429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.173.74.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266328/; classtype:trojan-activity;sid:84129428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.42.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266327/; classtype:trojan-activity;sid:84129427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/88bc5a06-4508fd9f-e267-4f3f-a9ef-d1e0a8c98424/demand-letter.zip"; depth:64; endswith; nocase; http.host; content:"s3.timeweb.cloud"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266326/; classtype:trojan-activity;sid:84129426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.4.201"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266325/; classtype:trojan-activity;sid:84129425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266324/; classtype:trojan-activity;sid:84129424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.179.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266323/; classtype:trojan-activity;sid:84129423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.149.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266322/; classtype:trojan-activity;sid:84129422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.211.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266321/; classtype:trojan-activity;sid:84129421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.239.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266320/; classtype:trojan-activity;sid:84129420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.6.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266319/; classtype:trojan-activity;sid:84129419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.48.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266318/; classtype:trojan-activity;sid:84129418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.68.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266317/; classtype:trojan-activity;sid:84129417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266316/; classtype:trojan-activity;sid:84129416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.108.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266315/; classtype:trojan-activity;sid:84129415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.77.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266314/; classtype:trojan-activity;sid:84129414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.149.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266313/; classtype:trojan-activity;sid:84129413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.239.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266312/; classtype:trojan-activity;sid:84129412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.245.219.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266310/; classtype:trojan-activity;sid:84129410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.131.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266311/; classtype:trojan-activity;sid:84129411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.71.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266309/; classtype:trojan-activity;sid:84129409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266308/; classtype:trojan-activity;sid:84129408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.108.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266307/; classtype:trojan-activity;sid:84129407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.216.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266306/; classtype:trojan-activity;sid:84129406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.128.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266305/; classtype:trojan-activity;sid:84129405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.154.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266304/; classtype:trojan-activity;sid:84129404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.48.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266303/; classtype:trojan-activity;sid:84129403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.20.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266302/; classtype:trojan-activity;sid:84129402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266301/; classtype:trojan-activity;sid:84129401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.21.160.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266298/; classtype:trojan-activity;sid:84129398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.248.25.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266299/; classtype:trojan-activity;sid:84129399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.33.40.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266300/; classtype:trojan-activity;sid:84129400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.124.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266297/; classtype:trojan-activity;sid:84129397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.31.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266296/; classtype:trojan-activity;sid:84129396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.39.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266294/; classtype:trojan-activity;sid:84129394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.45.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266295/; classtype:trojan-activity;sid:84129395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.90.38.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266293/; classtype:trojan-activity;sid:84129393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266292/; classtype:trojan-activity;sid:84129392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.121.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266291/; classtype:trojan-activity;sid:84129391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.49.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266290/; classtype:trojan-activity;sid:84129390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.91.103.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266289/; classtype:trojan-activity;sid:84129389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.165.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266288/; classtype:trojan-activity;sid:84129388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.222.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266287/; classtype:trojan-activity;sid:84129387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.5.11.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266286/; classtype:trojan-activity;sid:84129386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.154.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266285/; classtype:trojan-activity;sid:84129385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.25.209.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266284/; classtype:trojan-activity;sid:84129384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266283/; classtype:trojan-activity;sid:84129383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.203.2.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266282/; classtype:trojan-activity;sid:84129382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.191.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266281/; classtype:trojan-activity;sid:84129381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.91.227.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266280/; classtype:trojan-activity;sid:84129380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"210.6.61.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266279/; classtype:trojan-activity;sid:84129379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.150.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266278/; classtype:trojan-activity;sid:84129378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.15.179"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266277/; classtype:trojan-activity;sid:84129377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.194.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266276/; classtype:trojan-activity;sid:84129376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.77.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266274/; classtype:trojan-activity;sid:84129374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.128.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266275/; classtype:trojan-activity;sid:84129375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.17.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266273/; classtype:trojan-activity;sid:84129373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.154.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266272/; classtype:trojan-activity;sid:84129372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.7.225.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266271/; classtype:trojan-activity;sid:84129371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.28.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266270/; classtype:trojan-activity;sid:84129370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266269/; classtype:trojan-activity;sid:84129369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.26.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266268/; classtype:trojan-activity;sid:84129368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.253.228.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266267/; classtype:trojan-activity;sid:84129367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266266/; classtype:trojan-activity;sid:84129366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.66.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266265/; classtype:trojan-activity;sid:84129365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.214.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266264/; classtype:trojan-activity;sid:84129364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.99.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266263/; classtype:trojan-activity;sid:84129363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.96.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266262/; classtype:trojan-activity;sid:84129362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.203.2.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266261/; classtype:trojan-activity;sid:84129361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266260/; classtype:trojan-activity;sid:84129360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.119.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266259/; classtype:trojan-activity;sid:84129359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.17.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266258/; classtype:trojan-activity;sid:84129358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.0.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266257/; classtype:trojan-activity;sid:84129357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.42.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266256/; classtype:trojan-activity;sid:84129356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266255/; classtype:trojan-activity;sid:84129355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.28.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266254/; classtype:trojan-activity;sid:84129354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.200.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266253/; classtype:trojan-activity;sid:84129353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.9.254.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266252/; classtype:trojan-activity;sid:84129352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266251/; classtype:trojan-activity;sid:84129351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.191.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266250/; classtype:trojan-activity;sid:84129350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266249/; classtype:trojan-activity;sid:84129349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266248/; classtype:trojan-activity;sid:84129348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.201.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266247/; classtype:trojan-activity;sid:84129347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.103.98.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266246/; classtype:trojan-activity;sid:84129346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.38.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266245/; classtype:trojan-activity;sid:84129345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.69.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266244/; classtype:trojan-activity;sid:84129344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.242.38.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266243/; classtype:trojan-activity;sid:84129343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.113.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266242/; classtype:trojan-activity;sid:84129342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.4.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266241/; classtype:trojan-activity;sid:84129341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.48.73.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266240/; classtype:trojan-activity;sid:84129340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.199.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266239/; classtype:trojan-activity;sid:84129339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.90.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266238/; classtype:trojan-activity;sid:84129338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"165.154.162.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266237/; classtype:trojan-activity;sid:84129337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266236/; classtype:trojan-activity;sid:84129336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.17.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266235/; classtype:trojan-activity;sid:84129335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.191.83.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266234/; classtype:trojan-activity;sid:84129334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.211.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266233/; classtype:trojan-activity;sid:84129333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266232/; classtype:trojan-activity;sid:84129332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.59.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266231/; classtype:trojan-activity;sid:84129331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.89.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266230/; classtype:trojan-activity;sid:84129330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"112.124.71.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266229/; classtype:trojan-activity;sid:84129329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266228/; classtype:trojan-activity;sid:84129328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266227/; classtype:trojan-activity;sid:84129327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.76.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266226/; classtype:trojan-activity;sid:84129326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.200.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266224/; classtype:trojan-activity;sid:84129324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.70.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266225/; classtype:trojan-activity;sid:84129325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.128.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266223/; classtype:trojan-activity;sid:84129323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackirby/wallets-injection/raw/main/exodus.asar"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266222/; classtype:trojan-activity;sid:84129322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackirby/wallets-injection/raw/main/atomic.asar"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266221/; classtype:trojan-activity;sid:84129321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/test.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266220/; classtype:trojan-activity;sid:84129320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266219/; classtype:trojan-activity;sid:84129319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.204.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266218/; classtype:trojan-activity;sid:84129318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266217/; classtype:trojan-activity;sid:84129317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nguyentri38.exe"; depth:16; endswith; nocase; http.host; content:"193.233.48.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266216/; classtype:trojan-activity;sid:84129316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app64.exe"; depth:10; endswith; nocase; http.host; content:"45.151.62.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266215/; classtype:trojan-activity;sid:84129315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowstdriverautoupdater_x64.exe"; depth:34; endswith; nocase; http.host; content:"193.233.48.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266213/; classtype:trojan-activity;sid:84129313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boooba.exe"; depth:11; endswith; nocase; http.host; content:"193.233.48.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266214/; classtype:trojan-activity;sid:84129314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updater.exe"; depth:12; endswith; nocase; http.host; content:"193.233.48.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266211/; classtype:trojan-activity;sid:84129311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app64.exe"; depth:10; endswith; nocase; http.host; content:"193.233.48.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266212/; classtype:trojan-activity;sid:84129312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anubis.exe"; depth:11; endswith; nocase; http.host; content:"193.233.48.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266209/; classtype:trojan-activity;sid:84129309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skuld3.exe"; depth:11; endswith; nocase; http.host; content:"193.233.48.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266210/; classtype:trojan-activity;sid:84129310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.230.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266207/; classtype:trojan-activity;sid:84129307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.157.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266205/; classtype:trojan-activity;sid:84129305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.38.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266206/; classtype:trojan-activity;sid:84129306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.211.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266204/; classtype:trojan-activity;sid:84129304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"thtw.range.cccinvolve.org"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266203/; classtype:trojan-activity;sid:84129303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.187.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266202/; classtype:trojan-activity;sid:84129302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.66.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266200/; classtype:trojan-activity;sid:84129300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.184.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266198/; classtype:trojan-activity;sid:84129298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266196/; classtype:trojan-activity;sid:84129296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.205.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266195/; classtype:trojan-activity;sid:84129295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.172.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266194/; classtype:trojan-activity;sid:84129294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.253.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266193/; classtype:trojan-activity;sid:84129293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.122.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266191/; classtype:trojan-activity;sid:84129291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.196.170.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266192/; classtype:trojan-activity;sid:84129292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.101.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266188/; classtype:trojan-activity;sid:84129288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.191.83.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266187/; classtype:trojan-activity;sid:84129287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.puscarie/.report_system"; depth:25; endswith; nocase; http.host; content:"xkobeimparatu.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266185/; classtype:trojan-activity;sid:84129285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.puscarie/.main"; depth:16; endswith; nocase; http.host; content:"xkobeimparatu.net"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266184/; classtype:trojan-activity;sid:84129284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.174.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266183/; classtype:trojan-activity;sid:84129283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.59.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266182/; classtype:trojan-activity;sid:84129282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.168.71.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266181/; classtype:trojan-activity;sid:84129281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.16.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266180/; classtype:trojan-activity;sid:84129280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.130.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266179/; classtype:trojan-activity;sid:84129279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.45.56.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266178/; classtype:trojan-activity;sid:84129278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.82.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266177/; classtype:trojan-activity;sid:84129277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.174.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266176/; classtype:trojan-activity;sid:84129276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.126.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266175/; classtype:trojan-activity;sid:84129275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.92.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266174/; classtype:trojan-activity;sid:84129274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.204.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266173/; classtype:trojan-activity;sid:84129273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.187.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266172/; classtype:trojan-activity;sid:84129272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266171/; classtype:trojan-activity;sid:84129271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.121.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266170/; classtype:trojan-activity;sid:84129270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266169/; classtype:trojan-activity;sid:84129269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266168/; classtype:trojan-activity;sid:84129268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.118.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266167/; classtype:trojan-activity;sid:84129267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clipacheat/chaaa/raw/refs/heads/main/built.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266166/; classtype:trojan-activity;sid:84129266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.101.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266165/; classtype:trojan-activity;sid:84129265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.138.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266164/; classtype:trojan-activity;sid:84129264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.127.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266163/; classtype:trojan-activity;sid:84129263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.102.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266162/; classtype:trojan-activity;sid:84129262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.126.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266161/; classtype:trojan-activity;sid:84129261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.191.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266160/; classtype:trojan-activity;sid:84129260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.161.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266159/; classtype:trojan-activity;sid:84129259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.126.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266158/; classtype:trojan-activity;sid:84129258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.163.241.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266157/; classtype:trojan-activity;sid:84129257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.33.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266156/; classtype:trojan-activity;sid:84129256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.215.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266155/; classtype:trojan-activity;sid:84129255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.121.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266153/; classtype:trojan-activity;sid:84129253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266154/; classtype:trojan-activity;sid:84129254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.116.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266152/; classtype:trojan-activity;sid:84129252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.21.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266151/; classtype:trojan-activity;sid:84129251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266150/; classtype:trojan-activity;sid:84129250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.48.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266149/; classtype:trojan-activity;sid:84129249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.116.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266148/; classtype:trojan-activity;sid:84129248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.245.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266147/; classtype:trojan-activity;sid:84129247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"152.252.84.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266146/; classtype:trojan-activity;sid:84129246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266145/; classtype:trojan-activity;sid:84129245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"69.117.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266144/; classtype:trojan-activity;sid:84129244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.140.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266143/; classtype:trojan-activity;sid:84129243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.166.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266142/; classtype:trojan-activity;sid:84129242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.215.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266141/; classtype:trojan-activity;sid:84129241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266140/; classtype:trojan-activity;sid:84129240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.161.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266139/; classtype:trojan-activity;sid:84129239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.188.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266138/; classtype:trojan-activity;sid:84129238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.7.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266137/; classtype:trojan-activity;sid:84129237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.191.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266136/; classtype:trojan-activity;sid:84129236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.43.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266135/; classtype:trojan-activity;sid:84129235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.248.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266134/; classtype:trojan-activity;sid:84129234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.218.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266133/; classtype:trojan-activity;sid:84129233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.126.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266132/; classtype:trojan-activity;sid:84129232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.47.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266131/; classtype:trojan-activity;sid:84129231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.88.109.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266130/; classtype:trojan-activity;sid:84129230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.162.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266129/; classtype:trojan-activity;sid:84129229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266128/; classtype:trojan-activity;sid:84129228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.25.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266127/; classtype:trojan-activity;sid:84129227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.204.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266126/; classtype:trojan-activity;sid:84129226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.58.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266125/; classtype:trojan-activity;sid:84129225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266124/; classtype:trojan-activity;sid:84129224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.5.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266123/; classtype:trojan-activity;sid:84129223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266122/; classtype:trojan-activity;sid:84129222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.65.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266121/; classtype:trojan-activity;sid:84129221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.244.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266120/; classtype:trojan-activity;sid:84129220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.215.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266119/; classtype:trojan-activity;sid:84129219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266118/; classtype:trojan-activity;sid:84129218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.188.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266117/; classtype:trojan-activity;sid:84129217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.153.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266116/; classtype:trojan-activity;sid:84129216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.126.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266115/; classtype:trojan-activity;sid:84129215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.47.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266114/; classtype:trojan-activity;sid:84129214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.216.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266113/; classtype:trojan-activity;sid:84129213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.115.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266112/; classtype:trojan-activity;sid:84129212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.96.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266111/; classtype:trojan-activity;sid:84129211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.228.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266110/; classtype:trojan-activity;sid:84129210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.122.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266109/; classtype:trojan-activity;sid:84129209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.192.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266108/; classtype:trojan-activity;sid:84129208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266107/; classtype:trojan-activity;sid:84129207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.31.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266105/; classtype:trojan-activity;sid:84129205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.248.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266106/; classtype:trojan-activity;sid:84129206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.63.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266104/; classtype:trojan-activity;sid:84129204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.135.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266103/; classtype:trojan-activity;sid:84129203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.244.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266101/; classtype:trojan-activity;sid:84129201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.190.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266102/; classtype:trojan-activity;sid:84129202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.39.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266100/; classtype:trojan-activity;sid:84129200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.214.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266099/; classtype:trojan-activity;sid:84129199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.162.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266098/; classtype:trojan-activity;sid:84129198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.45.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266097/; classtype:trojan-activity;sid:84129197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.24.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266096/; classtype:trojan-activity;sid:84129196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.108.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266095/; classtype:trojan-activity;sid:84129195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.228.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266094/; classtype:trojan-activity;sid:84129194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.122.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266093/; classtype:trojan-activity;sid:84129193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.169.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266092/; classtype:trojan-activity;sid:84129192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.43.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266090/; classtype:trojan-activity;sid:84129190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266091/; classtype:trojan-activity;sid:84129191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.88.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266089/; classtype:trojan-activity;sid:84129189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.154.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266088/; classtype:trojan-activity;sid:84129188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.3.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266087/; classtype:trojan-activity;sid:84129187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.43.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266086/; classtype:trojan-activity;sid:84129186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.73.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266085/; classtype:trojan-activity;sid:84129185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266084/; classtype:trojan-activity;sid:84129184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.124.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266083/; classtype:trojan-activity;sid:84129183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.135.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266082/; classtype:trojan-activity;sid:84129182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.39.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266081/; classtype:trojan-activity;sid:84129181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.118.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266080/; classtype:trojan-activity;sid:84129180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.1.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266079/; classtype:trojan-activity;sid:84129179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.153.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266078/; classtype:trojan-activity;sid:84129178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.208.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266077/; classtype:trojan-activity;sid:84129177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.65.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266076/; classtype:trojan-activity;sid:84129176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.215.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266075/; classtype:trojan-activity;sid:84129175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.23.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266074/; classtype:trojan-activity;sid:84129174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.90.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266073/; classtype:trojan-activity;sid:84129173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.43.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266072/; classtype:trojan-activity;sid:84129172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.32.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266071/; classtype:trojan-activity;sid:84129171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmeta___.bat"; depth:13; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266066/; classtype:trojan-activity;sid:84129166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmeta___.bat"; depth:13; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266067/; classtype:trojan-activity;sid:84129167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.bat"; depth:6; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266068/; classtype:trojan-activity;sid:84129168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kling.bat"; depth:10; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266069/; classtype:trojan-activity;sid:84129169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.bat"; depth:6; endswith; nocase; http.host; content:"klingdow.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266070/; classtype:trojan-activity;sid:84129170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.149.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266065/; classtype:trojan-activity;sid:84129165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.177.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266064/; classtype:trojan-activity;sid:84129164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.5.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266063/; classtype:trojan-activity;sid:84129163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.173.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266062/; classtype:trojan-activity;sid:84129162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266061/; classtype:trojan-activity;sid:84129161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266060/; classtype:trojan-activity;sid:84129160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266059/; classtype:trojan-activity;sid:84129159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.73.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266058/; classtype:trojan-activity;sid:84129158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.93.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266057/; classtype:trojan-activity;sid:84129157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.164.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266056/; classtype:trojan-activity;sid:84129156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.32.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266055/; classtype:trojan-activity;sid:84129155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.90.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266054/; classtype:trojan-activity;sid:84129154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.101.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266053/; classtype:trojan-activity;sid:84129153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"rwvfe.range.cccinvolve.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266052/; classtype:trojan-activity;sid:84129152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.61.196.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266051/; classtype:trojan-activity;sid:84129151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.86.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266050/; classtype:trojan-activity;sid:84129150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.85.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266049/; classtype:trojan-activity;sid:84129149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.106.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266048/; classtype:trojan-activity;sid:84129148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.248.114.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266047/; classtype:trojan-activity;sid:84129147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266046/; classtype:trojan-activity;sid:84129146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.177.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266045/; classtype:trojan-activity;sid:84129145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.100.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266044/; classtype:trojan-activity;sid:84129144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/xnsjjxja.exe"; depth:18; endswith; nocase; http.host; content:"newvideo.link"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266043/; classtype:trojan-activity;sid:84129143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.6.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266042/; classtype:trojan-activity;sid:84129142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.5.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266040/; classtype:trojan-activity;sid:84129140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.161.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266041/; classtype:trojan-activity;sid:84129141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.190.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266039/; classtype:trojan-activity;sid:84129139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.104.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266038/; classtype:trojan-activity;sid:84129138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.169.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266037/; classtype:trojan-activity;sid:84129137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.249.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266036/; classtype:trojan-activity;sid:84129136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.151.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266033/; classtype:trojan-activity;sid:84129133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.210.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266034/; classtype:trojan-activity;sid:84129134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266035/; classtype:trojan-activity;sid:84129135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.129.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266031/; classtype:trojan-activity;sid:84129131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/gb/greatthingswithmegood.hta"; depth:32; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266032/; classtype:trojan-activity;sid:84129132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/auth_lt_fc856d57-7abc-4ad2-ac90-950f9e675133/lt_2b3e0aa5-ea4c-4b6c-b4fb-ffd97f55a523/f6f26b0f-7bb2-4c6e-bc8c-d53940cf9e51/3d6ce61d-c38a-4ca4-9e04-30ffbc5c3ba5|3f|temp_url_sig=1e311782d04e21c1a2acd0ead68e86a9a4bb4f60398cd9efb7a83e7bb029db76|7c|26|7c|temp_url_expires=1729772603029|7c|26|7c|filename=calisiyogaliba.ps1"; depth:320; endswith; nocase; http.host; content:"sw.lifeboxtransfer.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266029/; classtype:trojan-activity;sid:84129129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/auth_lt_fc856d57-7abc-4ad2-ac90-950f9e675133/lt_2b3e0aa5-ea4c-4b6c-b4fb-ffd97f55a523/7c10d1e8-f148-475f-9c75-8dd15cdbdbb4/7a0f08dc-c4ce-4b56-9356-30dbb925f668|3f|temp_url_sig=9c9f7726e84dd95f3edee9938337ee18ba0ff8703786297fc8b6f10cfa03b5ab|7c|26|7c|temp_url_expires=1729772548602|7c|26|7c|filename=calisanstub.ps1"; depth:317; endswith; nocase; http.host; content:"sw.lifeboxtransfer.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266030/; classtype:trojan-activity;sid:84129130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/auth_lt_fc856d57-7abc-4ad2-ac90-950f9e675133/lt_2b3e0aa5-ea4c-4b6c-b4fb-ffd97f55a523/8885ad44-dcdd-4cdf-82db-ed6465995b36/a95d153c-79dd-45c0-8dce-47cb3895d5b0|3f|temp_url_sig=8e88fd8788235aeccf018f48cd8d46a880b4ab4602905f4908e69fffb3c7965b|7c|26|7c|temp_url_expires=1729772648695|7c|26|7c|filename=sysetup.bat"; depth:313; endswith; nocase; http.host; content:"sw.lifeboxtransfer.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266028/; classtype:trojan-activity;sid:84129128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1aivgjjjv1f6vs4suoybnh-sdvuhbywur|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266027/; classtype:trojan-activity;sid:84129127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.244.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266026/; classtype:trojan-activity;sid:84129126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.101.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266025/; classtype:trojan-activity;sid:84129125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.151.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266024/; classtype:trojan-activity;sid:84129124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65/hb/creatednewthingsforme.hta"; depth:32; endswith; nocase; http.host; content:"198.46.178.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266023/; classtype:trojan-activity;sid:84129123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.164.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266022/; classtype:trojan-activity;sid:84129122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gq64s-qj4-qiq0i7e_jxondwl45u59fb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266021/; classtype:trojan-activity;sid:84129121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptersandtools/upload/raw/refs/heads/main/new_image.jpg"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266019/; classtype:trojan-activity;sid:84129119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1724rkutjcwtytsrrrtfzmstrvpgzvf8a"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266020/; classtype:trojan-activity;sid:84129120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.46.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266018/; classtype:trojan-activity;sid:84129118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.93.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266017/; classtype:trojan-activity;sid:84129117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.31.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266016/; classtype:trojan-activity;sid:84129116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.144.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266014/; classtype:trojan-activity;sid:84129114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.232.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266015/; classtype:trojan-activity;sid:84129115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.61.196.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266013/; classtype:trojan-activity;sid:84129113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/final.exe"; depth:10; endswith; nocase; http.host; content:"softwarefile.cc"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266012/; classtype:trojan-activity;sid:84129112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.57.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266011/; classtype:trojan-activity;sid:84129111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.12.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266010/; classtype:trojan-activity;sid:84129110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.252.199.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266009/; classtype:trojan-activity;sid:84129109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.67.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266007/; classtype:trojan-activity;sid:84129107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.163.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266008/; classtype:trojan-activity;sid:84129108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.56.147.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266006/; classtype:trojan-activity;sid:84129106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.16.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266005/; classtype:trojan-activity;sid:84129105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.6.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266004/; classtype:trojan-activity;sid:84129104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.101.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266003/; classtype:trojan-activity;sid:84129103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.25.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266002/; classtype:trojan-activity;sid:84129102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266001/; classtype:trojan-activity;sid:84129101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.94.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266000/; classtype:trojan-activity;sid:84129100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.43.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265999/; classtype:trojan-activity;sid:84129099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.158.161.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265998/; classtype:trojan-activity;sid:84129098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.195.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265997/; classtype:trojan-activity;sid:84129097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.108.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265996/; classtype:trojan-activity;sid:84129096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.105.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265994/; classtype:trojan-activity;sid:84129094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.7.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265995/; classtype:trojan-activity;sid:84129095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.176.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265993/; classtype:trojan-activity;sid:84129093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.144.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265992/; classtype:trojan-activity;sid:84129092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.57.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265991/; classtype:trojan-activity;sid:84129091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.127.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265990/; classtype:trojan-activity;sid:84129090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cxvhxkzfibqdqgdxbmpishdik126.bin"; depth:33; endswith; nocase; http.host; content:"kmsaksesuar.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265989/; classtype:trojan-activity;sid:84129089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/vdlzo"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265988/; classtype:trojan-activity;sid:84129088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disparar.js"; depth:12; endswith; nocase; http.host; content:"45.149.241.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265987/; classtype:trojan-activity;sid:84129087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.232.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265986/; classtype:trojan-activity;sid:84129086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm5"; depth:14; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265985/; classtype:trojan-activity;sid:84129085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.238.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265983/; classtype:trojan-activity;sid:84129083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm"; depth:13; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265984/; classtype:trojan-activity;sid:84129084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.spc"; depth:13; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265982/; classtype:trojan-activity;sid:84129082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mips"; depth:14; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265978/; classtype:trojan-activity;sid:84129078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.4.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265979/; classtype:trojan-activity;sid:84129079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.ppc"; depth:13; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265980/; classtype:trojan-activity;sid:84129080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.sh4"; depth:13; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265981/; classtype:trojan-activity;sid:84129081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.m68k"; depth:14; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265975/; classtype:trojan-activity;sid:84129075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm6"; depth:14; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265976/; classtype:trojan-activity;sid:84129076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.238.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265977/; classtype:trojan-activity;sid:84129077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mpsl"; depth:14; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265973/; classtype:trojan-activity;sid:84129073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.x86"; depth:13; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265974/; classtype:trojan-activity;sid:84129074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm7"; depth:14; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265971/; classtype:trojan-activity;sid:84129071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.145.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265972/; classtype:trojan-activity;sid:84129072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1i0kkidfxd7enxqql3fxtpa_qsvp6aiq7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265961/; classtype:trojan-activity;sid:84129061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1egom_sog4tw5zcr6od0xmyqqxfmbn4_1"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265962/; classtype:trojan-activity;sid:84129062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1huydmsnrvll-okw8g1nxn2ofwerkj3xs"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265963/; classtype:trojan-activity;sid:84129063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nv0bqqscyuqevpw8br3urddwr33wjpf2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265964/; classtype:trojan-activity;sid:84129064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12ve-agftucknih7awl39zpqujkcwgdht"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265965/; classtype:trojan-activity;sid:84129065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ukjhdkew_b0muyvazxxj0hlsspg8b2ac"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265966/; classtype:trojan-activity;sid:84129066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1xazxzzbd78xxp1mpfv_b4bf0wbq7bnom"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265967/; classtype:trojan-activity;sid:84129067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zoavafvi0ft9kwk0nkn2wmciqoalrjzt"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265968/; classtype:trojan-activity;sid:84129068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wxscxy0mhh3wmx0ki0qinsnj-tgj7o3l"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265969/; classtype:trojan-activity;sid:84129069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1l_dscfub_tjt6kff-r1dxwaweydg42pp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265970/; classtype:trojan-activity;sid:84129070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stein/233_lvvgdeojree"; depth:22; endswith; nocase; http.host; content:"himalayastrek.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265960/; classtype:trojan-activity;sid:84129060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.15.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265957/; classtype:trojan-activity;sid:84129057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.16.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265956/; classtype:trojan-activity;sid:84129056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.145.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265955/; classtype:trojan-activity;sid:84129055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265954/; classtype:trojan-activity;sid:84129054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.89.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265953/; classtype:trojan-activity;sid:84129053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.101.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265952/; classtype:trojan-activity;sid:84129052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500/seethebestoptiontogetbetterthingswithbestthingsongood.tif"; depth:62; endswith; nocase; http.host; content:"217.160.66.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265951/; classtype:trojan-activity;sid:84129051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265950/; classtype:trojan-activity;sid:84129050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/di5nuab6dcw7eov.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265949/; classtype:trojan-activity;sid:84129049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76/nicecreamburnwithgreattasteoffinegiftformygirlstogive.tif"; depth:61; endswith; nocase; http.host; content:"18.189.170.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265948/; classtype:trojan-activity;sid:84129048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.127.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265947/; classtype:trojan-activity;sid:84129047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.45.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265946/; classtype:trojan-activity;sid:84129046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.122.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265945/; classtype:trojan-activity;sid:84129045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.25.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265944/; classtype:trojan-activity;sid:84129044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.105.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265943/; classtype:trojan-activity;sid:84129043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.54.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265942/; classtype:trojan-activity;sid:84129042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.234.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265941/; classtype:trojan-activity;sid:84129041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"74.209.75.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265940/; classtype:trojan-activity;sid:84129040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.4.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265939/; classtype:trojan-activity;sid:84129039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.43.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265938/; classtype:trojan-activity;sid:84129038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.176.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265937/; classtype:trojan-activity;sid:84129037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qndfrehazrfqjbwxq239.bin"; depth:25; endswith; nocase; http.host; content:"84.38.133.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265936/; classtype:trojan-activity;sid:84129036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.23.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265935/; classtype:trojan-activity;sid:84129035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.58.214.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265933/; classtype:trojan-activity;sid:84129033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.207.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265934/; classtype:trojan-activity;sid:84129034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e63963e5b0d34020/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"45.88.105.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265932/; classtype:trojan-activity;sid:84129032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"65.108.249.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265930/; classtype:trojan-activity;sid:84129030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"65.108.249.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265931/; classtype:trojan-activity;sid:84129031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/nss3.dll"; depth:26; endswith; nocase; http.host; content:"65.108.249.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265928/; classtype:trojan-activity;sid:84129028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e63963e5b0d34020/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"45.88.105.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265929/; classtype:trojan-activity;sid:84129029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"65.108.249.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265921/; classtype:trojan-activity;sid:84129021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"65.108.249.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265922/; classtype:trojan-activity;sid:84129022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"65.108.249.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265923/; classtype:trojan-activity;sid:84129023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e63963e5b0d34020/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"45.88.105.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265924/; classtype:trojan-activity;sid:84129024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/890c3f971f03f8ec/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"65.108.249.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265925/; classtype:trojan-activity;sid:84129025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e63963e5b0d34020/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.105.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265926/; classtype:trojan-activity;sid:84129026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e63963e5b0d34020/nss3.dll"; depth:26; endswith; nocase; http.host; content:"45.88.105.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265927/; classtype:trojan-activity;sid:84129027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.64.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265918/; classtype:trojan-activity;sid:84129018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e63963e5b0d34020/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.105.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265919/; classtype:trojan-activity;sid:84129019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e63963e5b0d34020/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"45.88.105.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265920/; classtype:trojan-activity;sid:84129020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1y2uoiwd7m-lshrwsg1le4wpx7fgxo0ug"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265916/; classtype:trojan-activity;sid:84129016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minecraft.exe"; depth:14; endswith; nocase; http.host; content:"zaraz.vercel.app"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265917/; classtype:trojan-activity;sid:84129017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265915/; classtype:trojan-activity;sid:84129015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajiasu_x64.zip"; depth:15; endswith; nocase; http.host; content:"zhcn.down-cdn.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265914/; classtype:trojan-activity;sid:84129014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jewn.sh"; depth:8; endswith; nocase; http.host; content:"79.133.57.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265913/; classtype:trojan-activity;sid:84129013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.94.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265912/; classtype:trojan-activity;sid:84129012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.238.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265911/; classtype:trojan-activity;sid:84129011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265910/; classtype:trojan-activity;sid:84129010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.0.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265908/; classtype:trojan-activity;sid:84129008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.152.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265909/; classtype:trojan-activity;sid:84129009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.89.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265906/; classtype:trojan-activity;sid:84129006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.238.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265907/; classtype:trojan-activity;sid:84129007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.250.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265904/; classtype:trojan-activity;sid:84129004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.176.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265905/; classtype:trojan-activity;sid:84129005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.203.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265903/; classtype:trojan-activity;sid:84129003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265902/; classtype:trojan-activity;sid:84129002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.105.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265901/; classtype:trojan-activity;sid:84129001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.91.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265899/; classtype:trojan-activity;sid:84128999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.246.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265900/; classtype:trojan-activity;sid:84129000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.34.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265898/; classtype:trojan-activity;sid:84128998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"157.0.114.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265897/; classtype:trojan-activity;sid:84128997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.160.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265896/; classtype:trojan-activity;sid:84128996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.106.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265895/; classtype:trojan-activity;sid:84128995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.248.119.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265894/; classtype:trojan-activity;sid:84128994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.54.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265893/; classtype:trojan-activity;sid:84128993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.178.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265892/; classtype:trojan-activity;sid:84128992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265891/; classtype:trojan-activity;sid:84128991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.193.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265890/; classtype:trojan-activity;sid:84128990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.12.199.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265889/; classtype:trojan-activity;sid:84128989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.248.119.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265888/; classtype:trojan-activity;sid:84128988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.176.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265887/; classtype:trojan-activity;sid:84128987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.155.209.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265886/; classtype:trojan-activity;sid:84128986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.153.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265885/; classtype:trojan-activity;sid:84128985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypted25.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265884/; classtype:trojan-activity;sid:84128984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265883/; classtype:trojan-activity;sid:84128983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.248.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265882/; classtype:trojan-activity;sid:84128982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.11.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265881/; classtype:trojan-activity;sid:84128981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.135.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265880/; classtype:trojan-activity;sid:84128980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.250.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265879/; classtype:trojan-activity;sid:84128979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.122.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265878/; classtype:trojan-activity;sid:84128978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.8.231"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265877/; classtype:trojan-activity;sid:84128977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.136.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265876/; classtype:trojan-activity;sid:84128976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.152.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265875/; classtype:trojan-activity;sid:84128975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265874/; classtype:trojan-activity;sid:84128974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265873/; classtype:trojan-activity;sid:84128973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.109.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265872/; classtype:trojan-activity;sid:84128972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.208.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265871/; classtype:trojan-activity;sid:84128971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.86.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265870/; classtype:trojan-activity;sid:84128970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.8.231"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265868/; classtype:trojan-activity;sid:84128968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.83.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265869/; classtype:trojan-activity;sid:84128969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.150.7.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265867/; classtype:trojan-activity;sid:84128967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.7.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265866/; classtype:trojan-activity;sid:84128966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.95.138.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265865/; classtype:trojan-activity;sid:84128965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.135.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265864/; classtype:trojan-activity;sid:84128964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.177.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265863/; classtype:trojan-activity;sid:84128963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"74.209.75.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265862/; classtype:trojan-activity;sid:84128962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.223.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265861/; classtype:trojan-activity;sid:84128961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.16.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265860/; classtype:trojan-activity;sid:84128960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.109.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265859/; classtype:trojan-activity;sid:84128959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.253.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265857/; classtype:trojan-activity;sid:84128957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.153.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265858/; classtype:trojan-activity;sid:84128958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.211.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265856/; classtype:trojan-activity;sid:84128956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265855/; classtype:trojan-activity;sid:84128955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.114.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265852/; classtype:trojan-activity;sid:84128952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.105.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265853/; classtype:trojan-activity;sid:84128953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265854/; classtype:trojan-activity;sid:84128954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.208.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265851/; classtype:trojan-activity;sid:84128951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.3.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265850/; classtype:trojan-activity;sid:84128950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.184.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265849/; classtype:trojan-activity;sid:84128949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.113.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265848/; classtype:trojan-activity;sid:84128948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.7.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265846/; classtype:trojan-activity;sid:84128946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265847/; classtype:trojan-activity;sid:84128947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.81.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265845/; classtype:trojan-activity;sid:84128945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.223.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265844/; classtype:trojan-activity;sid:84128944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.243.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265843/; classtype:trojan-activity;sid:84128943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.40.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265842/; classtype:trojan-activity;sid:84128942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.210.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265840/; classtype:trojan-activity;sid:84128940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265841/; classtype:trojan-activity;sid:84128941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.113.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265839/; classtype:trojan-activity;sid:84128939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.251.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265838/; classtype:trojan-activity;sid:84128938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.119.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265837/; classtype:trojan-activity;sid:84128937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.201.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265836/; classtype:trojan-activity;sid:84128936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.159.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265835/; classtype:trojan-activity;sid:84128935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.132.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265834/; classtype:trojan-activity;sid:84128934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.224.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265833/; classtype:trojan-activity;sid:84128933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.16.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265832/; classtype:trojan-activity;sid:84128932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.19.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265831/; classtype:trojan-activity;sid:84128931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"eck.range.cccinvolve.org"; depth:24; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265830/; classtype:trojan-activity;sid:84128930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.203.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265829/; classtype:trojan-activity;sid:84128929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.103.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265828/; classtype:trojan-activity;sid:84128928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.127.121.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265827/; classtype:trojan-activity;sid:84128927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265826/; classtype:trojan-activity;sid:84128926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.243.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265825/; classtype:trojan-activity;sid:84128925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265824/; classtype:trojan-activity;sid:84128924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.104.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265823/; classtype:trojan-activity;sid:84128923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.118.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265822/; classtype:trojan-activity;sid:84128922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.73.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265821/; classtype:trojan-activity;sid:84128921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.222.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265818/; classtype:trojan-activity;sid:84128918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.96.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265819/; classtype:trojan-activity;sid:84128919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.96.248.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265820/; classtype:trojan-activity;sid:84128920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265816/; classtype:trojan-activity;sid:84128916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.119.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265817/; classtype:trojan-activity;sid:84128917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265815/; classtype:trojan-activity;sid:84128915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.24.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265814/; classtype:trojan-activity;sid:84128914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.90.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265813/; classtype:trojan-activity;sid:84128913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winsvc.exe"; depth:11; endswith; nocase; http.host; content:"gdx.o7lab.me"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265812/; classtype:trojan-activity;sid:84128912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265811/; classtype:trojan-activity;sid:84128911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.132.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265810/; classtype:trojan-activity;sid:84128910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265809/; classtype:trojan-activity;sid:84128909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.171.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265808/; classtype:trojan-activity;sid:84128908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.72.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265806/; classtype:trojan-activity;sid:84128906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.67.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265807/; classtype:trojan-activity;sid:84128907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.6.240.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265805/; classtype:trojan-activity;sid:84128905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.224.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265804/; classtype:trojan-activity;sid:84128904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.5.11.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265803/; classtype:trojan-activity;sid:84128903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.168.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265802/; classtype:trojan-activity;sid:84128902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.115.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265801/; classtype:trojan-activity;sid:84128901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.52.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265800/; classtype:trojan-activity;sid:84128900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.242.88.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265799/; classtype:trojan-activity;sid:84128899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.151.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265798/; classtype:trojan-activity;sid:84128898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.19.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265796/; classtype:trojan-activity;sid:84128896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.1.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265797/; classtype:trojan-activity;sid:84128897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.37.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265795/; classtype:trojan-activity;sid:84128895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.222.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265793/; classtype:trojan-activity;sid:84128893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265794/; classtype:trojan-activity;sid:84128894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.23.235"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265792/; classtype:trojan-activity;sid:84128892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.140.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265790/; classtype:trojan-activity;sid:84128890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265791/; classtype:trojan-activity;sid:84128891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.164.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265789/; classtype:trojan-activity;sid:84128889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.51.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265788/; classtype:trojan-activity;sid:84128888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.96.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265787/; classtype:trojan-activity;sid:84128887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.249.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265786/; classtype:trojan-activity;sid:84128886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.73.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265785/; classtype:trojan-activity;sid:84128885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.186.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265784/; classtype:trojan-activity;sid:84128884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.72.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265783/; classtype:trojan-activity;sid:84128883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.239.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265782/; classtype:trojan-activity;sid:84128882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.253.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265781/; classtype:trojan-activity;sid:84128881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.238.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265780/; classtype:trojan-activity;sid:84128880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.124.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265779/; classtype:trojan-activity;sid:84128879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265778/; classtype:trojan-activity;sid:84128878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.6.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265777/; classtype:trojan-activity;sid:84128877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.235.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265776/; classtype:trojan-activity;sid:84128876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.41.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265775/; classtype:trojan-activity;sid:84128875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265774/; classtype:trojan-activity;sid:84128874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.92.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265772/; classtype:trojan-activity;sid:84128872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.175.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265773/; classtype:trojan-activity;sid:84128873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.168.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265771/; classtype:trojan-activity;sid:84128871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265770/; classtype:trojan-activity;sid:84128870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.115.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265769/; classtype:trojan-activity;sid:84128869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.242.88.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265768/; classtype:trojan-activity;sid:84128868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265767/; classtype:trojan-activity;sid:84128867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.56.112"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265766/; classtype:trojan-activity;sid:84128866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265765/; classtype:trojan-activity;sid:84128865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.113.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265764/; classtype:trojan-activity;sid:84128864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.91.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265761/; classtype:trojan-activity;sid:84128861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.24.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265762/; classtype:trojan-activity;sid:84128862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.1.120"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265763/; classtype:trojan-activity;sid:84128863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.133.41.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265760/; classtype:trojan-activity;sid:84128860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.5.186.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265759/; classtype:trojan-activity;sid:84128859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.180.130.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265757/; classtype:trojan-activity;sid:84128857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.228.151.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265758/; classtype:trojan-activity;sid:84128858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.197.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265756/; classtype:trojan-activity;sid:84128856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.253.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265754/; classtype:trojan-activity;sid:84128854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.239.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265755/; classtype:trojan-activity;sid:84128855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.249.112.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265753/; classtype:trojan-activity;sid:84128853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.239.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265752/; classtype:trojan-activity;sid:84128852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.95.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265751/; classtype:trojan-activity;sid:84128851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.238.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265750/; classtype:trojan-activity;sid:84128850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.142.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265749/; classtype:trojan-activity;sid:84128849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.249.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265747/; classtype:trojan-activity;sid:84128847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.174.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265748/; classtype:trojan-activity;sid:84128848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.49.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265744/; classtype:trojan-activity;sid:84128844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.235.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265745/; classtype:trojan-activity;sid:84128845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.106.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265746/; classtype:trojan-activity;sid:84128846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.239.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265743/; classtype:trojan-activity;sid:84128843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.175.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265742/; classtype:trojan-activity;sid:84128842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.183.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265741/; classtype:trojan-activity;sid:84128841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.67.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265740/; classtype:trojan-activity;sid:84128840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.245.2.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265739/; classtype:trojan-activity;sid:84128839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265738/; classtype:trojan-activity;sid:84128838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.136.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265737/; classtype:trojan-activity;sid:84128837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.245.2.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265736/; classtype:trojan-activity;sid:84128836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.204.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265735/; classtype:trojan-activity;sid:84128835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.119.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265734/; classtype:trojan-activity;sid:84128834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.199.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265733/; classtype:trojan-activity;sid:84128833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.180.130.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265731/; classtype:trojan-activity;sid:84128831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265732/; classtype:trojan-activity;sid:84128832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.194.68.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265730/; classtype:trojan-activity;sid:84128830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.6.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265729/; classtype:trojan-activity;sid:84128829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265728/; classtype:trojan-activity;sid:84128828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.95.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265727/; classtype:trojan-activity;sid:84128827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.43.5.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265726/; classtype:trojan-activity;sid:84128826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265725/; classtype:trojan-activity;sid:84128825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.28.168"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265724/; classtype:trojan-activity;sid:84128824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.23.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265723/; classtype:trojan-activity;sid:84128823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.171.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265722/; classtype:trojan-activity;sid:84128822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265721/; classtype:trojan-activity;sid:84128821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.142.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265720/; classtype:trojan-activity;sid:84128820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.223.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265719/; classtype:trojan-activity;sid:84128819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.95.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265717/; classtype:trojan-activity;sid:84128817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.92.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265718/; classtype:trojan-activity;sid:84128818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.28.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265716/; classtype:trojan-activity;sid:84128816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.92.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265714/; classtype:trojan-activity;sid:84128814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.249.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265715/; classtype:trojan-activity;sid:84128815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.179.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265710/; classtype:trojan-activity;sid:84128810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.112.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265711/; classtype:trojan-activity;sid:84128811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.53.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265712/; classtype:trojan-activity;sid:84128812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.208.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265713/; classtype:trojan-activity;sid:84128813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.219.216.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.13.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265709/; classtype:trojan-activity;sid:84128809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.37.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265707/; classtype:trojan-activity;sid:84128807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.11.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265706/; classtype:trojan-activity;sid:84128806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.119.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265705/; classtype:trojan-activity;sid:84128805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.85.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265704/; classtype:trojan-activity;sid:84128804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.99.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265702/; classtype:trojan-activity;sid:84128802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265703/; classtype:trojan-activity;sid:84128803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.44.216.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265700/; classtype:trojan-activity;sid:84128800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.90.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265701/; classtype:trojan-activity;sid:84128801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.68.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265695/; classtype:trojan-activity;sid:84128795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.156.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265696/; classtype:trojan-activity;sid:84128796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.34.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265697/; classtype:trojan-activity;sid:84128797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.22.21.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265698/; classtype:trojan-activity;sid:84128798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.228.151.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265699/; classtype:trojan-activity;sid:84128799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.199.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265694/; classtype:trojan-activity;sid:84128794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265693/; classtype:trojan-activity;sid:84128793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.252.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265692/; classtype:trojan-activity;sid:84128792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.83.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265691/; classtype:trojan-activity;sid:84128791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.159.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265689/; classtype:trojan-activity;sid:84128789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265690/; classtype:trojan-activity;sid:84128790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.173.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265688/; classtype:trojan-activity;sid:84128788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.79.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265687/; classtype:trojan-activity;sid:84128787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.90.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265686/; classtype:trojan-activity;sid:84128786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.31.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265685/; classtype:trojan-activity;sid:84128785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.44.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265675/; classtype:trojan-activity;sid:84128775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.195.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265676/; classtype:trojan-activity;sid:84128776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.91.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265677/; classtype:trojan-activity;sid:84128777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.223.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265678/; classtype:trojan-activity;sid:84128778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.236.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265679/; classtype:trojan-activity;sid:84128779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.22.21.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265680/; classtype:trojan-activity;sid:84128780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.112.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265681/; classtype:trojan-activity;sid:84128781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.232.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265682/; classtype:trojan-activity;sid:84128782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.212.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265683/; classtype:trojan-activity;sid:84128783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.166.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265684/; classtype:trojan-activity;sid:84128784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265672/; classtype:trojan-activity;sid:84128772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.165.66.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265673/; classtype:trojan-activity;sid:84128773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.106.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265674/; classtype:trojan-activity;sid:84128774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265671/; classtype:trojan-activity;sid:84128771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.187.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265670/; classtype:trojan-activity;sid:84128770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265669/; classtype:trojan-activity;sid:84128769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.230.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265668/; classtype:trojan-activity;sid:84128768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265667/; classtype:trojan-activity;sid:84128767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.43.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265666/; classtype:trojan-activity;sid:84128766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.187.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265664/; classtype:trojan-activity;sid:84128764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.44.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265665/; classtype:trojan-activity;sid:84128765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.34.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265655/; classtype:trojan-activity;sid:84128755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.254.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265656/; classtype:trojan-activity;sid:84128756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.199.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265657/; classtype:trojan-activity;sid:84128757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.59.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265658/; classtype:trojan-activity;sid:84128758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.91.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265659/; classtype:trojan-activity;sid:84128759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.156.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265660/; classtype:trojan-activity;sid:84128760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.106.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265661/; classtype:trojan-activity;sid:84128761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.179.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265662/; classtype:trojan-activity;sid:84128762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.195.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265663/; classtype:trojan-activity;sid:84128763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.90.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265653/; classtype:trojan-activity;sid:84128753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.40.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265654/; classtype:trojan-activity;sid:84128754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.32.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265652/; classtype:trojan-activity;sid:84128752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.125.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265642/; classtype:trojan-activity;sid:84128742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.242.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265643/; classtype:trojan-activity;sid:84128743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.227.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265644/; classtype:trojan-activity;sid:84128744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.68.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265645/; classtype:trojan-activity;sid:84128745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.246.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265646/; classtype:trojan-activity;sid:84128746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.236.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265647/; classtype:trojan-activity;sid:84128747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.252.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265648/; classtype:trojan-activity;sid:84128748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265649/; classtype:trojan-activity;sid:84128749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.159.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265650/; classtype:trojan-activity;sid:84128750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.32.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265651/; classtype:trojan-activity;sid:84128751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.139.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265641/; classtype:trojan-activity;sid:84128741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.198.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265640/; classtype:trojan-activity;sid:84128740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265639/; classtype:trojan-activity;sid:84128739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.158.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265638/; classtype:trojan-activity;sid:84128738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.252.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265636/; classtype:trojan-activity;sid:84128736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.70.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265637/; classtype:trojan-activity;sid:84128737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.26.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265634/; classtype:trojan-activity;sid:84128734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.96.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265635/; classtype:trojan-activity;sid:84128735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.227.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265633/; classtype:trojan-activity;sid:84128733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.32.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265631/; classtype:trojan-activity;sid:84128731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.38.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265632/; classtype:trojan-activity;sid:84128732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.51.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265629/; classtype:trojan-activity;sid:84128729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.50.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265630/; classtype:trojan-activity;sid:84128730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.69.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265628/; classtype:trojan-activity;sid:84128728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.177.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265627/; classtype:trojan-activity;sid:84128727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265626/; classtype:trojan-activity;sid:84128726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.242.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265625/; classtype:trojan-activity;sid:84128725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265624/; classtype:trojan-activity;sid:84128724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.238.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265623/; classtype:trojan-activity;sid:84128723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.88.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265622/; classtype:trojan-activity;sid:84128722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.245.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265621/; classtype:trojan-activity;sid:84128721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.245.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265620/; classtype:trojan-activity;sid:84128720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.51.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265619/; classtype:trojan-activity;sid:84128719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.174.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265618/; classtype:trojan-activity;sid:84128718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265617/; classtype:trojan-activity;sid:84128717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.252.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265616/; classtype:trojan-activity;sid:84128716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.4.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265615/; classtype:trojan-activity;sid:84128715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.70.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265614/; classtype:trojan-activity;sid:84128714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.93.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265613/; classtype:trojan-activity;sid:84128713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.11.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265612/; classtype:trojan-activity;sid:84128712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.94.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265611/; classtype:trojan-activity;sid:84128711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.249.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265610/; classtype:trojan-activity;sid:84128710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265609/; classtype:trojan-activity;sid:84128709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.88.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265608/; classtype:trojan-activity;sid:84128708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.253.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265607/; classtype:trojan-activity;sid:84128707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265606/; classtype:trojan-activity;sid:84128706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.102.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265605/; classtype:trojan-activity;sid:84128705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.190.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265604/; classtype:trojan-activity;sid:84128704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.252.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265603/; classtype:trojan-activity;sid:84128703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265602/; classtype:trojan-activity;sid:84128702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.245.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265601/; classtype:trojan-activity;sid:84128701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.87.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265600/; classtype:trojan-activity;sid:84128700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.236.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265599/; classtype:trojan-activity;sid:84128699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265598/; classtype:trojan-activity;sid:84128698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.73.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265597/; classtype:trojan-activity;sid:84128697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.122.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265596/; classtype:trojan-activity;sid:84128696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.93.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265595/; classtype:trojan-activity;sid:84128695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265594/; classtype:trojan-activity;sid:84128694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.161.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265593/; classtype:trojan-activity;sid:84128693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.237.152.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265592/; classtype:trojan-activity;sid:84128692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.120.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265591/; classtype:trojan-activity;sid:84128691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.246.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265590/; classtype:trojan-activity;sid:84128690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.5.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265589/; classtype:trojan-activity;sid:84128689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.52.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265588/; classtype:trojan-activity;sid:84128688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.58.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265587/; classtype:trojan-activity;sid:84128687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.197.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265586/; classtype:trojan-activity;sid:84128686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.253.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265585/; classtype:trojan-activity;sid:84128685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.132.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265584/; classtype:trojan-activity;sid:84128684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.234.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265583/; classtype:trojan-activity;sid:84128683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.29.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265582/; classtype:trojan-activity;sid:84128682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.239.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265581/; classtype:trojan-activity;sid:84128681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.87.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265580/; classtype:trojan-activity;sid:84128680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.58.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265579/; classtype:trojan-activity;sid:84128679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.110.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265578/; classtype:trojan-activity;sid:84128678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265577/; classtype:trojan-activity;sid:84128677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.84.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265576/; classtype:trojan-activity;sid:84128676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265575/; classtype:trojan-activity;sid:84128675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.118.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265574/; classtype:trojan-activity;sid:84128674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.90.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265573/; classtype:trojan-activity;sid:84128673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.184.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265572/; classtype:trojan-activity;sid:84128672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.178.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265571/; classtype:trojan-activity;sid:84128671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.154.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265570/; classtype:trojan-activity;sid:84128670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.234.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265568/; classtype:trojan-activity;sid:84128668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265569/; classtype:trojan-activity;sid:84128669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.246.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265566/; classtype:trojan-activity;sid:84128666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.140.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265567/; classtype:trojan-activity;sid:84128667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265565/; classtype:trojan-activity;sid:84128665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.210.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265564/; classtype:trojan-activity;sid:84128664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.239.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265563/; classtype:trojan-activity;sid:84128663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.179.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265562/; classtype:trojan-activity;sid:84128662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.118.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265561/; classtype:trojan-activity;sid:84128661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.184.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265560/; classtype:trojan-activity;sid:84128660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.132.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265559/; classtype:trojan-activity;sid:84128659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.248.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265558/; classtype:trojan-activity;sid:84128658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.244.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265557/; classtype:trojan-activity;sid:84128657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265556/; classtype:trojan-activity;sid:84128656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.140.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265555/; classtype:trojan-activity;sid:84128655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265554/; classtype:trojan-activity;sid:84128654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.0.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265553/; classtype:trojan-activity;sid:84128653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.110.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265552/; classtype:trojan-activity;sid:84128652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.216.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265551/; classtype:trojan-activity;sid:84128651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.55.75.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265550/; classtype:trojan-activity;sid:84128650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.32.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265549/; classtype:trojan-activity;sid:84128649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.65.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265548/; classtype:trojan-activity;sid:84128648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.238.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265547/; classtype:trojan-activity;sid:84128647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.248.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265546/; classtype:trojan-activity;sid:84128646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.184.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265545/; classtype:trojan-activity;sid:84128645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.118.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265544/; classtype:trojan-activity;sid:84128644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.57.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265543/; classtype:trojan-activity;sid:84128643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.15.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265542/; classtype:trojan-activity;sid:84128642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265541/; classtype:trojan-activity;sid:84128641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.20.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265540/; classtype:trojan-activity;sid:84128640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.197.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265539/; classtype:trojan-activity;sid:84128639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265538/; classtype:trojan-activity;sid:84128638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.117.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265537/; classtype:trojan-activity;sid:84128637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.223.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265536/; classtype:trojan-activity;sid:84128636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.132.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265535/; classtype:trojan-activity;sid:84128635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.117.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265534/; classtype:trojan-activity;sid:84128634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.175.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265533/; classtype:trojan-activity;sid:84128633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265532/; classtype:trojan-activity;sid:84128632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265531/; classtype:trojan-activity;sid:84128631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.63.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265530/; classtype:trojan-activity;sid:84128630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.217.120.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265529/; classtype:trojan-activity;sid:84128629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.21.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265528/; classtype:trojan-activity;sid:84128628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.156.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265527/; classtype:trojan-activity;sid:84128627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265526/; classtype:trojan-activity;sid:84128626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265524/; classtype:trojan-activity;sid:84128624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"btnmz.range.cccinvolve.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265525/; classtype:trojan-activity;sid:84128625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265523/; classtype:trojan-activity;sid:84128623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.27.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265522/; classtype:trojan-activity;sid:84128622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265521/; classtype:trojan-activity;sid:84128621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265520/; classtype:trojan-activity;sid:84128620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.241.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265519/; classtype:trojan-activity;sid:84128619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.15.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265518/; classtype:trojan-activity;sid:84128618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.87.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265517/; classtype:trojan-activity;sid:84128617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.27.14.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265516/; classtype:trojan-activity;sid:84128616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265515/; classtype:trojan-activity;sid:84128615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.89.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265514/; classtype:trojan-activity;sid:84128614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265513/; classtype:trojan-activity;sid:84128613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.108.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265512/; classtype:trojan-activity;sid:84128612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.133.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265511/; classtype:trojan-activity;sid:84128611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.132.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265510/; classtype:trojan-activity;sid:84128610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.251.20.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265509/; classtype:trojan-activity;sid:84128609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.175.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265508/; classtype:trojan-activity;sid:84128608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.183.42.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265507/; classtype:trojan-activity;sid:84128607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.33.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265506/; classtype:trojan-activity;sid:84128606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.65.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265505/; classtype:trojan-activity;sid:84128605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.243.161.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265504/; classtype:trojan-activity;sid:84128604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.76.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265503/; classtype:trojan-activity;sid:84128603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.9.168"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265502/; classtype:trojan-activity;sid:84128602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.217.120.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265501/; classtype:trojan-activity;sid:84128601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.254.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265500/; classtype:trojan-activity;sid:84128600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.87.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265499/; classtype:trojan-activity;sid:84128599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.245.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265498/; classtype:trojan-activity;sid:84128598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.77.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265497/; classtype:trojan-activity;sid:84128597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265496/; classtype:trojan-activity;sid:84128596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265495/; classtype:trojan-activity;sid:84128595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.96.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265494/; classtype:trojan-activity;sid:84128594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.97.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265493/; classtype:trojan-activity;sid:84128593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.76.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265492/; classtype:trojan-activity;sid:84128592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.51.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265491/; classtype:trojan-activity;sid:84128591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.237.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265488/; classtype:trojan-activity;sid:84128588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265489/; classtype:trojan-activity;sid:84128589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.220.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265490/; classtype:trojan-activity;sid:84128590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.120.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265487/; classtype:trojan-activity;sid:84128587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.51.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265486/; classtype:trojan-activity;sid:84128586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.162.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265485/; classtype:trojan-activity;sid:84128585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.4.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265484/; classtype:trojan-activity;sid:84128584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.128.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265483/; classtype:trojan-activity;sid:84128583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.156.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265482/; classtype:trojan-activity;sid:84128582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.127.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265481/; classtype:trojan-activity;sid:84128581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.53.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265480/; classtype:trojan-activity;sid:84128580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.36.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265479/; classtype:trojan-activity;sid:84128579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.242.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265478/; classtype:trojan-activity;sid:84128578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.65.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265477/; classtype:trojan-activity;sid:84128577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.116.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265476/; classtype:trojan-activity;sid:84128576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.198.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265475/; classtype:trojan-activity;sid:84128575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.215.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265474/; classtype:trojan-activity;sid:84128574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.229.134.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265473/; classtype:trojan-activity;sid:84128573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265472/; classtype:trojan-activity;sid:84128572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.186.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265471/; classtype:trojan-activity;sid:84128571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.60.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265470/; classtype:trojan-activity;sid:84128570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.69.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265469/; classtype:trojan-activity;sid:84128569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265468/; classtype:trojan-activity;sid:84128568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.89.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265467/; classtype:trojan-activity;sid:84128567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.65.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265466/; classtype:trojan-activity;sid:84128566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.22.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265465/; classtype:trojan-activity;sid:84128565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.216.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265463/; classtype:trojan-activity;sid:84128563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.243.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265464/; classtype:trojan-activity;sid:84128564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.29.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265462/; classtype:trojan-activity;sid:84128562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.176.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265461/; classtype:trojan-activity;sid:84128561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.42.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265460/; classtype:trojan-activity;sid:84128560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.220.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265459/; classtype:trojan-activity;sid:84128559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.38.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265458/; classtype:trojan-activity;sid:84128558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265457/; classtype:trojan-activity;sid:84128557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.248.235.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265456/; classtype:trojan-activity;sid:84128556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.166.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265455/; classtype:trojan-activity;sid:84128555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.237.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265454/; classtype:trojan-activity;sid:84128554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265453/; classtype:trojan-activity;sid:84128553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.36.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265452/; classtype:trojan-activity;sid:84128552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.53.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265451/; classtype:trojan-activity;sid:84128551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265450/; classtype:trojan-activity;sid:84128550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.55.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265448/; classtype:trojan-activity;sid:84128548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.216.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265449/; classtype:trojan-activity;sid:84128549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.94.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265447/; classtype:trojan-activity;sid:84128547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.96.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265446/; classtype:trojan-activity;sid:84128546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.38.146.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265445/; classtype:trojan-activity;sid:84128545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265444/; classtype:trojan-activity;sid:84128544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.248.123.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265443/; classtype:trojan-activity;sid:84128543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.60.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265442/; classtype:trojan-activity;sid:84128542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.69.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265441/; classtype:trojan-activity;sid:84128541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.94.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265439/; classtype:trojan-activity;sid:84128539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.22.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265440/; classtype:trojan-activity;sid:84128540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265438/; classtype:trojan-activity;sid:84128538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.23.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265437/; classtype:trojan-activity;sid:84128537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.92.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265436/; classtype:trojan-activity;sid:84128536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265435/; classtype:trojan-activity;sid:84128535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.67.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265434/; classtype:trojan-activity;sid:84128534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265433/; classtype:trojan-activity;sid:84128533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.248.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265432/; classtype:trojan-activity;sid:84128532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.236.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265431/; classtype:trojan-activity;sid:84128531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265430/; classtype:trojan-activity;sid:84128530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265429/; classtype:trojan-activity;sid:84128529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265428/; classtype:trojan-activity;sid:84128528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.90.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265427/; classtype:trojan-activity;sid:84128527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265426/; classtype:trojan-activity;sid:84128526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.211.155.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265425/; classtype:trojan-activity;sid:84128525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.14.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265424/; classtype:trojan-activity;sid:84128524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.1.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265423/; classtype:trojan-activity;sid:84128523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265422/; classtype:trojan-activity;sid:84128522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.248.235.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265421/; classtype:trojan-activity;sid:84128521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.176.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265420/; classtype:trojan-activity;sid:84128520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.248.123.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265419/; classtype:trojan-activity;sid:84128519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.42.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265418/; classtype:trojan-activity;sid:84128518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.253.125.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265416/; classtype:trojan-activity;sid:84128516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.209.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265417/; classtype:trojan-activity;sid:84128517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.248.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265415/; classtype:trojan-activity;sid:84128515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.68.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265414/; classtype:trojan-activity;sid:84128514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.10.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265413/; classtype:trojan-activity;sid:84128513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265412/; classtype:trojan-activity;sid:84128512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.69.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265411/; classtype:trojan-activity;sid:84128511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.127.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265410/; classtype:trojan-activity;sid:84128510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.28.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265409/; classtype:trojan-activity;sid:84128509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.88.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265408/; classtype:trojan-activity;sid:84128508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.12.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265407/; classtype:trojan-activity;sid:84128507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265406/; classtype:trojan-activity;sid:84128506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.68.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265405/; classtype:trojan-activity;sid:84128505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265404/; classtype:trojan-activity;sid:84128504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.26.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265403/; classtype:trojan-activity;sid:84128503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.46.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265402/; classtype:trojan-activity;sid:84128502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.106.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265401/; classtype:trojan-activity;sid:84128501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265400/; classtype:trojan-activity;sid:84128500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.173.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265399/; classtype:trojan-activity;sid:84128499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265398/; classtype:trojan-activity;sid:84128498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.153.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265397/; classtype:trojan-activity;sid:84128497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.37.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265396/; classtype:trojan-activity;sid:84128496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.34.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265395/; classtype:trojan-activity;sid:84128495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.37.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265394/; classtype:trojan-activity;sid:84128494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.176.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265393/; classtype:trojan-activity;sid:84128493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.88.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265392/; classtype:trojan-activity;sid:84128492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.46.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265391/; classtype:trojan-activity;sid:84128491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.174.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265390/; classtype:trojan-activity;sid:84128490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.209.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265389/; classtype:trojan-activity;sid:84128489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.207.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265388/; classtype:trojan-activity;sid:84128488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.140.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265387/; classtype:trojan-activity;sid:84128487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.246.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265386/; classtype:trojan-activity;sid:84128486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.115.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265385/; classtype:trojan-activity;sid:84128485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.158.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265384/; classtype:trojan-activity;sid:84128484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.113.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265383/; classtype:trojan-activity;sid:84128483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.12.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265382/; classtype:trojan-activity;sid:84128482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/session.exe"; depth:18; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265381/; classtype:trojan-activity;sid:84128481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.220.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265380/; classtype:trojan-activity;sid:84128480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.114.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265379/; classtype:trojan-activity;sid:84128479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.120.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265378/; classtype:trojan-activity;sid:84128478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.37.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265377/; classtype:trojan-activity;sid:84128477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.197.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265376/; classtype:trojan-activity;sid:84128476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.37.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265374/; classtype:trojan-activity;sid:84128474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.244.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265375/; classtype:trojan-activity;sid:84128475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.36.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265373/; classtype:trojan-activity;sid:84128473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265372/; classtype:trojan-activity;sid:84128472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.128.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265371/; classtype:trojan-activity;sid:84128471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.145.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265369/; classtype:trojan-activity;sid:84128469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.237.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265370/; classtype:trojan-activity;sid:84128470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.254.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265368/; classtype:trojan-activity;sid:84128468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.140.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265367/; classtype:trojan-activity;sid:84128467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.207.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265366/; classtype:trojan-activity;sid:84128466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.163.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265365/; classtype:trojan-activity;sid:84128465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.7.208"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265364/; classtype:trojan-activity;sid:84128464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.185.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265363/; classtype:trojan-activity;sid:84128463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.98.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265362/; classtype:trojan-activity;sid:84128462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.221.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265361/; classtype:trojan-activity;sid:84128461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.114.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265360/; classtype:trojan-activity;sid:84128460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.174.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265359/; classtype:trojan-activity;sid:84128459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.37.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265358/; classtype:trojan-activity;sid:84128458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.43.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265357/; classtype:trojan-activity;sid:84128457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.52.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265356/; classtype:trojan-activity;sid:84128456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.185.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265355/; classtype:trojan-activity;sid:84128455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.37.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265354/; classtype:trojan-activity;sid:84128454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.28.211"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265353/; classtype:trojan-activity;sid:84128453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.120.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265352/; classtype:trojan-activity;sid:84128452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.220.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265351/; classtype:trojan-activity;sid:84128451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265349/; classtype:trojan-activity;sid:84128449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.145.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265348/; classtype:trojan-activity;sid:84128448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.163.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265346/; classtype:trojan-activity;sid:84128446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.191.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265343/; classtype:trojan-activity;sid:84128443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265344/; classtype:trojan-activity;sid:84128444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265345/; classtype:trojan-activity;sid:84128445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.37.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265341/; classtype:trojan-activity;sid:84128441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.251.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265340/; classtype:trojan-activity;sid:84128440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.228.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265339/; classtype:trojan-activity;sid:84128439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.98.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265337/; classtype:trojan-activity;sid:84128437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.30.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265336/; classtype:trojan-activity;sid:84128436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.220.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265335/; classtype:trojan-activity;sid:84128435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.28.211"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265334/; classtype:trojan-activity;sid:84128434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.221.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265333/; classtype:trojan-activity;sid:84128433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265331/; classtype:trojan-activity;sid:84128431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.94.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265330/; classtype:trojan-activity;sid:84128430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.214.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265329/; classtype:trojan-activity;sid:84128429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.3.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265328/; classtype:trojan-activity;sid:84128428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265323/; classtype:trojan-activity;sid:84128423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.1.190"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265324/; classtype:trojan-activity;sid:84128424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.191.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265322/; classtype:trojan-activity;sid:84128422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.211.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265320/; classtype:trojan-activity;sid:84128420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.9.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265319/; classtype:trojan-activity;sid:84128419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.38.140.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265317/; classtype:trojan-activity;sid:84128417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.218.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265313/; classtype:trojan-activity;sid:84128413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.169.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265312/; classtype:trojan-activity;sid:84128412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265311/; classtype:trojan-activity;sid:84128411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.110.115.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265309/; classtype:trojan-activity;sid:84128409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.67.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265307/; classtype:trojan-activity;sid:84128407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.197.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265308/; classtype:trojan-activity;sid:84128408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.195.81.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265306/; classtype:trojan-activity;sid:84128406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.207.174.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265305/; classtype:trojan-activity;sid:84128405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.235.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265304/; classtype:trojan-activity;sid:84128404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.99.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265303/; classtype:trojan-activity;sid:84128403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.3.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265300/; classtype:trojan-activity;sid:84128400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.117.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265298/; classtype:trojan-activity;sid:84128398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.130.188.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265297/; classtype:trojan-activity;sid:84128397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.34.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265295/; classtype:trojan-activity;sid:84128395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265293/; classtype:trojan-activity;sid:84128393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.160.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265292/; classtype:trojan-activity;sid:84128392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.1.190"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265289/; classtype:trojan-activity;sid:84128389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.9.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265288/; classtype:trojan-activity;sid:84128388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b7a9398/doc.rtf"; depth:17; endswith; nocase; http.host; content:"moitt-gov-pk.dytt88.co"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265286/; classtype:trojan-activity;sid:84128386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.12.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265285/; classtype:trojan-activity;sid:84128385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.153.140.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265282/; classtype:trojan-activity;sid:84128382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.164.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265279/; classtype:trojan-activity;sid:84128379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.12.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265278/; classtype:trojan-activity;sid:84128378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.arm5"; depth:16; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265271/; classtype:trojan-activity;sid:84128371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.sh4"; depth:15; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265272/; classtype:trojan-activity;sid:84128372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.arm"; depth:15; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265273/; classtype:trojan-activity;sid:84128373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.arm6"; depth:16; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265274/; classtype:trojan-activity;sid:84128374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.x86"; depth:15; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265275/; classtype:trojan-activity;sid:84128375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.ppc"; depth:15; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265276/; classtype:trojan-activity;sid:84128376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.mpsl"; depth:16; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265277/; classtype:trojan-activity;sid:84128377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.mips"; depth:16; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265268/; classtype:trojan-activity;sid:84128368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.spc"; depth:15; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265269/; classtype:trojan-activity;sid:84128369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/belks.arm7"; depth:16; endswith; nocase; http.host; content:"2.58.113.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265270/; classtype:trojan-activity;sid:84128370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"168.195.81.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265266/; classtype:trojan-activity;sid:84128366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r8p-release-websetup.exe"; depth:25; endswith; nocase; http.host; content:"r8p.teknixstuff.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265267/; classtype:trojan-activity;sid:84128367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index.ps1"; depth:10; endswith; nocase; http.host; content:"r8p.teknixstuff.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265265/; classtype:trojan-activity;sid:84128365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.37.16.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265264/; classtype:trojan-activity;sid:84128364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/june--pdf11.lnk"; depth:16; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265261/; classtype:trojan-activity;sid:84128361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265262/; classtype:trojan-activity;sid:84128362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.176.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265263/; classtype:trojan-activity;sid:84128363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qfv0ao.zip"; depth:11; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265260/; classtype:trojan-activity;sid:84128360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.117.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265258/; classtype:trojan-activity;sid:84128358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.pdf"; depth:6; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265256/; classtype:trojan-activity;sid:84128356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.pdf"; depth:6; endswith; nocase; http.host; content:"louise-monitors-mo-rating.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265255/; classtype:trojan-activity;sid:84128355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.pdf"; depth:6; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265254/; classtype:trojan-activity;sid:84128354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/man.bat"; depth:8; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265251/; classtype:trojan-activity;sid:84128351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/june--pdf12.lnk"; depth:16; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265252/; classtype:trojan-activity;sid:84128352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.pdf"; depth:6; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265253/; classtype:trojan-activity;sid:84128353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fas.py"; depth:7; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265250/; classtype:trojan-activity;sid:84128350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.126.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265248/; classtype:trojan-activity;sid:84128348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.34.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265246/; classtype:trojan-activity;sid:84128346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.37.16.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265245/; classtype:trojan-activity;sid:84128345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.pdf"; depth:6; endswith; nocase; http.host; content:"193.26.115.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265244/; classtype:trojan-activity;sid:84128344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msword.zip"; depth:11; endswith; nocase; http.host; content:"193.26.115.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265243/; classtype:trojan-activity;sid:84128343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.ps1"; depth:6; endswith; nocase; http.host; content:"193.26.115.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265242/; classtype:trojan-activity;sid:84128342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.121.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265241/; classtype:trojan-activity;sid:84128341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265239/; classtype:trojan-activity;sid:84128339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.189.89.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265235/; classtype:trojan-activity;sid:84128335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265234/; classtype:trojan-activity;sid:84128334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.dat"; depth:6; endswith; nocase; http.host; content:"k2ygoods.ydns.eu"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265232/; classtype:trojan-activity;sid:84128332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/power.txt"; depth:10; endswith; nocase; http.host; content:"k2ygoods.ydns.eu"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265231/; classtype:trojan-activity;sid:84128331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/config.txt"; depth:11; endswith; nocase; http.host; content:"k2ygoods.ydns.eu"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265229/; classtype:trojan-activity;sid:84128329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.txt"; depth:13; endswith; nocase; http.host; content:"k2ygoods.ydns.eu"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265230/; classtype:trojan-activity;sid:84128330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conf/download.txt"; depth:18; endswith; nocase; http.host; content:"s1.k2isoks.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265224/; classtype:trojan-activity;sid:84128324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conf/hostse.txt"; depth:16; endswith; nocase; http.host; content:"s1.k2isoks.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265225/; classtype:trojan-activity;sid:84128325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conf/config.txt"; depth:16; endswith; nocase; http.host; content:"s1.k2isoks.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265226/; classtype:trojan-activity;sid:84128326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conf/power.txt"; depth:15; endswith; nocase; http.host; content:"s1.k2isoks.top"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265227/; classtype:trojan-activity;sid:84128327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.8.18"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265223/; classtype:trojan-activity;sid:84128323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.3.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265222/; classtype:trojan-activity;sid:84128322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-statics/test.doc"; depth:20; endswith; nocase; http.host; content:"www.cloudf-update.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265221/; classtype:trojan-activity;sid:84128321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down.txt"; depth:9; endswith; nocase; http.host; content:"www.cloudf-update.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265220/; classtype:trojan-activity;sid:84128320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.153.140.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265215/; classtype:trojan-activity;sid:84128315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.246.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265210/; classtype:trojan-activity;sid:84128310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.45.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265207/; classtype:trojan-activity;sid:84128307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.7.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265206/; classtype:trojan-activity;sid:84128306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265204/; classtype:trojan-activity;sid:84128304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265205/; classtype:trojan-activity;sid:84128305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.176.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265203/; classtype:trojan-activity;sid:84128303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265202/; classtype:trojan-activity;sid:84128302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.45.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265200/; classtype:trojan-activity;sid:84128300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.120.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265201/; classtype:trojan-activity;sid:84128301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"49.233.250.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265198/; classtype:trojan-activity;sid:84128298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.205.237.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265197/; classtype:trojan-activity;sid:84128297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.26.139.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265193/; classtype:trojan-activity;sid:84128293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.245.198.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265194/; classtype:trojan-activity;sid:84128294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"111.229.123.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265195/; classtype:trojan-activity;sid:84128295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.92.19.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265196/; classtype:trojan-activity;sid:84128296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.146.198.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265189/; classtype:trojan-activity;sid:84128289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.154.18.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265190/; classtype:trojan-activity;sid:84128290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.137.19.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265191/; classtype:trojan-activity;sid:84128291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"79.124.58.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265183/; classtype:trojan-activity;sid:84128283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.26.111.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265184/; classtype:trojan-activity;sid:84128284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"203.86.239.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265186/; classtype:trojan-activity;sid:84128286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"49.65.96.139"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265187/; classtype:trojan-activity;sid:84128287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"141.11.218.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265179/; classtype:trojan-activity;sid:84128279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"104.233.245.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265180/; classtype:trojan-activity;sid:84128280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.97.174.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265181/; classtype:trojan-activity;sid:84128281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.108.142.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265182/; classtype:trojan-activity;sid:84128282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.94.168.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265177/; classtype:trojan-activity;sid:84128277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.92.79.25"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265178/; classtype:trojan-activity;sid:84128278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"87.120.116.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265175/; classtype:trojan-activity;sid:84128275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"156.255.2.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265176/; classtype:trojan-activity;sid:84128276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.70.0.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265174/; classtype:trojan-activity;sid:84128274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.78.83.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265166/; classtype:trojan-activity;sid:84128266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"62.234.81.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265168/; classtype:trojan-activity;sid:84128268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"114.55.100.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265161/; classtype:trojan-activity;sid:84128261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.113.150.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265158/; classtype:trojan-activity;sid:84128258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"159.75.148.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265159/; classtype:trojan-activity;sid:84128259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.178.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265160/; classtype:trojan-activity;sid:84128260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.9.254.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265155/; classtype:trojan-activity;sid:84128255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.117.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265121/; classtype:trojan-activity;sid:84128221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.90.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265120/; classtype:trojan-activity;sid:84128220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.176.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265119/; classtype:trojan-activity;sid:84128219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.91.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265118/; classtype:trojan-activity;sid:84128218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265117/; classtype:trojan-activity;sid:84128217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.179.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265116/; classtype:trojan-activity;sid:84128216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.179.27.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265114/; classtype:trojan-activity;sid:84128214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.96.93"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265115/; classtype:trojan-activity;sid:84128215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antimalware.zip"; depth:16; endswith; nocase; http.host; content:"epsemaq.com.pe"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265113/; classtype:trojan-activity;sid:84128213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/pbpb12.txt"; depth:19; endswith; nocase; http.host; content:"vl1-du-fr-si2.b-cdn.net"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265112/; classtype:trojan-activity;sid:84128212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.232.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265111/; classtype:trojan-activity;sid:84128211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.120.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265110/; classtype:trojan-activity;sid:84128210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.144.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265109/; classtype:trojan-activity;sid:84128209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265107/; classtype:trojan-activity;sid:84128207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265105/; classtype:trojan-activity;sid:84128205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265104/; classtype:trojan-activity;sid:84128204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.86.61.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265103/; classtype:trojan-activity;sid:84128203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.31.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265102/; classtype:trojan-activity;sid:84128202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265101/; classtype:trojan-activity;sid:84128201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.244.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265099/; classtype:trojan-activity;sid:84128199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.18.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265100/; classtype:trojan-activity;sid:84128200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265098/; classtype:trojan-activity;sid:84128198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agjclzkiadbzzaqzfc115.bin"; depth:26; endswith; nocase; http.host; content:"173.249.193.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265096/; classtype:trojan-activity;sid:84128196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.86.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265097/; classtype:trojan-activity;sid:84128197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkuvwtzbht251.bin"; depth:18; endswith; nocase; http.host; content:"www.sojtarek.za.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265095/; classtype:trojan-activity;sid:84128195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.5.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265092/; classtype:trojan-activity;sid:84128192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.197.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265093/; classtype:trojan-activity;sid:84128193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/verifyz1.zip"; depth:21; endswith; nocase; http.host; content:"budgetkd2823j231278.b-cdn.net"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265094/; classtype:trojan-activity;sid:84128194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265091/; classtype:trojan-activity;sid:84128191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.220.93.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265090/; classtype:trojan-activity;sid:84128190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.219.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265089/; classtype:trojan-activity;sid:84128189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.125.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265088/; classtype:trojan-activity;sid:84128188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.103.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265087/; classtype:trojan-activity;sid:84128187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/wintoolsone64.exe"; depth:24; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265086/; classtype:trojan-activity;sid:84128186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.197.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265085/; classtype:trojan-activity;sid:84128185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.249.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265084/; classtype:trojan-activity;sid:84128184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265083/; classtype:trojan-activity;sid:84128183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.191.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265082/; classtype:trojan-activity;sid:84128182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.103.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265081/; classtype:trojan-activity;sid:84128181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.107.232.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265080/; classtype:trojan-activity;sid:84128180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265078/; classtype:trojan-activity;sid:84128178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.249.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265079/; classtype:trojan-activity;sid:84128179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.78.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265077/; classtype:trojan-activity;sid:84128177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.84.138.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265076/; classtype:trojan-activity;sid:84128176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.248.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265075/; classtype:trojan-activity;sid:84128175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.22.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265074/; classtype:trojan-activity;sid:84128174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.0.208"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265071/; classtype:trojan-activity;sid:84128171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.59.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265072/; classtype:trojan-activity;sid:84128172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265073/; classtype:trojan-activity;sid:84128173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.243.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265070/; classtype:trojan-activity;sid:84128170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.110.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265069/; classtype:trojan-activity;sid:84128169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265068/; classtype:trojan-activity;sid:84128168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.20.195"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265067/; classtype:trojan-activity;sid:84128167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.81.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265066/; classtype:trojan-activity;sid:84128166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myfile.zip"; depth:11; endswith; nocase; http.host; content:"venomfistv1.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265065/; classtype:trojan-activity;sid:84128165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxt/new1.txt"; depth:13; endswith; nocase; http.host; content:"venomfistv1.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265064/; classtype:trojan-activity;sid:84128164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gem.zip"; depth:8; endswith; nocase; http.host; content:"jingling01.b-cdn.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265063/; classtype:trojan-activity;sid:84128163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gem.txt"; depth:8; endswith; nocase; http.host; content:"jingling01.b-cdn.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265062/; classtype:trojan-activity;sid:84128162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.169.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265061/; classtype:trojan-activity;sid:84128161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.107.232.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265060/; classtype:trojan-activity;sid:84128160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.78.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265059/; classtype:trojan-activity;sid:84128159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nekv05.zip"; depth:11; endswith; nocase; http.host; content:"xhs56a90-vxe.b-cdn.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265058/; classtype:trojan-activity;sid:84128158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.235.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265056/; classtype:trojan-activity;sid:84128156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i9.txt"; depth:7; endswith; nocase; http.host; content:"ooop.b-cdn.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265057/; classtype:trojan-activity;sid:84128157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.116.175.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265055/; classtype:trojan-activity;sid:84128155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.173.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265054/; classtype:trojan-activity;sid:84128154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.188.79.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265052/; classtype:trojan-activity;sid:84128152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.216.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265053/; classtype:trojan-activity;sid:84128153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.157.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265051/; classtype:trojan-activity;sid:84128151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265050/; classtype:trojan-activity;sid:84128150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.22.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265049/; classtype:trojan-activity;sid:84128149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.0.208"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265048/; classtype:trojan-activity;sid:84128148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265047/; classtype:trojan-activity;sid:84128147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x64.zip"; depth:8; endswith; nocase; http.host; content:"tz111.b-cdn.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265045/; classtype:trojan-activity;sid:84128145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x64-v2.txt"; depth:11; endswith; nocase; http.host; content:"tx11.b-cdn.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265046/; classtype:trojan-activity;sid:84128146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.82.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265043/; classtype:trojan-activity;sid:84128143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.167.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265044/; classtype:trojan-activity;sid:84128144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.178.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265041/; classtype:trojan-activity;sid:84128141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.16.77.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265042/; classtype:trojan-activity;sid:84128142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.98.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265040/; classtype:trojan-activity;sid:84128140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265039/; classtype:trojan-activity;sid:84128139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265038/; classtype:trojan-activity;sid:84128138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.0.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265037/; classtype:trojan-activity;sid:84128137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.95.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265036/; classtype:trojan-activity;sid:84128136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.238.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265035/; classtype:trojan-activity;sid:84128135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.180.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265033/; classtype:trojan-activity;sid:84128133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.17.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265034/; classtype:trojan-activity;sid:84128134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.215.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265032/; classtype:trojan-activity;sid:84128132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.20.195"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265031/; classtype:trojan-activity;sid:84128131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d003c031fcb1b4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"45.88.76.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265030/; classtype:trojan-activity;sid:84128130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d003c031fcb1b4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"45.88.76.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265028/; classtype:trojan-activity;sid:84128128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d003c031fcb1b4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"45.88.76.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265029/; classtype:trojan-activity;sid:84128129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d003c031fcb1b4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"45.88.76.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265026/; classtype:trojan-activity;sid:84128126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d003c031fcb1b4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.76.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265027/; classtype:trojan-activity;sid:84128127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d003c031fcb1b4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"45.88.76.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265024/; classtype:trojan-activity;sid:84128124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d003c031fcb1b4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"45.88.76.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265025/; classtype:trojan-activity;sid:84128125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265023/; classtype:trojan-activity;sid:84128123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265022/; classtype:trojan-activity;sid:84128122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265021/; classtype:trojan-activity;sid:84128121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.98.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265020/; classtype:trojan-activity;sid:84128120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.116.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265018/; classtype:trojan-activity;sid:84128118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.23.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265019/; classtype:trojan-activity;sid:84128119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.x86"; depth:13; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265014/; classtype:trojan-activity;sid:84128114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mpsl"; depth:14; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265015/; classtype:trojan-activity;sid:84128115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm"; depth:13; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265016/; classtype:trojan-activity;sid:84128116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.sh4"; depth:13; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265017/; classtype:trojan-activity;sid:84128117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm5"; depth:14; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265008/; classtype:trojan-activity;sid:84128108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.spc"; depth:13; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265009/; classtype:trojan-activity;sid:84128109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mips"; depth:14; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265010/; classtype:trojan-activity;sid:84128110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.m68k"; depth:14; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265011/; classtype:trojan-activity;sid:84128111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm6"; depth:14; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265012/; classtype:trojan-activity;sid:84128112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.ppc"; depth:13; endswith; nocase; http.host; content:"vpn911645173.softether.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265013/; classtype:trojan-activity;sid:84128113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265007/; classtype:trojan-activity;sid:84128107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.244.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265006/; classtype:trojan-activity;sid:84128106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.sh4"; depth:8; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264994/; classtype:trojan-activity;sid:84128094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.spc"; depth:8; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264995/; classtype:trojan-activity;sid:84128095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.arm5n"; depth:10; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264989/; classtype:trojan-activity;sid:84128089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.mips"; depth:9; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264990/; classtype:trojan-activity;sid:84128090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.ppc"; depth:8; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264991/; classtype:trojan-activity;sid:84128091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.234.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264992/; classtype:trojan-activity;sid:84128092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.17.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264993/; classtype:trojan-activity;sid:84128093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.arm6"; depth:9; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264986/; classtype:trojan-activity;sid:84128086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.mpsl"; depth:9; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264987/; classtype:trojan-activity;sid:84128087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.arm7"; depth:9; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264988/; classtype:trojan-activity;sid:84128088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.m68k"; depth:9; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264985/; classtype:trojan-activity;sid:84128085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.x86"; depth:8; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264983/; classtype:trojan-activity;sid:84128083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.x86_64"; depth:11; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264984/; classtype:trojan-activity;sid:84128084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lilin.sh"; depth:9; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264975/; classtype:trojan-activity;sid:84128075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unv.sh"; depth:7; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264976/; classtype:trojan-activity;sid:84128076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rv.sh"; depth:6; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264977/; classtype:trojan-activity;sid:84128077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wcp.sh"; depth:7; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264978/; classtype:trojan-activity;sid:84128078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usa.sh"; depth:7; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264979/; classtype:trojan-activity;sid:84128079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ums.sh"; depth:7; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264980/; classtype:trojan-activity;sid:84128080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e.sh"; depth:5; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264981/; classtype:trojan-activity;sid:84128081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/camera.sh"; depth:10; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264982/; classtype:trojan-activity;sid:84128082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugin2.dll"; depth:12; endswith; nocase; http.host; content:"gdx.o7lab.me"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264974/; classtype:trojan-activity;sid:84128074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.exe"; depth:5; endswith; nocase; http.host; content:"gdx.o7lab.me"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264973/; classtype:trojan-activity;sid:84128073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugin1.dll"; depth:12; endswith; nocase; http.host; content:"gdx.o7lab.me"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264971/; classtype:trojan-activity;sid:84128071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugin3.dll"; depth:12; endswith; nocase; http.host; content:"gdx.o7lab.me"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264972/; classtype:trojan-activity;sid:84128072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.89.101"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264969/; classtype:trojan-activity;sid:84128069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264970/; classtype:trojan-activity;sid:84128070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264968/; classtype:trojan-activity;sid:84128068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.114.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264967/; classtype:trojan-activity;sid:84128067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.78.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264966/; classtype:trojan-activity;sid:84128066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.235.183.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264965/; classtype:trojan-activity;sid:84128065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.4.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264963/; classtype:trojan-activity;sid:84128063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264964/; classtype:trojan-activity;sid:84128064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.254.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264962/; classtype:trojan-activity;sid:84128062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.49.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264961/; classtype:trojan-activity;sid:84128061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264960/; classtype:trojan-activity;sid:84128060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.201.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264959/; classtype:trojan-activity;sid:84128059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aisuru.arm"; depth:11; endswith; nocase; http.host; content:"92.60.77.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264956/; classtype:trojan-activity;sid:84128056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm"; depth:40; endswith; nocase; http.host; content:"93.123.85.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264957/; classtype:trojan-activity;sid:84128057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"154.197.69.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264958/; classtype:trojan-activity;sid:84128058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy.arm"; depth:10; endswith; nocase; http.host; content:"167.235.150.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264955/; classtype:trojan-activity;sid:84128055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1x.arm"; depth:8; endswith; nocase; http.host; content:"80.66.77.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264954/; classtype:trojan-activity;sid:84128054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanirc.arm"; depth:12; endswith; nocase; http.host; content:"176.123.1.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264952/; classtype:trojan-activity;sid:84128052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kata/katau.arm"; depth:15; endswith; nocase; http.host; content:"5.42.94.233"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264953/; classtype:trojan-activity;sid:84128053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.134.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264951/; classtype:trojan-activity;sid:84128051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.234.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264950/; classtype:trojan-activity;sid:84128050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.124.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264949/; classtype:trojan-activity;sid:84128049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.243.137.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264948/; classtype:trojan-activity;sid:84128048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.13.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264947/; classtype:trojan-activity;sid:84128047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.131.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264946/; classtype:trojan-activity;sid:84128046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.93.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264945/; classtype:trojan-activity;sid:84128045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"178.215.238.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264944/; classtype:trojan-activity;sid:84128044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32"; depth:7; endswith; nocase; http.host; content:"178.215.238.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264942/; classtype:trojan-activity;sid:84128042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"178.215.238.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264943/; classtype:trojan-activity;sid:84128043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.127.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264941/; classtype:trojan-activity;sid:84128041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.201.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264940/; classtype:trojan-activity;sid:84128040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.6.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264939/; classtype:trojan-activity;sid:84128039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.124.6.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264937/; classtype:trojan-activity;sid:84128037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.165.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264938/; classtype:trojan-activity;sid:84128038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.29.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264935/; classtype:trojan-activity;sid:84128035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264936/; classtype:trojan-activity;sid:84128036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.35.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264934/; classtype:trojan-activity;sid:84128034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.6.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264933/; classtype:trojan-activity;sid:84128033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264932/; classtype:trojan-activity;sid:84128032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.207.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264931/; classtype:trojan-activity;sid:84128031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.180.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264930/; classtype:trojan-activity;sid:84128030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.160.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264929/; classtype:trojan-activity;sid:84128029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.168.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264928/; classtype:trojan-activity;sid:84128028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.120.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264926/; classtype:trojan-activity;sid:84128026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.239.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264927/; classtype:trojan-activity;sid:84128027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.245.60.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264925/; classtype:trojan-activity;sid:84128025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.173.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264924/; classtype:trojan-activity;sid:84128024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.158.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264923/; classtype:trojan-activity;sid:84128023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.34.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264922/; classtype:trojan-activity;sid:84128022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264921/; classtype:trojan-activity;sid:84128021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.13.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264920/; classtype:trojan-activity;sid:84128020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.49.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264919/; classtype:trojan-activity;sid:84128019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264918/; classtype:trojan-activity;sid:84128018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.ppc"; depth:13; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264917/; classtype:trojan-activity;sid:84128017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm"; depth:13; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264909/; classtype:trojan-activity;sid:84128009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm6"; depth:14; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264910/; classtype:trojan-activity;sid:84128010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.sh4"; depth:13; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264911/; classtype:trojan-activity;sid:84128011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.x86"; depth:13; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264912/; classtype:trojan-activity;sid:84128012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mpsl"; depth:14; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264913/; classtype:trojan-activity;sid:84128013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.mips"; depth:14; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264914/; classtype:trojan-activity;sid:84128014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.spc"; depth:13; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264915/; classtype:trojan-activity;sid:84128015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.m68k"; depth:14; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264916/; classtype:trojan-activity;sid:84128016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jew.arm5"; depth:14; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264908/; classtype:trojan-activity;sid:84128008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freebl3.dll"; depth:12; endswith; nocase; http.host; content:"65.109.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264905/; classtype:trojan-activity;sid:84128005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nss3.dll"; depth:9; endswith; nocase; http.host; content:"65.109.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264906/; classtype:trojan-activity;sid:84128006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqlp.dll"; depth:9; endswith; nocase; http.host; content:"65.109.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264907/; classtype:trojan-activity;sid:84128007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softokn3.dll"; depth:13; endswith; nocase; http.host; content:"65.109.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264904/; classtype:trojan-activity;sid:84128004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcruntime140.dll"; depth:17; endswith; nocase; http.host; content:"65.109.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264902/; classtype:trojan-activity;sid:84128002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msvcp140.dll"; depth:13; endswith; nocase; http.host; content:"65.109.243.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264903/; classtype:trojan-activity;sid:84128003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.123.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264901/; classtype:trojan-activity;sid:84128001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tel.arm"; depth:8; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264899/; classtype:trojan-activity;sid:84127999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.55.149.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264900/; classtype:trojan-activity;sid:84128000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.ppc"; depth:9; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264898/; classtype:trojan-activity;sid:84127998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.m68k"; depth:10; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264892/; classtype:trojan-activity;sid:84127992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264893/; classtype:trojan-activity;sid:84127993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264894/; classtype:trojan-activity;sid:84127994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm5"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264895/; classtype:trojan-activity;sid:84127995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmpsl"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264896/; classtype:trojan-activity;sid:84127996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsh4"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264897/; classtype:trojan-activity;sid:84127997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nwdxynq5d362emnjlqjylr69mxhlmfmp6r"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264891/; classtype:trojan-activity;sid:84127991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/5lvij8hlkfml8kvyhmbvlmrinoyukpdcmi"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264890/; classtype:trojan-activity;sid:84127990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ktfujjji6xrhogmtqd4mos2zjrzhvewxjz"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264889/; classtype:trojan-activity;sid:84127989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/euyeplnebpxoa5i6elhwnxuhuklg8rntzr"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264886/; classtype:trojan-activity;sid:84127986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264887/; classtype:trojan-activity;sid:84127987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264888/; classtype:trojan-activity;sid:84127988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xqxuffndrsu5ngvezt03l2nbhnqoaub6ys"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264882/; classtype:trojan-activity;sid:84127982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264883/; classtype:trojan-activity;sid:84127983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/aqhchsjou58mydjldidmejhwsydxpyhhpf"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264884/; classtype:trojan-activity;sid:84127984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264885/; classtype:trojan-activity;sid:84127985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tbiucqrywrypj8kxoyisipew9exrtaxigd"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264880/; classtype:trojan-activity;sid:84127980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xbo4agkjzokgbqlb4kf29o4jlleexpj6zd"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264881/; classtype:trojan-activity;sid:84127981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264879/; classtype:trojan-activity;sid:84127979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264877/; classtype:trojan-activity;sid:84127977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/crwncqdi8ewthhi3qwxoqylltsfufleo73"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264878/; classtype:trojan-activity;sid:84127978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264875/; classtype:trojan-activity;sid:84127975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264876/; classtype:trojan-activity;sid:84127976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264874/; classtype:trojan-activity;sid:84127974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ujrxybnq7t9jvimbrzm3c2z81tvmaxqxz3"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264873/; classtype:trojan-activity;sid:84127973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264872/; classtype:trojan-activity;sid:84127972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tszc42umtcpxav9cmdhhwit0cln57d71nq"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264866/; classtype:trojan-activity;sid:84127966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zakqqophxx7pwuap4yftxsrxkizzz7ejz7"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264867/; classtype:trojan-activity;sid:84127967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yccceq3kwshwkxuqy90r7d1qctwyifk0l2"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264868/; classtype:trojan-activity;sid:84127968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264869/; classtype:trojan-activity;sid:84127969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hklhruxkv3j9znzugkoktfnmdeco32nlea"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264870/; classtype:trojan-activity;sid:84127970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"87.120.114.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264871/; classtype:trojan-activity;sid:84127971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tel.x86"; depth:8; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264864/; classtype:trojan-activity;sid:84127964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.mips"; depth:10; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264865/; classtype:trojan-activity;sid:84127965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpsl"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264858/; classtype:trojan-activity;sid:84127958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm6"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264859/; classtype:trojan-activity;sid:84127959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkbfi86"; depth:8; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264860/; classtype:trojan-activity;sid:84127960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm5"; depth:10; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264861/; classtype:trojan-activity;sid:84127961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264862/; classtype:trojan-activity;sid:84127962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm7"; depth:10; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264863/; classtype:trojan-activity;sid:84127963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264854/; classtype:trojan-activity;sid:84127954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264855/; classtype:trojan-activity;sid:84127955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264856/; classtype:trojan-activity;sid:84127956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264857/; classtype:trojan-activity;sid:84127957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264849/; classtype:trojan-activity;sid:84127949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264850/; classtype:trojan-activity;sid:84127950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm7"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264851/; classtype:trojan-activity;sid:84127951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264852/; classtype:trojan-activity;sid:84127952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"192.163.224.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264853/; classtype:trojan-activity;sid:84127953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264846/; classtype:trojan-activity;sid:84127946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264847/; classtype:trojan-activity;sid:84127947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264848/; classtype:trojan-activity;sid:84127948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwkjebwi686"; depth:12; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264838/; classtype:trojan-activity;sid:84127938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264839/; classtype:trojan-activity;sid:84127939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264840/; classtype:trojan-activity;sid:84127940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264841/; classtype:trojan-activity;sid:84127941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264842/; classtype:trojan-activity;sid:84127942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264843/; classtype:trojan-activity;sid:84127943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264844/; classtype:trojan-activity;sid:84127944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264845/; classtype:trojan-activity;sid:84127945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264835/; classtype:trojan-activity;sid:84127935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264836/; classtype:trojan-activity;sid:84127936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264837/; classtype:trojan-activity;sid:84127937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tel.mips"; depth:9; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264832/; classtype:trojan-activity;sid:84127932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264833/; classtype:trojan-activity;sid:84127933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264834/; classtype:trojan-activity;sid:84127934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264828/; classtype:trojan-activity;sid:84127928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264829/; classtype:trojan-activity;sid:84127929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264830/; classtype:trojan-activity;sid:84127930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264831/; classtype:trojan-activity;sid:84127931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264822/; classtype:trojan-activity;sid:84127922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264823/; classtype:trojan-activity;sid:84127923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm"; depth:9; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264824/; classtype:trojan-activity;sid:84127924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264825/; classtype:trojan-activity;sid:84127925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.arm6"; depth:10; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264826/; classtype:trojan-activity;sid:84127926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264827/; classtype:trojan-activity;sid:84127927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm6"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264810/; classtype:trojan-activity;sid:84127910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264811/; classtype:trojan-activity;sid:84127911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264812/; classtype:trojan-activity;sid:84127912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmips"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264813/; classtype:trojan-activity;sid:84127913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264814/; classtype:trojan-activity;sid:84127914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm6"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264815/; classtype:trojan-activity;sid:84127915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264816/; classtype:trojan-activity;sid:84127916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264817/; classtype:trojan-activity;sid:84127917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264818/; classtype:trojan-activity;sid:84127918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264819/; classtype:trojan-activity;sid:84127919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264820/; classtype:trojan-activity;sid:84127920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tel.arm7"; depth:9; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264821/; classtype:trojan-activity;sid:84127921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tel.mpsl"; depth:9; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264804/; classtype:trojan-activity;sid:84127904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264805/; classtype:trojan-activity;sid:84127905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264806/; classtype:trojan-activity;sid:84127906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264807/; classtype:trojan-activity;sid:84127907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264808/; classtype:trojan-activity;sid:84127908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264809/; classtype:trojan-activity;sid:84127909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264802/; classtype:trojan-activity;sid:84127902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264803/; classtype:trojan-activity;sid:84127903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.sh4"; depth:9; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264801/; classtype:trojan-activity;sid:84127901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tppc"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264799/; classtype:trojan-activity;sid:84127899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86_64"; depth:12; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264800/; classtype:trojan-activity;sid:84127900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.spc"; depth:9; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264791/; classtype:trojan-activity;sid:84127891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pmpsl"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264792/; classtype:trojan-activity;sid:84127892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264793/; classtype:trojan-activity;sid:84127893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264794/; classtype:trojan-activity;sid:84127894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264795/; classtype:trojan-activity;sid:84127895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tel.arm5"; depth:9; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264796/; classtype:trojan-activity;sid:84127896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmap.x86"; depth:9; endswith; nocase; http.host; content:"154.216.20.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264797/; classtype:trojan-activity;sid:84127897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264798/; classtype:trojan-activity;sid:84127898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wriww68k"; depth:9; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264787/; classtype:trojan-activity;sid:84127887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264788/; classtype:trojan-activity;sid:84127888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm5"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264789/; classtype:trojan-activity;sid:84127889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmips"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264790/; classtype:trojan-activity;sid:84127890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkbfi86"; depth:8; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264774/; classtype:trojan-activity;sid:84127874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264775/; classtype:trojan-activity;sid:84127875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264776/; classtype:trojan-activity;sid:84127876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm5"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264777/; classtype:trojan-activity;sid:84127877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tel.arm6"; depth:9; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264778/; classtype:trojan-activity;sid:84127878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264779/; classtype:trojan-activity;sid:84127879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pmips"; depth:6; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264780/; classtype:trojan-activity;sid:84127880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264781/; classtype:trojan-activity;sid:84127881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gppc"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264782/; classtype:trojan-activity;sid:84127882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm"; depth:5; endswith; nocase; http.host; content:"178.215.224.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264783/; classtype:trojan-activity;sid:84127883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264784/; classtype:trojan-activity;sid:84127884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"193.84.71.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264785/; classtype:trojan-activity;sid:84127885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwhdbg"; depth:7; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264786/; classtype:trojan-activity;sid:84127886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264772/; classtype:trojan-activity;sid:84127872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264773/; classtype:trojan-activity;sid:84127873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264769/; classtype:trojan-activity;sid:84127869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264770/; classtype:trojan-activity;sid:84127870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264771/; classtype:trojan-activity;sid:84127871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"213.232.235.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264767/; classtype:trojan-activity;sid:84127867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boatnet.mpsl"; depth:13; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264768/; classtype:trojan-activity;sid:84127868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264765/; classtype:trojan-activity;sid:84127865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264766/; classtype:trojan-activity;sid:84127866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264762/; classtype:trojan-activity;sid:84127862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264763/; classtype:trojan-activity;sid:84127863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264764/; classtype:trojan-activity;sid:84127864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264757/; classtype:trojan-activity;sid:84127857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264758/; classtype:trojan-activity;sid:84127858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"147.45.79.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264759/; classtype:trojan-activity;sid:84127859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264760/; classtype:trojan-activity;sid:84127860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264761/; classtype:trojan-activity;sid:84127861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264755/; classtype:trojan-activity;sid:84127855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"159.100.9.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264756/; classtype:trojan-activity;sid:84127856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.170.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264754/; classtype:trojan-activity;sid:84127854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.138.139.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264753/; classtype:trojan-activity;sid:84127853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.52.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264752/; classtype:trojan-activity;sid:84127852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.53.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264751/; classtype:trojan-activity;sid:84127851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.127.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264750/; classtype:trojan-activity;sid:84127850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264749/; classtype:trojan-activity;sid:84127849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.91.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264748/; classtype:trojan-activity;sid:84127848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.2.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264747/; classtype:trojan-activity;sid:84127847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264746/; classtype:trojan-activity;sid:84127846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.91.11.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264745/; classtype:trojan-activity;sid:84127845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264744/; classtype:trojan-activity;sid:84127844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264743/; classtype:trojan-activity;sid:84127843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264740/; classtype:trojan-activity;sid:84127840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264741/; classtype:trojan-activity;sid:84127841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264742/; classtype:trojan-activity;sid:84127842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264734/; classtype:trojan-activity;sid:84127834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264735/; classtype:trojan-activity;sid:84127835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264736/; classtype:trojan-activity;sid:84127836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264737/; classtype:trojan-activity;sid:84127837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264738/; classtype:trojan-activity;sid:84127838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264739/; classtype:trojan-activity;sid:84127839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264723/; classtype:trojan-activity;sid:84127823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264724/; classtype:trojan-activity;sid:84127824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264725/; classtype:trojan-activity;sid:84127825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264726/; classtype:trojan-activity;sid:84127826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264727/; classtype:trojan-activity;sid:84127827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264728/; classtype:trojan-activity;sid:84127828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264729/; classtype:trojan-activity;sid:84127829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264730/; classtype:trojan-activity;sid:84127830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264731/; classtype:trojan-activity;sid:84127831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264732/; classtype:trojan-activity;sid:84127832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264733/; classtype:trojan-activity;sid:84127833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264714/; classtype:trojan-activity;sid:84127814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264715/; classtype:trojan-activity;sid:84127815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264716/; classtype:trojan-activity;sid:84127816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264717/; classtype:trojan-activity;sid:84127817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264718/; classtype:trojan-activity;sid:84127818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264719/; classtype:trojan-activity;sid:84127819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264720/; classtype:trojan-activity;sid:84127820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264721/; classtype:trojan-activity;sid:84127821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264722/; classtype:trojan-activity;sid:84127822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264708/; classtype:trojan-activity;sid:84127808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264709/; classtype:trojan-activity;sid:84127809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264710/; classtype:trojan-activity;sid:84127810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264711/; classtype:trojan-activity;sid:84127811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264712/; classtype:trojan-activity;sid:84127812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264713/; classtype:trojan-activity;sid:84127813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264705/; classtype:trojan-activity;sid:84127805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264706/; classtype:trojan-activity;sid:84127806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264707/; classtype:trojan-activity;sid:84127807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264699/; classtype:trojan-activity;sid:84127799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264700/; classtype:trojan-activity;sid:84127800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264701/; classtype:trojan-activity;sid:84127801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264702/; classtype:trojan-activity;sid:84127802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264703/; classtype:trojan-activity;sid:84127803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264704/; classtype:trojan-activity;sid:84127804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264697/; classtype:trojan-activity;sid:84127797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264698/; classtype:trojan-activity;sid:84127798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264688/; classtype:trojan-activity;sid:84127788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264689/; classtype:trojan-activity;sid:84127789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264690/; classtype:trojan-activity;sid:84127790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264691/; classtype:trojan-activity;sid:84127791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264692/; classtype:trojan-activity;sid:84127792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264693/; classtype:trojan-activity;sid:84127793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264694/; classtype:trojan-activity;sid:84127794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264695/; classtype:trojan-activity;sid:84127795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264696/; classtype:trojan-activity;sid:84127796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264683/; classtype:trojan-activity;sid:84127783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264684/; classtype:trojan-activity;sid:84127784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264685/; classtype:trojan-activity;sid:84127785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264686/; classtype:trojan-activity;sid:84127786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264687/; classtype:trojan-activity;sid:84127787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264678/; classtype:trojan-activity;sid:84127778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264679/; classtype:trojan-activity;sid:84127779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264680/; classtype:trojan-activity;sid:84127780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264681/; classtype:trojan-activity;sid:84127781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264682/; classtype:trojan-activity;sid:84127782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264675/; classtype:trojan-activity;sid:84127775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264676/; classtype:trojan-activity;sid:84127776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264677/; classtype:trojan-activity;sid:84127777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264671/; classtype:trojan-activity;sid:84127771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264672/; classtype:trojan-activity;sid:84127772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264673/; classtype:trojan-activity;sid:84127773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264674/; classtype:trojan-activity;sid:84127774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264664/; classtype:trojan-activity;sid:84127764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264665/; classtype:trojan-activity;sid:84127765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264666/; classtype:trojan-activity;sid:84127766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264667/; classtype:trojan-activity;sid:84127767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264668/; classtype:trojan-activity;sid:84127768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264669/; classtype:trojan-activity;sid:84127769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264670/; classtype:trojan-activity;sid:84127770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264659/; classtype:trojan-activity;sid:84127759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264660/; classtype:trojan-activity;sid:84127760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264661/; classtype:trojan-activity;sid:84127761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264662/; classtype:trojan-activity;sid:84127762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264663/; classtype:trojan-activity;sid:84127763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264654/; classtype:trojan-activity;sid:84127754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264655/; classtype:trojan-activity;sid:84127755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264656/; classtype:trojan-activity;sid:84127756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264657/; classtype:trojan-activity;sid:84127757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264658/; classtype:trojan-activity;sid:84127758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264653/; classtype:trojan-activity;sid:84127753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264649/; classtype:trojan-activity;sid:84127749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264650/; classtype:trojan-activity;sid:84127750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264651/; classtype:trojan-activity;sid:84127751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264652/; classtype:trojan-activity;sid:84127752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264643/; classtype:trojan-activity;sid:84127743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264644/; classtype:trojan-activity;sid:84127744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264645/; classtype:trojan-activity;sid:84127745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264646/; classtype:trojan-activity;sid:84127746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264647/; classtype:trojan-activity;sid:84127747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264648/; classtype:trojan-activity;sid:84127748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264636/; classtype:trojan-activity;sid:84127736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264637/; classtype:trojan-activity;sid:84127737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264638/; classtype:trojan-activity;sid:84127738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264639/; classtype:trojan-activity;sid:84127739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264640/; classtype:trojan-activity;sid:84127740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264641/; classtype:trojan-activity;sid:84127741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264642/; classtype:trojan-activity;sid:84127742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264635/; classtype:trojan-activity;sid:84127735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264627/; classtype:trojan-activity;sid:84127727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264628/; classtype:trojan-activity;sid:84127728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264629/; classtype:trojan-activity;sid:84127729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264630/; classtype:trojan-activity;sid:84127730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264631/; classtype:trojan-activity;sid:84127731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264632/; classtype:trojan-activity;sid:84127732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264633/; classtype:trojan-activity;sid:84127733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264634/; classtype:trojan-activity;sid:84127734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264624/; classtype:trojan-activity;sid:84127724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264625/; classtype:trojan-activity;sid:84127725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264626/; classtype:trojan-activity;sid:84127726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264614/; classtype:trojan-activity;sid:84127714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264615/; classtype:trojan-activity;sid:84127715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264616/; classtype:trojan-activity;sid:84127716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264617/; classtype:trojan-activity;sid:84127717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264618/; classtype:trojan-activity;sid:84127718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264619/; classtype:trojan-activity;sid:84127719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264620/; classtype:trojan-activity;sid:84127720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264621/; classtype:trojan-activity;sid:84127721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264622/; classtype:trojan-activity;sid:84127722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264623/; classtype:trojan-activity;sid:84127723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264613/; classtype:trojan-activity;sid:84127713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264608/; classtype:trojan-activity;sid:84127708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264609/; classtype:trojan-activity;sid:84127709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264610/; classtype:trojan-activity;sid:84127710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264611/; classtype:trojan-activity;sid:84127711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264612/; classtype:trojan-activity;sid:84127712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264607/; classtype:trojan-activity;sid:84127707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264590/; classtype:trojan-activity;sid:84127690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264591/; classtype:trojan-activity;sid:84127691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264592/; classtype:trojan-activity;sid:84127692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264593/; classtype:trojan-activity;sid:84127693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264594/; classtype:trojan-activity;sid:84127694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264595/; classtype:trojan-activity;sid:84127695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264596/; classtype:trojan-activity;sid:84127696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264597/; classtype:trojan-activity;sid:84127697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264598/; classtype:trojan-activity;sid:84127698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264599/; classtype:trojan-activity;sid:84127699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264600/; classtype:trojan-activity;sid:84127700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264601/; classtype:trojan-activity;sid:84127701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264602/; classtype:trojan-activity;sid:84127702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264603/; classtype:trojan-activity;sid:84127703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264604/; classtype:trojan-activity;sid:84127704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264605/; classtype:trojan-activity;sid:84127705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264606/; classtype:trojan-activity;sid:84127706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264587/; classtype:trojan-activity;sid:84127687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264588/; classtype:trojan-activity;sid:84127688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264589/; classtype:trojan-activity;sid:84127689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264578/; classtype:trojan-activity;sid:84127678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264579/; classtype:trojan-activity;sid:84127679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264580/; classtype:trojan-activity;sid:84127680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264581/; classtype:trojan-activity;sid:84127681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264582/; classtype:trojan-activity;sid:84127682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264583/; classtype:trojan-activity;sid:84127683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264584/; classtype:trojan-activity;sid:84127684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264585/; classtype:trojan-activity;sid:84127685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264586/; classtype:trojan-activity;sid:84127686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264575/; classtype:trojan-activity;sid:84127675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264576/; classtype:trojan-activity;sid:84127676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264577/; classtype:trojan-activity;sid:84127677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264572/; classtype:trojan-activity;sid:84127672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264573/; classtype:trojan-activity;sid:84127673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264574/; classtype:trojan-activity;sid:84127674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264567/; classtype:trojan-activity;sid:84127667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264568/; classtype:trojan-activity;sid:84127668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264569/; classtype:trojan-activity;sid:84127669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264570/; classtype:trojan-activity;sid:84127670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264571/; classtype:trojan-activity;sid:84127671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264562/; classtype:trojan-activity;sid:84127662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264563/; classtype:trojan-activity;sid:84127663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264564/; classtype:trojan-activity;sid:84127664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264565/; classtype:trojan-activity;sid:84127665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264566/; classtype:trojan-activity;sid:84127666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264560/; classtype:trojan-activity;sid:84127660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264561/; classtype:trojan-activity;sid:84127661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264551/; classtype:trojan-activity;sid:84127651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264552/; classtype:trojan-activity;sid:84127652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264553/; classtype:trojan-activity;sid:84127653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264554/; classtype:trojan-activity;sid:84127654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264555/; classtype:trojan-activity;sid:84127655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264556/; classtype:trojan-activity;sid:84127656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264557/; classtype:trojan-activity;sid:84127657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264558/; classtype:trojan-activity;sid:84127658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264559/; classtype:trojan-activity;sid:84127659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264545/; classtype:trojan-activity;sid:84127645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264546/; classtype:trojan-activity;sid:84127646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264547/; classtype:trojan-activity;sid:84127647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264548/; classtype:trojan-activity;sid:84127648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264549/; classtype:trojan-activity;sid:84127649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264550/; classtype:trojan-activity;sid:84127650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264536/; classtype:trojan-activity;sid:84127636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264537/; classtype:trojan-activity;sid:84127637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264538/; classtype:trojan-activity;sid:84127638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264539/; classtype:trojan-activity;sid:84127639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264540/; classtype:trojan-activity;sid:84127640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264541/; classtype:trojan-activity;sid:84127641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264542/; classtype:trojan-activity;sid:84127642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264543/; classtype:trojan-activity;sid:84127643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264544/; classtype:trojan-activity;sid:84127644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264532/; classtype:trojan-activity;sid:84127632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264533/; classtype:trojan-activity;sid:84127633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264534/; classtype:trojan-activity;sid:84127634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264535/; classtype:trojan-activity;sid:84127635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264525/; classtype:trojan-activity;sid:84127625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264526/; classtype:trojan-activity;sid:84127626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264527/; classtype:trojan-activity;sid:84127627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264528/; classtype:trojan-activity;sid:84127628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264529/; classtype:trojan-activity;sid:84127629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264530/; classtype:trojan-activity;sid:84127630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264531/; classtype:trojan-activity;sid:84127631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264521/; classtype:trojan-activity;sid:84127621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264522/; classtype:trojan-activity;sid:84127622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264523/; classtype:trojan-activity;sid:84127623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264524/; classtype:trojan-activity;sid:84127624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264518/; classtype:trojan-activity;sid:84127618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264519/; classtype:trojan-activity;sid:84127619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264520/; classtype:trojan-activity;sid:84127620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264517/; classtype:trojan-activity;sid:84127617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264513/; classtype:trojan-activity;sid:84127613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264514/; classtype:trojan-activity;sid:84127614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264515/; classtype:trojan-activity;sid:84127615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264516/; classtype:trojan-activity;sid:84127616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264507/; classtype:trojan-activity;sid:84127607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264508/; classtype:trojan-activity;sid:84127608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264509/; classtype:trojan-activity;sid:84127609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264510/; classtype:trojan-activity;sid:84127610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264511/; classtype:trojan-activity;sid:84127611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264512/; classtype:trojan-activity;sid:84127612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264503/; classtype:trojan-activity;sid:84127603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264504/; classtype:trojan-activity;sid:84127604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264505/; classtype:trojan-activity;sid:84127605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264506/; classtype:trojan-activity;sid:84127606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264495/; classtype:trojan-activity;sid:84127595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264496/; classtype:trojan-activity;sid:84127596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264497/; classtype:trojan-activity;sid:84127597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264498/; classtype:trojan-activity;sid:84127598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264499/; classtype:trojan-activity;sid:84127599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264500/; classtype:trojan-activity;sid:84127600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264501/; classtype:trojan-activity;sid:84127601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264502/; classtype:trojan-activity;sid:84127602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264486/; classtype:trojan-activity;sid:84127586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264487/; classtype:trojan-activity;sid:84127587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264488/; classtype:trojan-activity;sid:84127588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264489/; classtype:trojan-activity;sid:84127589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264490/; classtype:trojan-activity;sid:84127590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264491/; classtype:trojan-activity;sid:84127591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264492/; classtype:trojan-activity;sid:84127592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264493/; classtype:trojan-activity;sid:84127593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264494/; classtype:trojan-activity;sid:84127594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264475/; classtype:trojan-activity;sid:84127575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264476/; classtype:trojan-activity;sid:84127576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264477/; classtype:trojan-activity;sid:84127577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264478/; classtype:trojan-activity;sid:84127578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264479/; classtype:trojan-activity;sid:84127579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264480/; classtype:trojan-activity;sid:84127580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264481/; classtype:trojan-activity;sid:84127581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264482/; classtype:trojan-activity;sid:84127582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264483/; classtype:trojan-activity;sid:84127583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264484/; classtype:trojan-activity;sid:84127584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264485/; classtype:trojan-activity;sid:84127585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264472/; classtype:trojan-activity;sid:84127572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264473/; classtype:trojan-activity;sid:84127573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264474/; classtype:trojan-activity;sid:84127574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264470/; classtype:trojan-activity;sid:84127570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264471/; classtype:trojan-activity;sid:84127571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264464/; classtype:trojan-activity;sid:84127564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264465/; classtype:trojan-activity;sid:84127565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264466/; classtype:trojan-activity;sid:84127566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264467/; classtype:trojan-activity;sid:84127567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264468/; classtype:trojan-activity;sid:84127568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264469/; classtype:trojan-activity;sid:84127569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264461/; classtype:trojan-activity;sid:84127561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264462/; classtype:trojan-activity;sid:84127562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264463/; classtype:trojan-activity;sid:84127563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264459/; classtype:trojan-activity;sid:84127559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264460/; classtype:trojan-activity;sid:84127560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264443/; classtype:trojan-activity;sid:84127543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264444/; classtype:trojan-activity;sid:84127544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264445/; classtype:trojan-activity;sid:84127545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264446/; classtype:trojan-activity;sid:84127546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264447/; classtype:trojan-activity;sid:84127547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264448/; classtype:trojan-activity;sid:84127548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264449/; classtype:trojan-activity;sid:84127549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264450/; classtype:trojan-activity;sid:84127550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264451/; classtype:trojan-activity;sid:84127551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264452/; classtype:trojan-activity;sid:84127552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264453/; classtype:trojan-activity;sid:84127553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264454/; classtype:trojan-activity;sid:84127554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264455/; classtype:trojan-activity;sid:84127555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264456/; classtype:trojan-activity;sid:84127556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264457/; classtype:trojan-activity;sid:84127557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264458/; classtype:trojan-activity;sid:84127558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264427/; classtype:trojan-activity;sid:84127527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264428/; classtype:trojan-activity;sid:84127528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264429/; classtype:trojan-activity;sid:84127529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264430/; classtype:trojan-activity;sid:84127530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264431/; classtype:trojan-activity;sid:84127531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264432/; classtype:trojan-activity;sid:84127532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264433/; classtype:trojan-activity;sid:84127533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264434/; classtype:trojan-activity;sid:84127534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264435/; classtype:trojan-activity;sid:84127535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264436/; classtype:trojan-activity;sid:84127536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264437/; classtype:trojan-activity;sid:84127537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264438/; classtype:trojan-activity;sid:84127538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264439/; classtype:trojan-activity;sid:84127539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264440/; classtype:trojan-activity;sid:84127540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264441/; classtype:trojan-activity;sid:84127541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264442/; classtype:trojan-activity;sid:84127542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264425/; classtype:trojan-activity;sid:84127525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264426/; classtype:trojan-activity;sid:84127526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264424/; classtype:trojan-activity;sid:84127524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264422/; classtype:trojan-activity;sid:84127522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264423/; classtype:trojan-activity;sid:84127523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264420/; classtype:trojan-activity;sid:84127520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264421/; classtype:trojan-activity;sid:84127521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264404/; classtype:trojan-activity;sid:84127504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264405/; classtype:trojan-activity;sid:84127505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264406/; classtype:trojan-activity;sid:84127506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264407/; classtype:trojan-activity;sid:84127507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264408/; classtype:trojan-activity;sid:84127508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264409/; classtype:trojan-activity;sid:84127509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264410/; classtype:trojan-activity;sid:84127510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264411/; classtype:trojan-activity;sid:84127511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264412/; classtype:trojan-activity;sid:84127512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264413/; classtype:trojan-activity;sid:84127513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264414/; classtype:trojan-activity;sid:84127514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264415/; classtype:trojan-activity;sid:84127515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264416/; classtype:trojan-activity;sid:84127516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264417/; classtype:trojan-activity;sid:84127517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264418/; classtype:trojan-activity;sid:84127518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264419/; classtype:trojan-activity;sid:84127519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264382/; classtype:trojan-activity;sid:84127482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264383/; classtype:trojan-activity;sid:84127483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264384/; classtype:trojan-activity;sid:84127484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264385/; classtype:trojan-activity;sid:84127485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264386/; classtype:trojan-activity;sid:84127486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264387/; classtype:trojan-activity;sid:84127487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264388/; classtype:trojan-activity;sid:84127488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264389/; classtype:trojan-activity;sid:84127489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264390/; classtype:trojan-activity;sid:84127490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264391/; classtype:trojan-activity;sid:84127491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264392/; classtype:trojan-activity;sid:84127492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264393/; classtype:trojan-activity;sid:84127493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264394/; classtype:trojan-activity;sid:84127494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264395/; classtype:trojan-activity;sid:84127495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264396/; classtype:trojan-activity;sid:84127496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264397/; classtype:trojan-activity;sid:84127497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264398/; classtype:trojan-activity;sid:84127498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264399/; classtype:trojan-activity;sid:84127499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264400/; classtype:trojan-activity;sid:84127500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264401/; classtype:trojan-activity;sid:84127501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264402/; classtype:trojan-activity;sid:84127502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264403/; classtype:trojan-activity;sid:84127503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264380/; classtype:trojan-activity;sid:84127480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264381/; classtype:trojan-activity;sid:84127481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264379/; classtype:trojan-activity;sid:84127479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264378/; classtype:trojan-activity;sid:84127478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264372/; classtype:trojan-activity;sid:84127472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264373/; classtype:trojan-activity;sid:84127473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264374/; classtype:trojan-activity;sid:84127474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264375/; classtype:trojan-activity;sid:84127475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264376/; classtype:trojan-activity;sid:84127476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-hoj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264377/; classtype:trojan-activity;sid:84127477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264370/; classtype:trojan-activity;sid:84127470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-dl1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264371/; classtype:trojan-activity;sid:84127471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264361/; classtype:trojan-activity;sid:84127461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264362/; classtype:trojan-activity;sid:84127462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264363/; classtype:trojan-activity;sid:84127463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264364/; classtype:trojan-activity;sid:84127464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264365/; classtype:trojan-activity;sid:84127465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264366/; classtype:trojan-activity;sid:84127466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264367/; classtype:trojan-activity;sid:84127467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264368/; classtype:trojan-activity;sid:84127468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264369/; classtype:trojan-activity;sid:84127469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264348/; classtype:trojan-activity;sid:84127448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264349/; classtype:trojan-activity;sid:84127449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264350/; classtype:trojan-activity;sid:84127450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264351/; classtype:trojan-activity;sid:84127451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264352/; classtype:trojan-activity;sid:84127452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264353/; classtype:trojan-activity;sid:84127453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264354/; classtype:trojan-activity;sid:84127454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264355/; classtype:trojan-activity;sid:84127455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264356/; classtype:trojan-activity;sid:84127456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264357/; classtype:trojan-activity;sid:84127457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264358/; classtype:trojan-activity;sid:84127458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264359/; classtype:trojan-activity;sid:84127459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264360/; classtype:trojan-activity;sid:84127460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264343/; classtype:trojan-activity;sid:84127443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264344/; classtype:trojan-activity;sid:84127444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264345/; classtype:trojan-activity;sid:84127445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264346/; classtype:trojan-activity;sid:84127446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264347/; classtype:trojan-activity;sid:84127447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264340/; classtype:trojan-activity;sid:84127440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264341/; classtype:trojan-activity;sid:84127441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264342/; classtype:trojan-activity;sid:84127442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264333/; classtype:trojan-activity;sid:84127433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264334/; classtype:trojan-activity;sid:84127434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264335/; classtype:trojan-activity;sid:84127435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264336/; classtype:trojan-activity;sid:84127436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264337/; classtype:trojan-activity;sid:84127437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264338/; classtype:trojan-activity;sid:84127438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264339/; classtype:trojan-activity;sid:84127439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264332/; classtype:trojan-activity;sid:84127432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264324/; classtype:trojan-activity;sid:84127424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264325/; classtype:trojan-activity;sid:84127425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264326/; classtype:trojan-activity;sid:84127426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264327/; classtype:trojan-activity;sid:84127427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264328/; classtype:trojan-activity;sid:84127428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264329/; classtype:trojan-activity;sid:84127429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264330/; classtype:trojan-activity;sid:84127430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264331/; classtype:trojan-activity;sid:84127431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264321/; classtype:trojan-activity;sid:84127421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264322/; classtype:trojan-activity;sid:84127422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264323/; classtype:trojan-activity;sid:84127423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264312/; classtype:trojan-activity;sid:84127412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264313/; classtype:trojan-activity;sid:84127413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264314/; classtype:trojan-activity;sid:84127414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264315/; classtype:trojan-activity;sid:84127415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264316/; classtype:trojan-activity;sid:84127416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264317/; classtype:trojan-activity;sid:84127417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264318/; classtype:trojan-activity;sid:84127418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264319/; classtype:trojan-activity;sid:84127419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264320/; classtype:trojan-activity;sid:84127420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264309/; classtype:trojan-activity;sid:84127409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264310/; classtype:trojan-activity;sid:84127410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264311/; classtype:trojan-activity;sid:84127411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264302/; classtype:trojan-activity;sid:84127402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264303/; classtype:trojan-activity;sid:84127403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264304/; classtype:trojan-activity;sid:84127404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264305/; classtype:trojan-activity;sid:84127405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264306/; classtype:trojan-activity;sid:84127406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264307/; classtype:trojan-activity;sid:84127407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264308/; classtype:trojan-activity;sid:84127408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264299/; classtype:trojan-activity;sid:84127399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264300/; classtype:trojan-activity;sid:84127400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264301/; classtype:trojan-activity;sid:84127401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264296/; classtype:trojan-activity;sid:84127396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264297/; classtype:trojan-activity;sid:84127397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264298/; classtype:trojan-activity;sid:84127398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264286/; classtype:trojan-activity;sid:84127386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264287/; classtype:trojan-activity;sid:84127387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264288/; classtype:trojan-activity;sid:84127388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264289/; classtype:trojan-activity;sid:84127389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264290/; classtype:trojan-activity;sid:84127390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264291/; classtype:trojan-activity;sid:84127391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264292/; classtype:trojan-activity;sid:84127392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264293/; classtype:trojan-activity;sid:84127393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264294/; classtype:trojan-activity;sid:84127394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264295/; classtype:trojan-activity;sid:84127395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264281/; classtype:trojan-activity;sid:84127381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264282/; classtype:trojan-activity;sid:84127382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264283/; classtype:trojan-activity;sid:84127383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264284/; classtype:trojan-activity;sid:84127384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264285/; classtype:trojan-activity;sid:84127385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264272/; classtype:trojan-activity;sid:84127372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264273/; classtype:trojan-activity;sid:84127373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264274/; classtype:trojan-activity;sid:84127374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264275/; classtype:trojan-activity;sid:84127375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264276/; classtype:trojan-activity;sid:84127376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264277/; classtype:trojan-activity;sid:84127377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264278/; classtype:trojan-activity;sid:84127378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264279/; classtype:trojan-activity;sid:84127379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264280/; classtype:trojan-activity;sid:84127380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264268/; classtype:trojan-activity;sid:84127368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264269/; classtype:trojan-activity;sid:84127369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264270/; classtype:trojan-activity;sid:84127370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264271/; classtype:trojan-activity;sid:84127371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264266/; classtype:trojan-activity;sid:84127366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264267/; classtype:trojan-activity;sid:84127367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264260/; classtype:trojan-activity;sid:84127360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264261/; classtype:trojan-activity;sid:84127361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264262/; classtype:trojan-activity;sid:84127362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264263/; classtype:trojan-activity;sid:84127363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264264/; classtype:trojan-activity;sid:84127364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264265/; classtype:trojan-activity;sid:84127365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264259/; classtype:trojan-activity;sid:84127359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264254/; classtype:trojan-activity;sid:84127354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264255/; classtype:trojan-activity;sid:84127355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264256/; classtype:trojan-activity;sid:84127356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264257/; classtype:trojan-activity;sid:84127357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264258/; classtype:trojan-activity;sid:84127358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264251/; classtype:trojan-activity;sid:84127351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264252/; classtype:trojan-activity;sid:84127352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264253/; classtype:trojan-activity;sid:84127353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264248/; classtype:trojan-activity;sid:84127348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264249/; classtype:trojan-activity;sid:84127349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264250/; classtype:trojan-activity;sid:84127350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264241/; classtype:trojan-activity;sid:84127341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264242/; classtype:trojan-activity;sid:84127342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264243/; classtype:trojan-activity;sid:84127343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264244/; classtype:trojan-activity;sid:84127344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264245/; classtype:trojan-activity;sid:84127345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264246/; classtype:trojan-activity;sid:84127346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264247/; classtype:trojan-activity;sid:84127347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264239/; classtype:trojan-activity;sid:84127339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264240/; classtype:trojan-activity;sid:84127340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264234/; classtype:trojan-activity;sid:84127334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264235/; classtype:trojan-activity;sid:84127335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264236/; classtype:trojan-activity;sid:84127336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264237/; classtype:trojan-activity;sid:84127337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264238/; classtype:trojan-activity;sid:84127338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264232/; classtype:trojan-activity;sid:84127332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264233/; classtype:trojan-activity;sid:84127333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264229/; classtype:trojan-activity;sid:84127329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264230/; classtype:trojan-activity;sid:84127330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264231/; classtype:trojan-activity;sid:84127331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264219/; classtype:trojan-activity;sid:84127319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264220/; classtype:trojan-activity;sid:84127320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264221/; classtype:trojan-activity;sid:84127321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264222/; classtype:trojan-activity;sid:84127322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264223/; classtype:trojan-activity;sid:84127323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264224/; classtype:trojan-activity;sid:84127324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264225/; classtype:trojan-activity;sid:84127325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264226/; classtype:trojan-activity;sid:84127326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264227/; classtype:trojan-activity;sid:84127327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264228/; classtype:trojan-activity;sid:84127328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264215/; classtype:trojan-activity;sid:84127315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264216/; classtype:trojan-activity;sid:84127316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264217/; classtype:trojan-activity;sid:84127317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264218/; classtype:trojan-activity;sid:84127318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264209/; classtype:trojan-activity;sid:84127309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264210/; classtype:trojan-activity;sid:84127310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264211/; classtype:trojan-activity;sid:84127311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264212/; classtype:trojan-activity;sid:84127312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264213/; classtype:trojan-activity;sid:84127313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264214/; classtype:trojan-activity;sid:84127314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264203/; classtype:trojan-activity;sid:84127303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264204/; classtype:trojan-activity;sid:84127304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264205/; classtype:trojan-activity;sid:84127305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264206/; classtype:trojan-activity;sid:84127306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264207/; classtype:trojan-activity;sid:84127307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264208/; classtype:trojan-activity;sid:84127308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264197/; classtype:trojan-activity;sid:84127297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264198/; classtype:trojan-activity;sid:84127298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264199/; classtype:trojan-activity;sid:84127299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264200/; classtype:trojan-activity;sid:84127300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264201/; classtype:trojan-activity;sid:84127301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264202/; classtype:trojan-activity;sid:84127302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264196/; classtype:trojan-activity;sid:84127296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264191/; classtype:trojan-activity;sid:84127291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264192/; classtype:trojan-activity;sid:84127292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264193/; classtype:trojan-activity;sid:84127293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264194/; classtype:trojan-activity;sid:84127294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264195/; classtype:trojan-activity;sid:84127295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264190/; classtype:trojan-activity;sid:84127290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264184/; classtype:trojan-activity;sid:84127284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264185/; classtype:trojan-activity;sid:84127285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264186/; classtype:trojan-activity;sid:84127286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264187/; classtype:trojan-activity;sid:84127287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264188/; classtype:trojan-activity;sid:84127288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264189/; classtype:trojan-activity;sid:84127289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264182/; classtype:trojan-activity;sid:84127282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264183/; classtype:trojan-activity;sid:84127283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264174/; classtype:trojan-activity;sid:84127274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264175/; classtype:trojan-activity;sid:84127275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264176/; classtype:trojan-activity;sid:84127276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264177/; classtype:trojan-activity;sid:84127277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264178/; classtype:trojan-activity;sid:84127278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264179/; classtype:trojan-activity;sid:84127279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264180/; classtype:trojan-activity;sid:84127280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264181/; classtype:trojan-activity;sid:84127281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264168/; classtype:trojan-activity;sid:84127268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264169/; classtype:trojan-activity;sid:84127269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264170/; classtype:trojan-activity;sid:84127270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264171/; classtype:trojan-activity;sid:84127271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264172/; classtype:trojan-activity;sid:84127272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264173/; classtype:trojan-activity;sid:84127273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264161/; classtype:trojan-activity;sid:84127261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264162/; classtype:trojan-activity;sid:84127262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264163/; classtype:trojan-activity;sid:84127263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264164/; classtype:trojan-activity;sid:84127264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264165/; classtype:trojan-activity;sid:84127265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264166/; classtype:trojan-activity;sid:84127266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264167/; classtype:trojan-activity;sid:84127267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264156/; classtype:trojan-activity;sid:84127256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264157/; classtype:trojan-activity;sid:84127257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264158/; classtype:trojan-activity;sid:84127258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264159/; classtype:trojan-activity;sid:84127259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264160/; classtype:trojan-activity;sid:84127260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264153/; classtype:trojan-activity;sid:84127253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264154/; classtype:trojan-activity;sid:84127254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264155/; classtype:trojan-activity;sid:84127255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264146/; classtype:trojan-activity;sid:84127246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264147/; classtype:trojan-activity;sid:84127247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264148/; classtype:trojan-activity;sid:84127248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264149/; classtype:trojan-activity;sid:84127249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264150/; classtype:trojan-activity;sid:84127250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264151/; classtype:trojan-activity;sid:84127251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264152/; classtype:trojan-activity;sid:84127252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264145/; classtype:trojan-activity;sid:84127245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264139/; classtype:trojan-activity;sid:84127239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264140/; classtype:trojan-activity;sid:84127240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264141/; classtype:trojan-activity;sid:84127241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264142/; classtype:trojan-activity;sid:84127242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264143/; classtype:trojan-activity;sid:84127243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264144/; classtype:trojan-activity;sid:84127244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264136/; classtype:trojan-activity;sid:84127236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264137/; classtype:trojan-activity;sid:84127237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264138/; classtype:trojan-activity;sid:84127238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264130/; classtype:trojan-activity;sid:84127230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264131/; classtype:trojan-activity;sid:84127231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264132/; classtype:trojan-activity;sid:84127232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264133/; classtype:trojan-activity;sid:84127233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264134/; classtype:trojan-activity;sid:84127234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264135/; classtype:trojan-activity;sid:84127235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264120/; classtype:trojan-activity;sid:84127220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264121/; classtype:trojan-activity;sid:84127221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264122/; classtype:trojan-activity;sid:84127222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264123/; classtype:trojan-activity;sid:84127223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264124/; classtype:trojan-activity;sid:84127224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264125/; classtype:trojan-activity;sid:84127225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264126/; classtype:trojan-activity;sid:84127226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264127/; classtype:trojan-activity;sid:84127227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264128/; classtype:trojan-activity;sid:84127228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264129/; classtype:trojan-activity;sid:84127229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264113/; classtype:trojan-activity;sid:84127213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264114/; classtype:trojan-activity;sid:84127214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264115/; classtype:trojan-activity;sid:84127215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264116/; classtype:trojan-activity;sid:84127216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264117/; classtype:trojan-activity;sid:84127217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264118/; classtype:trojan-activity;sid:84127218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264119/; classtype:trojan-activity;sid:84127219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264109/; classtype:trojan-activity;sid:84127209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264110/; classtype:trojan-activity;sid:84127210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264111/; classtype:trojan-activity;sid:84127211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264112/; classtype:trojan-activity;sid:84127212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264106/; classtype:trojan-activity;sid:84127206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264107/; classtype:trojan-activity;sid:84127207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264108/; classtype:trojan-activity;sid:84127208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264105/; classtype:trojan-activity;sid:84127205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264100/; classtype:trojan-activity;sid:84127200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264101/; classtype:trojan-activity;sid:84127201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264102/; classtype:trojan-activity;sid:84127202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264103/; classtype:trojan-activity;sid:84127203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264104/; classtype:trojan-activity;sid:84127204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264091/; classtype:trojan-activity;sid:84127191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264092/; classtype:trojan-activity;sid:84127192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264093/; classtype:trojan-activity;sid:84127193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264094/; classtype:trojan-activity;sid:84127194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264095/; classtype:trojan-activity;sid:84127195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264096/; classtype:trojan-activity;sid:84127196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264097/; classtype:trojan-activity;sid:84127197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264098/; classtype:trojan-activity;sid:84127198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264099/; classtype:trojan-activity;sid:84127199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264088/; classtype:trojan-activity;sid:84127188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264089/; classtype:trojan-activity;sid:84127189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264090/; classtype:trojan-activity;sid:84127190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264082/; classtype:trojan-activity;sid:84127182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264083/; classtype:trojan-activity;sid:84127183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264084/; classtype:trojan-activity;sid:84127184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264085/; classtype:trojan-activity;sid:84127185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264086/; classtype:trojan-activity;sid:84127186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264087/; classtype:trojan-activity;sid:84127187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264073/; classtype:trojan-activity;sid:84127173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264074/; classtype:trojan-activity;sid:84127174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264075/; classtype:trojan-activity;sid:84127175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264076/; classtype:trojan-activity;sid:84127176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264077/; classtype:trojan-activity;sid:84127177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264078/; classtype:trojan-activity;sid:84127178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264079/; classtype:trojan-activity;sid:84127179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264080/; classtype:trojan-activity;sid:84127180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264081/; classtype:trojan-activity;sid:84127181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264066/; classtype:trojan-activity;sid:84127166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264067/; classtype:trojan-activity;sid:84127167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264068/; classtype:trojan-activity;sid:84127168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264069/; classtype:trojan-activity;sid:84127169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264070/; classtype:trojan-activity;sid:84127170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264071/; classtype:trojan-activity;sid:84127171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264072/; classtype:trojan-activity;sid:84127172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264065/; classtype:trojan-activity;sid:84127165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264056/; classtype:trojan-activity;sid:84127156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264057/; classtype:trojan-activity;sid:84127157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264058/; classtype:trojan-activity;sid:84127158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264059/; classtype:trojan-activity;sid:84127159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264060/; classtype:trojan-activity;sid:84127160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264061/; classtype:trojan-activity;sid:84127161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264062/; classtype:trojan-activity;sid:84127162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264063/; classtype:trojan-activity;sid:84127163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264064/; classtype:trojan-activity;sid:84127164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264054/; classtype:trojan-activity;sid:84127154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264055/; classtype:trojan-activity;sid:84127155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264052/; classtype:trojan-activity;sid:84127152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264053/; classtype:trojan-activity;sid:84127153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264050/; classtype:trojan-activity;sid:84127150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264051/; classtype:trojan-activity;sid:84127151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264043/; classtype:trojan-activity;sid:84127143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264044/; classtype:trojan-activity;sid:84127144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264045/; classtype:trojan-activity;sid:84127145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264046/; classtype:trojan-activity;sid:84127146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264047/; classtype:trojan-activity;sid:84127147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264048/; classtype:trojan-activity;sid:84127148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264049/; classtype:trojan-activity;sid:84127149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264039/; classtype:trojan-activity;sid:84127139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264040/; classtype:trojan-activity;sid:84127140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264041/; classtype:trojan-activity;sid:84127141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264042/; classtype:trojan-activity;sid:84127142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264024/; classtype:trojan-activity;sid:84127124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264025/; classtype:trojan-activity;sid:84127125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264026/; classtype:trojan-activity;sid:84127126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264027/; classtype:trojan-activity;sid:84127127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264028/; classtype:trojan-activity;sid:84127128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264029/; classtype:trojan-activity;sid:84127129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264030/; classtype:trojan-activity;sid:84127130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264031/; classtype:trojan-activity;sid:84127131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264032/; classtype:trojan-activity;sid:84127132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264033/; classtype:trojan-activity;sid:84127133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264034/; classtype:trojan-activity;sid:84127134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264035/; classtype:trojan-activity;sid:84127135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264036/; classtype:trojan-activity;sid:84127136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264037/; classtype:trojan-activity;sid:84127137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264038/; classtype:trojan-activity;sid:84127138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264009/; classtype:trojan-activity;sid:84127109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264010/; classtype:trojan-activity;sid:84127110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264011/; classtype:trojan-activity;sid:84127111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264012/; classtype:trojan-activity;sid:84127112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264013/; classtype:trojan-activity;sid:84127113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264014/; classtype:trojan-activity;sid:84127114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264015/; classtype:trojan-activity;sid:84127115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264016/; classtype:trojan-activity;sid:84127116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264017/; classtype:trojan-activity;sid:84127117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264018/; classtype:trojan-activity;sid:84127118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264019/; classtype:trojan-activity;sid:84127119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264020/; classtype:trojan-activity;sid:84127120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264021/; classtype:trojan-activity;sid:84127121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264022/; classtype:trojan-activity;sid:84127122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264023/; classtype:trojan-activity;sid:84127123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264008/; classtype:trojan-activity;sid:84127108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264007/; classtype:trojan-activity;sid:84127107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264005/; classtype:trojan-activity;sid:84127105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264006/; classtype:trojan-activity;sid:84127106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263999/; classtype:trojan-activity;sid:84127099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264000/; classtype:trojan-activity;sid:84127100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264001/; classtype:trojan-activity;sid:84127101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264002/; classtype:trojan-activity;sid:84127102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264003/; classtype:trojan-activity;sid:84127103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3264004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3264004/; classtype:trojan-activity;sid:84127104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-dl2.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263997/; classtype:trojan-activity;sid:84127097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-mnt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263998/; classtype:trojan-activity;sid:84127098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.34.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263996/; classtype:trojan-activity;sid:84127096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263993/; classtype:trojan-activity;sid:84127093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263994/; classtype:trojan-activity;sid:84127094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263995/; classtype:trojan-activity;sid:84127095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263982/; classtype:trojan-activity;sid:84127082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263983/; classtype:trojan-activity;sid:84127083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263984/; classtype:trojan-activity;sid:84127084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263985/; classtype:trojan-activity;sid:84127085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263986/; classtype:trojan-activity;sid:84127086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263987/; classtype:trojan-activity;sid:84127087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263988/; classtype:trojan-activity;sid:84127088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263989/; classtype:trojan-activity;sid:84127089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263990/; classtype:trojan-activity;sid:84127090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263991/; classtype:trojan-activity;sid:84127091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263992/; classtype:trojan-activity;sid:84127092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263970/; classtype:trojan-activity;sid:84127070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263971/; classtype:trojan-activity;sid:84127071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263972/; classtype:trojan-activity;sid:84127072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263973/; classtype:trojan-activity;sid:84127073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263974/; classtype:trojan-activity;sid:84127074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263975/; classtype:trojan-activity;sid:84127075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263976/; classtype:trojan-activity;sid:84127076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263977/; classtype:trojan-activity;sid:84127077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263978/; classtype:trojan-activity;sid:84127078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263979/; classtype:trojan-activity;sid:84127079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263980/; classtype:trojan-activity;sid:84127080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263981/; classtype:trojan-activity;sid:84127081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263967/; classtype:trojan-activity;sid:84127067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263968/; classtype:trojan-activity;sid:84127068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263969/; classtype:trojan-activity;sid:84127069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263962/; classtype:trojan-activity;sid:84127062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263963/; classtype:trojan-activity;sid:84127063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263964/; classtype:trojan-activity;sid:84127064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263965/; classtype:trojan-activity;sid:84127065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263966/; classtype:trojan-activity;sid:84127066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263951/; classtype:trojan-activity;sid:84127051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263952/; classtype:trojan-activity;sid:84127052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263953/; classtype:trojan-activity;sid:84127053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263954/; classtype:trojan-activity;sid:84127054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263955/; classtype:trojan-activity;sid:84127055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263956/; classtype:trojan-activity;sid:84127056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263957/; classtype:trojan-activity;sid:84127057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263958/; classtype:trojan-activity;sid:84127058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263959/; classtype:trojan-activity;sid:84127059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263960/; classtype:trojan-activity;sid:84127060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263961/; classtype:trojan-activity;sid:84127061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263948/; classtype:trojan-activity;sid:84127048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263949/; classtype:trojan-activity;sid:84127049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263950/; classtype:trojan-activity;sid:84127050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263945/; classtype:trojan-activity;sid:84127045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263946/; classtype:trojan-activity;sid:84127046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263947/; classtype:trojan-activity;sid:84127047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263937/; classtype:trojan-activity;sid:84127037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263938/; classtype:trojan-activity;sid:84127038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263939/; classtype:trojan-activity;sid:84127039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263940/; classtype:trojan-activity;sid:84127040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263941/; classtype:trojan-activity;sid:84127041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263942/; classtype:trojan-activity;sid:84127042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263943/; classtype:trojan-activity;sid:84127043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263944/; classtype:trojan-activity;sid:84127044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263931/; classtype:trojan-activity;sid:84127031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263932/; classtype:trojan-activity;sid:84127032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263933/; classtype:trojan-activity;sid:84127033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263934/; classtype:trojan-activity;sid:84127034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263935/; classtype:trojan-activity;sid:84127035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263936/; classtype:trojan-activity;sid:84127036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263921/; classtype:trojan-activity;sid:84127021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263922/; classtype:trojan-activity;sid:84127022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263923/; classtype:trojan-activity;sid:84127023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263924/; classtype:trojan-activity;sid:84127024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263925/; classtype:trojan-activity;sid:84127025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263926/; classtype:trojan-activity;sid:84127026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263927/; classtype:trojan-activity;sid:84127027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263928/; classtype:trojan-activity;sid:84127028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263929/; classtype:trojan-activity;sid:84127029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263930/; classtype:trojan-activity;sid:84127030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263915/; classtype:trojan-activity;sid:84127015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263916/; classtype:trojan-activity;sid:84127016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263917/; classtype:trojan-activity;sid:84127017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263918/; classtype:trojan-activity;sid:84127018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263919/; classtype:trojan-activity;sid:84127019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263920/; classtype:trojan-activity;sid:84127020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263911/; classtype:trojan-activity;sid:84127011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263912/; classtype:trojan-activity;sid:84127012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263913/; classtype:trojan-activity;sid:84127013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263914/; classtype:trojan-activity;sid:84127014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263905/; classtype:trojan-activity;sid:84127005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263906/; classtype:trojan-activity;sid:84127006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263907/; classtype:trojan-activity;sid:84127007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263908/; classtype:trojan-activity;sid:84127008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263909/; classtype:trojan-activity;sid:84127009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263910/; classtype:trojan-activity;sid:84127010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263900/; classtype:trojan-activity;sid:84127000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263901/; classtype:trojan-activity;sid:84127001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263902/; classtype:trojan-activity;sid:84127002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263903/; classtype:trojan-activity;sid:84127003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263904/; classtype:trojan-activity;sid:84127004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263897/; classtype:trojan-activity;sid:84126997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263898/; classtype:trojan-activity;sid:84126998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263899/; classtype:trojan-activity;sid:84126999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263896/; classtype:trojan-activity;sid:84126996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263891/; classtype:trojan-activity;sid:84126991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263892/; classtype:trojan-activity;sid:84126992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263893/; classtype:trojan-activity;sid:84126993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263894/; classtype:trojan-activity;sid:84126994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263895/; classtype:trojan-activity;sid:84126995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263884/; classtype:trojan-activity;sid:84126984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263885/; classtype:trojan-activity;sid:84126985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263886/; classtype:trojan-activity;sid:84126986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263887/; classtype:trojan-activity;sid:84126987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263888/; classtype:trojan-activity;sid:84126988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263889/; classtype:trojan-activity;sid:84126989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263890/; classtype:trojan-activity;sid:84126990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263878/; classtype:trojan-activity;sid:84126978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263879/; classtype:trojan-activity;sid:84126979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263880/; classtype:trojan-activity;sid:84126980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263881/; classtype:trojan-activity;sid:84126981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263882/; classtype:trojan-activity;sid:84126982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263883/; classtype:trojan-activity;sid:84126983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263865/; classtype:trojan-activity;sid:84126965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263866/; classtype:trojan-activity;sid:84126966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263867/; classtype:trojan-activity;sid:84126967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263868/; classtype:trojan-activity;sid:84126968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263869/; classtype:trojan-activity;sid:84126969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263870/; classtype:trojan-activity;sid:84126970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263871/; classtype:trojan-activity;sid:84126971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263872/; classtype:trojan-activity;sid:84126972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263873/; classtype:trojan-activity;sid:84126973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263874/; classtype:trojan-activity;sid:84126974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263875/; classtype:trojan-activity;sid:84126975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263876/; classtype:trojan-activity;sid:84126976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263877/; classtype:trojan-activity;sid:84126977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263859/; classtype:trojan-activity;sid:84126959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263860/; classtype:trojan-activity;sid:84126960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263861/; classtype:trojan-activity;sid:84126961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263862/; classtype:trojan-activity;sid:84126962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263863/; classtype:trojan-activity;sid:84126963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263864/; classtype:trojan-activity;sid:84126964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263856/; classtype:trojan-activity;sid:84126956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263857/; classtype:trojan-activity;sid:84126957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263858/; classtype:trojan-activity;sid:84126958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263854/; classtype:trojan-activity;sid:84126954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263855/; classtype:trojan-activity;sid:84126955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263851/; classtype:trojan-activity;sid:84126951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263852/; classtype:trojan-activity;sid:84126952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263853/; classtype:trojan-activity;sid:84126953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263849/; classtype:trojan-activity;sid:84126949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263850/; classtype:trojan-activity;sid:84126950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263838/; classtype:trojan-activity;sid:84126938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263839/; classtype:trojan-activity;sid:84126939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263840/; classtype:trojan-activity;sid:84126940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263841/; classtype:trojan-activity;sid:84126941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263842/; classtype:trojan-activity;sid:84126942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263843/; classtype:trojan-activity;sid:84126943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263844/; classtype:trojan-activity;sid:84126944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263845/; classtype:trojan-activity;sid:84126945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263846/; classtype:trojan-activity;sid:84126946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263847/; classtype:trojan-activity;sid:84126947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263848/; classtype:trojan-activity;sid:84126948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263817/; classtype:trojan-activity;sid:84126917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263818/; classtype:trojan-activity;sid:84126918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263819/; classtype:trojan-activity;sid:84126919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263820/; classtype:trojan-activity;sid:84126920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263821/; classtype:trojan-activity;sid:84126921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263822/; classtype:trojan-activity;sid:84126922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263823/; classtype:trojan-activity;sid:84126923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263824/; classtype:trojan-activity;sid:84126924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263825/; classtype:trojan-activity;sid:84126925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263826/; classtype:trojan-activity;sid:84126926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263827/; classtype:trojan-activity;sid:84126927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263828/; classtype:trojan-activity;sid:84126928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263829/; classtype:trojan-activity;sid:84126929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263830/; classtype:trojan-activity;sid:84126930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263831/; classtype:trojan-activity;sid:84126931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263832/; classtype:trojan-activity;sid:84126932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263833/; classtype:trojan-activity;sid:84126933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263834/; classtype:trojan-activity;sid:84126934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263835/; classtype:trojan-activity;sid:84126935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263836/; classtype:trojan-activity;sid:84126936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263837/; classtype:trojan-activity;sid:84126937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263816/; classtype:trojan-activity;sid:84126916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263814/; classtype:trojan-activity;sid:84126914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263815/; classtype:trojan-activity;sid:84126915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263813/; classtype:trojan-activity;sid:84126913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263811/; classtype:trojan-activity;sid:84126911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263812/; classtype:trojan-activity;sid:84126912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263809/; classtype:trojan-activity;sid:84126909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-hrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263810/; classtype:trojan-activity;sid:84126910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263805/; classtype:trojan-activity;sid:84126905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263806/; classtype:trojan-activity;sid:84126906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263807/; classtype:trojan-activity;sid:84126907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263808/; classtype:trojan-activity;sid:84126908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263796/; classtype:trojan-activity;sid:84126896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263797/; classtype:trojan-activity;sid:84126897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263798/; classtype:trojan-activity;sid:84126898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263799/; classtype:trojan-activity;sid:84126899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263800/; classtype:trojan-activity;sid:84126900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263801/; classtype:trojan-activity;sid:84126901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263802/; classtype:trojan-activity;sid:84126902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263803/; classtype:trojan-activity;sid:84126903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263804/; classtype:trojan-activity;sid:84126904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263786/; classtype:trojan-activity;sid:84126886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263787/; classtype:trojan-activity;sid:84126887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263788/; classtype:trojan-activity;sid:84126888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263789/; classtype:trojan-activity;sid:84126889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263790/; classtype:trojan-activity;sid:84126890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263791/; classtype:trojan-activity;sid:84126891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263792/; classtype:trojan-activity;sid:84126892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263793/; classtype:trojan-activity;sid:84126893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263794/; classtype:trojan-activity;sid:84126894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263795/; classtype:trojan-activity;sid:84126895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263775/; classtype:trojan-activity;sid:84126875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263776/; classtype:trojan-activity;sid:84126876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263777/; classtype:trojan-activity;sid:84126877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263778/; classtype:trojan-activity;sid:84126878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263779/; classtype:trojan-activity;sid:84126879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263780/; classtype:trojan-activity;sid:84126880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263781/; classtype:trojan-activity;sid:84126881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263782/; classtype:trojan-activity;sid:84126882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263783/; classtype:trojan-activity;sid:84126883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263784/; classtype:trojan-activity;sid:84126884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263785/; classtype:trojan-activity;sid:84126885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263768/; classtype:trojan-activity;sid:84126868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263769/; classtype:trojan-activity;sid:84126869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263770/; classtype:trojan-activity;sid:84126870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263771/; classtype:trojan-activity;sid:84126871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263772/; classtype:trojan-activity;sid:84126872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263773/; classtype:trojan-activity;sid:84126873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263774/; classtype:trojan-activity;sid:84126874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263762/; classtype:trojan-activity;sid:84126862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263763/; classtype:trojan-activity;sid:84126863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263764/; classtype:trojan-activity;sid:84126864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263765/; classtype:trojan-activity;sid:84126865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263766/; classtype:trojan-activity;sid:84126866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263767/; classtype:trojan-activity;sid:84126867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263760/; classtype:trojan-activity;sid:84126860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263761/; classtype:trojan-activity;sid:84126861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263758/; classtype:trojan-activity;sid:84126858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263759/; classtype:trojan-activity;sid:84126859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263752/; classtype:trojan-activity;sid:84126852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263753/; classtype:trojan-activity;sid:84126853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263754/; classtype:trojan-activity;sid:84126854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263755/; classtype:trojan-activity;sid:84126855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263756/; classtype:trojan-activity;sid:84126856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263757/; classtype:trojan-activity;sid:84126857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263745/; classtype:trojan-activity;sid:84126845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263746/; classtype:trojan-activity;sid:84126846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263747/; classtype:trojan-activity;sid:84126847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263748/; classtype:trojan-activity;sid:84126848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263749/; classtype:trojan-activity;sid:84126849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263750/; classtype:trojan-activity;sid:84126850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263751/; classtype:trojan-activity;sid:84126851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263742/; classtype:trojan-activity;sid:84126842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263743/; classtype:trojan-activity;sid:84126843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263744/; classtype:trojan-activity;sid:84126844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263736/; classtype:trojan-activity;sid:84126836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263737/; classtype:trojan-activity;sid:84126837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263738/; classtype:trojan-activity;sid:84126838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263739/; classtype:trojan-activity;sid:84126839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263740/; classtype:trojan-activity;sid:84126840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263741/; classtype:trojan-activity;sid:84126841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263722/; classtype:trojan-activity;sid:84126822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263723/; classtype:trojan-activity;sid:84126823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263724/; classtype:trojan-activity;sid:84126824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263725/; classtype:trojan-activity;sid:84126825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263726/; classtype:trojan-activity;sid:84126826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263727/; classtype:trojan-activity;sid:84126827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263728/; classtype:trojan-activity;sid:84126828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263729/; classtype:trojan-activity;sid:84126829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263730/; classtype:trojan-activity;sid:84126830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263731/; classtype:trojan-activity;sid:84126831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263732/; classtype:trojan-activity;sid:84126832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263733/; classtype:trojan-activity;sid:84126833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263734/; classtype:trojan-activity;sid:84126834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263735/; classtype:trojan-activity;sid:84126835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263719/; classtype:trojan-activity;sid:84126819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263720/; classtype:trojan-activity;sid:84126820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263721/; classtype:trojan-activity;sid:84126821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263716/; classtype:trojan-activity;sid:84126816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263717/; classtype:trojan-activity;sid:84126817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263718/; classtype:trojan-activity;sid:84126818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263714/; classtype:trojan-activity;sid:84126814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263715/; classtype:trojan-activity;sid:84126815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263710/; classtype:trojan-activity;sid:84126810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263711/; classtype:trojan-activity;sid:84126811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263712/; classtype:trojan-activity;sid:84126812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263713/; classtype:trojan-activity;sid:84126813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263707/; classtype:trojan-activity;sid:84126807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263708/; classtype:trojan-activity;sid:84126808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263709/; classtype:trojan-activity;sid:84126809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263705/; classtype:trojan-activity;sid:84126805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263706/; classtype:trojan-activity;sid:84126806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263695/; classtype:trojan-activity;sid:84126795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263696/; classtype:trojan-activity;sid:84126796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263697/; classtype:trojan-activity;sid:84126797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263698/; classtype:trojan-activity;sid:84126798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263699/; classtype:trojan-activity;sid:84126799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263700/; classtype:trojan-activity;sid:84126800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263701/; classtype:trojan-activity;sid:84126801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263702/; classtype:trojan-activity;sid:84126802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263703/; classtype:trojan-activity;sid:84126803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263704/; classtype:trojan-activity;sid:84126804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263680/; classtype:trojan-activity;sid:84126780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263681/; classtype:trojan-activity;sid:84126781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263682/; classtype:trojan-activity;sid:84126782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263683/; classtype:trojan-activity;sid:84126783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263684/; classtype:trojan-activity;sid:84126784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263685/; classtype:trojan-activity;sid:84126785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263686/; classtype:trojan-activity;sid:84126786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263687/; classtype:trojan-activity;sid:84126787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263688/; classtype:trojan-activity;sid:84126788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263689/; classtype:trojan-activity;sid:84126789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263690/; classtype:trojan-activity;sid:84126790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263691/; classtype:trojan-activity;sid:84126791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263692/; classtype:trojan-activity;sid:84126792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263693/; classtype:trojan-activity;sid:84126793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263694/; classtype:trojan-activity;sid:84126794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263673/; classtype:trojan-activity;sid:84126773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263674/; classtype:trojan-activity;sid:84126774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263675/; classtype:trojan-activity;sid:84126775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263676/; classtype:trojan-activity;sid:84126776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263677/; classtype:trojan-activity;sid:84126777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263678/; classtype:trojan-activity;sid:84126778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263679/; classtype:trojan-activity;sid:84126779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263670/; classtype:trojan-activity;sid:84126770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263671/; classtype:trojan-activity;sid:84126771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263672/; classtype:trojan-activity;sid:84126772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263666/; classtype:trojan-activity;sid:84126766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263667/; classtype:trojan-activity;sid:84126767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263668/; classtype:trojan-activity;sid:84126768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263669/; classtype:trojan-activity;sid:84126769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263665/; classtype:trojan-activity;sid:84126765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263661/; classtype:trojan-activity;sid:84126761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263662/; classtype:trojan-activity;sid:84126762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263663/; classtype:trojan-activity;sid:84126763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263664/; classtype:trojan-activity;sid:84126764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263648/; classtype:trojan-activity;sid:84126748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263649/; classtype:trojan-activity;sid:84126749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263650/; classtype:trojan-activity;sid:84126750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263651/; classtype:trojan-activity;sid:84126751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263652/; classtype:trojan-activity;sid:84126752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263653/; classtype:trojan-activity;sid:84126753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263654/; classtype:trojan-activity;sid:84126754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263655/; classtype:trojan-activity;sid:84126755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263656/; classtype:trojan-activity;sid:84126756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263657/; classtype:trojan-activity;sid:84126757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263658/; classtype:trojan-activity;sid:84126758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263659/; classtype:trojan-activity;sid:84126759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263660/; classtype:trojan-activity;sid:84126760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263631/; classtype:trojan-activity;sid:84126731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263632/; classtype:trojan-activity;sid:84126732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263633/; classtype:trojan-activity;sid:84126733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263634/; classtype:trojan-activity;sid:84126734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263635/; classtype:trojan-activity;sid:84126735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263636/; classtype:trojan-activity;sid:84126736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263637/; classtype:trojan-activity;sid:84126737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263638/; classtype:trojan-activity;sid:84126738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263639/; classtype:trojan-activity;sid:84126739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263640/; classtype:trojan-activity;sid:84126740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263641/; classtype:trojan-activity;sid:84126741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263642/; classtype:trojan-activity;sid:84126742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263643/; classtype:trojan-activity;sid:84126743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263644/; classtype:trojan-activity;sid:84126744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263645/; classtype:trojan-activity;sid:84126745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263646/; classtype:trojan-activity;sid:84126746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263647/; classtype:trojan-activity;sid:84126747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263628/; classtype:trojan-activity;sid:84126728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263629/; classtype:trojan-activity;sid:84126729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263630/; classtype:trojan-activity;sid:84126730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263627/; classtype:trojan-activity;sid:84126727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263625/; classtype:trojan-activity;sid:84126725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263626/; classtype:trojan-activity;sid:84126726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263623/; classtype:trojan-activity;sid:84126723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263624/; classtype:trojan-activity;sid:84126724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-grd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263622/; classtype:trojan-activity;sid:84126722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqlp.dll"; depth:9; endswith; nocase; http.host; content:"116.202.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263621/; classtype:trojan-activity;sid:84126721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263605/; classtype:trojan-activity;sid:84126705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263606/; classtype:trojan-activity;sid:84126706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263607/; classtype:trojan-activity;sid:84126707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263608/; classtype:trojan-activity;sid:84126708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263609/; classtype:trojan-activity;sid:84126709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263610/; classtype:trojan-activity;sid:84126710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263611/; classtype:trojan-activity;sid:84126711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263612/; classtype:trojan-activity;sid:84126712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263613/; classtype:trojan-activity;sid:84126713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263614/; classtype:trojan-activity;sid:84126714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263615/; classtype:trojan-activity;sid:84126715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263616/; classtype:trojan-activity;sid:84126716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263617/; classtype:trojan-activity;sid:84126717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263618/; classtype:trojan-activity;sid:84126718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263619/; classtype:trojan-activity;sid:84126719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263620/; classtype:trojan-activity;sid:84126720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263602/; classtype:trojan-activity;sid:84126702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263603/; classtype:trojan-activity;sid:84126703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263604/; classtype:trojan-activity;sid:84126704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263599/; classtype:trojan-activity;sid:84126699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263600/; classtype:trojan-activity;sid:84126700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263601/; classtype:trojan-activity;sid:84126701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263596/; classtype:trojan-activity;sid:84126696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263597/; classtype:trojan-activity;sid:84126697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263598/; classtype:trojan-activity;sid:84126698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263591/; classtype:trojan-activity;sid:84126691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263592/; classtype:trojan-activity;sid:84126692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263593/; classtype:trojan-activity;sid:84126693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263594/; classtype:trojan-activity;sid:84126694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263595/; classtype:trojan-activity;sid:84126695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263584/; classtype:trojan-activity;sid:84126684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263585/; classtype:trojan-activity;sid:84126685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263586/; classtype:trojan-activity;sid:84126686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263587/; classtype:trojan-activity;sid:84126687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263588/; classtype:trojan-activity;sid:84126688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263589/; classtype:trojan-activity;sid:84126689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263590/; classtype:trojan-activity;sid:84126690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263581/; classtype:trojan-activity;sid:84126681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263582/; classtype:trojan-activity;sid:84126682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263583/; classtype:trojan-activity;sid:84126683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263572/; classtype:trojan-activity;sid:84126672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263573/; classtype:trojan-activity;sid:84126673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263574/; classtype:trojan-activity;sid:84126674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263575/; classtype:trojan-activity;sid:84126675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263576/; classtype:trojan-activity;sid:84126676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263577/; classtype:trojan-activity;sid:84126677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263578/; classtype:trojan-activity;sid:84126678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263579/; classtype:trojan-activity;sid:84126679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263580/; classtype:trojan-activity;sid:84126680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263571/; classtype:trojan-activity;sid:84126671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263566/; classtype:trojan-activity;sid:84126666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263567/; classtype:trojan-activity;sid:84126667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freebl3.dll"; depth:12; endswith; nocase; http.host; content:"116.202.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263568/; classtype:trojan-activity;sid:84126668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263569/; classtype:trojan-activity;sid:84126669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.98.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263570/; classtype:trojan-activity;sid:84126670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263563/; classtype:trojan-activity;sid:84126663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263564/; classtype:trojan-activity;sid:84126664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263565/; classtype:trojan-activity;sid:84126665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263562/; classtype:trojan-activity;sid:84126662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263557/; classtype:trojan-activity;sid:84126657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263558/; classtype:trojan-activity;sid:84126658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263559/; classtype:trojan-activity;sid:84126659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263560/; classtype:trojan-activity;sid:84126660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263561/; classtype:trojan-activity;sid:84126661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263550/; classtype:trojan-activity;sid:84126650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263551/; classtype:trojan-activity;sid:84126651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263552/; classtype:trojan-activity;sid:84126652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263553/; classtype:trojan-activity;sid:84126653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263554/; classtype:trojan-activity;sid:84126654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263555/; classtype:trojan-activity;sid:84126655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263556/; classtype:trojan-activity;sid:84126656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263536/; classtype:trojan-activity;sid:84126636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcruntime140.dll"; depth:17; endswith; nocase; http.host; content:"116.202.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263537/; classtype:trojan-activity;sid:84126637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263538/; classtype:trojan-activity;sid:84126638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263539/; classtype:trojan-activity;sid:84126639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nss3.dll"; depth:9; endswith; nocase; http.host; content:"116.202.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263540/; classtype:trojan-activity;sid:84126640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263541/; classtype:trojan-activity;sid:84126641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263542/; classtype:trojan-activity;sid:84126642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263543/; classtype:trojan-activity;sid:84126643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263544/; classtype:trojan-activity;sid:84126644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263545/; classtype:trojan-activity;sid:84126645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263546/; classtype:trojan-activity;sid:84126646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263547/; classtype:trojan-activity;sid:84126647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263548/; classtype:trojan-activity;sid:84126648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263549/; classtype:trojan-activity;sid:84126649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263531/; classtype:trojan-activity;sid:84126631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263532/; classtype:trojan-activity;sid:84126632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263533/; classtype:trojan-activity;sid:84126633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263534/; classtype:trojan-activity;sid:84126634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263535/; classtype:trojan-activity;sid:84126635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263525/; classtype:trojan-activity;sid:84126625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263526/; classtype:trojan-activity;sid:84126626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263527/; classtype:trojan-activity;sid:84126627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263528/; classtype:trojan-activity;sid:84126628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263529/; classtype:trojan-activity;sid:84126629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263530/; classtype:trojan-activity;sid:84126630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263522/; classtype:trojan-activity;sid:84126622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263523/; classtype:trojan-activity;sid:84126623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263524/; classtype:trojan-activity;sid:84126624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263520/; classtype:trojan-activity;sid:84126620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263521/; classtype:trojan-activity;sid:84126621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263518/; classtype:trojan-activity;sid:84126618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263519/; classtype:trojan-activity;sid:84126619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263511/; classtype:trojan-activity;sid:84126611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263512/; classtype:trojan-activity;sid:84126612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263513/; classtype:trojan-activity;sid:84126613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263514/; classtype:trojan-activity;sid:84126614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263515/; classtype:trojan-activity;sid:84126615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263516/; classtype:trojan-activity;sid:84126616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263517/; classtype:trojan-activity;sid:84126617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263506/; classtype:trojan-activity;sid:84126606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263507/; classtype:trojan-activity;sid:84126607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263508/; classtype:trojan-activity;sid:84126608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263509/; classtype:trojan-activity;sid:84126609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263510/; classtype:trojan-activity;sid:84126610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263499/; classtype:trojan-activity;sid:84126599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263500/; classtype:trojan-activity;sid:84126600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263501/; classtype:trojan-activity;sid:84126601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263502/; classtype:trojan-activity;sid:84126602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263503/; classtype:trojan-activity;sid:84126603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263504/; classtype:trojan-activity;sid:84126604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263505/; classtype:trojan-activity;sid:84126605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263486/; classtype:trojan-activity;sid:84126586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263487/; classtype:trojan-activity;sid:84126587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozglue.dll"; depth:12; endswith; nocase; http.host; content:"116.202.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263488/; classtype:trojan-activity;sid:84126588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263489/; classtype:trojan-activity;sid:84126589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263490/; classtype:trojan-activity;sid:84126590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263491/; classtype:trojan-activity;sid:84126591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263492/; classtype:trojan-activity;sid:84126592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263493/; classtype:trojan-activity;sid:84126593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263494/; classtype:trojan-activity;sid:84126594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263495/; classtype:trojan-activity;sid:84126595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263496/; classtype:trojan-activity;sid:84126596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263497/; classtype:trojan-activity;sid:84126597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263498/; classtype:trojan-activity;sid:84126598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263481/; classtype:trojan-activity;sid:84126581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263482/; classtype:trojan-activity;sid:84126582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263483/; classtype:trojan-activity;sid:84126583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263484/; classtype:trojan-activity;sid:84126584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263485/; classtype:trojan-activity;sid:84126585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263480/; classtype:trojan-activity;sid:84126580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263479/; classtype:trojan-activity;sid:84126579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263477/; classtype:trojan-activity;sid:84126577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263478/; classtype:trojan-activity;sid:84126578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263471/; classtype:trojan-activity;sid:84126571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263472/; classtype:trojan-activity;sid:84126572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263473/; classtype:trojan-activity;sid:84126573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263474/; classtype:trojan-activity;sid:84126574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263475/; classtype:trojan-activity;sid:84126575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263476/; classtype:trojan-activity;sid:84126576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263463/; classtype:trojan-activity;sid:84126563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263464/; classtype:trojan-activity;sid:84126564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263465/; classtype:trojan-activity;sid:84126565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263466/; classtype:trojan-activity;sid:84126566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263467/; classtype:trojan-activity;sid:84126567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263468/; classtype:trojan-activity;sid:84126568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263469/; classtype:trojan-activity;sid:84126569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263470/; classtype:trojan-activity;sid:84126570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263454/; classtype:trojan-activity;sid:84126554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263455/; classtype:trojan-activity;sid:84126555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263456/; classtype:trojan-activity;sid:84126556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263457/; classtype:trojan-activity;sid:84126557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263458/; classtype:trojan-activity;sid:84126558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263459/; classtype:trojan-activity;sid:84126559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263460/; classtype:trojan-activity;sid:84126560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263461/; classtype:trojan-activity;sid:84126561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263462/; classtype:trojan-activity;sid:84126562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263441/; classtype:trojan-activity;sid:84126541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263442/; classtype:trojan-activity;sid:84126542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263443/; classtype:trojan-activity;sid:84126543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263444/; classtype:trojan-activity;sid:84126544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263445/; classtype:trojan-activity;sid:84126545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263446/; classtype:trojan-activity;sid:84126546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263447/; classtype:trojan-activity;sid:84126547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263448/; classtype:trojan-activity;sid:84126548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263449/; classtype:trojan-activity;sid:84126549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263450/; classtype:trojan-activity;sid:84126550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263451/; classtype:trojan-activity;sid:84126551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263452/; classtype:trojan-activity;sid:84126552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263453/; classtype:trojan-activity;sid:84126553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263436/; classtype:trojan-activity;sid:84126536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263437/; classtype:trojan-activity;sid:84126537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263438/; classtype:trojan-activity;sid:84126538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263439/; classtype:trojan-activity;sid:84126539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263440/; classtype:trojan-activity;sid:84126540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263435/; classtype:trojan-activity;sid:84126535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263432/; classtype:trojan-activity;sid:84126532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263433/; classtype:trojan-activity;sid:84126533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263434/; classtype:trojan-activity;sid:84126534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263428/; classtype:trojan-activity;sid:84126528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263429/; classtype:trojan-activity;sid:84126529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263430/; classtype:trojan-activity;sid:84126530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263431/; classtype:trojan-activity;sid:84126531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263427/; classtype:trojan-activity;sid:84126527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263425/; classtype:trojan-activity;sid:84126525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-dur.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263426/; classtype:trojan-activity;sid:84126526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263424/; classtype:trojan-activity;sid:84126524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263414/; classtype:trojan-activity;sid:84126514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263415/; classtype:trojan-activity;sid:84126515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263416/; classtype:trojan-activity;sid:84126516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263417/; classtype:trojan-activity;sid:84126517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263418/; classtype:trojan-activity;sid:84126518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263419/; classtype:trojan-activity;sid:84126519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263420/; classtype:trojan-activity;sid:84126520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263421/; classtype:trojan-activity;sid:84126521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263422/; classtype:trojan-activity;sid:84126522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263423/; classtype:trojan-activity;sid:84126523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263406/; classtype:trojan-activity;sid:84126506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263407/; classtype:trojan-activity;sid:84126507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263408/; classtype:trojan-activity;sid:84126508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263409/; classtype:trojan-activity;sid:84126509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263410/; classtype:trojan-activity;sid:84126510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263411/; classtype:trojan-activity;sid:84126511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263412/; classtype:trojan-activity;sid:84126512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263413/; classtype:trojan-activity;sid:84126513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263399/; classtype:trojan-activity;sid:84126499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263400/; classtype:trojan-activity;sid:84126500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263401/; classtype:trojan-activity;sid:84126501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263402/; classtype:trojan-activity;sid:84126502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263403/; classtype:trojan-activity;sid:84126503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263404/; classtype:trojan-activity;sid:84126504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263405/; classtype:trojan-activity;sid:84126505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263395/; classtype:trojan-activity;sid:84126495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ffb0d4b87b11580/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"5.178.1.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263396/; classtype:trojan-activity;sid:84126496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263397/; classtype:trojan-activity;sid:84126497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263398/; classtype:trojan-activity;sid:84126498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263390/; classtype:trojan-activity;sid:84126490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263391/; classtype:trojan-activity;sid:84126491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263392/; classtype:trojan-activity;sid:84126492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263393/; classtype:trojan-activity;sid:84126493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263394/; classtype:trojan-activity;sid:84126494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263382/; classtype:trojan-activity;sid:84126482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263383/; classtype:trojan-activity;sid:84126483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263384/; classtype:trojan-activity;sid:84126484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263385/; classtype:trojan-activity;sid:84126485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263386/; classtype:trojan-activity;sid:84126486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263387/; classtype:trojan-activity;sid:84126487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263388/; classtype:trojan-activity;sid:84126488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263389/; classtype:trojan-activity;sid:84126489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263376/; classtype:trojan-activity;sid:84126476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263377/; classtype:trojan-activity;sid:84126477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263378/; classtype:trojan-activity;sid:84126478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263379/; classtype:trojan-activity;sid:84126479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263380/; classtype:trojan-activity;sid:84126480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263381/; classtype:trojan-activity;sid:84126481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263374/; classtype:trojan-activity;sid:84126474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263375/; classtype:trojan-activity;sid:84126475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263367/; classtype:trojan-activity;sid:84126467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263368/; classtype:trojan-activity;sid:84126468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263369/; classtype:trojan-activity;sid:84126469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cb9fbc8f93bb26b/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"92.255.85.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263370/; classtype:trojan-activity;sid:84126470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263371/; classtype:trojan-activity;sid:84126471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263372/; classtype:trojan-activity;sid:84126472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263373/; classtype:trojan-activity;sid:84126473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263363/; classtype:trojan-activity;sid:84126463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263364/; classtype:trojan-activity;sid:84126464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263365/; classtype:trojan-activity;sid:84126465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263366/; classtype:trojan-activity;sid:84126466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263362/; classtype:trojan-activity;sid:84126462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263359/; classtype:trojan-activity;sid:84126459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263360/; classtype:trojan-activity;sid:84126460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263361/; classtype:trojan-activity;sid:84126461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263347/; classtype:trojan-activity;sid:84126447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263348/; classtype:trojan-activity;sid:84126448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263349/; classtype:trojan-activity;sid:84126449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263350/; classtype:trojan-activity;sid:84126450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263351/; classtype:trojan-activity;sid:84126451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263352/; classtype:trojan-activity;sid:84126452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263353/; classtype:trojan-activity;sid:84126453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263354/; classtype:trojan-activity;sid:84126454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263355/; classtype:trojan-activity;sid:84126455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263356/; classtype:trojan-activity;sid:84126456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263357/; classtype:trojan-activity;sid:84126457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263358/; classtype:trojan-activity;sid:84126458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263340/; classtype:trojan-activity;sid:84126440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263341/; classtype:trojan-activity;sid:84126441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263342/; classtype:trojan-activity;sid:84126442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263343/; classtype:trojan-activity;sid:84126443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263344/; classtype:trojan-activity;sid:84126444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263345/; classtype:trojan-activity;sid:84126445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263346/; classtype:trojan-activity;sid:84126446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263332/; classtype:trojan-activity;sid:84126432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263333/; classtype:trojan-activity;sid:84126433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263334/; classtype:trojan-activity;sid:84126434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263335/; classtype:trojan-activity;sid:84126435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263336/; classtype:trojan-activity;sid:84126436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263337/; classtype:trojan-activity;sid:84126437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263338/; classtype:trojan-activity;sid:84126438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263339/; classtype:trojan-activity;sid:84126439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263321/; classtype:trojan-activity;sid:84126421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263322/; classtype:trojan-activity;sid:84126422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263323/; classtype:trojan-activity;sid:84126423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263324/; classtype:trojan-activity;sid:84126424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263325/; classtype:trojan-activity;sid:84126425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263326/; classtype:trojan-activity;sid:84126426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263327/; classtype:trojan-activity;sid:84126427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263328/; classtype:trojan-activity;sid:84126428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263329/; classtype:trojan-activity;sid:84126429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263330/; classtype:trojan-activity;sid:84126430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263331/; classtype:trojan-activity;sid:84126431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263318/; classtype:trojan-activity;sid:84126418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263319/; classtype:trojan-activity;sid:84126419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263320/; classtype:trojan-activity;sid:84126420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263317/; classtype:trojan-activity;sid:84126417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263315/; classtype:trojan-activity;sid:84126415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263316/; classtype:trojan-activity;sid:84126416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263313/; classtype:trojan-activity;sid:84126413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263314/; classtype:trojan-activity;sid:84126414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263306/; classtype:trojan-activity;sid:84126406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263307/; classtype:trojan-activity;sid:84126407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263308/; classtype:trojan-activity;sid:84126408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263309/; classtype:trojan-activity;sid:84126409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263310/; classtype:trojan-activity;sid:84126410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263311/; classtype:trojan-activity;sid:84126411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263312/; classtype:trojan-activity;sid:84126412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263296/; classtype:trojan-activity;sid:84126396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263297/; classtype:trojan-activity;sid:84126397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263298/; classtype:trojan-activity;sid:84126398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263299/; classtype:trojan-activity;sid:84126399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263300/; classtype:trojan-activity;sid:84126400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263301/; classtype:trojan-activity;sid:84126401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263302/; classtype:trojan-activity;sid:84126402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263303/; classtype:trojan-activity;sid:84126403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263304/; classtype:trojan-activity;sid:84126404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263305/; classtype:trojan-activity;sid:84126405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263285/; classtype:trojan-activity;sid:84126385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263286/; classtype:trojan-activity;sid:84126386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263287/; classtype:trojan-activity;sid:84126387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263288/; classtype:trojan-activity;sid:84126388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263289/; classtype:trojan-activity;sid:84126389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263290/; classtype:trojan-activity;sid:84126390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263291/; classtype:trojan-activity;sid:84126391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263292/; classtype:trojan-activity;sid:84126392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263293/; classtype:trojan-activity;sid:84126393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263294/; classtype:trojan-activity;sid:84126394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263295/; classtype:trojan-activity;sid:84126395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263278/; classtype:trojan-activity;sid:84126378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263279/; classtype:trojan-activity;sid:84126379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263280/; classtype:trojan-activity;sid:84126380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263281/; classtype:trojan-activity;sid:84126381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ffb0d4b87b11580/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"5.178.1.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263282/; classtype:trojan-activity;sid:84126382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263283/; classtype:trojan-activity;sid:84126383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263284/; classtype:trojan-activity;sid:84126384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263273/; classtype:trojan-activity;sid:84126373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263274/; classtype:trojan-activity;sid:84126374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ffb0d4b87b11580/nss3.dll"; depth:26; endswith; nocase; http.host; content:"5.178.1.19"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263275/; classtype:trojan-activity;sid:84126375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263276/; classtype:trojan-activity;sid:84126376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263277/; classtype:trojan-activity;sid:84126377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263271/; classtype:trojan-activity;sid:84126371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263272/; classtype:trojan-activity;sid:84126372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263270/; classtype:trojan-activity;sid:84126370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263265/; classtype:trojan-activity;sid:84126365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263266/; classtype:trojan-activity;sid:84126366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263267/; classtype:trojan-activity;sid:84126367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263268/; classtype:trojan-activity;sid:84126368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263269/; classtype:trojan-activity;sid:84126369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263253/; classtype:trojan-activity;sid:84126353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263254/; classtype:trojan-activity;sid:84126354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263255/; classtype:trojan-activity;sid:84126355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263256/; classtype:trojan-activity;sid:84126356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263257/; classtype:trojan-activity;sid:84126357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263258/; classtype:trojan-activity;sid:84126358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263259/; classtype:trojan-activity;sid:84126359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263260/; classtype:trojan-activity;sid:84126360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263261/; classtype:trojan-activity;sid:84126361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263262/; classtype:trojan-activity;sid:84126362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263263/; classtype:trojan-activity;sid:84126363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263264/; classtype:trojan-activity;sid:84126364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263244/; classtype:trojan-activity;sid:84126344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263245/; classtype:trojan-activity;sid:84126345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263246/; classtype:trojan-activity;sid:84126346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263247/; classtype:trojan-activity;sid:84126347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263248/; classtype:trojan-activity;sid:84126348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263249/; classtype:trojan-activity;sid:84126349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263250/; classtype:trojan-activity;sid:84126350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263251/; classtype:trojan-activity;sid:84126351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/746f34465cf17784/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263252/; classtype:trojan-activity;sid:84126352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263235/; classtype:trojan-activity;sid:84126335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263236/; classtype:trojan-activity;sid:84126336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263237/; classtype:trojan-activity;sid:84126337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263238/; classtype:trojan-activity;sid:84126338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263239/; classtype:trojan-activity;sid:84126339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263240/; classtype:trojan-activity;sid:84126340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263241/; classtype:trojan-activity;sid:84126341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263242/; classtype:trojan-activity;sid:84126342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263243/; classtype:trojan-activity;sid:84126343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263232/; classtype:trojan-activity;sid:84126332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263233/; classtype:trojan-activity;sid:84126333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263234/; classtype:trojan-activity;sid:84126334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263228/; classtype:trojan-activity;sid:84126328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263229/; classtype:trojan-activity;sid:84126329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263230/; classtype:trojan-activity;sid:84126330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263231/; classtype:trojan-activity;sid:84126331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263226/; classtype:trojan-activity;sid:84126326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263227/; classtype:trojan-activity;sid:84126327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263222/; classtype:trojan-activity;sid:84126322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263223/; classtype:trojan-activity;sid:84126323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263224/; classtype:trojan-activity;sid:84126324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263225/; classtype:trojan-activity;sid:84126325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263210/; classtype:trojan-activity;sid:84126310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263211/; classtype:trojan-activity;sid:84126311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263212/; classtype:trojan-activity;sid:84126312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263213/; classtype:trojan-activity;sid:84126313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263214/; classtype:trojan-activity;sid:84126314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263215/; classtype:trojan-activity;sid:84126315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263216/; classtype:trojan-activity;sid:84126316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.136.177.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263217/; classtype:trojan-activity;sid:84126317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263218/; classtype:trojan-activity;sid:84126318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263219/; classtype:trojan-activity;sid:84126319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263220/; classtype:trojan-activity;sid:84126320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263221/; classtype:trojan-activity;sid:84126321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263197/; classtype:trojan-activity;sid:84126297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263198/; classtype:trojan-activity;sid:84126298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263199/; classtype:trojan-activity;sid:84126299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263200/; classtype:trojan-activity;sid:84126300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263201/; classtype:trojan-activity;sid:84126301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263202/; classtype:trojan-activity;sid:84126302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263203/; classtype:trojan-activity;sid:84126303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263204/; classtype:trojan-activity;sid:84126304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263205/; classtype:trojan-activity;sid:84126305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263206/; classtype:trojan-activity;sid:84126306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263207/; classtype:trojan-activity;sid:84126307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263208/; classtype:trojan-activity;sid:84126308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263209/; classtype:trojan-activity;sid:84126309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263187/; classtype:trojan-activity;sid:84126287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263188/; classtype:trojan-activity;sid:84126288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263189/; classtype:trojan-activity;sid:84126289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263190/; classtype:trojan-activity;sid:84126290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263191/; classtype:trojan-activity;sid:84126291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263192/; classtype:trojan-activity;sid:84126292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263193/; classtype:trojan-activity;sid:84126293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263194/; classtype:trojan-activity;sid:84126294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263195/; classtype:trojan-activity;sid:84126295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263196/; classtype:trojan-activity;sid:84126296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263185/; classtype:trojan-activity;sid:84126285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263186/; classtype:trojan-activity;sid:84126286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263182/; classtype:trojan-activity;sid:84126282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263183/; classtype:trojan-activity;sid:84126283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263184/; classtype:trojan-activity;sid:84126284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263180/; classtype:trojan-activity;sid:84126280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263181/; classtype:trojan-activity;sid:84126281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263174/; classtype:trojan-activity;sid:84126274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263175/; classtype:trojan-activity;sid:84126275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263176/; classtype:trojan-activity;sid:84126276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263177/; classtype:trojan-activity;sid:84126277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263178/; classtype:trojan-activity;sid:84126278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263179/; classtype:trojan-activity;sid:84126279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263172/; classtype:trojan-activity;sid:84126272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263173/; classtype:trojan-activity;sid:84126273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263157/; classtype:trojan-activity;sid:84126257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263158/; classtype:trojan-activity;sid:84126258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263159/; classtype:trojan-activity;sid:84126259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263160/; classtype:trojan-activity;sid:84126260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263161/; classtype:trojan-activity;sid:84126261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263162/; classtype:trojan-activity;sid:84126262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263163/; classtype:trojan-activity;sid:84126263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263164/; classtype:trojan-activity;sid:84126264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263165/; classtype:trojan-activity;sid:84126265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263166/; classtype:trojan-activity;sid:84126266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263167/; classtype:trojan-activity;sid:84126267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263168/; classtype:trojan-activity;sid:84126268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263169/; classtype:trojan-activity;sid:84126269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263170/; classtype:trojan-activity;sid:84126270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263171/; classtype:trojan-activity;sid:84126271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263152/; classtype:trojan-activity;sid:84126252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263153/; classtype:trojan-activity;sid:84126253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263154/; classtype:trojan-activity;sid:84126254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263155/; classtype:trojan-activity;sid:84126255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263156/; classtype:trojan-activity;sid:84126256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263145/; classtype:trojan-activity;sid:84126245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263146/; classtype:trojan-activity;sid:84126246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263147/; classtype:trojan-activity;sid:84126247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263148/; classtype:trojan-activity;sid:84126248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263149/; classtype:trojan-activity;sid:84126249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263150/; classtype:trojan-activity;sid:84126250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263151/; classtype:trojan-activity;sid:84126251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263142/; classtype:trojan-activity;sid:84126242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263143/; classtype:trojan-activity;sid:84126243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263144/; classtype:trojan-activity;sid:84126244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263141/; classtype:trojan-activity;sid:84126241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263139/; classtype:trojan-activity;sid:84126239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263140/; classtype:trojan-activity;sid:84126240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263138/; classtype:trojan-activity;sid:84126238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263133/; classtype:trojan-activity;sid:84126233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263134/; classtype:trojan-activity;sid:84126234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263135/; classtype:trojan-activity;sid:84126235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263136/; classtype:trojan-activity;sid:84126236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263137/; classtype:trojan-activity;sid:84126237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263119/; classtype:trojan-activity;sid:84126219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263120/; classtype:trojan-activity;sid:84126220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263121/; classtype:trojan-activity;sid:84126221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263122/; classtype:trojan-activity;sid:84126222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263123/; classtype:trojan-activity;sid:84126223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263124/; classtype:trojan-activity;sid:84126224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263125/; classtype:trojan-activity;sid:84126225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263126/; classtype:trojan-activity;sid:84126226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263127/; classtype:trojan-activity;sid:84126227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263128/; classtype:trojan-activity;sid:84126228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263129/; classtype:trojan-activity;sid:84126229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263130/; classtype:trojan-activity;sid:84126230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263131/; classtype:trojan-activity;sid:84126231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263132/; classtype:trojan-activity;sid:84126232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263104/; classtype:trojan-activity;sid:84126204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263105/; classtype:trojan-activity;sid:84126205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263106/; classtype:trojan-activity;sid:84126206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263107/; classtype:trojan-activity;sid:84126207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263108/; classtype:trojan-activity;sid:84126208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263109/; classtype:trojan-activity;sid:84126209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263110/; classtype:trojan-activity;sid:84126210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263111/; classtype:trojan-activity;sid:84126211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263112/; classtype:trojan-activity;sid:84126212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263113/; classtype:trojan-activity;sid:84126213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263114/; classtype:trojan-activity;sid:84126214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263115/; classtype:trojan-activity;sid:84126215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263116/; classtype:trojan-activity;sid:84126216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263117/; classtype:trojan-activity;sid:84126217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263118/; classtype:trojan-activity;sid:84126218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softokn3.dll"; depth:13; endswith; nocase; http.host; content:"116.202.182.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263102/; classtype:trojan-activity;sid:84126202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263103/; classtype:trojan-activity;sid:84126203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263099/; classtype:trojan-activity;sid:84126199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263100/; classtype:trojan-activity;sid:84126200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263101/; classtype:trojan-activity;sid:84126201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263094/; classtype:trojan-activity;sid:84126194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263095/; classtype:trojan-activity;sid:84126195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263096/; classtype:trojan-activity;sid:84126196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263097/; classtype:trojan-activity;sid:84126197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263098/; classtype:trojan-activity;sid:84126198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263092/; classtype:trojan-activity;sid:84126192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263093/; classtype:trojan-activity;sid:84126193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263085/; classtype:trojan-activity;sid:84126185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263086/; classtype:trojan-activity;sid:84126186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263087/; classtype:trojan-activity;sid:84126187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263088/; classtype:trojan-activity;sid:84126188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263089/; classtype:trojan-activity;sid:84126189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263090/; classtype:trojan-activity;sid:84126190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263091/; classtype:trojan-activity;sid:84126191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263062/; classtype:trojan-activity;sid:84126162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263063/; classtype:trojan-activity;sid:84126163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263064/; classtype:trojan-activity;sid:84126164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263065/; classtype:trojan-activity;sid:84126165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263066/; classtype:trojan-activity;sid:84126166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263067/; classtype:trojan-activity;sid:84126167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263068/; classtype:trojan-activity;sid:84126168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263069/; classtype:trojan-activity;sid:84126169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263070/; classtype:trojan-activity;sid:84126170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263071/; classtype:trojan-activity;sid:84126171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263072/; classtype:trojan-activity;sid:84126172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263073/; classtype:trojan-activity;sid:84126173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263074/; classtype:trojan-activity;sid:84126174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263075/; classtype:trojan-activity;sid:84126175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263076/; classtype:trojan-activity;sid:84126176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263077/; classtype:trojan-activity;sid:84126177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263078/; classtype:trojan-activity;sid:84126178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263079/; classtype:trojan-activity;sid:84126179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263080/; classtype:trojan-activity;sid:84126180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263081/; classtype:trojan-activity;sid:84126181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263082/; classtype:trojan-activity;sid:84126182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263083/; classtype:trojan-activity;sid:84126183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263084/; classtype:trojan-activity;sid:84126184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263057/; classtype:trojan-activity;sid:84126157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263058/; classtype:trojan-activity;sid:84126158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263059/; classtype:trojan-activity;sid:84126159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263060/; classtype:trojan-activity;sid:84126160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263061/; classtype:trojan-activity;sid:84126161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263055/; classtype:trojan-activity;sid:84126155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263056/; classtype:trojan-activity;sid:84126156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263054/; classtype:trojan-activity;sid:84126154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263053/; classtype:trojan-activity;sid:84126153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263052/; classtype:trojan-activity;sid:84126152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263049/; classtype:trojan-activity;sid:84126149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263050/; classtype:trojan-activity;sid:84126150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"loadapi1.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263051/; classtype:trojan-activity;sid:84126151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263043/; classtype:trojan-activity;sid:84126143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263044/; classtype:trojan-activity;sid:84126144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263045/; classtype:trojan-activity;sid:84126145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263046/; classtype:trojan-activity;sid:84126146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263047/; classtype:trojan-activity;sid:84126147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263048/; classtype:trojan-activity;sid:84126148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263037/; classtype:trojan-activity;sid:84126137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263038/; classtype:trojan-activity;sid:84126138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263039/; classtype:trojan-activity;sid:84126139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263040/; classtype:trojan-activity;sid:84126140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263041/; classtype:trojan-activity;sid:84126141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263042/; classtype:trojan-activity;sid:84126142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263032/; classtype:trojan-activity;sid:84126132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263033/; classtype:trojan-activity;sid:84126133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263034/; classtype:trojan-activity;sid:84126134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263035/; classtype:trojan-activity;sid:84126135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263036/; classtype:trojan-activity;sid:84126136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263026/; classtype:trojan-activity;sid:84126126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263027/; classtype:trojan-activity;sid:84126127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263028/; classtype:trojan-activity;sid:84126128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263029/; classtype:trojan-activity;sid:84126129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263030/; classtype:trojan-activity;sid:84126130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263031/; classtype:trojan-activity;sid:84126131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263014/; classtype:trojan-activity;sid:84126114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263015/; classtype:trojan-activity;sid:84126115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.55.149.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263016/; classtype:trojan-activity;sid:84126116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263017/; classtype:trojan-activity;sid:84126117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263018/; classtype:trojan-activity;sid:84126118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263019/; classtype:trojan-activity;sid:84126119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263020/; classtype:trojan-activity;sid:84126120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263021/; classtype:trojan-activity;sid:84126121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263022/; classtype:trojan-activity;sid:84126122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263023/; classtype:trojan-activity;sid:84126123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263024/; classtype:trojan-activity;sid:84126124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263025/; classtype:trojan-activity;sid:84126125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263007/; classtype:trojan-activity;sid:84126107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263008/; classtype:trojan-activity;sid:84126108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263009/; classtype:trojan-activity;sid:84126109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263010/; classtype:trojan-activity;sid:84126110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263011/; classtype:trojan-activity;sid:84126111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263012/; classtype:trojan-activity;sid:84126112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263013/; classtype:trojan-activity;sid:84126113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262997/; classtype:trojan-activity;sid:84126097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262998/; classtype:trojan-activity;sid:84126098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262999/; classtype:trojan-activity;sid:84126099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263000/; classtype:trojan-activity;sid:84126100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263001/; classtype:trojan-activity;sid:84126101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263002/; classtype:trojan-activity;sid:84126102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263003/; classtype:trojan-activity;sid:84126103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263004/; classtype:trojan-activity;sid:84126104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263005/; classtype:trojan-activity;sid:84126105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3263006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3263006/; classtype:trojan-activity;sid:84126106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262989/; classtype:trojan-activity;sid:84126089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262990/; classtype:trojan-activity;sid:84126090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262991/; classtype:trojan-activity;sid:84126091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262992/; classtype:trojan-activity;sid:84126092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262993/; classtype:trojan-activity;sid:84126093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262994/; classtype:trojan-activity;sid:84126094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262995/; classtype:trojan-activity;sid:84126095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262996/; classtype:trojan-activity;sid:84126096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262986/; classtype:trojan-activity;sid:84126086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262987/; classtype:trojan-activity;sid:84126087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262988/; classtype:trojan-activity;sid:84126088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262979/; classtype:trojan-activity;sid:84126079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262980/; classtype:trojan-activity;sid:84126080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262981/; classtype:trojan-activity;sid:84126081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262982/; classtype:trojan-activity;sid:84126082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262983/; classtype:trojan-activity;sid:84126083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262984/; classtype:trojan-activity;sid:84126084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262985/; classtype:trojan-activity;sid:84126085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262975/; classtype:trojan-activity;sid:84126075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262976/; classtype:trojan-activity;sid:84126076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262977/; classtype:trojan-activity;sid:84126077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262978/; classtype:trojan-activity;sid:84126078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262969/; classtype:trojan-activity;sid:84126069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262970/; classtype:trojan-activity;sid:84126070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262971/; classtype:trojan-activity;sid:84126071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262972/; classtype:trojan-activity;sid:84126072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262973/; classtype:trojan-activity;sid:84126073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262974/; classtype:trojan-activity;sid:84126074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262967/; classtype:trojan-activity;sid:84126067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262968/; classtype:trojan-activity;sid:84126068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262965/; classtype:trojan-activity;sid:84126065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262966/; classtype:trojan-activity;sid:84126066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262961/; classtype:trojan-activity;sid:84126061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262962/; classtype:trojan-activity;sid:84126062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262963/; classtype:trojan-activity;sid:84126063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262964/; classtype:trojan-activity;sid:84126064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262951/; classtype:trojan-activity;sid:84126051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262952/; classtype:trojan-activity;sid:84126052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262953/; classtype:trojan-activity;sid:84126053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262954/; classtype:trojan-activity;sid:84126054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262955/; classtype:trojan-activity;sid:84126055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262956/; classtype:trojan-activity;sid:84126056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262957/; classtype:trojan-activity;sid:84126057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262958/; classtype:trojan-activity;sid:84126058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262959/; classtype:trojan-activity;sid:84126059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262960/; classtype:trojan-activity;sid:84126060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262941/; classtype:trojan-activity;sid:84126041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262942/; classtype:trojan-activity;sid:84126042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262943/; classtype:trojan-activity;sid:84126043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262944/; classtype:trojan-activity;sid:84126044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262945/; classtype:trojan-activity;sid:84126045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262946/; classtype:trojan-activity;sid:84126046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262947/; classtype:trojan-activity;sid:84126047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262948/; classtype:trojan-activity;sid:84126048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262949/; classtype:trojan-activity;sid:84126049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262950/; classtype:trojan-activity;sid:84126050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262938/; classtype:trojan-activity;sid:84126038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262939/; classtype:trojan-activity;sid:84126039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262940/; classtype:trojan-activity;sid:84126040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262935/; classtype:trojan-activity;sid:84126035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262936/; classtype:trojan-activity;sid:84126036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262937/; classtype:trojan-activity;sid:84126037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262931/; classtype:trojan-activity;sid:84126031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262932/; classtype:trojan-activity;sid:84126032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262933/; classtype:trojan-activity;sid:84126033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262934/; classtype:trojan-activity;sid:84126034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262929/; classtype:trojan-activity;sid:84126029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262930/; classtype:trojan-activity;sid:84126030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262925/; classtype:trojan-activity;sid:84126025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262926/; classtype:trojan-activity;sid:84126026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262927/; classtype:trojan-activity;sid:84126027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262928/; classtype:trojan-activity;sid:84126028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262924/; classtype:trojan-activity;sid:84126024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262917/; classtype:trojan-activity;sid:84126017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262918/; classtype:trojan-activity;sid:84126018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262919/; classtype:trojan-activity;sid:84126019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262920/; classtype:trojan-activity;sid:84126020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262921/; classtype:trojan-activity;sid:84126021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262922/; classtype:trojan-activity;sid:84126022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262923/; classtype:trojan-activity;sid:84126023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262900/; classtype:trojan-activity;sid:84126000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262901/; classtype:trojan-activity;sid:84126001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262902/; classtype:trojan-activity;sid:84126002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262903/; classtype:trojan-activity;sid:84126003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262904/; classtype:trojan-activity;sid:84126004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262905/; classtype:trojan-activity;sid:84126005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262906/; classtype:trojan-activity;sid:84126006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262907/; classtype:trojan-activity;sid:84126007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262908/; classtype:trojan-activity;sid:84126008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262909/; classtype:trojan-activity;sid:84126009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262910/; classtype:trojan-activity;sid:84126010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262911/; classtype:trojan-activity;sid:84126011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262912/; classtype:trojan-activity;sid:84126012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262913/; classtype:trojan-activity;sid:84126013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262914/; classtype:trojan-activity;sid:84126014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262915/; classtype:trojan-activity;sid:84126015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262916/; classtype:trojan-activity;sid:84126016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262896/; classtype:trojan-activity;sid:84125996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262897/; classtype:trojan-activity;sid:84125997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262898/; classtype:trojan-activity;sid:84125998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262899/; classtype:trojan-activity;sid:84125999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262895/; classtype:trojan-activity;sid:84125995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262892/; classtype:trojan-activity;sid:84125992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262893/; classtype:trojan-activity;sid:84125993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262894/; classtype:trojan-activity;sid:84125994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262891/; classtype:trojan-activity;sid:84125991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262890/; classtype:trojan-activity;sid:84125990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262886/; classtype:trojan-activity;sid:84125986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262887/; classtype:trojan-activity;sid:84125987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262888/; classtype:trojan-activity;sid:84125988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262889/; classtype:trojan-activity;sid:84125989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262883/; classtype:trojan-activity;sid:84125983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262884/; classtype:trojan-activity;sid:84125984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262885/; classtype:trojan-activity;sid:84125985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262881/; classtype:trojan-activity;sid:84125981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262882/; classtype:trojan-activity;sid:84125982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262879/; classtype:trojan-activity;sid:84125979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262880/; classtype:trojan-activity;sid:84125980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262848/; classtype:trojan-activity;sid:84125948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262849/; classtype:trojan-activity;sid:84125949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262850/; classtype:trojan-activity;sid:84125950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262851/; classtype:trojan-activity;sid:84125951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262852/; classtype:trojan-activity;sid:84125952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262853/; classtype:trojan-activity;sid:84125953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262854/; classtype:trojan-activity;sid:84125954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262855/; classtype:trojan-activity;sid:84125955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262856/; classtype:trojan-activity;sid:84125956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262857/; classtype:trojan-activity;sid:84125957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262858/; classtype:trojan-activity;sid:84125958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262859/; classtype:trojan-activity;sid:84125959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262860/; classtype:trojan-activity;sid:84125960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262861/; classtype:trojan-activity;sid:84125961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262862/; classtype:trojan-activity;sid:84125962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262863/; classtype:trojan-activity;sid:84125963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262864/; classtype:trojan-activity;sid:84125964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262865/; classtype:trojan-activity;sid:84125965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262866/; classtype:trojan-activity;sid:84125966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262867/; classtype:trojan-activity;sid:84125967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262868/; classtype:trojan-activity;sid:84125968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262869/; classtype:trojan-activity;sid:84125969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262870/; classtype:trojan-activity;sid:84125970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262871/; classtype:trojan-activity;sid:84125971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262872/; classtype:trojan-activity;sid:84125972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262873/; classtype:trojan-activity;sid:84125973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262874/; classtype:trojan-activity;sid:84125974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262875/; classtype:trojan-activity;sid:84125975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262876/; classtype:trojan-activity;sid:84125976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262877/; classtype:trojan-activity;sid:84125977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262878/; classtype:trojan-activity;sid:84125978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262845/; classtype:trojan-activity;sid:84125945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262846/; classtype:trojan-activity;sid:84125946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262847/; classtype:trojan-activity;sid:84125947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262843/; classtype:trojan-activity;sid:84125943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262844/; classtype:trojan-activity;sid:84125944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262842/; classtype:trojan-activity;sid:84125942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262841/; classtype:trojan-activity;sid:84125941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262838/; classtype:trojan-activity;sid:84125938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262839/; classtype:trojan-activity;sid:84125939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-st1.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262840/; classtype:trojan-activity;sid:84125940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.190.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262837/; classtype:trojan-activity;sid:84125937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acceptruea.zip"; depth:15; endswith; nocase; http.host; content:"mcrogers.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262836/; classtype:trojan-activity;sid:84125936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262833/; classtype:trojan-activity;sid:84125933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262834/; classtype:trojan-activity;sid:84125934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262835/; classtype:trojan-activity;sid:84125935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"140.237.8.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262828/; classtype:trojan-activity;sid:84125928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262829/; classtype:trojan-activity;sid:84125929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262830/; classtype:trojan-activity;sid:84125930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262831/; classtype:trojan-activity;sid:84125931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262832/; classtype:trojan-activity;sid:84125932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262824/; classtype:trojan-activity;sid:84125924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262825/; classtype:trojan-activity;sid:84125925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262826/; classtype:trojan-activity;sid:84125926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262827/; classtype:trojan-activity;sid:84125927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262820/; classtype:trojan-activity;sid:84125920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262821/; classtype:trojan-activity;sid:84125921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262822/; classtype:trojan-activity;sid:84125922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262823/; classtype:trojan-activity;sid:84125923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262817/; classtype:trojan-activity;sid:84125917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262818/; classtype:trojan-activity;sid:84125918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262819/; classtype:trojan-activity;sid:84125919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262816/; classtype:trojan-activity;sid:84125916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262811/; classtype:trojan-activity;sid:84125911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262812/; classtype:trojan-activity;sid:84125912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262813/; classtype:trojan-activity;sid:84125913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262814/; classtype:trojan-activity;sid:84125914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262815/; classtype:trojan-activity;sid:84125915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262803/; classtype:trojan-activity;sid:84125903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262804/; classtype:trojan-activity;sid:84125904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262805/; classtype:trojan-activity;sid:84125905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262806/; classtype:trojan-activity;sid:84125906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262807/; classtype:trojan-activity;sid:84125907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262808/; classtype:trojan-activity;sid:84125908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262809/; classtype:trojan-activity;sid:84125909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262810/; classtype:trojan-activity;sid:84125910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262797/; classtype:trojan-activity;sid:84125897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262798/; classtype:trojan-activity;sid:84125898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262799/; classtype:trojan-activity;sid:84125899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262800/; classtype:trojan-activity;sid:84125900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.136.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262801/; classtype:trojan-activity;sid:84125901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262802/; classtype:trojan-activity;sid:84125902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262789/; classtype:trojan-activity;sid:84125889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262790/; classtype:trojan-activity;sid:84125890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262791/; classtype:trojan-activity;sid:84125891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262792/; classtype:trojan-activity;sid:84125892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262793/; classtype:trojan-activity;sid:84125893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262794/; classtype:trojan-activity;sid:84125894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262795/; classtype:trojan-activity;sid:84125895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262796/; classtype:trojan-activity;sid:84125896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262782/; classtype:trojan-activity;sid:84125882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262783/; classtype:trojan-activity;sid:84125883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262784/; classtype:trojan-activity;sid:84125884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262785/; classtype:trojan-activity;sid:84125885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262786/; classtype:trojan-activity;sid:84125886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262787/; classtype:trojan-activity;sid:84125887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262788/; classtype:trojan-activity;sid:84125888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262779/; classtype:trojan-activity;sid:84125879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262780/; classtype:trojan-activity;sid:84125880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262781/; classtype:trojan-activity;sid:84125881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262778/; classtype:trojan-activity;sid:84125878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262776/; classtype:trojan-activity;sid:84125876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262777/; classtype:trojan-activity;sid:84125877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262770/; classtype:trojan-activity;sid:84125870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262771/; classtype:trojan-activity;sid:84125871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262772/; classtype:trojan-activity;sid:84125872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262773/; classtype:trojan-activity;sid:84125873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262774/; classtype:trojan-activity;sid:84125874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262775/; classtype:trojan-activity;sid:84125875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262766/; classtype:trojan-activity;sid:84125866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262767/; classtype:trojan-activity;sid:84125867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262768/; classtype:trojan-activity;sid:84125868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262769/; classtype:trojan-activity;sid:84125869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262753/; classtype:trojan-activity;sid:84125853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262754/; classtype:trojan-activity;sid:84125854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262755/; classtype:trojan-activity;sid:84125855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262756/; classtype:trojan-activity;sid:84125856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262757/; classtype:trojan-activity;sid:84125857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262758/; classtype:trojan-activity;sid:84125858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262759/; classtype:trojan-activity;sid:84125859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262760/; classtype:trojan-activity;sid:84125860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262761/; classtype:trojan-activity;sid:84125861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262762/; classtype:trojan-activity;sid:84125862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262763/; classtype:trojan-activity;sid:84125863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262764/; classtype:trojan-activity;sid:84125864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262765/; classtype:trojan-activity;sid:84125865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262745/; classtype:trojan-activity;sid:84125845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262746/; classtype:trojan-activity;sid:84125846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262747/; classtype:trojan-activity;sid:84125847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262748/; classtype:trojan-activity;sid:84125848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262749/; classtype:trojan-activity;sid:84125849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262750/; classtype:trojan-activity;sid:84125850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262751/; classtype:trojan-activity;sid:84125851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262752/; classtype:trojan-activity;sid:84125852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262742/; classtype:trojan-activity;sid:84125842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262743/; classtype:trojan-activity;sid:84125843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262744/; classtype:trojan-activity;sid:84125844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262738/; classtype:trojan-activity;sid:84125838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262739/; classtype:trojan-activity;sid:84125839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262740/; classtype:trojan-activity;sid:84125840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262741/; classtype:trojan-activity;sid:84125841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262736/; classtype:trojan-activity;sid:84125836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262737/; classtype:trojan-activity;sid:84125837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262735/; classtype:trojan-activity;sid:84125835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262729/; classtype:trojan-activity;sid:84125829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262730/; classtype:trojan-activity;sid:84125830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262731/; classtype:trojan-activity;sid:84125831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262732/; classtype:trojan-activity;sid:84125832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262733/; classtype:trojan-activity;sid:84125833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/factura-d13141b4-d555-4231-bed1-406f373a7acd.zip"; depth:49; endswith; nocase; http.host; content:"mcrogers.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262734/; classtype:trojan-activity;sid:84125834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262726/; classtype:trojan-activity;sid:84125826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262727/; classtype:trojan-activity;sid:84125827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262728/; classtype:trojan-activity;sid:84125828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262714/; classtype:trojan-activity;sid:84125814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262715/; classtype:trojan-activity;sid:84125815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262716/; classtype:trojan-activity;sid:84125816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262717/; classtype:trojan-activity;sid:84125817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262718/; classtype:trojan-activity;sid:84125818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262719/; classtype:trojan-activity;sid:84125819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262720/; classtype:trojan-activity;sid:84125820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262721/; classtype:trojan-activity;sid:84125821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262722/; classtype:trojan-activity;sid:84125822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262723/; classtype:trojan-activity;sid:84125823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262724/; classtype:trojan-activity;sid:84125824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262725/; classtype:trojan-activity;sid:84125825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262701/; classtype:trojan-activity;sid:84125801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262702/; classtype:trojan-activity;sid:84125802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262703/; classtype:trojan-activity;sid:84125803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.33.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262704/; classtype:trojan-activity;sid:84125804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262705/; classtype:trojan-activity;sid:84125805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262706/; classtype:trojan-activity;sid:84125806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262707/; classtype:trojan-activity;sid:84125807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262708/; classtype:trojan-activity;sid:84125808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262709/; classtype:trojan-activity;sid:84125809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262710/; classtype:trojan-activity;sid:84125810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262711/; classtype:trojan-activity;sid:84125811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262712/; classtype:trojan-activity;sid:84125812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262713/; classtype:trojan-activity;sid:84125813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262690/; classtype:trojan-activity;sid:84125790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262691/; classtype:trojan-activity;sid:84125791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262692/; classtype:trojan-activity;sid:84125792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262693/; classtype:trojan-activity;sid:84125793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262694/; classtype:trojan-activity;sid:84125794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262695/; classtype:trojan-activity;sid:84125795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262696/; classtype:trojan-activity;sid:84125796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262697/; classtype:trojan-activity;sid:84125797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262698/; classtype:trojan-activity;sid:84125798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262699/; classtype:trojan-activity;sid:84125799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262700/; classtype:trojan-activity;sid:84125800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262688/; classtype:trojan-activity;sid:84125788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262689/; classtype:trojan-activity;sid:84125789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262687/; classtype:trojan-activity;sid:84125787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262686/; classtype:trojan-activity;sid:84125786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262685/; classtype:trojan-activity;sid:84125785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262672/; classtype:trojan-activity;sid:84125772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262673/; classtype:trojan-activity;sid:84125773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262674/; classtype:trojan-activity;sid:84125774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262675/; classtype:trojan-activity;sid:84125775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262676/; classtype:trojan-activity;sid:84125776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262677/; classtype:trojan-activity;sid:84125777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262678/; classtype:trojan-activity;sid:84125778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262679/; classtype:trojan-activity;sid:84125779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262680/; classtype:trojan-activity;sid:84125780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262681/; classtype:trojan-activity;sid:84125781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262682/; classtype:trojan-activity;sid:84125782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262683/; classtype:trojan-activity;sid:84125783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262684/; classtype:trojan-activity;sid:84125784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262658/; classtype:trojan-activity;sid:84125758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262659/; classtype:trojan-activity;sid:84125759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262660/; classtype:trojan-activity;sid:84125760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262661/; classtype:trojan-activity;sid:84125761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262662/; classtype:trojan-activity;sid:84125762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262663/; classtype:trojan-activity;sid:84125763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262664/; classtype:trojan-activity;sid:84125764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262665/; classtype:trojan-activity;sid:84125765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262666/; classtype:trojan-activity;sid:84125766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262667/; classtype:trojan-activity;sid:84125767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262668/; classtype:trojan-activity;sid:84125768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262669/; classtype:trojan-activity;sid:84125769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262670/; classtype:trojan-activity;sid:84125770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262671/; classtype:trojan-activity;sid:84125771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262651/; classtype:trojan-activity;sid:84125751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262652/; classtype:trojan-activity;sid:84125752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262653/; classtype:trojan-activity;sid:84125753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262654/; classtype:trojan-activity;sid:84125754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262655/; classtype:trojan-activity;sid:84125755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262656/; classtype:trojan-activity;sid:84125756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262657/; classtype:trojan-activity;sid:84125757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262648/; classtype:trojan-activity;sid:84125748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262649/; classtype:trojan-activity;sid:84125749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262650/; classtype:trojan-activity;sid:84125750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262646/; classtype:trojan-activity;sid:84125746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262647/; classtype:trojan-activity;sid:84125747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262645/; classtype:trojan-activity;sid:84125745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262643/; classtype:trojan-activity;sid:84125743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-dl3.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262644/; classtype:trojan-activity;sid:84125744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262642/; classtype:trojan-activity;sid:84125742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262641/; classtype:trojan-activity;sid:84125741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262639/; classtype:trojan-activity;sid:84125739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262640/; classtype:trojan-activity;sid:84125740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262629/; classtype:trojan-activity;sid:84125729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262630/; classtype:trojan-activity;sid:84125730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262631/; classtype:trojan-activity;sid:84125731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262632/; classtype:trojan-activity;sid:84125732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262633/; classtype:trojan-activity;sid:84125733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262634/; classtype:trojan-activity;sid:84125734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262635/; classtype:trojan-activity;sid:84125735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262636/; classtype:trojan-activity;sid:84125736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262637/; classtype:trojan-activity;sid:84125737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262638/; classtype:trojan-activity;sid:84125738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262623/; classtype:trojan-activity;sid:84125723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262624/; classtype:trojan-activity;sid:84125724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262625/; classtype:trojan-activity;sid:84125725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262626/; classtype:trojan-activity;sid:84125726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262627/; classtype:trojan-activity;sid:84125727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.170.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262628/; classtype:trojan-activity;sid:84125728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262618/; classtype:trojan-activity;sid:84125718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262619/; classtype:trojan-activity;sid:84125719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262620/; classtype:trojan-activity;sid:84125720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262621/; classtype:trojan-activity;sid:84125721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262622/; classtype:trojan-activity;sid:84125722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262615/; classtype:trojan-activity;sid:84125715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262616/; classtype:trojan-activity;sid:84125716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262617/; classtype:trojan-activity;sid:84125717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262607/; classtype:trojan-activity;sid:84125707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262608/; classtype:trojan-activity;sid:84125708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262609/; classtype:trojan-activity;sid:84125709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262610/; classtype:trojan-activity;sid:84125710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262611/; classtype:trojan-activity;sid:84125711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262612/; classtype:trojan-activity;sid:84125712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262613/; classtype:trojan-activity;sid:84125713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262614/; classtype:trojan-activity;sid:84125714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262599/; classtype:trojan-activity;sid:84125699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262600/; classtype:trojan-activity;sid:84125700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262601/; classtype:trojan-activity;sid:84125701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262602/; classtype:trojan-activity;sid:84125702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262603/; classtype:trojan-activity;sid:84125703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262604/; classtype:trojan-activity;sid:84125704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262605/; classtype:trojan-activity;sid:84125705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262606/; classtype:trojan-activity;sid:84125706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262590/; classtype:trojan-activity;sid:84125690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262591/; classtype:trojan-activity;sid:84125691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262592/; classtype:trojan-activity;sid:84125692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262593/; classtype:trojan-activity;sid:84125693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262594/; classtype:trojan-activity;sid:84125694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262595/; classtype:trojan-activity;sid:84125695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262596/; classtype:trojan-activity;sid:84125696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262597/; classtype:trojan-activity;sid:84125697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262598/; classtype:trojan-activity;sid:84125698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262585/; classtype:trojan-activity;sid:84125685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262586/; classtype:trojan-activity;sid:84125686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262587/; classtype:trojan-activity;sid:84125687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262588/; classtype:trojan-activity;sid:84125688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262589/; classtype:trojan-activity;sid:84125689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262580/; classtype:trojan-activity;sid:84125680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262581/; classtype:trojan-activity;sid:84125681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262582/; classtype:trojan-activity;sid:84125682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262583/; classtype:trojan-activity;sid:84125683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262584/; classtype:trojan-activity;sid:84125684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262579/; classtype:trojan-activity;sid:84125679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262570/; classtype:trojan-activity;sid:84125670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262571/; classtype:trojan-activity;sid:84125671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262572/; classtype:trojan-activity;sid:84125672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262573/; classtype:trojan-activity;sid:84125673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262574/; classtype:trojan-activity;sid:84125674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262575/; classtype:trojan-activity;sid:84125675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262576/; classtype:trojan-activity;sid:84125676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262577/; classtype:trojan-activity;sid:84125677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262578/; classtype:trojan-activity;sid:84125678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262567/; classtype:trojan-activity;sid:84125667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262568/; classtype:trojan-activity;sid:84125668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262569/; classtype:trojan-activity;sid:84125669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262560/; classtype:trojan-activity;sid:84125660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262561/; classtype:trojan-activity;sid:84125661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262562/; classtype:trojan-activity;sid:84125662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262563/; classtype:trojan-activity;sid:84125663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262564/; classtype:trojan-activity;sid:84125664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262565/; classtype:trojan-activity;sid:84125665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262566/; classtype:trojan-activity;sid:84125666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262552/; classtype:trojan-activity;sid:84125652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262553/; classtype:trojan-activity;sid:84125653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262554/; classtype:trojan-activity;sid:84125654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262555/; classtype:trojan-activity;sid:84125655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262556/; classtype:trojan-activity;sid:84125656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262557/; classtype:trojan-activity;sid:84125657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262558/; classtype:trojan-activity;sid:84125658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262559/; classtype:trojan-activity;sid:84125659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262550/; classtype:trojan-activity;sid:84125650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262551/; classtype:trojan-activity;sid:84125651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262547/; classtype:trojan-activity;sid:84125647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262548/; classtype:trojan-activity;sid:84125648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262549/; classtype:trojan-activity;sid:84125649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262536/; classtype:trojan-activity;sid:84125636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262537/; classtype:trojan-activity;sid:84125637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262538/; classtype:trojan-activity;sid:84125638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262539/; classtype:trojan-activity;sid:84125639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262540/; classtype:trojan-activity;sid:84125640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262541/; classtype:trojan-activity;sid:84125641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262542/; classtype:trojan-activity;sid:84125642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262543/; classtype:trojan-activity;sid:84125643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262544/; classtype:trojan-activity;sid:84125644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262545/; classtype:trojan-activity;sid:84125645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262546/; classtype:trojan-activity;sid:84125646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262523/; classtype:trojan-activity;sid:84125623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262524/; classtype:trojan-activity;sid:84125624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262525/; classtype:trojan-activity;sid:84125625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262526/; classtype:trojan-activity;sid:84125626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262527/; classtype:trojan-activity;sid:84125627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262528/; classtype:trojan-activity;sid:84125628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262529/; classtype:trojan-activity;sid:84125629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262530/; classtype:trojan-activity;sid:84125630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262531/; classtype:trojan-activity;sid:84125631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262532/; classtype:trojan-activity;sid:84125632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262533/; classtype:trojan-activity;sid:84125633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262534/; classtype:trojan-activity;sid:84125634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262535/; classtype:trojan-activity;sid:84125635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262520/; classtype:trojan-activity;sid:84125620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262521/; classtype:trojan-activity;sid:84125621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262522/; classtype:trojan-activity;sid:84125622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262516/; classtype:trojan-activity;sid:84125616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262517/; classtype:trojan-activity;sid:84125617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262518/; classtype:trojan-activity;sid:84125618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262519/; classtype:trojan-activity;sid:84125619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262514/; classtype:trojan-activity;sid:84125614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262515/; classtype:trojan-activity;sid:84125615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262510/; classtype:trojan-activity;sid:84125610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262511/; classtype:trojan-activity;sid:84125611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262512/; classtype:trojan-activity;sid:84125612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262513/; classtype:trojan-activity;sid:84125613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262509/; classtype:trojan-activity;sid:84125609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262507/; classtype:trojan-activity;sid:84125607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262508/; classtype:trojan-activity;sid:84125608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262503/; classtype:trojan-activity;sid:84125603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262504/; classtype:trojan-activity;sid:84125604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262505/; classtype:trojan-activity;sid:84125605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262506/; classtype:trojan-activity;sid:84125606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262482/; classtype:trojan-activity;sid:84125582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262483/; classtype:trojan-activity;sid:84125583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262484/; classtype:trojan-activity;sid:84125584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262485/; classtype:trojan-activity;sid:84125585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262486/; classtype:trojan-activity;sid:84125586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262487/; classtype:trojan-activity;sid:84125587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262488/; classtype:trojan-activity;sid:84125588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262489/; classtype:trojan-activity;sid:84125589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262490/; classtype:trojan-activity;sid:84125590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262491/; classtype:trojan-activity;sid:84125591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262492/; classtype:trojan-activity;sid:84125592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262493/; classtype:trojan-activity;sid:84125593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262494/; classtype:trojan-activity;sid:84125594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262495/; classtype:trojan-activity;sid:84125595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262496/; classtype:trojan-activity;sid:84125596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262497/; classtype:trojan-activity;sid:84125597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262498/; classtype:trojan-activity;sid:84125598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262499/; classtype:trojan-activity;sid:84125599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262500/; classtype:trojan-activity;sid:84125600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262501/; classtype:trojan-activity;sid:84125601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262502/; classtype:trojan-activity;sid:84125602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262473/; classtype:trojan-activity;sid:84125573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262474/; classtype:trojan-activity;sid:84125574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262475/; classtype:trojan-activity;sid:84125575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262476/; classtype:trojan-activity;sid:84125576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262477/; classtype:trojan-activity;sid:84125577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262478/; classtype:trojan-activity;sid:84125578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262479/; classtype:trojan-activity;sid:84125579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262480/; classtype:trojan-activity;sid:84125580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262481/; classtype:trojan-activity;sid:84125581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262464/; classtype:trojan-activity;sid:84125564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262465/; classtype:trojan-activity;sid:84125565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262466/; classtype:trojan-activity;sid:84125566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262467/; classtype:trojan-activity;sid:84125567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262468/; classtype:trojan-activity;sid:84125568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262469/; classtype:trojan-activity;sid:84125569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262470/; classtype:trojan-activity;sid:84125570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262471/; classtype:trojan-activity;sid:84125571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262472/; classtype:trojan-activity;sid:84125572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262462/; classtype:trojan-activity;sid:84125562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262463/; classtype:trojan-activity;sid:84125563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262461/; classtype:trojan-activity;sid:84125561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262459/; classtype:trojan-activity;sid:84125559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262460/; classtype:trojan-activity;sid:84125560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262458/; classtype:trojan-activity;sid:84125558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262456/; classtype:trojan-activity;sid:84125556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-sug.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262457/; classtype:trojan-activity;sid:84125557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262445/; classtype:trojan-activity;sid:84125545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262446/; classtype:trojan-activity;sid:84125546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262447/; classtype:trojan-activity;sid:84125547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262448/; classtype:trojan-activity;sid:84125548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262449/; classtype:trojan-activity;sid:84125549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262450/; classtype:trojan-activity;sid:84125550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262451/; classtype:trojan-activity;sid:84125551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262452/; classtype:trojan-activity;sid:84125552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262453/; classtype:trojan-activity;sid:84125553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262454/; classtype:trojan-activity;sid:84125554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262455/; classtype:trojan-activity;sid:84125555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262439/; classtype:trojan-activity;sid:84125539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262440/; classtype:trojan-activity;sid:84125540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262441/; classtype:trojan-activity;sid:84125541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262442/; classtype:trojan-activity;sid:84125542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262443/; classtype:trojan-activity;sid:84125543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262444/; classtype:trojan-activity;sid:84125544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262433/; classtype:trojan-activity;sid:84125533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262434/; classtype:trojan-activity;sid:84125534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262435/; classtype:trojan-activity;sid:84125535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262436/; classtype:trojan-activity;sid:84125536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262437/; classtype:trojan-activity;sid:84125537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262438/; classtype:trojan-activity;sid:84125538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262418/; classtype:trojan-activity;sid:84125518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262419/; classtype:trojan-activity;sid:84125519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262420/; classtype:trojan-activity;sid:84125520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262421/; classtype:trojan-activity;sid:84125521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262422/; classtype:trojan-activity;sid:84125522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262423/; classtype:trojan-activity;sid:84125523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262424/; classtype:trojan-activity;sid:84125524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262425/; classtype:trojan-activity;sid:84125525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262426/; classtype:trojan-activity;sid:84125526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262427/; classtype:trojan-activity;sid:84125527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262428/; classtype:trojan-activity;sid:84125528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262429/; classtype:trojan-activity;sid:84125529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262430/; classtype:trojan-activity;sid:84125530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262431/; classtype:trojan-activity;sid:84125531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262432/; classtype:trojan-activity;sid:84125532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262407/; classtype:trojan-activity;sid:84125507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262408/; classtype:trojan-activity;sid:84125508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262409/; classtype:trojan-activity;sid:84125509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262410/; classtype:trojan-activity;sid:84125510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262411/; classtype:trojan-activity;sid:84125511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262412/; classtype:trojan-activity;sid:84125512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262413/; classtype:trojan-activity;sid:84125513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262414/; classtype:trojan-activity;sid:84125514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262415/; classtype:trojan-activity;sid:84125515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262416/; classtype:trojan-activity;sid:84125516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262417/; classtype:trojan-activity;sid:84125517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262404/; classtype:trojan-activity;sid:84125504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262405/; classtype:trojan-activity;sid:84125505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262406/; classtype:trojan-activity;sid:84125506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262403/; classtype:trojan-activity;sid:84125503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262397/; classtype:trojan-activity;sid:84125497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262398/; classtype:trojan-activity;sid:84125498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262399/; classtype:trojan-activity;sid:84125499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262400/; classtype:trojan-activity;sid:84125500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262401/; classtype:trojan-activity;sid:84125501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262402/; classtype:trojan-activity;sid:84125502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262394/; classtype:trojan-activity;sid:84125494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262395/; classtype:trojan-activity;sid:84125495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262396/; classtype:trojan-activity;sid:84125496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262392/; classtype:trojan-activity;sid:84125492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262393/; classtype:trojan-activity;sid:84125493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262379/; classtype:trojan-activity;sid:84125479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262380/; classtype:trojan-activity;sid:84125480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262381/; classtype:trojan-activity;sid:84125481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262382/; classtype:trojan-activity;sid:84125482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262383/; classtype:trojan-activity;sid:84125483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262384/; classtype:trojan-activity;sid:84125484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262385/; classtype:trojan-activity;sid:84125485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262386/; classtype:trojan-activity;sid:84125486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262387/; classtype:trojan-activity;sid:84125487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262388/; classtype:trojan-activity;sid:84125488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262389/; classtype:trojan-activity;sid:84125489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262390/; classtype:trojan-activity;sid:84125490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262391/; classtype:trojan-activity;sid:84125491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262367/; classtype:trojan-activity;sid:84125467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262368/; classtype:trojan-activity;sid:84125468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262369/; classtype:trojan-activity;sid:84125469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262370/; classtype:trojan-activity;sid:84125470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262371/; classtype:trojan-activity;sid:84125471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262372/; classtype:trojan-activity;sid:84125472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262373/; classtype:trojan-activity;sid:84125473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262374/; classtype:trojan-activity;sid:84125474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262375/; classtype:trojan-activity;sid:84125475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262376/; classtype:trojan-activity;sid:84125476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262377/; classtype:trojan-activity;sid:84125477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262378/; classtype:trojan-activity;sid:84125478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262359/; classtype:trojan-activity;sid:84125459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262360/; classtype:trojan-activity;sid:84125460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262361/; classtype:trojan-activity;sid:84125461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262362/; classtype:trojan-activity;sid:84125462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262363/; classtype:trojan-activity;sid:84125463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262364/; classtype:trojan-activity;sid:84125464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262365/; classtype:trojan-activity;sid:84125465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262366/; classtype:trojan-activity;sid:84125466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262356/; classtype:trojan-activity;sid:84125456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262357/; classtype:trojan-activity;sid:84125457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262358/; classtype:trojan-activity;sid:84125458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262354/; classtype:trojan-activity;sid:84125454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262355/; classtype:trojan-activity;sid:84125455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262353/; classtype:trojan-activity;sid:84125453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262350/; classtype:trojan-activity;sid:84125450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262351/; classtype:trojan-activity;sid:84125451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262352/; classtype:trojan-activity;sid:84125452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262347/; classtype:trojan-activity;sid:84125447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262348/; classtype:trojan-activity;sid:84125448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262349/; classtype:trojan-activity;sid:84125449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262333/; classtype:trojan-activity;sid:84125433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262334/; classtype:trojan-activity;sid:84125434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262335/; classtype:trojan-activity;sid:84125435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262336/; classtype:trojan-activity;sid:84125436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262337/; classtype:trojan-activity;sid:84125437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262338/; classtype:trojan-activity;sid:84125438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262339/; classtype:trojan-activity;sid:84125439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262340/; classtype:trojan-activity;sid:84125440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262341/; classtype:trojan-activity;sid:84125441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262342/; classtype:trojan-activity;sid:84125442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262343/; classtype:trojan-activity;sid:84125443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262344/; classtype:trojan-activity;sid:84125444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262345/; classtype:trojan-activity;sid:84125445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262346/; classtype:trojan-activity;sid:84125446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262319/; classtype:trojan-activity;sid:84125419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262320/; classtype:trojan-activity;sid:84125420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262321/; classtype:trojan-activity;sid:84125421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262322/; classtype:trojan-activity;sid:84125422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262323/; classtype:trojan-activity;sid:84125423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262324/; classtype:trojan-activity;sid:84125424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262325/; classtype:trojan-activity;sid:84125425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262326/; classtype:trojan-activity;sid:84125426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262327/; classtype:trojan-activity;sid:84125427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262328/; classtype:trojan-activity;sid:84125428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262329/; classtype:trojan-activity;sid:84125429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262330/; classtype:trojan-activity;sid:84125430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262331/; classtype:trojan-activity;sid:84125431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262332/; classtype:trojan-activity;sid:84125432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262315/; classtype:trojan-activity;sid:84125415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262316/; classtype:trojan-activity;sid:84125416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262317/; classtype:trojan-activity;sid:84125417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262318/; classtype:trojan-activity;sid:84125418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262314/; classtype:trojan-activity;sid:84125414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262312/; classtype:trojan-activity;sid:84125412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262313/; classtype:trojan-activity;sid:84125413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262310/; classtype:trojan-activity;sid:84125410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262311/; classtype:trojan-activity;sid:84125411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262309/; classtype:trojan-activity;sid:84125409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262281/; classtype:trojan-activity;sid:84125381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262282/; classtype:trojan-activity;sid:84125382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262283/; classtype:trojan-activity;sid:84125383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262284/; classtype:trojan-activity;sid:84125384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262285/; classtype:trojan-activity;sid:84125385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262286/; classtype:trojan-activity;sid:84125386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262287/; classtype:trojan-activity;sid:84125387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262288/; classtype:trojan-activity;sid:84125388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262289/; classtype:trojan-activity;sid:84125389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262290/; classtype:trojan-activity;sid:84125390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262291/; classtype:trojan-activity;sid:84125391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262292/; classtype:trojan-activity;sid:84125392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262293/; classtype:trojan-activity;sid:84125393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262294/; classtype:trojan-activity;sid:84125394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262295/; classtype:trojan-activity;sid:84125395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262296/; classtype:trojan-activity;sid:84125396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262297/; classtype:trojan-activity;sid:84125397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262298/; classtype:trojan-activity;sid:84125398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262299/; classtype:trojan-activity;sid:84125399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262300/; classtype:trojan-activity;sid:84125400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262301/; classtype:trojan-activity;sid:84125401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262302/; classtype:trojan-activity;sid:84125402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262303/; classtype:trojan-activity;sid:84125403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262304/; classtype:trojan-activity;sid:84125404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262305/; classtype:trojan-activity;sid:84125405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262306/; classtype:trojan-activity;sid:84125406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262307/; classtype:trojan-activity;sid:84125407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262308/; classtype:trojan-activity;sid:84125408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262279/; classtype:trojan-activity;sid:84125379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262280/; classtype:trojan-activity;sid:84125380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262276/; classtype:trojan-activity;sid:84125376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262277/; classtype:trojan-activity;sid:84125377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262278/; classtype:trojan-activity;sid:84125378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262273/; classtype:trojan-activity;sid:84125373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262274/; classtype:trojan-activity;sid:84125374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262275/; classtype:trojan-activity;sid:84125375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262270/; classtype:trojan-activity;sid:84125370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262271/; classtype:trojan-activity;sid:84125371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262272/; classtype:trojan-activity;sid:84125372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-syt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262269/; classtype:trojan-activity;sid:84125369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262263/; classtype:trojan-activity;sid:84125363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262264/; classtype:trojan-activity;sid:84125364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262265/; classtype:trojan-activity;sid:84125365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262266/; classtype:trojan-activity;sid:84125366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262267/; classtype:trojan-activity;sid:84125367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262268/; classtype:trojan-activity;sid:84125368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262261/; classtype:trojan-activity;sid:84125361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262262/; classtype:trojan-activity;sid:84125362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262246/; classtype:trojan-activity;sid:84125346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262247/; classtype:trojan-activity;sid:84125347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262248/; classtype:trojan-activity;sid:84125348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262249/; classtype:trojan-activity;sid:84125349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262250/; classtype:trojan-activity;sid:84125350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262251/; classtype:trojan-activity;sid:84125351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262252/; classtype:trojan-activity;sid:84125352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262253/; classtype:trojan-activity;sid:84125353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262254/; classtype:trojan-activity;sid:84125354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262255/; classtype:trojan-activity;sid:84125355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262256/; classtype:trojan-activity;sid:84125356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262257/; classtype:trojan-activity;sid:84125357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262258/; classtype:trojan-activity;sid:84125358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262259/; classtype:trojan-activity;sid:84125359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262260/; classtype:trojan-activity;sid:84125360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262240/; classtype:trojan-activity;sid:84125340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262241/; classtype:trojan-activity;sid:84125341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262242/; classtype:trojan-activity;sid:84125342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262243/; classtype:trojan-activity;sid:84125343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262244/; classtype:trojan-activity;sid:84125344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262245/; classtype:trojan-activity;sid:84125345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262227/; classtype:trojan-activity;sid:84125327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262228/; classtype:trojan-activity;sid:84125328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262229/; classtype:trojan-activity;sid:84125329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262230/; classtype:trojan-activity;sid:84125330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262231/; classtype:trojan-activity;sid:84125331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262232/; classtype:trojan-activity;sid:84125332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262233/; classtype:trojan-activity;sid:84125333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262234/; classtype:trojan-activity;sid:84125334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262235/; classtype:trojan-activity;sid:84125335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262236/; classtype:trojan-activity;sid:84125336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262237/; classtype:trojan-activity;sid:84125337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262238/; classtype:trojan-activity;sid:84125338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262239/; classtype:trojan-activity;sid:84125339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262226/; classtype:trojan-activity;sid:84125326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262223/; classtype:trojan-activity;sid:84125323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262224/; classtype:trojan-activity;sid:84125324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262225/; classtype:trojan-activity;sid:84125325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262212/; classtype:trojan-activity;sid:84125312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262213/; classtype:trojan-activity;sid:84125313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262214/; classtype:trojan-activity;sid:84125314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262215/; classtype:trojan-activity;sid:84125315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262216/; classtype:trojan-activity;sid:84125316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262217/; classtype:trojan-activity;sid:84125317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262218/; classtype:trojan-activity;sid:84125318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262219/; classtype:trojan-activity;sid:84125319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262220/; classtype:trojan-activity;sid:84125320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262221/; classtype:trojan-activity;sid:84125321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262222/; classtype:trojan-activity;sid:84125322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262211/; classtype:trojan-activity;sid:84125311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262203/; classtype:trojan-activity;sid:84125303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262204/; classtype:trojan-activity;sid:84125304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262205/; classtype:trojan-activity;sid:84125305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262206/; classtype:trojan-activity;sid:84125306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262207/; classtype:trojan-activity;sid:84125307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262208/; classtype:trojan-activity;sid:84125308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262209/; classtype:trojan-activity;sid:84125309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262210/; classtype:trojan-activity;sid:84125310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262197/; classtype:trojan-activity;sid:84125297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262198/; classtype:trojan-activity;sid:84125298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262199/; classtype:trojan-activity;sid:84125299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262200/; classtype:trojan-activity;sid:84125300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262201/; classtype:trojan-activity;sid:84125301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262202/; classtype:trojan-activity;sid:84125302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262188/; classtype:trojan-activity;sid:84125288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262189/; classtype:trojan-activity;sid:84125289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262190/; classtype:trojan-activity;sid:84125290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262191/; classtype:trojan-activity;sid:84125291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262192/; classtype:trojan-activity;sid:84125292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262193/; classtype:trojan-activity;sid:84125293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262194/; classtype:trojan-activity;sid:84125294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262195/; classtype:trojan-activity;sid:84125295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262196/; classtype:trojan-activity;sid:84125296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262181/; classtype:trojan-activity;sid:84125281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262182/; classtype:trojan-activity;sid:84125282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262183/; classtype:trojan-activity;sid:84125283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262184/; classtype:trojan-activity;sid:84125284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262185/; classtype:trojan-activity;sid:84125285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262186/; classtype:trojan-activity;sid:84125286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262187/; classtype:trojan-activity;sid:84125287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262179/; classtype:trojan-activity;sid:84125279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262180/; classtype:trojan-activity;sid:84125280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262174/; classtype:trojan-activity;sid:84125274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262175/; classtype:trojan-activity;sid:84125275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262176/; classtype:trojan-activity;sid:84125276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262177/; classtype:trojan-activity;sid:84125277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262178/; classtype:trojan-activity;sid:84125278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262167/; classtype:trojan-activity;sid:84125267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262168/; classtype:trojan-activity;sid:84125268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262169/; classtype:trojan-activity;sid:84125269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262170/; classtype:trojan-activity;sid:84125270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262171/; classtype:trojan-activity;sid:84125271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262172/; classtype:trojan-activity;sid:84125272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262173/; classtype:trojan-activity;sid:84125273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262161/; classtype:trojan-activity;sid:84125261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262162/; classtype:trojan-activity;sid:84125262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262163/; classtype:trojan-activity;sid:84125263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262164/; classtype:trojan-activity;sid:84125264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262165/; classtype:trojan-activity;sid:84125265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262166/; classtype:trojan-activity;sid:84125266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262158/; classtype:trojan-activity;sid:84125258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262159/; classtype:trojan-activity;sid:84125259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262160/; classtype:trojan-activity;sid:84125260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262148/; classtype:trojan-activity;sid:84125248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262149/; classtype:trojan-activity;sid:84125249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262150/; classtype:trojan-activity;sid:84125250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262151/; classtype:trojan-activity;sid:84125251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262152/; classtype:trojan-activity;sid:84125252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262153/; classtype:trojan-activity;sid:84125253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262154/; classtype:trojan-activity;sid:84125254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262155/; classtype:trojan-activity;sid:84125255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262156/; classtype:trojan-activity;sid:84125256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262157/; classtype:trojan-activity;sid:84125257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262137/; classtype:trojan-activity;sid:84125237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262138/; classtype:trojan-activity;sid:84125238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262139/; classtype:trojan-activity;sid:84125239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262140/; classtype:trojan-activity;sid:84125240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262141/; classtype:trojan-activity;sid:84125241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262142/; classtype:trojan-activity;sid:84125242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262143/; classtype:trojan-activity;sid:84125243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262144/; classtype:trojan-activity;sid:84125244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262145/; classtype:trojan-activity;sid:84125245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262146/; classtype:trojan-activity;sid:84125246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262147/; classtype:trojan-activity;sid:84125247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262134/; classtype:trojan-activity;sid:84125234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262135/; classtype:trojan-activity;sid:84125235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262136/; classtype:trojan-activity;sid:84125236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262132/; classtype:trojan-activity;sid:84125232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262133/; classtype:trojan-activity;sid:84125233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262125/; classtype:trojan-activity;sid:84125225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262126/; classtype:trojan-activity;sid:84125226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262127/; classtype:trojan-activity;sid:84125227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262128/; classtype:trojan-activity;sid:84125228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262129/; classtype:trojan-activity;sid:84125229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262130/; classtype:trojan-activity;sid:84125230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262131/; classtype:trojan-activity;sid:84125231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262113/; classtype:trojan-activity;sid:84125213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262114/; classtype:trojan-activity;sid:84125214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262115/; classtype:trojan-activity;sid:84125215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262116/; classtype:trojan-activity;sid:84125216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262117/; classtype:trojan-activity;sid:84125217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262118/; classtype:trojan-activity;sid:84125218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262119/; classtype:trojan-activity;sid:84125219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262120/; classtype:trojan-activity;sid:84125220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262121/; classtype:trojan-activity;sid:84125221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262122/; classtype:trojan-activity;sid:84125222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262123/; classtype:trojan-activity;sid:84125223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262124/; classtype:trojan-activity;sid:84125224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262105/; classtype:trojan-activity;sid:84125205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262106/; classtype:trojan-activity;sid:84125206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262107/; classtype:trojan-activity;sid:84125207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262108/; classtype:trojan-activity;sid:84125208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262109/; classtype:trojan-activity;sid:84125209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262110/; classtype:trojan-activity;sid:84125210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262111/; classtype:trojan-activity;sid:84125211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262112/; classtype:trojan-activity;sid:84125212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262092/; classtype:trojan-activity;sid:84125192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262093/; classtype:trojan-activity;sid:84125193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262094/; classtype:trojan-activity;sid:84125194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262095/; classtype:trojan-activity;sid:84125195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262096/; classtype:trojan-activity;sid:84125196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262097/; classtype:trojan-activity;sid:84125197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262098/; classtype:trojan-activity;sid:84125198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262099/; classtype:trojan-activity;sid:84125199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262100/; classtype:trojan-activity;sid:84125200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262101/; classtype:trojan-activity;sid:84125201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262102/; classtype:trojan-activity;sid:84125202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262103/; classtype:trojan-activity;sid:84125203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262104/; classtype:trojan-activity;sid:84125204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262090/; classtype:trojan-activity;sid:84125190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262091/; classtype:trojan-activity;sid:84125191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262089/; classtype:trojan-activity;sid:84125189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262086/; classtype:trojan-activity;sid:84125186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262087/; classtype:trojan-activity;sid:84125187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262088/; classtype:trojan-activity;sid:84125188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262084/; classtype:trojan-activity;sid:84125184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262085/; classtype:trojan-activity;sid:84125185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262082/; classtype:trojan-activity;sid:84125182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-fst.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262083/; classtype:trojan-activity;sid:84125183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262067/; classtype:trojan-activity;sid:84125167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262068/; classtype:trojan-activity;sid:84125168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262069/; classtype:trojan-activity;sid:84125169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262070/; classtype:trojan-activity;sid:84125170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262071/; classtype:trojan-activity;sid:84125171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262072/; classtype:trojan-activity;sid:84125172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262073/; classtype:trojan-activity;sid:84125173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262074/; classtype:trojan-activity;sid:84125174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262075/; classtype:trojan-activity;sid:84125175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262076/; classtype:trojan-activity;sid:84125176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262077/; classtype:trojan-activity;sid:84125177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262078/; classtype:trojan-activity;sid:84125178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262079/; classtype:trojan-activity;sid:84125179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262080/; classtype:trojan-activity;sid:84125180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262081/; classtype:trojan-activity;sid:84125181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262061/; classtype:trojan-activity;sid:84125161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262062/; classtype:trojan-activity;sid:84125162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262063/; classtype:trojan-activity;sid:84125163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262064/; classtype:trojan-activity;sid:84125164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262065/; classtype:trojan-activity;sid:84125165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262066/; classtype:trojan-activity;sid:84125166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262052/; classtype:trojan-activity;sid:84125152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262053/; classtype:trojan-activity;sid:84125153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262054/; classtype:trojan-activity;sid:84125154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262055/; classtype:trojan-activity;sid:84125155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262056/; classtype:trojan-activity;sid:84125156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262057/; classtype:trojan-activity;sid:84125157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262058/; classtype:trojan-activity;sid:84125158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262059/; classtype:trojan-activity;sid:84125159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262060/; classtype:trojan-activity;sid:84125160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262050/; classtype:trojan-activity;sid:84125150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262051/; classtype:trojan-activity;sid:84125151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262039/; classtype:trojan-activity;sid:84125139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262040/; classtype:trojan-activity;sid:84125140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262041/; classtype:trojan-activity;sid:84125141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262042/; classtype:trojan-activity;sid:84125142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262043/; classtype:trojan-activity;sid:84125143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262044/; classtype:trojan-activity;sid:84125144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262045/; classtype:trojan-activity;sid:84125145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262046/; classtype:trojan-activity;sid:84125146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262047/; classtype:trojan-activity;sid:84125147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262048/; classtype:trojan-activity;sid:84125148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262049/; classtype:trojan-activity;sid:84125149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262033/; classtype:trojan-activity;sid:84125133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262034/; classtype:trojan-activity;sid:84125134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262035/; classtype:trojan-activity;sid:84125135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262036/; classtype:trojan-activity;sid:84125136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262037/; classtype:trojan-activity;sid:84125137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262038/; classtype:trojan-activity;sid:84125138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262028/; classtype:trojan-activity;sid:84125128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262029/; classtype:trojan-activity;sid:84125129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262030/; classtype:trojan-activity;sid:84125130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262031/; classtype:trojan-activity;sid:84125131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262032/; classtype:trojan-activity;sid:84125132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262027/; classtype:trojan-activity;sid:84125127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262023/; classtype:trojan-activity;sid:84125123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262024/; classtype:trojan-activity;sid:84125124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262025/; classtype:trojan-activity;sid:84125125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262026/; classtype:trojan-activity;sid:84125126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262019/; classtype:trojan-activity;sid:84125119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262020/; classtype:trojan-activity;sid:84125120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262021/; classtype:trojan-activity;sid:84125121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262022/; classtype:trojan-activity;sid:84125122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262009/; classtype:trojan-activity;sid:84125109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262010/; classtype:trojan-activity;sid:84125110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262011/; classtype:trojan-activity;sid:84125111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262012/; classtype:trojan-activity;sid:84125112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262013/; classtype:trojan-activity;sid:84125113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262014/; classtype:trojan-activity;sid:84125114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262015/; classtype:trojan-activity;sid:84125115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262016/; classtype:trojan-activity;sid:84125116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262017/; classtype:trojan-activity;sid:84125117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262018/; classtype:trojan-activity;sid:84125118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262001/; classtype:trojan-activity;sid:84125101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262002/; classtype:trojan-activity;sid:84125102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262003/; classtype:trojan-activity;sid:84125103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262004/; classtype:trojan-activity;sid:84125104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262005/; classtype:trojan-activity;sid:84125105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262006/; classtype:trojan-activity;sid:84125106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262007/; classtype:trojan-activity;sid:84125107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262008/; classtype:trojan-activity;sid:84125108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261991/; classtype:trojan-activity;sid:84125091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261992/; classtype:trojan-activity;sid:84125092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261993/; classtype:trojan-activity;sid:84125093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261994/; classtype:trojan-activity;sid:84125094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261995/; classtype:trojan-activity;sid:84125095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261996/; classtype:trojan-activity;sid:84125096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.79.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261997/; classtype:trojan-activity;sid:84125097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261998/; classtype:trojan-activity;sid:84125098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261999/; classtype:trojan-activity;sid:84125099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3262000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3262000/; classtype:trojan-activity;sid:84125100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261987/; classtype:trojan-activity;sid:84125087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261988/; classtype:trojan-activity;sid:84125088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261989/; classtype:trojan-activity;sid:84125089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261990/; classtype:trojan-activity;sid:84125090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261983/; classtype:trojan-activity;sid:84125083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261984/; classtype:trojan-activity;sid:84125084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261985/; classtype:trojan-activity;sid:84125085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261986/; classtype:trojan-activity;sid:84125086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261979/; classtype:trojan-activity;sid:84125079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261980/; classtype:trojan-activity;sid:84125080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261981/; classtype:trojan-activity;sid:84125081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261982/; classtype:trojan-activity;sid:84125082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261976/; classtype:trojan-activity;sid:84125076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261977/; classtype:trojan-activity;sid:84125077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261978/; classtype:trojan-activity;sid:84125078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261966/; classtype:trojan-activity;sid:84125066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261967/; classtype:trojan-activity;sid:84125067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261968/; classtype:trojan-activity;sid:84125068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261969/; classtype:trojan-activity;sid:84125069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261970/; classtype:trojan-activity;sid:84125070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261971/; classtype:trojan-activity;sid:84125071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261972/; classtype:trojan-activity;sid:84125072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261973/; classtype:trojan-activity;sid:84125073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261974/; classtype:trojan-activity;sid:84125074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261975/; classtype:trojan-activity;sid:84125075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261954/; classtype:trojan-activity;sid:84125054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261955/; classtype:trojan-activity;sid:84125055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261956/; classtype:trojan-activity;sid:84125056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261957/; classtype:trojan-activity;sid:84125057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261958/; classtype:trojan-activity;sid:84125058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261959/; classtype:trojan-activity;sid:84125059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261960/; classtype:trojan-activity;sid:84125060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261961/; classtype:trojan-activity;sid:84125061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261962/; classtype:trojan-activity;sid:84125062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261963/; classtype:trojan-activity;sid:84125063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261964/; classtype:trojan-activity;sid:84125064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261965/; classtype:trojan-activity;sid:84125065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261947/; classtype:trojan-activity;sid:84125047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261948/; classtype:trojan-activity;sid:84125048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261949/; classtype:trojan-activity;sid:84125049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261950/; classtype:trojan-activity;sid:84125050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261951/; classtype:trojan-activity;sid:84125051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261952/; classtype:trojan-activity;sid:84125052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261953/; classtype:trojan-activity;sid:84125053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261946/; classtype:trojan-activity;sid:84125046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261944/; classtype:trojan-activity;sid:84125044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261945/; classtype:trojan-activity;sid:84125045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261940/; classtype:trojan-activity;sid:84125040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261941/; classtype:trojan-activity;sid:84125041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261942/; classtype:trojan-activity;sid:84125042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261943/; classtype:trojan-activity;sid:84125043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261936/; classtype:trojan-activity;sid:84125036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261937/; classtype:trojan-activity;sid:84125037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261938/; classtype:trojan-activity;sid:84125038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261939/; classtype:trojan-activity;sid:84125039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261924/; classtype:trojan-activity;sid:84125024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261925/; classtype:trojan-activity;sid:84125025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261926/; classtype:trojan-activity;sid:84125026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261927/; classtype:trojan-activity;sid:84125027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261928/; classtype:trojan-activity;sid:84125028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261929/; classtype:trojan-activity;sid:84125029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261930/; classtype:trojan-activity;sid:84125030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261931/; classtype:trojan-activity;sid:84125031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261932/; classtype:trojan-activity;sid:84125032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261933/; classtype:trojan-activity;sid:84125033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261934/; classtype:trojan-activity;sid:84125034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261935/; classtype:trojan-activity;sid:84125035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.190.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261901/; classtype:trojan-activity;sid:84125001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261902/; classtype:trojan-activity;sid:84125002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261903/; classtype:trojan-activity;sid:84125003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261904/; classtype:trojan-activity;sid:84125004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261905/; classtype:trojan-activity;sid:84125005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261906/; classtype:trojan-activity;sid:84125006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261907/; classtype:trojan-activity;sid:84125007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261908/; classtype:trojan-activity;sid:84125008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261909/; classtype:trojan-activity;sid:84125009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261910/; classtype:trojan-activity;sid:84125010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261911/; classtype:trojan-activity;sid:84125011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261912/; classtype:trojan-activity;sid:84125012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261913/; classtype:trojan-activity;sid:84125013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261914/; classtype:trojan-activity;sid:84125014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261915/; classtype:trojan-activity;sid:84125015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261916/; classtype:trojan-activity;sid:84125016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261917/; classtype:trojan-activity;sid:84125017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261918/; classtype:trojan-activity;sid:84125018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261919/; classtype:trojan-activity;sid:84125019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261920/; classtype:trojan-activity;sid:84125020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261921/; classtype:trojan-activity;sid:84125021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261922/; classtype:trojan-activity;sid:84125022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261923/; classtype:trojan-activity;sid:84125023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261900/; classtype:trojan-activity;sid:84125000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261899/; classtype:trojan-activity;sid:84124999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261898/; classtype:trojan-activity;sid:84124998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261893/; classtype:trojan-activity;sid:84124993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261894/; classtype:trojan-activity;sid:84124994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261895/; classtype:trojan-activity;sid:84124995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261896/; classtype:trojan-activity;sid:84124996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-blp.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261897/; classtype:trojan-activity;sid:84124997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installer.exe"; depth:14; endswith; nocase; http.host; content:"mcrogers.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261892/; classtype:trojan-activity;sid:84124992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261891/; classtype:trojan-activity;sid:84124991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261887/; classtype:trojan-activity;sid:84124987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261888/; classtype:trojan-activity;sid:84124988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261889/; classtype:trojan-activity;sid:84124989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261890/; classtype:trojan-activity;sid:84124990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261883/; classtype:trojan-activity;sid:84124983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261884/; classtype:trojan-activity;sid:84124984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261885/; classtype:trojan-activity;sid:84124985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261886/; classtype:trojan-activity;sid:84124986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261880/; classtype:trojan-activity;sid:84124980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261881/; classtype:trojan-activity;sid:84124981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261882/; classtype:trojan-activity;sid:84124982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261877/; classtype:trojan-activity;sid:84124977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261878/; classtype:trojan-activity;sid:84124978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261879/; classtype:trojan-activity;sid:84124979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261876/; classtype:trojan-activity;sid:84124976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261875/; classtype:trojan-activity;sid:84124975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261874/; classtype:trojan-activity;sid:84124974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261869/; classtype:trojan-activity;sid:84124969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261870/; classtype:trojan-activity;sid:84124970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261871/; classtype:trojan-activity;sid:84124971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261872/; classtype:trojan-activity;sid:84124972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261873/; classtype:trojan-activity;sid:84124973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261867/; classtype:trojan-activity;sid:84124967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261868/; classtype:trojan-activity;sid:84124968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261862/; classtype:trojan-activity;sid:84124962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261863/; classtype:trojan-activity;sid:84124963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261864/; classtype:trojan-activity;sid:84124964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261865/; classtype:trojan-activity;sid:84124965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261866/; classtype:trojan-activity;sid:84124966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261860/; classtype:trojan-activity;sid:84124960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261861/; classtype:trojan-activity;sid:84124961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261857/; classtype:trojan-activity;sid:84124957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261858/; classtype:trojan-activity;sid:84124958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261859/; classtype:trojan-activity;sid:84124959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261855/; classtype:trojan-activity;sid:84124955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261856/; classtype:trojan-activity;sid:84124956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261853/; classtype:trojan-activity;sid:84124953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261854/; classtype:trojan-activity;sid:84124954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261847/; classtype:trojan-activity;sid:84124947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261848/; classtype:trojan-activity;sid:84124948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261849/; classtype:trojan-activity;sid:84124949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261850/; classtype:trojan-activity;sid:84124950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261851/; classtype:trojan-activity;sid:84124951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261852/; classtype:trojan-activity;sid:84124952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261840/; classtype:trojan-activity;sid:84124940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261841/; classtype:trojan-activity;sid:84124941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261842/; classtype:trojan-activity;sid:84124942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261843/; classtype:trojan-activity;sid:84124943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261844/; classtype:trojan-activity;sid:84124944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261845/; classtype:trojan-activity;sid:84124945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261846/; classtype:trojan-activity;sid:84124946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261839/; classtype:trojan-activity;sid:84124939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261838/; classtype:trojan-activity;sid:84124938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261836/; classtype:trojan-activity;sid:84124936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261837/; classtype:trojan-activity;sid:84124937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261828/; classtype:trojan-activity;sid:84124928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261829/; classtype:trojan-activity;sid:84124929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261830/; classtype:trojan-activity;sid:84124930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261831/; classtype:trojan-activity;sid:84124931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261832/; classtype:trojan-activity;sid:84124932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261833/; classtype:trojan-activity;sid:84124933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261834/; classtype:trojan-activity;sid:84124934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261835/; classtype:trojan-activity;sid:84124935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261826/; classtype:trojan-activity;sid:84124926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261827/; classtype:trojan-activity;sid:84124927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261824/; classtype:trojan-activity;sid:84124924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261825/; classtype:trojan-activity;sid:84124925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261820/; classtype:trojan-activity;sid:84124920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261821/; classtype:trojan-activity;sid:84124921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261822/; classtype:trojan-activity;sid:84124922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261823/; classtype:trojan-activity;sid:84124923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261819/; classtype:trojan-activity;sid:84124919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261818/; classtype:trojan-activity;sid:84124918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261817/; classtype:trojan-activity;sid:84124917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261816/; classtype:trojan-activity;sid:84124916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261812/; classtype:trojan-activity;sid:84124912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261813/; classtype:trojan-activity;sid:84124913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261814/; classtype:trojan-activity;sid:84124914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261815/; classtype:trojan-activity;sid:84124915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261810/; classtype:trojan-activity;sid:84124910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261811/; classtype:trojan-activity;sid:84124911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261806/; classtype:trojan-activity;sid:84124906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261807/; classtype:trojan-activity;sid:84124907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261808/; classtype:trojan-activity;sid:84124908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261809/; classtype:trojan-activity;sid:84124909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261805/; classtype:trojan-activity;sid:84124905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261801/; classtype:trojan-activity;sid:84124901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261802/; classtype:trojan-activity;sid:84124902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261803/; classtype:trojan-activity;sid:84124903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261804/; classtype:trojan-activity;sid:84124904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261795/; classtype:trojan-activity;sid:84124895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261796/; classtype:trojan-activity;sid:84124896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261797/; classtype:trojan-activity;sid:84124897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261798/; classtype:trojan-activity;sid:84124898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261799/; classtype:trojan-activity;sid:84124899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261800/; classtype:trojan-activity;sid:84124900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261791/; classtype:trojan-activity;sid:84124891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261792/; classtype:trojan-activity;sid:84124892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261793/; classtype:trojan-activity;sid:84124893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261794/; classtype:trojan-activity;sid:84124894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261787/; classtype:trojan-activity;sid:84124887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261788/; classtype:trojan-activity;sid:84124888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261789/; classtype:trojan-activity;sid:84124889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261790/; classtype:trojan-activity;sid:84124890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261786/; classtype:trojan-activity;sid:84124886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261782/; classtype:trojan-activity;sid:84124882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261783/; classtype:trojan-activity;sid:84124883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261784/; classtype:trojan-activity;sid:84124884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261785/; classtype:trojan-activity;sid:84124885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261778/; classtype:trojan-activity;sid:84124878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261779/; classtype:trojan-activity;sid:84124879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261780/; classtype:trojan-activity;sid:84124880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261781/; classtype:trojan-activity;sid:84124881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261773/; classtype:trojan-activity;sid:84124873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261774/; classtype:trojan-activity;sid:84124874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261775/; classtype:trojan-activity;sid:84124875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261776/; classtype:trojan-activity;sid:84124876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261777/; classtype:trojan-activity;sid:84124877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261771/; classtype:trojan-activity;sid:84124871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261772/; classtype:trojan-activity;sid:84124872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261770/; classtype:trojan-activity;sid:84124870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261768/; classtype:trojan-activity;sid:84124868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261769/; classtype:trojan-activity;sid:84124869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261766/; classtype:trojan-activity;sid:84124866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261767/; classtype:trojan-activity;sid:84124867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261762/; classtype:trojan-activity;sid:84124862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261763/; classtype:trojan-activity;sid:84124863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261764/; classtype:trojan-activity;sid:84124864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261765/; classtype:trojan-activity;sid:84124865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261761/; classtype:trojan-activity;sid:84124861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261759/; classtype:trojan-activity;sid:84124859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261760/; classtype:trojan-activity;sid:84124860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261757/; classtype:trojan-activity;sid:84124857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261758/; classtype:trojan-activity;sid:84124858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261754/; classtype:trojan-activity;sid:84124854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261755/; classtype:trojan-activity;sid:84124855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261756/; classtype:trojan-activity;sid:84124856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261744/; classtype:trojan-activity;sid:84124844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261745/; classtype:trojan-activity;sid:84124845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261746/; classtype:trojan-activity;sid:84124846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261747/; classtype:trojan-activity;sid:84124847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261748/; classtype:trojan-activity;sid:84124848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261749/; classtype:trojan-activity;sid:84124849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261750/; classtype:trojan-activity;sid:84124850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261751/; classtype:trojan-activity;sid:84124851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261752/; classtype:trojan-activity;sid:84124852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261753/; classtype:trojan-activity;sid:84124853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261741/; classtype:trojan-activity;sid:84124841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261742/; classtype:trojan-activity;sid:84124842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261743/; classtype:trojan-activity;sid:84124843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261740/; classtype:trojan-activity;sid:84124840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261733/; classtype:trojan-activity;sid:84124833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261734/; classtype:trojan-activity;sid:84124834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261735/; classtype:trojan-activity;sid:84124835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261736/; classtype:trojan-activity;sid:84124836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261737/; classtype:trojan-activity;sid:84124837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261738/; classtype:trojan-activity;sid:84124838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261739/; classtype:trojan-activity;sid:84124839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261730/; classtype:trojan-activity;sid:84124830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261731/; classtype:trojan-activity;sid:84124831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261732/; classtype:trojan-activity;sid:84124832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261727/; classtype:trojan-activity;sid:84124827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261728/; classtype:trojan-activity;sid:84124828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261729/; classtype:trojan-activity;sid:84124829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261725/; classtype:trojan-activity;sid:84124825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261726/; classtype:trojan-activity;sid:84124826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261724/; classtype:trojan-activity;sid:84124824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261720/; classtype:trojan-activity;sid:84124820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261721/; classtype:trojan-activity;sid:84124821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261722/; classtype:trojan-activity;sid:84124822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261723/; classtype:trojan-activity;sid:84124823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261715/; classtype:trojan-activity;sid:84124815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261716/; classtype:trojan-activity;sid:84124816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261717/; classtype:trojan-activity;sid:84124817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261718/; classtype:trojan-activity;sid:84124818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261719/; classtype:trojan-activity;sid:84124819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261714/; classtype:trojan-activity;sid:84124814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261713/; classtype:trojan-activity;sid:84124813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261711/; classtype:trojan-activity;sid:84124811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261712/; classtype:trojan-activity;sid:84124812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261709/; classtype:trojan-activity;sid:84124809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261710/; classtype:trojan-activity;sid:84124810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261707/; classtype:trojan-activity;sid:84124807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261708/; classtype:trojan-activity;sid:84124808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261701/; classtype:trojan-activity;sid:84124801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261702/; classtype:trojan-activity;sid:84124802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261703/; classtype:trojan-activity;sid:84124803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261704/; classtype:trojan-activity;sid:84124804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261705/; classtype:trojan-activity;sid:84124805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261706/; classtype:trojan-activity;sid:84124806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261700/; classtype:trojan-activity;sid:84124800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261699/; classtype:trojan-activity;sid:84124799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261695/; classtype:trojan-activity;sid:84124795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261696/; classtype:trojan-activity;sid:84124796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261697/; classtype:trojan-activity;sid:84124797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261698/; classtype:trojan-activity;sid:84124798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261693/; classtype:trojan-activity;sid:84124793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261694/; classtype:trojan-activity;sid:84124794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261692/; classtype:trojan-activity;sid:84124792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261690/; classtype:trojan-activity;sid:84124790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261691/; classtype:trojan-activity;sid:84124791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261687/; classtype:trojan-activity;sid:84124787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261688/; classtype:trojan-activity;sid:84124788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261689/; classtype:trojan-activity;sid:84124789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261684/; classtype:trojan-activity;sid:84124784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261685/; classtype:trojan-activity;sid:84124785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261686/; classtype:trojan-activity;sid:84124786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261676/; classtype:trojan-activity;sid:84124776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261677/; classtype:trojan-activity;sid:84124777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261678/; classtype:trojan-activity;sid:84124778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261679/; classtype:trojan-activity;sid:84124779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261680/; classtype:trojan-activity;sid:84124780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261681/; classtype:trojan-activity;sid:84124781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261682/; classtype:trojan-activity;sid:84124782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261683/; classtype:trojan-activity;sid:84124783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261674/; classtype:trojan-activity;sid:84124774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261675/; classtype:trojan-activity;sid:84124775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261673/; classtype:trojan-activity;sid:84124773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261668/; classtype:trojan-activity;sid:84124768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261669/; classtype:trojan-activity;sid:84124769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261670/; classtype:trojan-activity;sid:84124770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261671/; classtype:trojan-activity;sid:84124771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261672/; classtype:trojan-activity;sid:84124772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261666/; classtype:trojan-activity;sid:84124766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261667/; classtype:trojan-activity;sid:84124767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261665/; classtype:trojan-activity;sid:84124765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261661/; classtype:trojan-activity;sid:84124761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261662/; classtype:trojan-activity;sid:84124762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261663/; classtype:trojan-activity;sid:84124763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261664/; classtype:trojan-activity;sid:84124764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261658/; classtype:trojan-activity;sid:84124758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261659/; classtype:trojan-activity;sid:84124759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261660/; classtype:trojan-activity;sid:84124760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261657/; classtype:trojan-activity;sid:84124757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261655/; classtype:trojan-activity;sid:84124755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261656/; classtype:trojan-activity;sid:84124756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261653/; classtype:trojan-activity;sid:84124753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261654/; classtype:trojan-activity;sid:84124754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261652/; classtype:trojan-activity;sid:84124752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261650/; classtype:trojan-activity;sid:84124750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261651/; classtype:trojan-activity;sid:84124751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261649/; classtype:trojan-activity;sid:84124749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261648/; classtype:trojan-activity;sid:84124748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261646/; classtype:trojan-activity;sid:84124746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261647/; classtype:trojan-activity;sid:84124747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261639/; classtype:trojan-activity;sid:84124739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261640/; classtype:trojan-activity;sid:84124740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261641/; classtype:trojan-activity;sid:84124741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261642/; classtype:trojan-activity;sid:84124742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261643/; classtype:trojan-activity;sid:84124743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261644/; classtype:trojan-activity;sid:84124744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261645/; classtype:trojan-activity;sid:84124745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261635/; classtype:trojan-activity;sid:84124735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261636/; classtype:trojan-activity;sid:84124736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261637/; classtype:trojan-activity;sid:84124737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261638/; classtype:trojan-activity;sid:84124738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261633/; classtype:trojan-activity;sid:84124733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261634/; classtype:trojan-activity;sid:84124734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261631/; classtype:trojan-activity;sid:84124731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261632/; classtype:trojan-activity;sid:84124732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261629/; classtype:trojan-activity;sid:84124729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261630/; classtype:trojan-activity;sid:84124730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261625/; classtype:trojan-activity;sid:84124725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261626/; classtype:trojan-activity;sid:84124726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261627/; classtype:trojan-activity;sid:84124727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261628/; classtype:trojan-activity;sid:84124728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261620/; classtype:trojan-activity;sid:84124720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261621/; classtype:trojan-activity;sid:84124721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261622/; classtype:trojan-activity;sid:84124722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261623/; classtype:trojan-activity;sid:84124723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261624/; classtype:trojan-activity;sid:84124724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261619/; classtype:trojan-activity;sid:84124719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261614/; classtype:trojan-activity;sid:84124714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261615/; classtype:trojan-activity;sid:84124715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261616/; classtype:trojan-activity;sid:84124716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261617/; classtype:trojan-activity;sid:84124717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261618/; classtype:trojan-activity;sid:84124718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261605/; classtype:trojan-activity;sid:84124705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261606/; classtype:trojan-activity;sid:84124706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261607/; classtype:trojan-activity;sid:84124707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261608/; classtype:trojan-activity;sid:84124708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261609/; classtype:trojan-activity;sid:84124709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261610/; classtype:trojan-activity;sid:84124710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261611/; classtype:trojan-activity;sid:84124711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261612/; classtype:trojan-activity;sid:84124712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261613/; classtype:trojan-activity;sid:84124713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261598/; classtype:trojan-activity;sid:84124698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261599/; classtype:trojan-activity;sid:84124699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261600/; classtype:trojan-activity;sid:84124700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261601/; classtype:trojan-activity;sid:84124701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261602/; classtype:trojan-activity;sid:84124702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261603/; classtype:trojan-activity;sid:84124703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261604/; classtype:trojan-activity;sid:84124704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261597/; classtype:trojan-activity;sid:84124697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261595/; classtype:trojan-activity;sid:84124695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261596/; classtype:trojan-activity;sid:84124696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261594/; classtype:trojan-activity;sid:84124694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261590/; classtype:trojan-activity;sid:84124690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261591/; classtype:trojan-activity;sid:84124691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261592/; classtype:trojan-activity;sid:84124692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261593/; classtype:trojan-activity;sid:84124693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261589/; classtype:trojan-activity;sid:84124689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261588/; classtype:trojan-activity;sid:84124688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261587/; classtype:trojan-activity;sid:84124687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261584/; classtype:trojan-activity;sid:84124684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261585/; classtype:trojan-activity;sid:84124685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261586/; classtype:trojan-activity;sid:84124686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261583/; classtype:trojan-activity;sid:84124683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261582/; classtype:trojan-activity;sid:84124682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261579/; classtype:trojan-activity;sid:84124679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261580/; classtype:trojan-activity;sid:84124680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261581/; classtype:trojan-activity;sid:84124681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261576/; classtype:trojan-activity;sid:84124676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261577/; classtype:trojan-activity;sid:84124677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261578/; classtype:trojan-activity;sid:84124678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261573/; classtype:trojan-activity;sid:84124673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261574/; classtype:trojan-activity;sid:84124674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261575/; classtype:trojan-activity;sid:84124675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261571/; classtype:trojan-activity;sid:84124671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261572/; classtype:trojan-activity;sid:84124672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261564/; classtype:trojan-activity;sid:84124664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261565/; classtype:trojan-activity;sid:84124665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261566/; classtype:trojan-activity;sid:84124666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261567/; classtype:trojan-activity;sid:84124667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261568/; classtype:trojan-activity;sid:84124668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261569/; classtype:trojan-activity;sid:84124669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261570/; classtype:trojan-activity;sid:84124670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261562/; classtype:trojan-activity;sid:84124662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261563/; classtype:trojan-activity;sid:84124663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261561/; classtype:trojan-activity;sid:84124661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261557/; classtype:trojan-activity;sid:84124657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261558/; classtype:trojan-activity;sid:84124658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261559/; classtype:trojan-activity;sid:84124659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261560/; classtype:trojan-activity;sid:84124660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261552/; classtype:trojan-activity;sid:84124652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261553/; classtype:trojan-activity;sid:84124653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261554/; classtype:trojan-activity;sid:84124654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261555/; classtype:trojan-activity;sid:84124655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261556/; classtype:trojan-activity;sid:84124656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261536/; classtype:trojan-activity;sid:84124636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261537/; classtype:trojan-activity;sid:84124637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261538/; classtype:trojan-activity;sid:84124638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261539/; classtype:trojan-activity;sid:84124639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261540/; classtype:trojan-activity;sid:84124640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261541/; classtype:trojan-activity;sid:84124641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261542/; classtype:trojan-activity;sid:84124642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261543/; classtype:trojan-activity;sid:84124643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261544/; classtype:trojan-activity;sid:84124644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261545/; classtype:trojan-activity;sid:84124645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261546/; classtype:trojan-activity;sid:84124646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261547/; classtype:trojan-activity;sid:84124647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261548/; classtype:trojan-activity;sid:84124648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261549/; classtype:trojan-activity;sid:84124649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261550/; classtype:trojan-activity;sid:84124650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261551/; classtype:trojan-activity;sid:84124651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261535/; classtype:trojan-activity;sid:84124635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261534/; classtype:trojan-activity;sid:84124634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261533/; classtype:trojan-activity;sid:84124633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261532/; classtype:trojan-activity;sid:84124632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261530/; classtype:trojan-activity;sid:84124630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261531/; classtype:trojan-activity;sid:84124631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261526/; classtype:trojan-activity;sid:84124626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261527/; classtype:trojan-activity;sid:84124627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261528/; classtype:trojan-activity;sid:84124628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261529/; classtype:trojan-activity;sid:84124629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261523/; classtype:trojan-activity;sid:84124623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261524/; classtype:trojan-activity;sid:84124624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261525/; classtype:trojan-activity;sid:84124625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261521/; classtype:trojan-activity;sid:84124621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261522/; classtype:trojan-activity;sid:84124622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261519/; classtype:trojan-activity;sid:84124619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261520/; classtype:trojan-activity;sid:84124620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261517/; classtype:trojan-activity;sid:84124617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261518/; classtype:trojan-activity;sid:84124618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"bmzbaumaschinen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261516/; classtype:trojan-activity;sid:84124616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.254.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261515/; classtype:trojan-activity;sid:84124615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261512/; classtype:trojan-activity;sid:84124612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261513/; classtype:trojan-activity;sid:84124613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261514/; classtype:trojan-activity;sid:84124614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261511/; classtype:trojan-activity;sid:84124611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261510/; classtype:trojan-activity;sid:84124610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.255.190.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261509/; classtype:trojan-activity;sid:84124609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261508/; classtype:trojan-activity;sid:84124608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261504/; classtype:trojan-activity;sid:84124604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261505/; classtype:trojan-activity;sid:84124605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261506/; classtype:trojan-activity;sid:84124606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"mg-plant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261507/; classtype:trojan-activity;sid:84124607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261503/; classtype:trojan-activity;sid:84124603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.82.178.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261499/; classtype:trojan-activity;sid:84124599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.94.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261500/; classtype:trojan-activity;sid:84124600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.119.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261501/; classtype:trojan-activity;sid:84124601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.237.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261502/; classtype:trojan-activity;sid:84124602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261498/; classtype:trojan-activity;sid:84124598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261495/; classtype:trojan-activity;sid:84124595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261496/; classtype:trojan-activity;sid:84124596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261497/; classtype:trojan-activity;sid:84124597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261491/; classtype:trojan-activity;sid:84124591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261492/; classtype:trojan-activity;sid:84124592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261493/; classtype:trojan-activity;sid:84124593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261494/; classtype:trojan-activity;sid:84124594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261490/; classtype:trojan-activity;sid:84124590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261488/; classtype:trojan-activity;sid:84124588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261489/; classtype:trojan-activity;sid:84124589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261482/; classtype:trojan-activity;sid:84124582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261483/; classtype:trojan-activity;sid:84124583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261484/; classtype:trojan-activity;sid:84124584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261485/; classtype:trojan-activity;sid:84124585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261486/; classtype:trojan-activity;sid:84124586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261487/; classtype:trojan-activity;sid:84124587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261480/; classtype:trojan-activity;sid:84124580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261481/; classtype:trojan-activity;sid:84124581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261478/; classtype:trojan-activity;sid:84124578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261479/; classtype:trojan-activity;sid:84124579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261474/; classtype:trojan-activity;sid:84124574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261475/; classtype:trojan-activity;sid:84124575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261476/; classtype:trojan-activity;sid:84124576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261477/; classtype:trojan-activity;sid:84124577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261473/; classtype:trojan-activity;sid:84124573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261472/; classtype:trojan-activity;sid:84124572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261471/; classtype:trojan-activity;sid:84124571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261462/; classtype:trojan-activity;sid:84124562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261463/; classtype:trojan-activity;sid:84124563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261464/; classtype:trojan-activity;sid:84124564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261465/; classtype:trojan-activity;sid:84124565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261466/; classtype:trojan-activity;sid:84124566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261467/; classtype:trojan-activity;sid:84124567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261468/; classtype:trojan-activity;sid:84124568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261469/; classtype:trojan-activity;sid:84124569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261470/; classtype:trojan-activity;sid:84124570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261460/; classtype:trojan-activity;sid:84124560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261461/; classtype:trojan-activity;sid:84124561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261444/; classtype:trojan-activity;sid:84124544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261445/; classtype:trojan-activity;sid:84124545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261446/; classtype:trojan-activity;sid:84124546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261447/; classtype:trojan-activity;sid:84124547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261448/; classtype:trojan-activity;sid:84124548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261449/; classtype:trojan-activity;sid:84124549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261450/; classtype:trojan-activity;sid:84124550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261451/; classtype:trojan-activity;sid:84124551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261452/; classtype:trojan-activity;sid:84124552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261453/; classtype:trojan-activity;sid:84124553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261454/; classtype:trojan-activity;sid:84124554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261455/; classtype:trojan-activity;sid:84124555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261456/; classtype:trojan-activity;sid:84124556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261457/; classtype:trojan-activity;sid:84124557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261458/; classtype:trojan-activity;sid:84124558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261459/; classtype:trojan-activity;sid:84124559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261443/; classtype:trojan-activity;sid:84124543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261442/; classtype:trojan-activity;sid:84124542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261439/; classtype:trojan-activity;sid:84124539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261440/; classtype:trojan-activity;sid:84124540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261441/; classtype:trojan-activity;sid:84124541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261437/; classtype:trojan-activity;sid:84124537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261438/; classtype:trojan-activity;sid:84124538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261436/; classtype:trojan-activity;sid:84124536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261435/; classtype:trojan-activity;sid:84124535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261433/; classtype:trojan-activity;sid:84124533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261434/; classtype:trojan-activity;sid:84124534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261418/; classtype:trojan-activity;sid:84124518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261419/; classtype:trojan-activity;sid:84124519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261420/; classtype:trojan-activity;sid:84124520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261421/; classtype:trojan-activity;sid:84124521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261422/; classtype:trojan-activity;sid:84124522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261423/; classtype:trojan-activity;sid:84124523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261424/; classtype:trojan-activity;sid:84124524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261425/; classtype:trojan-activity;sid:84124525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261426/; classtype:trojan-activity;sid:84124526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261427/; classtype:trojan-activity;sid:84124527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261428/; classtype:trojan-activity;sid:84124528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261429/; classtype:trojan-activity;sid:84124529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261430/; classtype:trojan-activity;sid:84124530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261431/; classtype:trojan-activity;sid:84124531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261432/; classtype:trojan-activity;sid:84124532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261417/; classtype:trojan-activity;sid:84124517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261416/; classtype:trojan-activity;sid:84124516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261414/; classtype:trojan-activity;sid:84124514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261415/; classtype:trojan-activity;sid:84124515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261413/; classtype:trojan-activity;sid:84124513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261412/; classtype:trojan-activity;sid:84124512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261411/; classtype:trojan-activity;sid:84124511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261400/; classtype:trojan-activity;sid:84124500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261401/; classtype:trojan-activity;sid:84124501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261402/; classtype:trojan-activity;sid:84124502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261403/; classtype:trojan-activity;sid:84124503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261404/; classtype:trojan-activity;sid:84124504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261405/; classtype:trojan-activity;sid:84124505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261406/; classtype:trojan-activity;sid:84124506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261407/; classtype:trojan-activity;sid:84124507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261408/; classtype:trojan-activity;sid:84124508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261409/; classtype:trojan-activity;sid:84124509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261410/; classtype:trojan-activity;sid:84124510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261396/; classtype:trojan-activity;sid:84124496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261397/; classtype:trojan-activity;sid:84124497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261398/; classtype:trojan-activity;sid:84124498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261399/; classtype:trojan-activity;sid:84124499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261395/; classtype:trojan-activity;sid:84124495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261392/; classtype:trojan-activity;sid:84124492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261393/; classtype:trojan-activity;sid:84124493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261394/; classtype:trojan-activity;sid:84124494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261390/; classtype:trojan-activity;sid:84124490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261391/; classtype:trojan-activity;sid:84124491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261388/; classtype:trojan-activity;sid:84124488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261389/; classtype:trojan-activity;sid:84124489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261387/; classtype:trojan-activity;sid:84124487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261386/; classtype:trojan-activity;sid:84124486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261384/; classtype:trojan-activity;sid:84124484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261385/; classtype:trojan-activity;sid:84124485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261383/; classtype:trojan-activity;sid:84124483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261382/; classtype:trojan-activity;sid:84124482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261380/; classtype:trojan-activity;sid:84124480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261381/; classtype:trojan-activity;sid:84124481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261378/; classtype:trojan-activity;sid:84124478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261379/; classtype:trojan-activity;sid:84124479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261374/; classtype:trojan-activity;sid:84124474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261375/; classtype:trojan-activity;sid:84124475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261376/; classtype:trojan-activity;sid:84124476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261377/; classtype:trojan-activity;sid:84124477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261373/; classtype:trojan-activity;sid:84124473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261371/; classtype:trojan-activity;sid:84124471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261372/; classtype:trojan-activity;sid:84124472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261370/; classtype:trojan-activity;sid:84124470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261363/; classtype:trojan-activity;sid:84124463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261364/; classtype:trojan-activity;sid:84124464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261365/; classtype:trojan-activity;sid:84124465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261366/; classtype:trojan-activity;sid:84124466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261367/; classtype:trojan-activity;sid:84124467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261368/; classtype:trojan-activity;sid:84124468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261369/; classtype:trojan-activity;sid:84124469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261354/; classtype:trojan-activity;sid:84124454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261355/; classtype:trojan-activity;sid:84124455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261356/; classtype:trojan-activity;sid:84124456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261357/; classtype:trojan-activity;sid:84124457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261358/; classtype:trojan-activity;sid:84124458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261359/; classtype:trojan-activity;sid:84124459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261360/; classtype:trojan-activity;sid:84124460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261361/; classtype:trojan-activity;sid:84124461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261362/; classtype:trojan-activity;sid:84124462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261348/; classtype:trojan-activity;sid:84124448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261349/; classtype:trojan-activity;sid:84124449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261350/; classtype:trojan-activity;sid:84124450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261351/; classtype:trojan-activity;sid:84124451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261352/; classtype:trojan-activity;sid:84124452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261353/; classtype:trojan-activity;sid:84124453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261340/; classtype:trojan-activity;sid:84124440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261341/; classtype:trojan-activity;sid:84124441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261342/; classtype:trojan-activity;sid:84124442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261343/; classtype:trojan-activity;sid:84124443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261344/; classtype:trojan-activity;sid:84124444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261345/; classtype:trojan-activity;sid:84124445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261346/; classtype:trojan-activity;sid:84124446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261347/; classtype:trojan-activity;sid:84124447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261339/; classtype:trojan-activity;sid:84124439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261338/; classtype:trojan-activity;sid:84124438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261337/; classtype:trojan-activity;sid:84124437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261336/; classtype:trojan-activity;sid:84124436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261335/; classtype:trojan-activity;sid:84124435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261331/; classtype:trojan-activity;sid:84124431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261332/; classtype:trojan-activity;sid:84124432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261333/; classtype:trojan-activity;sid:84124433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261334/; classtype:trojan-activity;sid:84124434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261330/; classtype:trojan-activity;sid:84124430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261329/; classtype:trojan-activity;sid:84124429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261328/; classtype:trojan-activity;sid:84124428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261319/; classtype:trojan-activity;sid:84124419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261320/; classtype:trojan-activity;sid:84124420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261321/; classtype:trojan-activity;sid:84124421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261322/; classtype:trojan-activity;sid:84124422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261323/; classtype:trojan-activity;sid:84124423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261324/; classtype:trojan-activity;sid:84124424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261325/; classtype:trojan-activity;sid:84124425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261326/; classtype:trojan-activity;sid:84124426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261327/; classtype:trojan-activity;sid:84124427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261315/; classtype:trojan-activity;sid:84124415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261316/; classtype:trojan-activity;sid:84124416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261317/; classtype:trojan-activity;sid:84124417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261318/; classtype:trojan-activity;sid:84124418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261313/; classtype:trojan-activity;sid:84124413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261314/; classtype:trojan-activity;sid:84124414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261312/; classtype:trojan-activity;sid:84124412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"spainparkvillas.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261311/; classtype:trojan-activity;sid:84124411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/chomp"; depth:11; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261310/; classtype:trojan-activity;sid:84124410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chomp"; depth:6; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261308/; classtype:trojan-activity;sid:84124408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261309/; classtype:trojan-activity;sid:84124409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/buf"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261306/; classtype:trojan-activity;sid:84124406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261307/; classtype:trojan-activity;sid:84124407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wert"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261300/; classtype:trojan-activity;sid:84124400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261301/; classtype:trojan-activity;sid:84124401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pdvr"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261302/; classtype:trojan-activity;sid:84124402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wop"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261303/; classtype:trojan-activity;sid:84124403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/phi.sh"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261304/; classtype:trojan-activity;sid:84124404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/n3881.sh"; depth:14; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261305/; classtype:trojan-activity;sid:84124405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.151.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261299/; classtype:trojan-activity;sid:84124399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.105.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261298/; classtype:trojan-activity;sid:84124398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261297/; classtype:trojan-activity;sid:84124397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.114.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261295/; classtype:trojan-activity;sid:84124395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.53.215.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261296/; classtype:trojan-activity;sid:84124396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/pimijcr.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261293/; classtype:trojan-activity;sid:84124393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/impagkf.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261294/; classtype:trojan-activity;sid:84124394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/emkikmk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261291/; classtype:trojan-activity;sid:84124391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mnohiak.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261292/; classtype:trojan-activity;sid:84124392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/acmfddb.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261281/; classtype:trojan-activity;sid:84124381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/cra2.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261282/; classtype:trojan-activity;sid:84124382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rkmihmb.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261283/; classtype:trojan-activity;sid:84124383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/pbodidk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261284/; classtype:trojan-activity;sid:84124384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/aofncdk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261285/; classtype:trojan-activity;sid:84124385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mkiiarm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261286/; classtype:trojan-activity;sid:84124386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/irdsroi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261287/; classtype:trojan-activity;sid:84124387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/fibaoho.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261288/; classtype:trojan-activity;sid:84124388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/dsgkfca.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261289/; classtype:trojan-activity;sid:84124389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/fhboerc.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261290/; classtype:trojan-activity;sid:84124390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kcaigmk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261274/; classtype:trojan-activity;sid:84124374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/psmficj.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261275/; classtype:trojan-activity;sid:84124375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/linkopen.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261276/; classtype:trojan-activity;sid:84124376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/cra.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261277/; classtype:trojan-activity;sid:84124377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kpdsbma.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261278/; classtype:trojan-activity;sid:84124378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mca2.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261279/; classtype:trojan-activity;sid:84124379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/cra3.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261280/; classtype:trojan-activity;sid:84124380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/fehffhg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261267/; classtype:trojan-activity;sid:84124367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/nofmrio.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261268/; classtype:trojan-activity;sid:84124368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mca.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261269/; classtype:trojan-activity;sid:84124369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/knmifak.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261270/; classtype:trojan-activity;sid:84124370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/sdefcda.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261271/; classtype:trojan-activity;sid:84124371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/dcmkkmk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261272/; classtype:trojan-activity;sid:84124372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rdpikkr.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261273/; classtype:trojan-activity;sid:84124373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/roascpm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261263/; classtype:trojan-activity;sid:84124363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/phegofo.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261264/; classtype:trojan-activity;sid:84124364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kmpfhak.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261265/; classtype:trojan-activity;sid:84124365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kpeidai.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261266/; classtype:trojan-activity;sid:84124366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/ahfmmaa.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261261/; classtype:trojan-activity;sid:84124361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rhcr.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261262/; classtype:trojan-activity;sid:84124362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/iarekoe.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261255/; classtype:trojan-activity;sid:84124355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mhchnjm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261256/; classtype:trojan-activity;sid:84124356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/omrpsnn.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261257/; classtype:trojan-activity;sid:84124357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/gehkndh.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261258/; classtype:trojan-activity;sid:84124358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rpfdkio.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261259/; classtype:trojan-activity;sid:84124359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mca3.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261260/; classtype:trojan-activity;sid:84124360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/lcr.exe"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261253/; classtype:trojan-activity;sid:84124353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/ehhrhdr.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261254/; classtype:trojan-activity;sid:84124354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.219.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261252/; classtype:trojan-activity;sid:84124352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.206.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261251/; classtype:trojan-activity;sid:84124351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.229.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261249/; classtype:trojan-activity;sid:84124349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.100.98.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261250/; classtype:trojan-activity;sid:84124350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261248/; classtype:trojan-activity;sid:84124348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.190.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261247/; classtype:trojan-activity;sid:84124347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.138.139.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261246/; classtype:trojan-activity;sid:84124346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/rl.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261245/; classtype:trojan-activity;sid:84124345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/aikahurakami.exe"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261244/; classtype:trojan-activity;sid:84124344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/plug.exe"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261243/; classtype:trojan-activity;sid:84124343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installer.exe"; depth:14; endswith; nocase; http.host; content:"mcrogers.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261242/; classtype:trojan-activity;sid:84124342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261241/; classtype:trojan-activity;sid:84124341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.143.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261239/; classtype:trojan-activity;sid:84124339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.53.215.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261240/; classtype:trojan-activity;sid:84124340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.dusk"; depth:12; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261238/; classtype:trojan-activity;sid:84124338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261236/; classtype:trojan-activity;sid:84124336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261237/; classtype:trojan-activity;sid:84124337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261227/; classtype:trojan-activity;sid:84124327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-6.8-6.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261228/; classtype:trojan-activity;sid:84124328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-p.a-k.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261229/; classtype:trojan-activity;sid:84124329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261230/; classtype:trojan-activity;sid:84124330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.dusk"; depth:12; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261231/; classtype:trojan-activity;sid:84124331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261232/; classtype:trojan-activity;sid:84124332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.dusk"; depth:12; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261233/; classtype:trojan-activity;sid:84124333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261234/; classtype:trojan-activity;sid:84124334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261235/; classtype:trojan-activity;sid:84124335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-440.dusk"; depth:15; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261226/; classtype:trojan-activity;sid:84124326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.25.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261225/; classtype:trojan-activity;sid:84124325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.153.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261224/; classtype:trojan-activity;sid:84124324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.dusk"; depth:13; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261222/; classtype:trojan-activity;sid:84124322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dusk.sh"; depth:8; endswith; nocase; http.host; content:"185.193.127.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261223/; classtype:trojan-activity;sid:84124323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.35.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261221/; classtype:trojan-activity;sid:84124321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261220/; classtype:trojan-activity;sid:84124320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.162.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261218/; classtype:trojan-activity;sid:84124318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.21.135"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261219/; classtype:trojan-activity;sid:84124319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.179.102"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261217/; classtype:trojan-activity;sid:84124317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.17.111.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261216/; classtype:trojan-activity;sid:84124316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"168.196.170.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261215/; classtype:trojan-activity;sid:84124315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.52.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261214/; classtype:trojan-activity;sid:84124314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261213/; classtype:trojan-activity;sid:84124313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.95.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261212/; classtype:trojan-activity;sid:84124312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.52.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261211/; classtype:trojan-activity;sid:84124311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kadonad.txt"; depth:12; endswith; nocase; http.host; content:"files.sflp.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261210/; classtype:trojan-activity;sid:84124310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.61.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261209/; classtype:trojan-activity;sid:84124309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoominstaller.exe"; depth:18; endswith; nocase; http.host; content:"noogamotorsports.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261208/; classtype:trojan-activity;sid:84124308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoominstaller.exe"; depth:18; endswith; nocase; http.host; content:"noogamotorsports.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261207/; classtype:trojan-activity;sid:84124307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/items/nou22bdm/9a4ee048-e1d9-4659-b32c-a9d3163ca1d7.txt|3f|response-content-disposition=attachment|7c|3b|7c|+filename="; depth:119; endswith; nocase; http.host; content:"p7.tr1.n0.cdn.zight.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261206/; classtype:trojan-activity;sid:84124306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.78.11.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261205/; classtype:trojan-activity;sid:84124305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.112.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261204/; classtype:trojan-activity;sid:84124304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.84.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261203/; classtype:trojan-activity;sid:84124303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76/erffrfg.txt"; depth:15; endswith; nocase; http.host; content:"18.189.170.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261202/; classtype:trojan-activity;sid:84124302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firstdayback.txt"; depth:17; endswith; nocase; http.host; content:"23.95.60.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261199/; classtype:trojan-activity;sid:84124299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76/bn/seebestthingswithreadyforgoodthingstogetmebackwithnice________________verynicepeopleswithoofdthingswh9chreallynicefrogoofdpeoples________verygoodpeopleswithnew.doc"; depth:170; endswith; nocase; http.host; content:"18.189.170.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261200/; classtype:trojan-activity;sid:84124300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/hmfskka.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261201/; classtype:trojan-activity;sid:84124301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/zxalphamn.doc"; depth:18; endswith; nocase; http.host; content:"87.120.84.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261197/; classtype:trojan-activity;sid:84124297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fcddfdp.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261198/; classtype:trojan-activity;sid:84124298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500/ef/withnicethingswhichgivingbestthingstogetmebackwith_________verynicegoodthingsformygirlsherewithmegreatthignsfrome_________ireallylovethebestthingswhic.doc"; depth:162; endswith; nocase; http.host; content:"217.160.66.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261196/; classtype:trojan-activity;sid:84124296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/4q0pgnqqpgttsl7.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261193/; classtype:trojan-activity;sid:84124293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/husbandnewera.txt"; depth:18; endswith; nocase; http.host; content:"192.3.220.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261194/; classtype:trojan-activity;sid:84124294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/pgtq4mfzbbjhpdd.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261195/; classtype:trojan-activity;sid:84124295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/pkl9hxczoswfpt1.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261190/; classtype:trojan-activity;sid:84124290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/qhbyne8vgwabsy3.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261191/; classtype:trojan-activity;sid:84124291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/cllpdgxhnmwgf5y.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261192/; classtype:trojan-activity;sid:84124292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/4n.exe"; depth:13; endswith; nocase; http.host; content:"103.130.147.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261189/; classtype:trojan-activity;sid:84124289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/bandicut.exe"; depth:19; endswith; nocase; http.host; content:"103.130.147.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261188/; classtype:trojan-activity;sid:84124288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.143.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261187/; classtype:trojan-activity;sid:84124287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.153.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261186/; classtype:trojan-activity;sid:84124286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.64.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261185/; classtype:trojan-activity;sid:84124285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261184/; classtype:trojan-activity;sid:84124284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.242.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261183/; classtype:trojan-activity;sid:84124283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261182/; classtype:trojan-activity;sid:84124282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.55.173.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261181/; classtype:trojan-activity;sid:84124281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.94.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261180/; classtype:trojan-activity;sid:84124280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quote%20approval%20rev.00%20lpo.tar"; depth:36; endswith; nocase; http.host; content:"zunigarquitectura.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261179/; classtype:trojan-activity;sid:84124279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/445/es/greatevenevermadeforrgreatthignstogetinbacketothegreat.hta"; depth:66; endswith; nocase; http.host; content:"79.141.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261167/; classtype:trojan-activity;sid:84124267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta"; depth:68; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261168/; classtype:trojan-activity;sid:84124268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/423/se/seethebestthignswhichgivingbestthingstogetmakeuveryhappy.hta"; depth:68; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261169/; classtype:trojan-activity;sid:84124269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/431/sees/sheisverynicegirlwithgreatworkingskillwithgereatniceworkign.hta"; depth:73; endswith; nocase; http.host; content:"104.168.7.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261170/; classtype:trojan-activity;sid:84124270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/rdh/niceworkingthingswithgreatthingsevengetbackwithgoodnews.hta"; depth:70; endswith; nocase; http.host; content:"107.175.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261171/; classtype:trojan-activity;sid:84124271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/sm/greatthingsalwayshappeningwithgreatattitudewithgoodnews.hta"; depth:69; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261172/; classtype:trojan-activity;sid:84124272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/412/br/seemybestthingwhichigiventouformakebestappinesswogiven.hta"; depth:66; endswith; nocase; http.host; content:"192.3.101.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261173/; classtype:trojan-activity;sid:84124273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/323/rc/goodthingsbestviewtoseethebetterthingswithmygirlfriend.hta"; depth:66; endswith; nocase; http.host; content:"192.3.101.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261174/; classtype:trojan-activity;sid:84124274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/701/nih/bestintercomthingswhichgivebestthingstogetmeback.hta"; depth:61; endswith; nocase; http.host; content:"192.3.101.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261175/; classtype:trojan-activity;sid:84124275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta"; depth:55; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261176/; classtype:trojan-activity;sid:84124276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42/ug/seethebestthingsevermeetwithgreatthingstobegood.hta"; depth:58; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261177/; classtype:trojan-activity;sid:84124277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/lk/goodthingstoapprovethebestwaytounderstandhowmuchgood.hta"; depth:66; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261178/; classtype:trojan-activity;sid:84124278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/380/nnb/seemeherewithgreatthingsentiretimewithgreatthingsonhere.hta"; depth:68; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261165/; classtype:trojan-activity;sid:84124265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/477/ec/kissingismissingbesthingwithevergivenmebestthingstogive.hta"; depth:67; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261166/; classtype:trojan-activity;sid:84124266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tranhbinh623/0gbhq2hpdb/blob/main/document.zip"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261164/; classtype:trojan-activity;sid:84124264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tranhbinh623/ejnhukvkmh/blob/main/document.zip"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261161/; classtype:trojan-activity;sid:84124261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tranhbinh623/gns3mlqd90/blob/main/document.zip"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261162/; classtype:trojan-activity;sid:84124262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tranhbinh623/bm3a4rqcke/blob/main/document.zip"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261163/; classtype:trojan-activity;sid:84124263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.40.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261160/; classtype:trojan-activity;sid:84124260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.95.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261159/; classtype:trojan-activity;sid:84124259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.86.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261158/; classtype:trojan-activity;sid:84124258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.242.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261157/; classtype:trojan-activity;sid:84124257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261156/; classtype:trojan-activity;sid:84124256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.179.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261155/; classtype:trojan-activity;sid:84124255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.121.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261154/; classtype:trojan-activity;sid:84124254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.92.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261153/; classtype:trojan-activity;sid:84124253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.52.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261152/; classtype:trojan-activity;sid:84124252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.226.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261151/; classtype:trojan-activity;sid:84124251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261150/; classtype:trojan-activity;sid:84124250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/412/llmcrtt.txt"; depth:16; endswith; nocase; http.host; content:"192.3.101.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261149/; classtype:trojan-activity;sid:84124249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/423/se/seethebestthignswhichgivingbestthingstogetmakeuveryhappy.hta"; depth:68; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261145/; classtype:trojan-activity;sid:84124245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/rdh/niceworkingthingswithgreatthingsevengetbackwithgoodnews.hta"; depth:70; endswith; nocase; http.host; content:"107.175.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261146/; classtype:trojan-activity;sid:84124246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/445/srsrffr.txt"; depth:16; endswith; nocase; http.host; content:"79.141.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261147/; classtype:trojan-activity;sid:84124247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/902/walnext.exe"; depth:16; endswith; nocase; http.host; content:"107.175.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261148/; classtype:trojan-activity;sid:84124248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/445/greenthingstobegreatthingsforentirepurposeforgreat.tif"; depth:59; endswith; nocase; http.host; content:"79.141.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261140/; classtype:trojan-activity;sid:84124240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/445/es/greatevenevermadeforrgreatthignstogetinbacketothegreat.hta"; depth:66; endswith; nocase; http.host; content:"79.141.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261141/; classtype:trojan-activity;sid:84124241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/412/br/seemybestthingwhichigiventouformakebestappinesswogiven.hta"; depth:66; endswith; nocase; http.host; content:"192.3.101.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261142/; classtype:trojan-activity;sid:84124242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/323/rc/goodthingsbestviewtoseethebetterthingswithmygirlfriend.hta"; depth:66; endswith; nocase; http.host; content:"192.3.101.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261143/; classtype:trojan-activity;sid:84124243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/701/nih/bestintercomthingswhichgivebestthingstogetmeback.hta"; depth:61; endswith; nocase; http.host; content:"192.3.101.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261144/; classtype:trojan-activity;sid:84124244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/701/seethebestthingswihichigetforfuntogetmebackwith.tif"; depth:56; endswith; nocase; http.host; content:"192.3.101.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261138/; classtype:trojan-activity;sid:84124238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/412/seethebestthingsgivingrenergytomyentirelifeforgetherback.tif"; depth:65; endswith; nocase; http.host; content:"192.3.101.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261139/; classtype:trojan-activity;sid:84124239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/380/seethebestthingswithgreathappinesswithme.tif"; depth:49; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261137/; classtype:trojan-activity;sid:84124237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.40.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261136/; classtype:trojan-activity;sid:84124236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.242.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261135/; classtype:trojan-activity;sid:84124235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mzfprt|3f||7c|26|7c|sunshine=cloudy|7c|26|7c|dulcimer=expensive|7c|26|7c|traditionalism=hallowed|7c|26|7c|cancel=muddled|7c|26|7c|utensil=didactic|7c|26|7c|pressroom=frightened|7c|26|7c|slapstick"; depth:196; endswith; nocase; http.host; content:"qrisni.me"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261134/; classtype:trojan-activity;sid:84124234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/312/lklogs.txt"; depth:15; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261131/; classtype:trojan-activity;sid:84124231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/311/smpllp.txt"; depth:15; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261132/; classtype:trojan-activity;sid:84124232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/422/smprgssr.txt"; depth:17; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261133/; classtype:trojan-activity;sid:84124233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lv3enb|3f||7c|26|7c|city=wonderful|7c|26|7c|ice=wide-eyed|7c|26|7c|wrestler=belligerent|7c|26|7c|deadline=groovy|7c|26|7c|dorothy=abrasive|7c|26|7c|tom=bright|7c|26|7c|narcissus=husky|7c|26|7c|crest=sleepy|7c|26|7c|mother"; depth:222; endswith; nocase; http.host; content:"qrisni.me"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261129/; classtype:trojan-activity;sid:84124229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j2amn9|3f||7c|26|7c|cameo=misty|7c|26|7c|chador=orange|7c|26|7c|alto=dark|7c|26|7c|cloak=domineering|7c|26|7c|efficacy=deeply|7c|26|7c|pride=grouchy|7c|26|7c|affect=acoustic|7c|26|7c|minute=woozy|7c|26|7c|neuropathologis"; depth:221; endswith; nocase; http.host; content:"acesso.run"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261130/; classtype:trojan-activity;sid:84124230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/422/seethebestthingswithgoodthingsforgetmebackwithbestthings.tif"; depth:65; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261127/; classtype:trojan-activity;sid:84124227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/312/uthinkiamthegoodthingsforugivenmebestthingstodowithme.tif"; depth:62; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261128/; classtype:trojan-activity;sid:84124228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.174.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261126/; classtype:trojan-activity;sid:84124226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.215.252.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261125/; classtype:trojan-activity;sid:84124225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.248.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261124/; classtype:trojan-activity;sid:84124224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.219.80.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261123/; classtype:trojan-activity;sid:84124223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"85.209.134.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261122/; classtype:trojan-activity;sid:84124222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"7zip10-2024.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261119/; classtype:trojan-activity;sid:84124219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"7zip10-2024.life"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261120/; classtype:trojan-activity;sid:84124220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"7zip10-2024.live"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261121/; classtype:trojan-activity;sid:84124221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"85.209.134.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261118/; classtype:trojan-activity;sid:84124218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"85.209.134.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261117/; classtype:trojan-activity;sid:84124217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"85.209.134.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261116/; classtype:trojan-activity;sid:84124216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"85.209.134.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261115/; classtype:trojan-activity;sid:84124215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/7z2401-x64.msix"; depth:25; endswith; nocase; http.host; content:"85.209.134.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261114/; classtype:trojan-activity;sid:84124214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.89.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261113/; classtype:trojan-activity;sid:84124213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.185.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261112/; classtype:trojan-activity;sid:84124212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.67.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261111/; classtype:trojan-activity;sid:84124211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/lk/goodthingstoapprovethebestwaytounderstandhowmuchgood.hta"; depth:66; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261109/; classtype:trojan-activity;sid:84124209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/422/sw/nicelookgirlfrinedonmyheartshegoodforbestthignstodoforme.hta"; depth:68; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261110/; classtype:trojan-activity;sid:84124210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/311/seethebestpicturewithgreatnewswithgoodthingstodowithme.tif"; depth:63; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261108/; classtype:trojan-activity;sid:84124208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/twentyseventeen/ewdsljjmlx76.bin"; depth:51; endswith; nocase; http.host; content:"www.campingplatz-goldbergersee.de"; depth:33; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261107/; classtype:trojan-activity;sid:84124207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/sm/greatthingsalwayshappeningwithgreatattitudewithgoodnews.hta"; depth:69; endswith; nocase; http.host; content:"198.46.178.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261106/; classtype:trojan-activity;sid:84124206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/live--trash/krypteredes.prm"; depth:28; endswith; nocase; http.host; content:"www.bralo-asia.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261105/; classtype:trojan-activity;sid:84124205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.253.125.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261104/; classtype:trojan-activity;sid:84124204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.92.40.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261103/; classtype:trojan-activity;sid:84124203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261102/; classtype:trojan-activity;sid:84124202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.236.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261101/; classtype:trojan-activity;sid:84124201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261100/; classtype:trojan-activity;sid:84124200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261099/; classtype:trojan-activity;sid:84124199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.40.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261098/; classtype:trojan-activity;sid:84124198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.82.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261097/; classtype:trojan-activity;sid:84124197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.174.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261096/; classtype:trojan-activity;sid:84124196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.216.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261095/; classtype:trojan-activity;sid:84124195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.4.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261094/; classtype:trojan-activity;sid:84124194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261093/; classtype:trojan-activity;sid:84124193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.148.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261092/; classtype:trojan-activity;sid:84124192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.173.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261091/; classtype:trojan-activity;sid:84124191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.236.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261090/; classtype:trojan-activity;sid:84124190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.123.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261089/; classtype:trojan-activity;sid:84124189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.67.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261088/; classtype:trojan-activity;sid:84124188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/qreh1jzr"; depth:14; endswith; nocase; http.host; content:"mega.nz"; depth:7; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261087/; classtype:trojan-activity;sid:84124187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.91.15.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261086/; classtype:trojan-activity;sid:84124186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.35.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261085/; classtype:trojan-activity;sid:84124185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.46.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261084/; classtype:trojan-activity;sid:84124184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.68.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261083/; classtype:trojan-activity;sid:84124183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.4.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261082/; classtype:trojan-activity;sid:84124182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.97.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261081/; classtype:trojan-activity;sid:84124181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.62.52.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261079/; classtype:trojan-activity;sid:84124179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.254.98.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261080/; classtype:trojan-activity;sid:84124180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.102.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261078/; classtype:trojan-activity;sid:84124178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.76.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261077/; classtype:trojan-activity;sid:84124177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.179.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261076/; classtype:trojan-activity;sid:84124176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.74.13.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261075/; classtype:trojan-activity;sid:84124175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.40.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261074/; classtype:trojan-activity;sid:84124174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.236.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261073/; classtype:trojan-activity;sid:84124173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.220.145.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261072/; classtype:trojan-activity;sid:84124172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.217.246.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261071/; classtype:trojan-activity;sid:84124171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.35.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261070/; classtype:trojan-activity;sid:84124170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.123.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261069/; classtype:trojan-activity;sid:84124169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.68.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261068/; classtype:trojan-activity;sid:84124168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.13.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261067/; classtype:trojan-activity;sid:84124167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.102.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261066/; classtype:trojan-activity;sid:84124166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.0.208"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261065/; classtype:trojan-activity;sid:84124165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.65.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261064/; classtype:trojan-activity;sid:84124164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.112.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261063/; classtype:trojan-activity;sid:84124163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.115.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261062/; classtype:trojan-activity;sid:84124162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.228.151.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261061/; classtype:trojan-activity;sid:84124161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.179.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261059/; classtype:trojan-activity;sid:84124159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261060/; classtype:trojan-activity;sid:84124160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.24.25.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261058/; classtype:trojan-activity;sid:84124158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261057/; classtype:trojan-activity;sid:84124157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.39.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261056/; classtype:trojan-activity;sid:84124156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.59.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261055/; classtype:trojan-activity;sid:84124155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.191.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261054/; classtype:trojan-activity;sid:84124154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261053/; classtype:trojan-activity;sid:84124153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.234.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261052/; classtype:trojan-activity;sid:84124152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.183.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261051/; classtype:trojan-activity;sid:84124151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.60.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261050/; classtype:trojan-activity;sid:84124150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.174.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261049/; classtype:trojan-activity;sid:84124149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.106.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261048/; classtype:trojan-activity;sid:84124148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261047/; classtype:trojan-activity;sid:84124147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.191.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261046/; classtype:trojan-activity;sid:84124146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.52.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261045/; classtype:trojan-activity;sid:84124145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.183.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261044/; classtype:trojan-activity;sid:84124144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.24.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261043/; classtype:trojan-activity;sid:84124143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.72.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261041/; classtype:trojan-activity;sid:84124141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.114.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261042/; classtype:trojan-activity;sid:84124142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.199.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261040/; classtype:trojan-activity;sid:84124140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261039/; classtype:trojan-activity;sid:84124139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.10.70.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261038/; classtype:trojan-activity;sid:84124138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.78.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261037/; classtype:trojan-activity;sid:84124137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.176.223.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261036/; classtype:trojan-activity;sid:84124136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.22.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261034/; classtype:trojan-activity;sid:84124134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.202.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261035/; classtype:trojan-activity;sid:84124135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.189.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261033/; classtype:trojan-activity;sid:84124133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.59.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261032/; classtype:trojan-activity;sid:84124132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.176.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261031/; classtype:trojan-activity;sid:84124131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.192.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261030/; classtype:trojan-activity;sid:84124130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.52.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261029/; classtype:trojan-activity;sid:84124129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.116.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261028/; classtype:trojan-activity;sid:84124128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.193.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261027/; classtype:trojan-activity;sid:84124127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.70.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261026/; classtype:trojan-activity;sid:84124126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.78.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261025/; classtype:trojan-activity;sid:84124125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.169.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261024/; classtype:trojan-activity;sid:84124124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.176.223.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261023/; classtype:trojan-activity;sid:84124123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.192.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261022/; classtype:trojan-activity;sid:84124122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.229.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261021/; classtype:trojan-activity;sid:84124121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261020/; classtype:trojan-activity;sid:84124120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.202.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261019/; classtype:trojan-activity;sid:84124119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261018/; classtype:trojan-activity;sid:84124118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.38.95.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261017/; classtype:trojan-activity;sid:84124117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.189.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261016/; classtype:trojan-activity;sid:84124116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.159.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261015/; classtype:trojan-activity;sid:84124115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.241.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261014/; classtype:trojan-activity;sid:84124114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.169.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261013/; classtype:trojan-activity;sid:84124113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261012/; classtype:trojan-activity;sid:84124112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.251.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261011/; classtype:trojan-activity;sid:84124111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261010/; classtype:trojan-activity;sid:84124110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.10.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261009/; classtype:trojan-activity;sid:84124109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.213.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261007/; classtype:trojan-activity;sid:84124107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.19.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261008/; classtype:trojan-activity;sid:84124108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.138.139.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261006/; classtype:trojan-activity;sid:84124106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.37.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261005/; classtype:trojan-activity;sid:84124105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.34.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261004/; classtype:trojan-activity;sid:84124104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.70.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261003/; classtype:trojan-activity;sid:84124103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.151.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261002/; classtype:trojan-activity;sid:84124102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/python-3.12.5-amd64.exe"; depth:24; endswith; nocase; http.host; content:"65.38.121.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261001/; classtype:trojan-activity;sid:84124101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3261000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/python-3.132.5-amd64.exe"; depth:25; endswith; nocase; http.host; content:"65.38.121.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3261000/; classtype:trojan-activity;sid:84124100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.98.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260999/; classtype:trojan-activity;sid:84124099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.237.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260998/; classtype:trojan-activity;sid:84124098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.20.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260997/; classtype:trojan-activity;sid:84124097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.195.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260996/; classtype:trojan-activity;sid:84124096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.112.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260995/; classtype:trojan-activity;sid:84124095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zem.zip"; depth:8; endswith; nocase; http.host; content:"zemzam01.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260994/; classtype:trojan-activity;sid:84124094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zem.txt"; depth:8; endswith; nocase; http.host; content:"zemzam01.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260991/; classtype:trojan-activity;sid:84124091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trs11.zip"; depth:10; endswith; nocase; http.host; content:"ghgsfr.b-cdn.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260992/; classtype:trojan-activity;sid:84124092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tr4updated.zip"; depth:15; endswith; nocase; http.host; content:"trghsv41.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260993/; classtype:trojan-activity;sid:84124093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"62.114.120.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260990/; classtype:trojan-activity;sid:84124090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/verified18d2us2j.zip"; depth:29; endswith; nocase; http.host; content:"create-desktop-verify.b-cdn.net"; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260989/; classtype:trojan-activity;sid:84124089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/folderf/as786q78wyda/as76d5/as7d65/complete.zip"; depth:48; endswith; nocase; http.host; content:"fetch-this.b-cdn.net"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260988/; classtype:trojan-activity;sid:84124088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/proofverif.txt"; depth:23; endswith; nocase; http.host; content:"create-desktop-verify.b-cdn.net"; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260985/; classtype:trojan-activity;sid:84124085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.161.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260986/; classtype:trojan-activity;sid:84124086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/folderf/as786q78wyda/as76d5/as7d65/process.txt"; depth:47; endswith; nocase; http.host; content:"get-this.b-cdn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260987/; classtype:trojan-activity;sid:84124087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trnorm11.txt"; depth:13; endswith; nocase; http.host; content:"tgsfr.b-cdn.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260984/; classtype:trojan-activity;sid:84124084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.115.169.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260983/; classtype:trojan-activity;sid:84124083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.245.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260982/; classtype:trojan-activity;sid:84124082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.28.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260981/; classtype:trojan-activity;sid:84124081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.19.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260979/; classtype:trojan-activity;sid:84124079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.132.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260978/; classtype:trojan-activity;sid:84124078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pag/photosetting.lzh"; depth:21; endswith; nocase; http.host; content:"bradreddekopp.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260977/; classtype:trojan-activity;sid:84124077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.186.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260976/; classtype:trojan-activity;sid:84124076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260975/; classtype:trojan-activity;sid:84124075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.121.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260974/; classtype:trojan-activity;sid:84124074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.1.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260971/; classtype:trojan-activity;sid:84124071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/gsetc3enkk2egl4.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260972/; classtype:trojan-activity;sid:84124072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/f2rps6mhkljoach.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260973/; classtype:trojan-activity;sid:84124073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.204.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260970/; classtype:trojan-activity;sid:84124070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.59.205.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260968/; classtype:trojan-activity;sid:84124068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.3.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260969/; classtype:trojan-activity;sid:84124069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.3.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260967/; classtype:trojan-activity;sid:84124067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.8.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260966/; classtype:trojan-activity;sid:84124066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.151.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260965/; classtype:trojan-activity;sid:84124065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.124.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260964/; classtype:trojan-activity;sid:84124064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260963/; classtype:trojan-activity;sid:84124063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.20.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260962/; classtype:trojan-activity;sid:84124062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfgingt/wefhtykdkuydjtrhwtyghyedghd/nisiughodifstnoetseigrrtrgs/nezfdio.exe"; depth:76; endswith; nocase; http.host; content:"www.sodiumlaurethsulfatedesyroyer.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260961/; classtype:trojan-activity;sid:84124061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.40.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260960/; classtype:trojan-activity;sid:84124060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.195.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260959/; classtype:trojan-activity;sid:84124059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agent.exe"; depth:10; endswith; nocase; http.host; content:"139.162.156.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260958/; classtype:trojan-activity;sid:84124058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.216.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260957/; classtype:trojan-activity;sid:84124057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260956/; classtype:trojan-activity;sid:84124056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.252.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260955/; classtype:trojan-activity;sid:84124055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.29.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260953/; classtype:trojan-activity;sid:84124053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260954/; classtype:trojan-activity;sid:84124054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emqiqblr241.bin"; depth:16; endswith; nocase; http.host; content:"www.manjeetsteelproductions.com"; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260951/; classtype:trojan-activity;sid:84124051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vrxzvurs233.bin"; depth:16; endswith; nocase; http.host; content:"www.manjeetsteelproductions.com"; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260952/; classtype:trojan-activity;sid:84124052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syttyvbnvscvkiwfwowrl59.bin"; depth:28; endswith; nocase; http.host; content:"66.154.113.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260949/; classtype:trojan-activity;sid:84124049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cq6exarq3ocg36mwbiw34htbwggclz39fjkyg1py7q80-jlhmgndsi1nmjkegvodrefetbwmiv2fjirh9vtuwn4c7ybxjc9vbu-khac2-cfqdo5deijqjzpheznerey_sbfucu8xxzjd70-hbrn7sgrz9yfriby0nnhhgplvv8s/2hpiib4zf1371vn/%f0%9f%9f%86latest%e2%9b%a4file%e2%9b%a4setup%e2%9e%bd2025%e2%9e%bd%e1%b9%94%e1%b8%81%e1%b9%a8%e1%b9%a8%e1%ba%84%e1%b9%8f%e1%b9%9b%e1%b8%8b%f0%9f%9f%86.zip"; depth:344; endswith; nocase; http.host; content:"download2302.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260950/; classtype:trojan-activity;sid:84124050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/2hpiib4zf1371vn/%f0%9f%9f%86latest%e2%9b%a4file%e2%9b%a4setup%e2%9e%bd2025%e2%9e%bd%e1%b9%94%e1%b8%81%e1%b9%a8%e1%b9%a8%e1%ba%84%e1%b9%8f%e1%b9%9b%e1%b8%8b%f0%9f%9f%86.zip/file"; depth:182; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260948/; classtype:trojan-activity;sid:84124048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.54.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260947/; classtype:trojan-activity;sid:84124047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.186.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260946/; classtype:trojan-activity;sid:84124046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8xdghn6/8a1ln-fus.html"; depth:23; endswith; nocase; http.host; content:"moixerintendent.b-cdn.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260945/; classtype:trojan-activity;sid:84124045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.54.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260944/; classtype:trojan-activity;sid:84124044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1psc.html"; depth:11; endswith; nocase; http.host; content:"zuiolressodermic.b-cdn.net"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260943/; classtype:trojan-activity;sid:84124043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.100.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260941/; classtype:trojan-activity;sid:84124041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260942/; classtype:trojan-activity;sid:84124042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.211.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260939/; classtype:trojan-activity;sid:84124039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.149.11.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260940/; classtype:trojan-activity;sid:84124040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.51.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260937/; classtype:trojan-activity;sid:84124037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.155.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260938/; classtype:trojan-activity;sid:84124038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260936/; classtype:trojan-activity;sid:84124036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.39.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260935/; classtype:trojan-activity;sid:84124035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.215.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260934/; classtype:trojan-activity;sid:84124034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.37.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260933/; classtype:trojan-activity;sid:84124033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260932/; classtype:trojan-activity;sid:84124032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.40.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260931/; classtype:trojan-activity;sid:84124031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4db719b1f2f948b0/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"77.83.175.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260930/; classtype:trojan-activity;sid:84124030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4db719b1f2f948b0/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"77.83.175.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260925/; classtype:trojan-activity;sid:84124025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4db719b1f2f948b0/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"77.83.175.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260926/; classtype:trojan-activity;sid:84124026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4db719b1f2f948b0/nss3.dll"; depth:26; endswith; nocase; http.host; content:"77.83.175.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260927/; classtype:trojan-activity;sid:84124027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4db719b1f2f948b0/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"77.83.175.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260928/; classtype:trojan-activity;sid:84124028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4db719b1f2f948b0/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"77.83.175.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260929/; classtype:trojan-activity;sid:84124029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4db719b1f2f948b0/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"77.83.175.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260924/; classtype:trojan-activity;sid:84124024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.2.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260923/; classtype:trojan-activity;sid:84124023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.106.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260922/; classtype:trojan-activity;sid:84124022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.42.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260921/; classtype:trojan-activity;sid:84124021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.54.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260920/; classtype:trojan-activity;sid:84124020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.155.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260919/; classtype:trojan-activity;sid:84124019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.122.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260918/; classtype:trojan-activity;sid:84124018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mm.exe"; depth:7; endswith; nocase; http.host; content:"121.182.174.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260917/; classtype:trojan-activity;sid:84124017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.exe"; depth:11; endswith; nocase; http.host; content:"121.182.174.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260916/; classtype:trojan-activity;sid:84124016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.228.95.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260915/; classtype:trojan-activity;sid:84124015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/is95hyq4bqpknzq/download"; depth:27; endswith; nocase; http.host; content:"i0004.clarodrive.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260914/; classtype:trojan-activity;sid:84124014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.245.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260913/; classtype:trojan-activity;sid:84124013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"66.42.55.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260911/; classtype:trojan-activity;sid:84124011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.41.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260912/; classtype:trojan-activity;sid:84124012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.120.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260909/; classtype:trojan-activity;sid:84124009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.33.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260910/; classtype:trojan-activity;sid:84124010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ready.apk"; depth:10; endswith; nocase; http.host; content:"45.87.173.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260908/; classtype:trojan-activity;sid:84124008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nub-r7uo46ccub42rp7fylffram2y5g-"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260907/; classtype:trojan-activity;sid:84124007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/t/u17301338698058vulh2b415048c9cedy"; depth:40; endswith; nocase; http.host; content:"ydray.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260905/; classtype:trojan-activity;sid:84124005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/open|3f|id=1-0dfurzjg8qyhyo_st_buj9m5jfmgkai"; depth:45; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260906/; classtype:trojan-activity;sid:84124006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.39.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260904/; classtype:trojan-activity;sid:84124004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.37.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260903/; classtype:trojan-activity;sid:84124003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.147.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260902/; classtype:trojan-activity;sid:84124002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.54.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260901/; classtype:trojan-activity;sid:84124001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.72.209"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260900/; classtype:trojan-activity;sid:84124000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.3.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260898/; classtype:trojan-activity;sid:84123998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.71.102.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260897/; classtype:trojan-activity;sid:84123997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.114.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260896/; classtype:trojan-activity;sid:84123996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.234.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260895/; classtype:trojan-activity;sid:84123995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260893/; classtype:trojan-activity;sid:84123993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260894/; classtype:trojan-activity;sid:84123994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.51.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260892/; classtype:trojan-activity;sid:84123992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97c9beb737884d93a1899766d9f4e34c:gostired/kfhjr76.zip"; depth:54; endswith; nocase; http.host; content:"eu2.contabostorage.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260891/; classtype:trojan-activity;sid:84123991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97c9beb737884d93a1899766d9f4e34c:gostired/mkjdf24.zip"; depth:54; endswith; nocase; http.host; content:"eu2.contabostorage.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260890/; classtype:trojan-activity;sid:84123990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97c9beb737884d93a1899766d9f4e34c:gostired/redl90.zip"; depth:53; endswith; nocase; http.host; content:"eu2.contabostorage.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260889/; classtype:trojan-activity;sid:84123989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.236.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260887/; classtype:trojan-activity;sid:84123987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lejr90.txt"; depth:11; endswith; nocase; http.host; content:"pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260888/; classtype:trojan-activity;sid:84123988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.137.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260886/; classtype:trojan-activity;sid:84123986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sep.zip"; depth:8; endswith; nocase; http.host; content:"ttz111.b-cdn.net"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260885/; classtype:trojan-activity;sid:84123985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/home.tar"; depth:9; endswith; nocase; http.host; content:"193.3.19.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260884/; classtype:trojan-activity;sid:84123984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dyz665rb/raw"; depth:13; endswith; nocase; http.host; content:"rentry.co"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260882/; classtype:trojan-activity;sid:84123982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.87.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260883/; classtype:trojan-activity;sid:84123983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/home.tar"; depth:9; endswith; nocase; http.host; content:"lakadmakatdg.shop"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260881/; classtype:trojan-activity;sid:84123981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.247.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260880/; classtype:trojan-activity;sid:84123980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.108.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260879/; classtype:trojan-activity;sid:84123979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10dv28.zip"; depth:11; endswith; nocase; http.host; content:"261024vexea.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260878/; classtype:trojan-activity;sid:84123978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.151.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260876/; classtype:trojan-activity;sid:84123976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kolo26.txt"; depth:11; endswith; nocase; http.host; content:"iilp.b-cdn.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260877/; classtype:trojan-activity;sid:84123977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.236.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260875/; classtype:trojan-activity;sid:84123975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lopi100.zip"; depth:12; endswith; nocase; http.host; content:"261024vexea.b-cdn.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260874/; classtype:trojan-activity;sid:84123974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.178.53.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260873/; classtype:trojan-activity;sid:84123973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.49.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260872/; classtype:trojan-activity;sid:84123972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260871/; classtype:trojan-activity;sid:84123971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.87.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260870/; classtype:trojan-activity;sid:84123970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.231.108.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260869/; classtype:trojan-activity;sid:84123969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.129.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260868/; classtype:trojan-activity;sid:84123968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.137.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260867/; classtype:trojan-activity;sid:84123967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.184.64.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260866/; classtype:trojan-activity;sid:84123966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.132.179.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260865/; classtype:trojan-activity;sid:84123965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.167.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260864/; classtype:trojan-activity;sid:84123964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260863/; classtype:trojan-activity;sid:84123963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.66.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260862/; classtype:trojan-activity;sid:84123962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.120.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260861/; classtype:trojan-activity;sid:84123961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.108.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260860/; classtype:trojan-activity;sid:84123960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260859/; classtype:trojan-activity;sid:84123959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.210.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260858/; classtype:trojan-activity;sid:84123958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.138.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260857/; classtype:trojan-activity;sid:84123957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.112.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260856/; classtype:trojan-activity;sid:84123956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.120.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260855/; classtype:trojan-activity;sid:84123955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.238.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260854/; classtype:trojan-activity;sid:84123954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.71.102.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260853/; classtype:trojan-activity;sid:84123953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.102.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260852/; classtype:trojan-activity;sid:84123952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.98.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260851/; classtype:trojan-activity;sid:84123951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.11.112"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260850/; classtype:trojan-activity;sid:84123950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.219.80.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260849/; classtype:trojan-activity;sid:84123949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.120.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260848/; classtype:trojan-activity;sid:84123948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.53.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260847/; classtype:trojan-activity;sid:84123947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.116.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260846/; classtype:trojan-activity;sid:84123946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.31.106.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260845/; classtype:trojan-activity;sid:84123945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.206.74.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260844/; classtype:trojan-activity;sid:84123944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.85.14.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260842/; classtype:trojan-activity;sid:84123942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.51.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260843/; classtype:trojan-activity;sid:84123943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.120.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260841/; classtype:trojan-activity;sid:84123941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.132.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260840/; classtype:trojan-activity;sid:84123940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.138.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260839/; classtype:trojan-activity;sid:84123939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260838/; classtype:trojan-activity;sid:84123938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.117.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260837/; classtype:trojan-activity;sid:84123937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.238.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260836/; classtype:trojan-activity;sid:84123936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260835/; classtype:trojan-activity;sid:84123935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.102.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260834/; classtype:trojan-activity;sid:84123934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.240.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260833/; classtype:trojan-activity;sid:84123933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.84.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260831/; classtype:trojan-activity;sid:84123931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"96.33.218.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260832/; classtype:trojan-activity;sid:84123932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.222.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260830/; classtype:trojan-activity;sid:84123930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260829/; classtype:trojan-activity;sid:84123929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.246.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260828/; classtype:trojan-activity;sid:84123928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260827/; classtype:trojan-activity;sid:84123927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.79.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260826/; classtype:trojan-activity;sid:84123926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.143.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260825/; classtype:trojan-activity;sid:84123925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260824/; classtype:trojan-activity;sid:84123924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.132.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260823/; classtype:trojan-activity;sid:84123923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.143.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260821/; classtype:trojan-activity;sid:84123921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.106.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260822/; classtype:trojan-activity;sid:84123922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.210.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260820/; classtype:trojan-activity;sid:84123920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.237.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260819/; classtype:trojan-activity;sid:84123919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.203.68.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260818/; classtype:trojan-activity;sid:84123918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.80.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260817/; classtype:trojan-activity;sid:84123917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.177.99.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260816/; classtype:trojan-activity;sid:84123916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.238.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260815/; classtype:trojan-activity;sid:84123915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.161.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260814/; classtype:trojan-activity;sid:84123914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.210.240"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260813/; classtype:trojan-activity;sid:84123913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.73.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260812/; classtype:trojan-activity;sid:84123912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.51.126.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260811/; classtype:trojan-activity;sid:84123911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.25.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260810/; classtype:trojan-activity;sid:84123910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.174.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260809/; classtype:trojan-activity;sid:84123909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.33.40.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260808/; classtype:trojan-activity;sid:84123908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.2.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260807/; classtype:trojan-activity;sid:84123907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.82.125.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260806/; classtype:trojan-activity;sid:84123906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.97.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260805/; classtype:trojan-activity;sid:84123905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.39.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260804/; classtype:trojan-activity;sid:84123904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.136.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260803/; classtype:trojan-activity;sid:84123903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.46.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260802/; classtype:trojan-activity;sid:84123902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.119.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260801/; classtype:trojan-activity;sid:84123901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260800/; classtype:trojan-activity;sid:84123900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.18.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260799/; classtype:trojan-activity;sid:84123899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.83.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260798/; classtype:trojan-activity;sid:84123898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.116.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260797/; classtype:trojan-activity;sid:84123897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.153.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260796/; classtype:trojan-activity;sid:84123896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260795/; classtype:trojan-activity;sid:84123895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.255.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260794/; classtype:trojan-activity;sid:84123894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.59.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260793/; classtype:trojan-activity;sid:84123893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.83.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260792/; classtype:trojan-activity;sid:84123892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.106.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260791/; classtype:trojan-activity;sid:84123891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260790/; classtype:trojan-activity;sid:84123890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.247.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260789/; classtype:trojan-activity;sid:84123889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.113.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260788/; classtype:trojan-activity;sid:84123888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.184.70.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260787/; classtype:trojan-activity;sid:84123887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.68.34.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260786/; classtype:trojan-activity;sid:84123886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.140.238.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260785/; classtype:trojan-activity;sid:84123885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.179.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260783/; classtype:trojan-activity;sid:84123883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260784/; classtype:trojan-activity;sid:84123884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.142.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260782/; classtype:trojan-activity;sid:84123882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260781/; classtype:trojan-activity;sid:84123881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260780/; classtype:trojan-activity;sid:84123880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.59.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260779/; classtype:trojan-activity;sid:84123879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.255.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260778/; classtype:trojan-activity;sid:84123878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.30.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260777/; classtype:trojan-activity;sid:84123877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.227.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260776/; classtype:trojan-activity;sid:84123876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.27.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260775/; classtype:trojan-activity;sid:84123875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260774/; classtype:trojan-activity;sid:84123874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.68.34.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260772/; classtype:trojan-activity;sid:84123872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.153.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260773/; classtype:trojan-activity;sid:84123873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260771/; classtype:trojan-activity;sid:84123871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.112.85.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260770/; classtype:trojan-activity;sid:84123870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.32.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260768/; classtype:trojan-activity;sid:84123868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.216.205.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260769/; classtype:trojan-activity;sid:84123869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.113.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260767/; classtype:trojan-activity;sid:84123867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.81.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260766/; classtype:trojan-activity;sid:84123866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260765/; classtype:trojan-activity;sid:84123865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.28.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260764/; classtype:trojan-activity;sid:84123864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.155.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260763/; classtype:trojan-activity;sid:84123863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.140.238.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260762/; classtype:trojan-activity;sid:84123862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.216.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260761/; classtype:trojan-activity;sid:84123861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.245.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260760/; classtype:trojan-activity;sid:84123860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.239.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260759/; classtype:trojan-activity;sid:84123859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.71.102.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260758/; classtype:trojan-activity;sid:84123858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.141.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260757/; classtype:trojan-activity;sid:84123857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.84.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260756/; classtype:trojan-activity;sid:84123856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.186.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260754/; classtype:trojan-activity;sid:84123854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.184.46.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260755/; classtype:trojan-activity;sid:84123855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.197.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260751/; classtype:trojan-activity;sid:84123851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.45.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260752/; classtype:trojan-activity;sid:84123852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.172.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260753/; classtype:trojan-activity;sid:84123853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.37.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260750/; classtype:trojan-activity;sid:84123850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.241.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260749/; classtype:trojan-activity;sid:84123849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.66.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260748/; classtype:trojan-activity;sid:84123848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.76.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260747/; classtype:trojan-activity;sid:84123847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.164.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260746/; classtype:trojan-activity;sid:84123846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.45.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260745/; classtype:trojan-activity;sid:84123845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.251.20.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260744/; classtype:trojan-activity;sid:84123844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.253.80.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260742/; classtype:trojan-activity;sid:84123842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.169.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260743/; classtype:trojan-activity;sid:84123843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.241.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260741/; classtype:trojan-activity;sid:84123841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.199.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260740/; classtype:trojan-activity;sid:84123840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.7.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260739/; classtype:trojan-activity;sid:84123839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260738/; classtype:trojan-activity;sid:84123838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.82.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260736/; classtype:trojan-activity;sid:84123836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.17.111.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260737/; classtype:trojan-activity;sid:84123837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260735/; classtype:trojan-activity;sid:84123835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260734/; classtype:trojan-activity;sid:84123834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.155.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260733/; classtype:trojan-activity;sid:84123833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.216.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260732/; classtype:trojan-activity;sid:84123832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.201.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260731/; classtype:trojan-activity;sid:84123831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.246.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260730/; classtype:trojan-activity;sid:84123830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.252.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260728/; classtype:trojan-activity;sid:84123828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260729/; classtype:trojan-activity;sid:84123829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.209.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260727/; classtype:trojan-activity;sid:84123827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.15.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260726/; classtype:trojan-activity;sid:84123826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.245.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260725/; classtype:trojan-activity;sid:84123825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260724/; classtype:trojan-activity;sid:84123824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260723/; classtype:trojan-activity;sid:84123823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.38.140.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260722/; classtype:trojan-activity;sid:84123822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.171.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260720/; classtype:trojan-activity;sid:84123820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.61.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260721/; classtype:trojan-activity;sid:84123821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.251.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260719/; classtype:trojan-activity;sid:84123819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.105.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260718/; classtype:trojan-activity;sid:84123818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260716/; classtype:trojan-activity;sid:84123816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.181.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260717/; classtype:trojan-activity;sid:84123817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.66.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260715/; classtype:trojan-activity;sid:84123815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.59.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260714/; classtype:trojan-activity;sid:84123814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.227.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260713/; classtype:trojan-activity;sid:84123813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.102.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260712/; classtype:trojan-activity;sid:84123812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.170.148.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260711/; classtype:trojan-activity;sid:84123811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.45.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260710/; classtype:trojan-activity;sid:84123810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.108.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260709/; classtype:trojan-activity;sid:84123809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.82.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260708/; classtype:trojan-activity;sid:84123808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.33.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260707/; classtype:trojan-activity;sid:84123807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.8.158"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260706/; classtype:trojan-activity;sid:84123806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.96.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260705/; classtype:trojan-activity;sid:84123805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.249.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260704/; classtype:trojan-activity;sid:84123804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.116.140.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260702/; classtype:trojan-activity;sid:84123802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.246.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260703/; classtype:trojan-activity;sid:84123803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260701/; classtype:trojan-activity;sid:84123801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.180.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260700/; classtype:trojan-activity;sid:84123800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.59.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260699/; classtype:trojan-activity;sid:84123799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.231.108.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260698/; classtype:trojan-activity;sid:84123798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.209.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260696/; classtype:trojan-activity;sid:84123796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260697/; classtype:trojan-activity;sid:84123797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.252.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260695/; classtype:trojan-activity;sid:84123795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.8.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260694/; classtype:trojan-activity;sid:84123794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.98.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260693/; classtype:trojan-activity;sid:84123793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.189.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260692/; classtype:trojan-activity;sid:84123792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.177.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260691/; classtype:trojan-activity;sid:84123791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.85.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260690/; classtype:trojan-activity;sid:84123790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.196.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260689/; classtype:trojan-activity;sid:84123789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260688/; classtype:trojan-activity;sid:84123788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.102.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260687/; classtype:trojan-activity;sid:84123787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.181.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260686/; classtype:trojan-activity;sid:84123786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.170.148.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260685/; classtype:trojan-activity;sid:84123785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.58.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260684/; classtype:trojan-activity;sid:84123784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260683/; classtype:trojan-activity;sid:84123783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.91.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260682/; classtype:trojan-activity;sid:84123782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.206.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260680/; classtype:trojan-activity;sid:84123780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.122.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260681/; classtype:trojan-activity;sid:84123781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.168.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260679/; classtype:trojan-activity;sid:84123779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.81.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260678/; classtype:trojan-activity;sid:84123778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260676/; classtype:trojan-activity;sid:84123776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260677/; classtype:trojan-activity;sid:84123777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.85.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260675/; classtype:trojan-activity;sid:84123775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.251.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260673/; classtype:trojan-activity;sid:84123773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.217.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260674/; classtype:trojan-activity;sid:84123774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.80.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260672/; classtype:trojan-activity;sid:84123772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.150.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260669/; classtype:trojan-activity;sid:84123769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.53.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260670/; classtype:trojan-activity;sid:84123770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.48.23"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260671/; classtype:trojan-activity;sid:84123771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.38.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260668/; classtype:trojan-activity;sid:84123768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.105.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260667/; classtype:trojan-activity;sid:84123767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"bpklub.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260666/; classtype:trojan-activity;sid:84123766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.240.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260664/; classtype:trojan-activity;sid:84123764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260665/; classtype:trojan-activity;sid:84123765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.35.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260663/; classtype:trojan-activity;sid:84123763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.206.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260662/; classtype:trojan-activity;sid:84123762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.115.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260660/; classtype:trojan-activity;sid:84123760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.98.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260661/; classtype:trojan-activity;sid:84123761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.146.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260659/; classtype:trojan-activity;sid:84123759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.112.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260658/; classtype:trojan-activity;sid:84123758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.26.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260657/; classtype:trojan-activity;sid:84123757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.216.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260656/; classtype:trojan-activity;sid:84123756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.212.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260655/; classtype:trojan-activity;sid:84123755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260654/; classtype:trojan-activity;sid:84123754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.85.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260653/; classtype:trojan-activity;sid:84123753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.103.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260652/; classtype:trojan-activity;sid:84123752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.65.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260651/; classtype:trojan-activity;sid:84123751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.135.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260650/; classtype:trojan-activity;sid:84123750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.66.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260648/; classtype:trojan-activity;sid:84123748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.12.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260649/; classtype:trojan-activity;sid:84123749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.53.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260647/; classtype:trojan-activity;sid:84123747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.219.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260646/; classtype:trojan-activity;sid:84123746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.64.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260645/; classtype:trojan-activity;sid:84123745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260644/; classtype:trojan-activity;sid:84123744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.200.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260643/; classtype:trojan-activity;sid:84123743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.48.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260642/; classtype:trojan-activity;sid:84123742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.205.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260641/; classtype:trojan-activity;sid:84123741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.142.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260640/; classtype:trojan-activity;sid:84123740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.135.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260639/; classtype:trojan-activity;sid:84123739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.35.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260638/; classtype:trojan-activity;sid:84123738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260637/; classtype:trojan-activity;sid:84123737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.241.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260636/; classtype:trojan-activity;sid:84123736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.43.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260635/; classtype:trojan-activity;sid:84123735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.91.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260634/; classtype:trojan-activity;sid:84123734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.35.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260633/; classtype:trojan-activity;sid:84123733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.30.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260632/; classtype:trojan-activity;sid:84123732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.205.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260631/; classtype:trojan-activity;sid:84123731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.110.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260630/; classtype:trojan-activity;sid:84123730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.1.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260629/; classtype:trojan-activity;sid:84123729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.74.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260628/; classtype:trojan-activity;sid:84123728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.86.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260627/; classtype:trojan-activity;sid:84123727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.112.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260626/; classtype:trojan-activity;sid:84123726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.146.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260625/; classtype:trojan-activity;sid:84123725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.95.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260624/; classtype:trojan-activity;sid:84123724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.147.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260623/; classtype:trojan-activity;sid:84123723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.1.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260622/; classtype:trojan-activity;sid:84123722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260621/; classtype:trojan-activity;sid:84123721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.8.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260620/; classtype:trojan-activity;sid:84123720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.158.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260619/; classtype:trojan-activity;sid:84123719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.18.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260618/; classtype:trojan-activity;sid:84123718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.27.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260617/; classtype:trojan-activity;sid:84123717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260616/; classtype:trojan-activity;sid:84123716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.45.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260615/; classtype:trojan-activity;sid:84123715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.27.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260614/; classtype:trojan-activity;sid:84123714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.227.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260613/; classtype:trojan-activity;sid:84123713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.30.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260612/; classtype:trojan-activity;sid:84123712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.38.0.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260611/; classtype:trojan-activity;sid:84123711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.174.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260609/; classtype:trojan-activity;sid:84123709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.26.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260610/; classtype:trojan-activity;sid:84123710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.3.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260608/; classtype:trojan-activity;sid:84123708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.27.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260606/; classtype:trojan-activity;sid:84123706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.17.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260607/; classtype:trojan-activity;sid:84123707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.101.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260605/; classtype:trojan-activity;sid:84123705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.207.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260603/; classtype:trojan-activity;sid:84123703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.92.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260604/; classtype:trojan-activity;sid:84123704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.95.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260602/; classtype:trojan-activity;sid:84123702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.128.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260600/; classtype:trojan-activity;sid:84123700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.120.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260601/; classtype:trojan-activity;sid:84123701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.101.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260599/; classtype:trojan-activity;sid:84123699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.28.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260596/; classtype:trojan-activity;sid:84123696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.45.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260597/; classtype:trojan-activity;sid:84123697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260598/; classtype:trojan-activity;sid:84123698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.66.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260595/; classtype:trojan-activity;sid:84123695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.182.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260593/; classtype:trojan-activity;sid:84123693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.64.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260594/; classtype:trojan-activity;sid:84123694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.27.87"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260592/; classtype:trojan-activity;sid:84123692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.108.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260591/; classtype:trojan-activity;sid:84123691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.54.131.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260590/; classtype:trojan-activity;sid:84123690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.171.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260589/; classtype:trojan-activity;sid:84123689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.178.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260588/; classtype:trojan-activity;sid:84123688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.129.145.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260587/; classtype:trojan-activity;sid:84123687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260586/; classtype:trojan-activity;sid:84123686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.205.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260585/; classtype:trojan-activity;sid:84123685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.206.204.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260584/; classtype:trojan-activity;sid:84123684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.137.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260583/; classtype:trojan-activity;sid:84123683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.251.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260581/; classtype:trojan-activity;sid:84123681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.1.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260582/; classtype:trojan-activity;sid:84123682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.226.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260580/; classtype:trojan-activity;sid:84123680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.13.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260579/; classtype:trojan-activity;sid:84123679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.180.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260578/; classtype:trojan-activity;sid:84123678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.139.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260577/; classtype:trojan-activity;sid:84123677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.151.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260573/; classtype:trojan-activity;sid:84123673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.1.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260574/; classtype:trojan-activity;sid:84123674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.128.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260575/; classtype:trojan-activity;sid:84123675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.143.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260576/; classtype:trojan-activity;sid:84123676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.151.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260572/; classtype:trojan-activity;sid:84123672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.45.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260571/; classtype:trojan-activity;sid:84123671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.236.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260570/; classtype:trojan-activity;sid:84123670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260569/; classtype:trojan-activity;sid:84123669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260568/; classtype:trojan-activity;sid:84123668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260566/; classtype:trojan-activity;sid:84123666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.141.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260567/; classtype:trojan-activity;sid:84123667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.228.95.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260565/; classtype:trojan-activity;sid:84123665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.227.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260562/; classtype:trojan-activity;sid:84123662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.153.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260563/; classtype:trojan-activity;sid:84123663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.103.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260564/; classtype:trojan-activity;sid:84123664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.147.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260561/; classtype:trojan-activity;sid:84123661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.17.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260560/; classtype:trojan-activity;sid:84123660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.185.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260559/; classtype:trojan-activity;sid:84123659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.27.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260558/; classtype:trojan-activity;sid:84123658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.145.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260556/; classtype:trojan-activity;sid:84123656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.160.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260557/; classtype:trojan-activity;sid:84123657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.251.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260555/; classtype:trojan-activity;sid:84123655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.229.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260554/; classtype:trojan-activity;sid:84123654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.124.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260553/; classtype:trojan-activity;sid:84123653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260552/; classtype:trojan-activity;sid:84123652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.230.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260550/; classtype:trojan-activity;sid:84123650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.121.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260551/; classtype:trojan-activity;sid:84123651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.74.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260549/; classtype:trojan-activity;sid:84123649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.28.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260548/; classtype:trojan-activity;sid:84123648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.206.204.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260547/; classtype:trojan-activity;sid:84123647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.54.131.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260546/; classtype:trojan-activity;sid:84123646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.137.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260545/; classtype:trojan-activity;sid:84123645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.227.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260544/; classtype:trojan-activity;sid:84123644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260543/; classtype:trojan-activity;sid:84123643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.108.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260542/; classtype:trojan-activity;sid:84123642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.251.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260541/; classtype:trojan-activity;sid:84123641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.176.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260540/; classtype:trojan-activity;sid:84123640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.40.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260539/; classtype:trojan-activity;sid:84123639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.103.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260538/; classtype:trojan-activity;sid:84123638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.246.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260537/; classtype:trojan-activity;sid:84123637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.18.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260536/; classtype:trojan-activity;sid:84123636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"2.194.69.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260535/; classtype:trojan-activity;sid:84123635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.144.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260532/; classtype:trojan-activity;sid:84123632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.24.25.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260533/; classtype:trojan-activity;sid:84123633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.76.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260534/; classtype:trojan-activity;sid:84123634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260531/; classtype:trojan-activity;sid:84123631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.115.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260529/; classtype:trojan-activity;sid:84123629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.251.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260530/; classtype:trojan-activity;sid:84123630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.226.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260528/; classtype:trojan-activity;sid:84123628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.160.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260526/; classtype:trojan-activity;sid:84123626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.248.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260527/; classtype:trojan-activity;sid:84123627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.141.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260525/; classtype:trojan-activity;sid:84123625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.206.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260524/; classtype:trojan-activity;sid:84123624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.153.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260523/; classtype:trojan-activity;sid:84123623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.250.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260522/; classtype:trojan-activity;sid:84123622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260521/; classtype:trojan-activity;sid:84123621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.136.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260520/; classtype:trojan-activity;sid:84123620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.27.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260519/; classtype:trojan-activity;sid:84123619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.130.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260518/; classtype:trojan-activity;sid:84123618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.151.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260517/; classtype:trojan-activity;sid:84123617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260516/; classtype:trojan-activity;sid:84123616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.253.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260515/; classtype:trojan-activity;sid:84123615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.40.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260514/; classtype:trojan-activity;sid:84123614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.229.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260513/; classtype:trojan-activity;sid:84123613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.88.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260512/; classtype:trojan-activity;sid:84123612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.76.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260511/; classtype:trojan-activity;sid:84123611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.223.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260510/; classtype:trojan-activity;sid:84123610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.146.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260507/; classtype:trojan-activity;sid:84123607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.228.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260508/; classtype:trojan-activity;sid:84123608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260509/; classtype:trojan-activity;sid:84123609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.80.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260506/; classtype:trojan-activity;sid:84123606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.236.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260505/; classtype:trojan-activity;sid:84123605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.186.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260504/; classtype:trojan-activity;sid:84123604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.192.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260503/; classtype:trojan-activity;sid:84123603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.130.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260502/; classtype:trojan-activity;sid:84123602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.112.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260501/; classtype:trojan-activity;sid:84123601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.206.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260500/; classtype:trojan-activity;sid:84123600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.140.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260499/; classtype:trojan-activity;sid:84123599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.144.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260498/; classtype:trojan-activity;sid:84123598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.55.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260497/; classtype:trojan-activity;sid:84123597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.43.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260496/; classtype:trojan-activity;sid:84123596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.5.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260494/; classtype:trojan-activity;sid:84123594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.225.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260495/; classtype:trojan-activity;sid:84123595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.250.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260493/; classtype:trojan-activity;sid:84123593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260492/; classtype:trojan-activity;sid:84123592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.222.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260491/; classtype:trojan-activity;sid:84123591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.213.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260490/; classtype:trojan-activity;sid:84123590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260489/; classtype:trojan-activity;sid:84123589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.121.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260488/; classtype:trojan-activity;sid:84123588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.136.204"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260487/; classtype:trojan-activity;sid:84123587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260486/; classtype:trojan-activity;sid:84123586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.122.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260485/; classtype:trojan-activity;sid:84123585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.213.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260484/; classtype:trojan-activity;sid:84123584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260483/; classtype:trojan-activity;sid:84123583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.248.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260482/; classtype:trojan-activity;sid:84123582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.146.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260480/; classtype:trojan-activity;sid:84123580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.29.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260481/; classtype:trojan-activity;sid:84123581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.186.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260479/; classtype:trojan-activity;sid:84123579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.120.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260478/; classtype:trojan-activity;sid:84123578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.217.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260477/; classtype:trojan-activity;sid:84123577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.220.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260476/; classtype:trojan-activity;sid:84123576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.118.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260475/; classtype:trojan-activity;sid:84123575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.106.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260474/; classtype:trojan-activity;sid:84123574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.137.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260473/; classtype:trojan-activity;sid:84123573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.6.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260472/; classtype:trojan-activity;sid:84123572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.251.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260471/; classtype:trojan-activity;sid:84123571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.208.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260470/; classtype:trojan-activity;sid:84123570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.142.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260469/; classtype:trojan-activity;sid:84123569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.21.97"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260467/; classtype:trojan-activity;sid:84123567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.14.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260468/; classtype:trojan-activity;sid:84123568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.169.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260466/; classtype:trojan-activity;sid:84123566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.3.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260465/; classtype:trojan-activity;sid:84123565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.165.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260464/; classtype:trojan-activity;sid:84123564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.225.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260462/; classtype:trojan-activity;sid:84123562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.140.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260463/; classtype:trojan-activity;sid:84123563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.134.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260461/; classtype:trojan-activity;sid:84123561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.6.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260459/; classtype:trojan-activity;sid:84123559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260460/; classtype:trojan-activity;sid:84123560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.88.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260458/; classtype:trojan-activity;sid:84123558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.208.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260457/; classtype:trojan-activity;sid:84123557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.87.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260456/; classtype:trojan-activity;sid:84123556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.14.162.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260455/; classtype:trojan-activity;sid:84123555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.84.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260454/; classtype:trojan-activity;sid:84123554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.99.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260452/; classtype:trojan-activity;sid:84123552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.203.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260453/; classtype:trojan-activity;sid:84123553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.251.114.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260451/; classtype:trojan-activity;sid:84123551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.248.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260450/; classtype:trojan-activity;sid:84123550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.170.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260449/; classtype:trojan-activity;sid:84123549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.115.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260448/; classtype:trojan-activity;sid:84123548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.58.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260447/; classtype:trojan-activity;sid:84123547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.248.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260446/; classtype:trojan-activity;sid:84123546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.240.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260445/; classtype:trojan-activity;sid:84123545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.121.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260444/; classtype:trojan-activity;sid:84123544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260443/; classtype:trojan-activity;sid:84123543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.60.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260442/; classtype:trojan-activity;sid:84123542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.143.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260441/; classtype:trojan-activity;sid:84123541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260440/; classtype:trojan-activity;sid:84123540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.235.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260439/; classtype:trojan-activity;sid:84123539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260438/; classtype:trojan-activity;sid:84123538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.173.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260437/; classtype:trojan-activity;sid:84123537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.87.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260436/; classtype:trojan-activity;sid:84123536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.53.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260435/; classtype:trojan-activity;sid:84123535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.23.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260434/; classtype:trojan-activity;sid:84123534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.99.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260433/; classtype:trojan-activity;sid:84123533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.193.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260431/; classtype:trojan-activity;sid:84123531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.109.146.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260432/; classtype:trojan-activity;sid:84123532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.240.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260430/; classtype:trojan-activity;sid:84123530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260429/; classtype:trojan-activity;sid:84123529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.120.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260428/; classtype:trojan-activity;sid:84123528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.89.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260427/; classtype:trojan-activity;sid:84123527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260426/; classtype:trojan-activity;sid:84123526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260425/; classtype:trojan-activity;sid:84123525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.170.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260424/; classtype:trojan-activity;sid:84123524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.220.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260423/; classtype:trojan-activity;sid:84123523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.251.114.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260422/; classtype:trojan-activity;sid:84123522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.143.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260421/; classtype:trojan-activity;sid:84123521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260420/; classtype:trojan-activity;sid:84123520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260419/; classtype:trojan-activity;sid:84123519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.86.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260418/; classtype:trojan-activity;sid:84123518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.229.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260417/; classtype:trojan-activity;sid:84123517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.92.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260416/; classtype:trojan-activity;sid:84123516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.11.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260415/; classtype:trojan-activity;sid:84123515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.232.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260414/; classtype:trojan-activity;sid:84123514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260413/; classtype:trojan-activity;sid:84123513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.65.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260412/; classtype:trojan-activity;sid:84123512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.60.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260411/; classtype:trojan-activity;sid:84123511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.234.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260410/; classtype:trojan-activity;sid:84123510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.234.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260408/; classtype:trojan-activity;sid:84123508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.121.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260409/; classtype:trojan-activity;sid:84123509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.82.227.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260407/; classtype:trojan-activity;sid:84123507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.222.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260405/; classtype:trojan-activity;sid:84123505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.26.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260406/; classtype:trojan-activity;sid:84123506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.151.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260404/; classtype:trojan-activity;sid:84123504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.117.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260403/; classtype:trojan-activity;sid:84123503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.53.121.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260402/; classtype:trojan-activity;sid:84123502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.194.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260400/; classtype:trojan-activity;sid:84123500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.230.160.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260401/; classtype:trojan-activity;sid:84123501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260399/; classtype:trojan-activity;sid:84123499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.143.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260398/; classtype:trojan-activity;sid:84123498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.109.146.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260397/; classtype:trojan-activity;sid:84123497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.77.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260396/; classtype:trojan-activity;sid:84123496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.30.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260395/; classtype:trojan-activity;sid:84123495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.191.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260394/; classtype:trojan-activity;sid:84123494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.77.44"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260393/; classtype:trojan-activity;sid:84123493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.234.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260392/; classtype:trojan-activity;sid:84123492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260391/; classtype:trojan-activity;sid:84123491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.232.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260390/; classtype:trojan-activity;sid:84123490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.234.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260389/; classtype:trojan-activity;sid:84123489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.1.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260388/; classtype:trojan-activity;sid:84123488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260387/; classtype:trojan-activity;sid:84123487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.85.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260386/; classtype:trojan-activity;sid:84123486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.123.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260385/; classtype:trojan-activity;sid:84123485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.234.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260384/; classtype:trojan-activity;sid:84123484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.199.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260381/; classtype:trojan-activity;sid:84123481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260382/; classtype:trojan-activity;sid:84123482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.143.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260383/; classtype:trojan-activity;sid:84123483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.44.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260380/; classtype:trojan-activity;sid:84123480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260379/; classtype:trojan-activity;sid:84123479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.183.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260377/; classtype:trojan-activity;sid:84123477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.88.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260378/; classtype:trojan-activity;sid:84123478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260375/; classtype:trojan-activity;sid:84123475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.173.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3260376/; classtype:trojan-activity;sid:84123476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.151.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260374/; classtype:trojan-activity;sid:84123474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.222.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260373/; classtype:trojan-activity;sid:84123473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.173.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260372/; classtype:trojan-activity;sid:84123472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.53.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260370/; classtype:trojan-activity;sid:84123470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.219.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260371/; classtype:trojan-activity;sid:84123471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.53.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260369/; classtype:trojan-activity;sid:84123469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.202.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260368/; classtype:trojan-activity;sid:84123468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.147.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260367/; classtype:trojan-activity;sid:84123467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.117.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260366/; classtype:trojan-activity;sid:84123466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.82.227.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260365/; classtype:trojan-activity;sid:84123465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.193.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260364/; classtype:trojan-activity;sid:84123464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.195.81.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260363/; classtype:trojan-activity;sid:84123463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.135.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260362/; classtype:trojan-activity;sid:84123462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260361/; classtype:trojan-activity;sid:84123461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.44.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260360/; classtype:trojan-activity;sid:84123460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.64.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260359/; classtype:trojan-activity;sid:84123459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.170.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260358/; classtype:trojan-activity;sid:84123458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.123.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260357/; classtype:trojan-activity;sid:84123457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.138.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260356/; classtype:trojan-activity;sid:84123456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.12.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260355/; classtype:trojan-activity;sid:84123455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.202.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260354/; classtype:trojan-activity;sid:84123454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.210.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260353/; classtype:trojan-activity;sid:84123453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.88.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260352/; classtype:trojan-activity;sid:84123452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260351/; classtype:trojan-activity;sid:84123451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.245.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260350/; classtype:trojan-activity;sid:84123450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.10.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260349/; classtype:trojan-activity;sid:84123449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.98.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260348/; classtype:trojan-activity;sid:84123448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.117.22.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260346/; classtype:trojan-activity;sid:84123446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.7.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260347/; classtype:trojan-activity;sid:84123447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.203.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260345/; classtype:trojan-activity;sid:84123445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.129.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260344/; classtype:trojan-activity;sid:84123444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.8.158"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260343/; classtype:trojan-activity;sid:84123443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.253.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260342/; classtype:trojan-activity;sid:84123442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260341/; classtype:trojan-activity;sid:84123441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.121.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260340/; classtype:trojan-activity;sid:84123440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.65.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260339/; classtype:trojan-activity;sid:84123439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.135.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260338/; classtype:trojan-activity;sid:84123438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.28.173"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260337/; classtype:trojan-activity;sid:84123437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260336/; classtype:trojan-activity;sid:84123436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.66.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260333/; classtype:trojan-activity;sid:84123433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.216.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260334/; classtype:trojan-activity;sid:84123434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260335/; classtype:trojan-activity;sid:84123435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.123.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260332/; classtype:trojan-activity;sid:84123432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.44.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260331/; classtype:trojan-activity;sid:84123431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.64.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260330/; classtype:trojan-activity;sid:84123430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260329/; classtype:trojan-activity;sid:84123429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.248.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260328/; classtype:trojan-activity;sid:84123428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.25.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260327/; classtype:trojan-activity;sid:84123427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.1.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260326/; classtype:trojan-activity;sid:84123426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.129.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260325/; classtype:trojan-activity;sid:84123425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.23.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260323/; classtype:trojan-activity;sid:84123423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.238.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260324/; classtype:trojan-activity;sid:84123424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.184.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260322/; classtype:trojan-activity;sid:84123422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260321/; classtype:trojan-activity;sid:84123421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.27.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260320/; classtype:trojan-activity;sid:84123420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.22.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260319/; classtype:trojan-activity;sid:84123419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.94.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260317/; classtype:trojan-activity;sid:84123417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.119.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260318/; classtype:trojan-activity;sid:84123418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.212.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260316/; classtype:trojan-activity;sid:84123416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.157.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260315/; classtype:trojan-activity;sid:84123415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.140.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260312/; classtype:trojan-activity;sid:84123412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.40.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260313/; classtype:trojan-activity;sid:84123413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.153.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260314/; classtype:trojan-activity;sid:84123414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.121.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260311/; classtype:trojan-activity;sid:84123411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.216.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260310/; classtype:trojan-activity;sid:84123410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260309/; classtype:trojan-activity;sid:84123409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.10.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260308/; classtype:trojan-activity;sid:84123408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.99.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260307/; classtype:trojan-activity;sid:84123407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.64.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260306/; classtype:trojan-activity;sid:84123406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.216.205.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260305/; classtype:trojan-activity;sid:84123405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260304/; classtype:trojan-activity;sid:84123404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260303/; classtype:trojan-activity;sid:84123403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.55.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260302/; classtype:trojan-activity;sid:84123402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260301/; classtype:trojan-activity;sid:84123401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.102.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260300/; classtype:trojan-activity;sid:84123400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.27.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260299/; classtype:trojan-activity;sid:84123399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.52.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260297/; classtype:trojan-activity;sid:84123397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.37.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260298/; classtype:trojan-activity;sid:84123398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.180.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260296/; classtype:trojan-activity;sid:84123396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.165.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260295/; classtype:trojan-activity;sid:84123395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.140.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260294/; classtype:trojan-activity;sid:84123394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.184.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260293/; classtype:trojan-activity;sid:84123393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.119.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260292/; classtype:trojan-activity;sid:84123392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260290/; classtype:trojan-activity;sid:84123390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.157.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260291/; classtype:trojan-activity;sid:84123391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.153.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260289/; classtype:trojan-activity;sid:84123389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.216.205.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260288/; classtype:trojan-activity;sid:84123388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.89.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260287/; classtype:trojan-activity;sid:84123387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.212.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260286/; classtype:trojan-activity;sid:84123386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.187.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260285/; classtype:trojan-activity;sid:84123385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260284/; classtype:trojan-activity;sid:84123384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.26.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260283/; classtype:trojan-activity;sid:84123383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260282/; classtype:trojan-activity;sid:84123382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260281/; classtype:trojan-activity;sid:84123381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.120.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260280/; classtype:trojan-activity;sid:84123380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.135.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260279/; classtype:trojan-activity;sid:84123379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.59.85.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260277/; classtype:trojan-activity;sid:84123377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.138.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260278/; classtype:trojan-activity;sid:84123378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.103.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260276/; classtype:trojan-activity;sid:84123376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.231.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260272/; classtype:trojan-activity;sid:84123372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.146.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260273/; classtype:trojan-activity;sid:84123373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.72.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260274/; classtype:trojan-activity;sid:84123374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.113.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260275/; classtype:trojan-activity;sid:84123375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.70.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260271/; classtype:trojan-activity;sid:84123371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.245.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260270/; classtype:trojan-activity;sid:84123370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.200.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260269/; classtype:trojan-activity;sid:84123369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.110.4.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260268/; classtype:trojan-activity;sid:84123368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.182.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260267/; classtype:trojan-activity;sid:84123367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.120.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260266/; classtype:trojan-activity;sid:84123366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.129.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260265/; classtype:trojan-activity;sid:84123365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.120.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260264/; classtype:trojan-activity;sid:84123364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.135.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260263/; classtype:trojan-activity;sid:84123363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.208.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260262/; classtype:trojan-activity;sid:84123362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.153.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260261/; classtype:trojan-activity;sid:84123361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260260/; classtype:trojan-activity;sid:84123360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.189.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260259/; classtype:trojan-activity;sid:84123359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.12.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260258/; classtype:trojan-activity;sid:84123358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.89.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260257/; classtype:trojan-activity;sid:84123357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.99.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260256/; classtype:trojan-activity;sid:84123356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.60.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260255/; classtype:trojan-activity;sid:84123355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.120.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260254/; classtype:trojan-activity;sid:84123354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.136.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260252/; classtype:trojan-activity;sid:84123352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.148.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260253/; classtype:trojan-activity;sid:84123353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.59.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260251/; classtype:trojan-activity;sid:84123351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.187.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260250/; classtype:trojan-activity;sid:84123350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.165.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260249/; classtype:trojan-activity;sid:84123349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.90.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260248/; classtype:trojan-activity;sid:84123348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.245.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260247/; classtype:trojan-activity;sid:84123347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.51.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260246/; classtype:trojan-activity;sid:84123346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.88.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260245/; classtype:trojan-activity;sid:84123345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.26.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260244/; classtype:trojan-activity;sid:84123344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.48.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260243/; classtype:trojan-activity;sid:84123343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260242/; classtype:trojan-activity;sid:84123342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.1.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260241/; classtype:trojan-activity;sid:84123341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.20.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260240/; classtype:trojan-activity;sid:84123340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.197.173.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260239/; classtype:trojan-activity;sid:84123339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.159.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260238/; classtype:trojan-activity;sid:84123338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.12.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260236/; classtype:trojan-activity;sid:84123336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.200.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260237/; classtype:trojan-activity;sid:84123337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260235/; classtype:trojan-activity;sid:84123335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.164.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260234/; classtype:trojan-activity;sid:84123334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.222.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260233/; classtype:trojan-activity;sid:84123333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260232/; classtype:trojan-activity;sid:84123332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.182.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260231/; classtype:trojan-activity;sid:84123331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.54.162.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260230/; classtype:trojan-activity;sid:84123330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.9.100.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260229/; classtype:trojan-activity;sid:84123329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.99.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260228/; classtype:trojan-activity;sid:84123328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.33.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260227/; classtype:trojan-activity;sid:84123327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.30.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260226/; classtype:trojan-activity;sid:84123326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.178.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260225/; classtype:trojan-activity;sid:84123325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.37.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260224/; classtype:trojan-activity;sid:84123324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.74.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260223/; classtype:trojan-activity;sid:84123323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.39.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260222/; classtype:trojan-activity;sid:84123322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.88.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260221/; classtype:trojan-activity;sid:84123321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.103.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260220/; classtype:trojan-activity;sid:84123320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.175.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260218/; classtype:trojan-activity;sid:84123318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.74.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260219/; classtype:trojan-activity;sid:84123319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.163.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260217/; classtype:trojan-activity;sid:84123317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.191.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260216/; classtype:trojan-activity;sid:84123316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.158.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260215/; classtype:trojan-activity;sid:84123315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.109.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260214/; classtype:trojan-activity;sid:84123314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.1.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260212/; classtype:trojan-activity;sid:84123312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.38.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260213/; classtype:trojan-activity;sid:84123313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.137.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260211/; classtype:trojan-activity;sid:84123311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260210/; classtype:trojan-activity;sid:84123310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.1.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260209/; classtype:trojan-activity;sid:84123309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.30.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260208/; classtype:trojan-activity;sid:84123308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"194.54.162.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260207/; classtype:trojan-activity;sid:84123307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.153.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260206/; classtype:trojan-activity;sid:84123306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.53.121.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260205/; classtype:trojan-activity;sid:84123305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.129.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260204/; classtype:trojan-activity;sid:84123304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.33.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260203/; classtype:trojan-activity;sid:84123303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.82.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260202/; classtype:trojan-activity;sid:84123302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260201/; classtype:trojan-activity;sid:84123301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.111.75.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260199/; classtype:trojan-activity;sid:84123299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.73.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260200/; classtype:trojan-activity;sid:84123300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.40.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260198/; classtype:trojan-activity;sid:84123298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.125.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260197/; classtype:trojan-activity;sid:84123297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.231.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260196/; classtype:trojan-activity;sid:84123296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.249.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260195/; classtype:trojan-activity;sid:84123295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.118.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260194/; classtype:trojan-activity;sid:84123294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.41.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260193/; classtype:trojan-activity;sid:84123293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.92.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260191/; classtype:trojan-activity;sid:84123291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.55.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260192/; classtype:trojan-activity;sid:84123292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.193.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260190/; classtype:trojan-activity;sid:84123290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.242.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260189/; classtype:trojan-activity;sid:84123289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.125.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260188/; classtype:trojan-activity;sid:84123288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.74.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260187/; classtype:trojan-activity;sid:84123287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.11.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260186/; classtype:trojan-activity;sid:84123286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.205.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260185/; classtype:trojan-activity;sid:84123285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.158.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260184/; classtype:trojan-activity;sid:84123284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.248.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260183/; classtype:trojan-activity;sid:84123283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260182/; classtype:trojan-activity;sid:84123282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.11.183"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260181/; classtype:trojan-activity;sid:84123281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.109.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260180/; classtype:trojan-activity;sid:84123280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.76.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260179/; classtype:trojan-activity;sid:84123279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.203.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260178/; classtype:trojan-activity;sid:84123278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.63.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260177/; classtype:trojan-activity;sid:84123277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.162.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260176/; classtype:trojan-activity;sid:84123276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.187.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260175/; classtype:trojan-activity;sid:84123275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.107.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260174/; classtype:trojan-activity;sid:84123274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.125.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260173/; classtype:trojan-activity;sid:84123273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.1.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260171/; classtype:trojan-activity;sid:84123271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.88.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260172/; classtype:trojan-activity;sid:84123272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.208.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260170/; classtype:trojan-activity;sid:84123270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.227.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260169/; classtype:trojan-activity;sid:84123269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.181.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260168/; classtype:trojan-activity;sid:84123268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.71.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260167/; classtype:trojan-activity;sid:84123267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.2.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260166/; classtype:trojan-activity;sid:84123266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.114.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260165/; classtype:trojan-activity;sid:84123265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.219.18.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260164/; classtype:trojan-activity;sid:84123264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.209.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260163/; classtype:trojan-activity;sid:84123263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260162/; classtype:trojan-activity;sid:84123262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.195.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260161/; classtype:trojan-activity;sid:84123261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.232.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260160/; classtype:trojan-activity;sid:84123260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.82.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260159/; classtype:trojan-activity;sid:84123259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260158/; classtype:trojan-activity;sid:84123258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.1.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260157/; classtype:trojan-activity;sid:84123257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.251.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260156/; classtype:trojan-activity;sid:84123256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.75.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260155/; classtype:trojan-activity;sid:84123255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.179.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260154/; classtype:trojan-activity;sid:84123254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.101.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260153/; classtype:trojan-activity;sid:84123253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.151.248.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260152/; classtype:trojan-activity;sid:84123252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.105.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260148/; classtype:trojan-activity;sid:84123248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.82.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260149/; classtype:trojan-activity;sid:84123249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.227.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260150/; classtype:trojan-activity;sid:84123250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.219.174.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260151/; classtype:trojan-activity;sid:84123251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.44.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260147/; classtype:trojan-activity;sid:84123247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.88.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260146/; classtype:trojan-activity;sid:84123246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.205.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260145/; classtype:trojan-activity;sid:84123245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.236.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260144/; classtype:trojan-activity;sid:84123244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.241.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260143/; classtype:trojan-activity;sid:84123243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.4.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260142/; classtype:trojan-activity;sid:84123242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.27.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260141/; classtype:trojan-activity;sid:84123241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260140/; classtype:trojan-activity;sid:84123240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.151.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260139/; classtype:trojan-activity;sid:84123239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.112.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260138/; classtype:trojan-activity;sid:84123238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.207.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260137/; classtype:trojan-activity;sid:84123237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.185.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260136/; classtype:trojan-activity;sid:84123236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.85.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260135/; classtype:trojan-activity;sid:84123235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.238.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260134/; classtype:trojan-activity;sid:84123234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.118.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260133/; classtype:trojan-activity;sid:84123233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260132/; classtype:trojan-activity;sid:84123232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.137.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260131/; classtype:trojan-activity;sid:84123231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.180.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260130/; classtype:trojan-activity;sid:84123230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.228.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260129/; classtype:trojan-activity;sid:84123229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.82.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260128/; classtype:trojan-activity;sid:84123228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.52.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260127/; classtype:trojan-activity;sid:84123227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260126/; classtype:trojan-activity;sid:84123226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.82.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260125/; classtype:trojan-activity;sid:84123225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.241.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260124/; classtype:trojan-activity;sid:84123224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.107.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260123/; classtype:trojan-activity;sid:84123223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.111.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260122/; classtype:trojan-activity;sid:84123222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.88.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260120/; classtype:trojan-activity;sid:84123220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.110.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260121/; classtype:trojan-activity;sid:84123221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.113.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260118/; classtype:trojan-activity;sid:84123218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.253.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260119/; classtype:trojan-activity;sid:84123219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.27.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260117/; classtype:trojan-activity;sid:84123217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260116/; classtype:trojan-activity;sid:84123216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.216.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260115/; classtype:trojan-activity;sid:84123215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.44.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260113/; classtype:trojan-activity;sid:84123213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260114/; classtype:trojan-activity;sid:84123214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260112/; classtype:trojan-activity;sid:84123212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.85.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260111/; classtype:trojan-activity;sid:84123211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.120.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260109/; classtype:trojan-activity;sid:84123209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.254.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260110/; classtype:trojan-activity;sid:84123210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.185.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260108/; classtype:trojan-activity;sid:84123208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.241.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260107/; classtype:trojan-activity;sid:84123207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.62.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260106/; classtype:trojan-activity;sid:84123206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.180.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260105/; classtype:trojan-activity;sid:84123205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.173.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260104/; classtype:trojan-activity;sid:84123204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.77.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260103/; classtype:trojan-activity;sid:84123203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.80.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260102/; classtype:trojan-activity;sid:84123202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.84.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260101/; classtype:trojan-activity;sid:84123201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.27.250"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260100/; classtype:trojan-activity;sid:84123200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.42.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260099/; classtype:trojan-activity;sid:84123199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.101.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260098/; classtype:trojan-activity;sid:84123198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.108.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260097/; classtype:trojan-activity;sid:84123197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.198.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260096/; classtype:trojan-activity;sid:84123196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.167.62.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260095/; classtype:trojan-activity;sid:84123195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260094/; classtype:trojan-activity;sid:84123194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.244.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260092/; classtype:trojan-activity;sid:84123192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.53.154.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260093/; classtype:trojan-activity;sid:84123193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.113.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260091/; classtype:trojan-activity;sid:84123191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260090/; classtype:trojan-activity;sid:84123190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.190.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260088/; classtype:trojan-activity;sid:84123188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.236.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260089/; classtype:trojan-activity;sid:84123189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.253.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260087/; classtype:trojan-activity;sid:84123187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.128.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260086/; classtype:trojan-activity;sid:84123186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.217.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260085/; classtype:trojan-activity;sid:84123185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.219.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260084/; classtype:trojan-activity;sid:84123184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.114.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260083/; classtype:trojan-activity;sid:84123183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.189.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260082/; classtype:trojan-activity;sid:84123182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.243.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260081/; classtype:trojan-activity;sid:84123181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.149.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260079/; classtype:trojan-activity;sid:84123179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.140.187.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260080/; classtype:trojan-activity;sid:84123180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.244.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260078/; classtype:trojan-activity;sid:84123178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.129.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260077/; classtype:trojan-activity;sid:84123177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.26.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260075/; classtype:trojan-activity;sid:84123175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.173.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260076/; classtype:trojan-activity;sid:84123176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.80.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260074/; classtype:trojan-activity;sid:84123174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.209.197.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260073/; classtype:trojan-activity;sid:84123173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.18.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260071/; classtype:trojan-activity;sid:84123171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.84.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260072/; classtype:trojan-activity;sid:84123172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.42.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260070/; classtype:trojan-activity;sid:84123170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260069/; classtype:trojan-activity;sid:84123169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.217.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260068/; classtype:trojan-activity;sid:84123168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.84.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260067/; classtype:trojan-activity;sid:84123167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.31.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260066/; classtype:trojan-activity;sid:84123166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.12.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260065/; classtype:trojan-activity;sid:84123165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.236.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260064/; classtype:trojan-activity;sid:84123164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.238.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260063/; classtype:trojan-activity;sid:84123163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260061/; classtype:trojan-activity;sid:84123161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.40.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260062/; classtype:trojan-activity;sid:84123162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260059/; classtype:trojan-activity;sid:84123159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260060/; classtype:trojan-activity;sid:84123160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260057/; classtype:trojan-activity;sid:84123157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260058/; classtype:trojan-activity;sid:84123158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260050/; classtype:trojan-activity;sid:84123150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260051/; classtype:trojan-activity;sid:84123151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260052/; classtype:trojan-activity;sid:84123152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260053/; classtype:trojan-activity;sid:84123153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260054/; classtype:trojan-activity;sid:84123154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260055/; classtype:trojan-activity;sid:84123155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"v2202407229980278984.quicksrv.de"; depth:32; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260056/; classtype:trojan-activity;sid:84123156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.209.197.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260049/; classtype:trojan-activity;sid:84123149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.212.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260048/; classtype:trojan-activity;sid:84123148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.211.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260047/; classtype:trojan-activity;sid:84123147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.211.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260046/; classtype:trojan-activity;sid:84123146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.99.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260045/; classtype:trojan-activity;sid:84123145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.198.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260044/; classtype:trojan-activity;sid:84123144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.245.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260043/; classtype:trojan-activity;sid:84123143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.20.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260042/; classtype:trojan-activity;sid:84123142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.247.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260041/; classtype:trojan-activity;sid:84123141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.210.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260040/; classtype:trojan-activity;sid:84123140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.160.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260039/; classtype:trojan-activity;sid:84123139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.240.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260038/; classtype:trojan-activity;sid:84123138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.229.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260037/; classtype:trojan-activity;sid:84123137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.249.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260036/; classtype:trojan-activity;sid:84123136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.129.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260035/; classtype:trojan-activity;sid:84123135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; nocase; http.host; content:"192.210.187.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260034/; classtype:trojan-activity;sid:84123134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.238.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260031/; classtype:trojan-activity;sid:84123131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/mips64"; depth:9; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260029/; classtype:trojan-activity;sid:84123129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/mips64el"; depth:11; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260030/; classtype:trojan-activity;sid:84123130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/arm7"; depth:7; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260027/; classtype:trojan-activity;sid:84123127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/amd64"; depth:8; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260028/; classtype:trojan-activity;sid:84123128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/mipsel"; depth:9; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260023/; classtype:trojan-activity;sid:84123123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/arm5"; depth:7; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260024/; classtype:trojan-activity;sid:84123124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/arm6"; depth:7; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260025/; classtype:trojan-activity;sid:84123125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/mips"; depth:7; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260026/; classtype:trojan-activity;sid:84123126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/arm"; depth:6; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260022/; classtype:trojan-activity;sid:84123122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.193.136.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260018/; classtype:trojan-activity;sid:84123118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.163.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260019/; classtype:trojan-activity;sid:84123119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/dd-wrt"; depth:9; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260020/; classtype:trojan-activity;sid:84123120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/mips"; depth:7; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260021/; classtype:trojan-activity;sid:84123121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.200.4.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260017/; classtype:trojan-activity;sid:84123117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.37.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260016/; classtype:trojan-activity;sid:84123116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.181.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260014/; classtype:trojan-activity;sid:84123114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.72.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260015/; classtype:trojan-activity;sid:84123115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.240.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260013/; classtype:trojan-activity;sid:84123113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.69.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260012/; classtype:trojan-activity;sid:84123112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.132.132.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260011/; classtype:trojan-activity;sid:84123111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.197.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260010/; classtype:trojan-activity;sid:84123110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.158.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260009/; classtype:trojan-activity;sid:84123109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.91.60.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260008/; classtype:trojan-activity;sid:84123108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.198.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260007/; classtype:trojan-activity;sid:84123107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.74.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260006/; classtype:trojan-activity;sid:84123106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.22.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260005/; classtype:trojan-activity;sid:84123105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.88.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260004/; classtype:trojan-activity;sid:84123104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.27.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260003/; classtype:trojan-activity;sid:84123103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260002/; classtype:trojan-activity;sid:84123102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.104.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260001/; classtype:trojan-activity;sid:84123101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3260000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.40.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3260000/; classtype:trojan-activity;sid:84123100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259999/; classtype:trojan-activity;sid:84123099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.26.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259998/; classtype:trojan-activity;sid:84123098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.30.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259997/; classtype:trojan-activity;sid:84123097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux.server"; depth:13; endswith; nocase; http.host; content:"209.141.47.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259996/; classtype:trojan-activity;sid:84123096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259994/; classtype:trojan-activity;sid:84123094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.249.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259995/; classtype:trojan-activity;sid:84123095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.91.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259993/; classtype:trojan-activity;sid:84123093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.158.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259992/; classtype:trojan-activity;sid:84123092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.149.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259991/; classtype:trojan-activity;sid:84123091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.142.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259990/; classtype:trojan-activity;sid:84123090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.82.219.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259989/; classtype:trojan-activity;sid:84123089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"204.157.208.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259988/; classtype:trojan-activity;sid:84123088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259987/; classtype:trojan-activity;sid:84123087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.145.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259986/; classtype:trojan-activity;sid:84123086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.200.4.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259985/; classtype:trojan-activity;sid:84123085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.72.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259984/; classtype:trojan-activity;sid:84123084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259983/; classtype:trojan-activity;sid:84123083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259982/; classtype:trojan-activity;sid:84123082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrarm7"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259968/; classtype:trojan-activity;sid:84123068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259969/; classtype:trojan-activity;sid:84123069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259970/; classtype:trojan-activity;sid:84123070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259971/; classtype:trojan-activity;sid:84123071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm6"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259972/; classtype:trojan-activity;sid:84123072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259973/; classtype:trojan-activity;sid:84123073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrmips"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259974/; classtype:trojan-activity;sid:84123074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259975/; classtype:trojan-activity;sid:84123075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259976/; classtype:trojan-activity;sid:84123076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm5"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259977/; classtype:trojan-activity;sid:84123077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259978/; classtype:trojan-activity;sid:84123078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259979/; classtype:trojan-activity;sid:84123079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259980/; classtype:trojan-activity;sid:84123080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259981/; classtype:trojan-activity;sid:84123081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gppc"; depth:5; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259953/; classtype:trojan-activity;sid:84123053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm"; depth:5; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259954/; classtype:trojan-activity;sid:84123054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259955/; classtype:trojan-activity;sid:84123055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259956/; classtype:trojan-activity;sid:84123056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259957/; classtype:trojan-activity;sid:84123057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm6"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259958/; classtype:trojan-activity;sid:84123058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm7"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259959/; classtype:trojan-activity;sid:84123059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259960/; classtype:trojan-activity;sid:84123060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrppc"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259961/; classtype:trojan-activity;sid:84123061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrsh4"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259962/; classtype:trojan-activity;sid:84123062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259963/; classtype:trojan-activity;sid:84123063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm5"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259964/; classtype:trojan-activity;sid:84123064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259965/; classtype:trojan-activity;sid:84123065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259966/; classtype:trojan-activity;sid:84123066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"154.216.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259967/; classtype:trojan-activity;sid:84123067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.22.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259952/; classtype:trojan-activity;sid:84123052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259951/; classtype:trojan-activity;sid:84123051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.88.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259950/; classtype:trojan-activity;sid:84123050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.12.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259949/; classtype:trojan-activity;sid:84123049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.149.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259948/; classtype:trojan-activity;sid:84123048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259947/; classtype:trojan-activity;sid:84123047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.37.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259946/; classtype:trojan-activity;sid:84123046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/edge.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259945/; classtype:trojan-activity;sid:84123045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259944/; classtype:trojan-activity;sid:84123044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.106.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259943/; classtype:trojan-activity;sid:84123043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.82.219.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259942/; classtype:trojan-activity;sid:84123042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.13.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259941/; classtype:trojan-activity;sid:84123041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.209.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259940/; classtype:trojan-activity;sid:84123040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.202.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259939/; classtype:trojan-activity;sid:84123039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.241.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259938/; classtype:trojan-activity;sid:84123038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.195.248.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259937/; classtype:trojan-activity;sid:84123037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.74.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259936/; classtype:trojan-activity;sid:84123036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.85.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259934/; classtype:trojan-activity;sid:84123034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.99.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259935/; classtype:trojan-activity;sid:84123035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259933/; classtype:trojan-activity;sid:84123033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.145.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259932/; classtype:trojan-activity;sid:84123032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.246.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259931/; classtype:trojan-activity;sid:84123031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259930/; classtype:trojan-activity;sid:84123030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.155.188.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259929/; classtype:trojan-activity;sid:84123029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.120.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259928/; classtype:trojan-activity;sid:84123028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.13.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259927/; classtype:trojan-activity;sid:84123027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.60.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259926/; classtype:trojan-activity;sid:84123026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.85.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259925/; classtype:trojan-activity;sid:84123025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.12.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259924/; classtype:trojan-activity;sid:84123024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.90.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259923/; classtype:trojan-activity;sid:84123023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.156.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259922/; classtype:trojan-activity;sid:84123022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.136.149.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259921/; classtype:trojan-activity;sid:84123021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.248.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259920/; classtype:trojan-activity;sid:84123020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.234.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259919/; classtype:trojan-activity;sid:84123019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.40.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259918/; classtype:trojan-activity;sid:84123018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.132.132.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259917/; classtype:trojan-activity;sid:84123017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.3.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259916/; classtype:trojan-activity;sid:84123016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.246.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259915/; classtype:trojan-activity;sid:84123015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.83.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259914/; classtype:trojan-activity;sid:84123014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.234.108.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259913/; classtype:trojan-activity;sid:84123013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.13.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259912/; classtype:trojan-activity;sid:84123012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.29.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259909/; classtype:trojan-activity;sid:84123009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.79.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259910/; classtype:trojan-activity;sid:84123010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.66.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259911/; classtype:trojan-activity;sid:84123011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.53.34.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259908/; classtype:trojan-activity;sid:84123008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.75.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259907/; classtype:trojan-activity;sid:84123007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.60.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259906/; classtype:trojan-activity;sid:84123006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.39.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259905/; classtype:trojan-activity;sid:84123005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259904/; classtype:trojan-activity;sid:84123004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.100.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259903/; classtype:trojan-activity;sid:84123003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.198.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259902/; classtype:trojan-activity;sid:84123002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.129.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259901/; classtype:trojan-activity;sid:84123001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.162.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259900/; classtype:trojan-activity;sid:84123000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.212.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259898/; classtype:trojan-activity;sid:84122998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.145.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259899/; classtype:trojan-activity;sid:84122999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.249.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259897/; classtype:trojan-activity;sid:84122997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.234.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259896/; classtype:trojan-activity;sid:84122996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259895/; classtype:trojan-activity;sid:84122995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.112.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259894/; classtype:trojan-activity;sid:84122994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.22.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259893/; classtype:trojan-activity;sid:84122993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.3.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259892/; classtype:trojan-activity;sid:84122992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.43.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259891/; classtype:trojan-activity;sid:84122991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.243.137.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259890/; classtype:trojan-activity;sid:84122990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.24.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259889/; classtype:trojan-activity;sid:84122989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.28.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259887/; classtype:trojan-activity;sid:84122987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.109.178.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259888/; classtype:trojan-activity;sid:84122988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.25.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259886/; classtype:trojan-activity;sid:84122986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.228.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259885/; classtype:trojan-activity;sid:84122985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.39.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259884/; classtype:trojan-activity;sid:84122984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.79.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259883/; classtype:trojan-activity;sid:84122983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.148.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259882/; classtype:trojan-activity;sid:84122982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.232.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259880/; classtype:trojan-activity;sid:84122980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.43.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259881/; classtype:trojan-activity;sid:84122981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259879/; classtype:trojan-activity;sid:84122979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.112.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259878/; classtype:trojan-activity;sid:84122978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.249.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259877/; classtype:trojan-activity;sid:84122977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259876/; classtype:trojan-activity;sid:84122976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.140.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259875/; classtype:trojan-activity;sid:84122975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.73.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259874/; classtype:trojan-activity;sid:84122974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.22.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259873/; classtype:trojan-activity;sid:84122973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.19.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259872/; classtype:trojan-activity;sid:84122972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.152.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259871/; classtype:trojan-activity;sid:84122971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.227.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259870/; classtype:trojan-activity;sid:84122970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.112.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259869/; classtype:trojan-activity;sid:84122969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.190.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259868/; classtype:trojan-activity;sid:84122968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.143.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259867/; classtype:trojan-activity;sid:84122967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.50.82"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259866/; classtype:trojan-activity;sid:84122966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.53.34.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259865/; classtype:trojan-activity;sid:84122965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.111.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259864/; classtype:trojan-activity;sid:84122964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.71.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259863/; classtype:trojan-activity;sid:84122963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.201.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259862/; classtype:trojan-activity;sid:84122962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.66.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259861/; classtype:trojan-activity;sid:84122961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.117.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259860/; classtype:trojan-activity;sid:84122960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.43.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259859/; classtype:trojan-activity;sid:84122959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.232.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259857/; classtype:trojan-activity;sid:84122957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.73.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259858/; classtype:trojan-activity;sid:84122958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.254.62.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259856/; classtype:trojan-activity;sid:84122956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.194.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259855/; classtype:trojan-activity;sid:84122955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.117.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259854/; classtype:trojan-activity;sid:84122954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259852/; classtype:trojan-activity;sid:84122952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.98.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259853/; classtype:trojan-activity;sid:84122953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.78.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259850/; classtype:trojan-activity;sid:84122950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259851/; classtype:trojan-activity;sid:84122951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"rrnkw.range.cccinvolve.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259849/; classtype:trojan-activity;sid:84122949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.152.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259848/; classtype:trojan-activity;sid:84122948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.74.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259847/; classtype:trojan-activity;sid:84122947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.91.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259846/; classtype:trojan-activity;sid:84122946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.114.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259845/; classtype:trojan-activity;sid:84122945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259844/; classtype:trojan-activity;sid:84122944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259843/; classtype:trojan-activity;sid:84122943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259842/; classtype:trojan-activity;sid:84122942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259835/; classtype:trojan-activity;sid:84122935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259836/; classtype:trojan-activity;sid:84122936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259837/; classtype:trojan-activity;sid:84122937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259838/; classtype:trojan-activity;sid:84122938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259839/; classtype:trojan-activity;sid:84122939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259840/; classtype:trojan-activity;sid:84122940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259841/; classtype:trojan-activity;sid:84122941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"starforgemirai.duckdns.org"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259834/; classtype:trojan-activity;sid:84122934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.126.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259833/; classtype:trojan-activity;sid:84122933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.219.174.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259832/; classtype:trojan-activity;sid:84122932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.14.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259831/; classtype:trojan-activity;sid:84122931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.172.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259829/; classtype:trojan-activity;sid:84122929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.76.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259830/; classtype:trojan-activity;sid:84122930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.254.62.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259828/; classtype:trojan-activity;sid:84122928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.219.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259827/; classtype:trojan-activity;sid:84122927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.135.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259826/; classtype:trojan-activity;sid:84122926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.114.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259825/; classtype:trojan-activity;sid:84122925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.106.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259824/; classtype:trojan-activity;sid:84122924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259823/; classtype:trojan-activity;sid:84122923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.117.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259822/; classtype:trojan-activity;sid:84122922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259820/; classtype:trojan-activity;sid:84122920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.103.201.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259821/; classtype:trojan-activity;sid:84122921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259818/; classtype:trojan-activity;sid:84122918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259819/; classtype:trojan-activity;sid:84122919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259809/; classtype:trojan-activity;sid:84122909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259810/; classtype:trojan-activity;sid:84122910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259811/; classtype:trojan-activity;sid:84122911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259812/; classtype:trojan-activity;sid:84122912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259813/; classtype:trojan-activity;sid:84122913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259814/; classtype:trojan-activity;sid:84122914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259815/; classtype:trojan-activity;sid:84122915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259816/; classtype:trojan-activity;sid:84122916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259817/; classtype:trojan-activity;sid:84122917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259801/; classtype:trojan-activity;sid:84122901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259802/; classtype:trojan-activity;sid:84122902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259803/; classtype:trojan-activity;sid:84122903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259804/; classtype:trojan-activity;sid:84122904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259805/; classtype:trojan-activity;sid:84122905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259806/; classtype:trojan-activity;sid:84122906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259807/; classtype:trojan-activity;sid:84122907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"190.123.46.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259808/; classtype:trojan-activity;sid:84122908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259800/; classtype:trojan-activity;sid:84122900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259796/; classtype:trojan-activity;sid:84122896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259797/; classtype:trojan-activity;sid:84122897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259798/; classtype:trojan-activity;sid:84122898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"164.92.228.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259799/; classtype:trojan-activity;sid:84122899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259790/; classtype:trojan-activity;sid:84122890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259791/; classtype:trojan-activity;sid:84122891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259792/; classtype:trojan-activity;sid:84122892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259793/; classtype:trojan-activity;sid:84122893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259794/; classtype:trojan-activity;sid:84122894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259795/; classtype:trojan-activity;sid:84122895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259789/; classtype:trojan-activity;sid:84122889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"152.53.66.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259788/; classtype:trojan-activity;sid:84122888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.142.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259787/; classtype:trojan-activity;sid:84122887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.148.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259785/; classtype:trojan-activity;sid:84122885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.26.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259786/; classtype:trojan-activity;sid:84122886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.143.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259784/; classtype:trojan-activity;sid:84122884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.208.149.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259783/; classtype:trojan-activity;sid:84122883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.6.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259781/; classtype:trojan-activity;sid:84122881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.172.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259782/; classtype:trojan-activity;sid:84122882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259778/; classtype:trojan-activity;sid:84122878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.65.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259779/; classtype:trojan-activity;sid:84122879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.218.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259780/; classtype:trojan-activity;sid:84122880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.228.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259777/; classtype:trojan-activity;sid:84122877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259776/; classtype:trojan-activity;sid:84122876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.142.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259775/; classtype:trojan-activity;sid:84122875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.81.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259774/; classtype:trojan-activity;sid:84122874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_93.exe"; depth:14; endswith; nocase; http.host; content:"campuspersever.es"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259773/; classtype:trojan-activity;sid:84122873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.152.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259772/; classtype:trojan-activity;sid:84122872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.74.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259771/; classtype:trojan-activity;sid:84122871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.26.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259770/; classtype:trojan-activity;sid:84122870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.91.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259769/; classtype:trojan-activity;sid:84122869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.172.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259768/; classtype:trojan-activity;sid:84122868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.6.245"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259767/; classtype:trojan-activity;sid:84122867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.229.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259766/; classtype:trojan-activity;sid:84122866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"159.146.68.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259765/; classtype:trojan-activity;sid:84122865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.21.138.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259764/; classtype:trojan-activity;sid:84122864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.103.201.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259763/; classtype:trojan-activity;sid:84122863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.52.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259762/; classtype:trojan-activity;sid:84122862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.46.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259761/; classtype:trojan-activity;sid:84122861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.106.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259760/; classtype:trojan-activity;sid:84122860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.161.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259759/; classtype:trojan-activity;sid:84122859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.65.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259758/; classtype:trojan-activity;sid:84122858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.67.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259757/; classtype:trojan-activity;sid:84122857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.245.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259756/; classtype:trojan-activity;sid:84122856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.228.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259755/; classtype:trojan-activity;sid:84122855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.33.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259754/; classtype:trojan-activity;sid:84122854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.26.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259753/; classtype:trojan-activity;sid:84122853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.92.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259752/; classtype:trojan-activity;sid:84122852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.45.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259751/; classtype:trojan-activity;sid:84122851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.229.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259750/; classtype:trojan-activity;sid:84122850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.228.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259749/; classtype:trojan-activity;sid:84122849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"159.146.68.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259748/; classtype:trojan-activity;sid:84122848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.195.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259747/; classtype:trojan-activity;sid:84122847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.1.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259746/; classtype:trojan-activity;sid:84122846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.236.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259745/; classtype:trojan-activity;sid:84122845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.128.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259744/; classtype:trojan-activity;sid:84122844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.74.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259743/; classtype:trojan-activity;sid:84122843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.241.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259740/; classtype:trojan-activity;sid:84122840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.209.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259741/; classtype:trojan-activity;sid:84122841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.128.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259742/; classtype:trojan-activity;sid:84122842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.215.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259739/; classtype:trojan-activity;sid:84122839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259738/; classtype:trojan-activity;sid:84122838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.21.138.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259737/; classtype:trojan-activity;sid:84122837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.204.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259736/; classtype:trojan-activity;sid:84122836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.46.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259735/; classtype:trojan-activity;sid:84122835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.101.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259734/; classtype:trojan-activity;sid:84122834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.161.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259733/; classtype:trojan-activity;sid:84122833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.216.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259732/; classtype:trojan-activity;sid:84122832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.98.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259731/; classtype:trojan-activity;sid:84122831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.99.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259730/; classtype:trojan-activity;sid:84122830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.27.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259729/; classtype:trojan-activity;sid:84122829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.245.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259728/; classtype:trojan-activity;sid:84122828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.152.9.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259727/; classtype:trojan-activity;sid:84122827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"dewatabalirental.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259725/; classtype:trojan-activity;sid:84122825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"dewatabalirental.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259726/; classtype:trojan-activity;sid:84122826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"dewatabalirental.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259724/; classtype:trojan-activity;sid:84122824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.exe"; depth:6; endswith; nocase; http.host; content:"dewatabalirental.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259723/; classtype:trojan-activity;sid:84122823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.228.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259722/; classtype:trojan-activity;sid:84122822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.92.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259721/; classtype:trojan-activity;sid:84122821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.10.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259720/; classtype:trojan-activity;sid:84122820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.1.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259719/; classtype:trojan-activity;sid:84122819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.249.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259718/; classtype:trojan-activity;sid:84122818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.6.92.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259717/; classtype:trojan-activity;sid:84122817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.49.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259716/; classtype:trojan-activity;sid:84122816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.126.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259715/; classtype:trojan-activity;sid:84122815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.152.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259714/; classtype:trojan-activity;sid:84122814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.192.62.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259712/; classtype:trojan-activity;sid:84122812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.221.181.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259713/; classtype:trojan-activity;sid:84122813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.7.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259711/; classtype:trojan-activity;sid:84122811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.187.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259710/; classtype:trojan-activity;sid:84122810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.10.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259709/; classtype:trojan-activity;sid:84122809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.110.115.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259708/; classtype:trojan-activity;sid:84122808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.79.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259707/; classtype:trojan-activity;sid:84122807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.220.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259706/; classtype:trojan-activity;sid:84122806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.92.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259705/; classtype:trojan-activity;sid:84122805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259704/; classtype:trojan-activity;sid:84122804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.2.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259703/; classtype:trojan-activity;sid:84122803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.84.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259702/; classtype:trojan-activity;sid:84122802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.101.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259701/; classtype:trojan-activity;sid:84122801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.7.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259700/; classtype:trojan-activity;sid:84122800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.132.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259699/; classtype:trojan-activity;sid:84122799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.30.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259698/; classtype:trojan-activity;sid:84122798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.21.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259697/; classtype:trojan-activity;sid:84122797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.145.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259696/; classtype:trojan-activity;sid:84122796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.53.31.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259695/; classtype:trojan-activity;sid:84122795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.17.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259694/; classtype:trojan-activity;sid:84122794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259693/; classtype:trojan-activity;sid:84122793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.145.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259692/; classtype:trojan-activity;sid:84122792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.156.211.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259691/; classtype:trojan-activity;sid:84122791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259690/; classtype:trojan-activity;sid:84122790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.204.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259689/; classtype:trojan-activity;sid:84122789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.220.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259688/; classtype:trojan-activity;sid:84122788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.149.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259687/; classtype:trojan-activity;sid:84122787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.152.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259685/; classtype:trojan-activity;sid:84122785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.25.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259686/; classtype:trojan-activity;sid:84122786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.22.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259684/; classtype:trojan-activity;sid:84122784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.64.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259683/; classtype:trojan-activity;sid:84122783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.53.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259682/; classtype:trojan-activity;sid:84122782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.181.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259681/; classtype:trojan-activity;sid:84122781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259680/; classtype:trojan-activity;sid:84122780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.32.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259679/; classtype:trojan-activity;sid:84122779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.109.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259678/; classtype:trojan-activity;sid:84122778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.73.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259677/; classtype:trojan-activity;sid:84122777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259676/; classtype:trojan-activity;sid:84122776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.88.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259675/; classtype:trojan-activity;sid:84122775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.115.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259674/; classtype:trojan-activity;sid:84122774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.177.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259673/; classtype:trojan-activity;sid:84122773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.84.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259672/; classtype:trojan-activity;sid:84122772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259671/; classtype:trojan-activity;sid:84122771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.156.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259670/; classtype:trojan-activity;sid:84122770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.222.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259669/; classtype:trojan-activity;sid:84122769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.123.233.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259668/; classtype:trojan-activity;sid:84122768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.53.31.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259667/; classtype:trojan-activity;sid:84122767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.87.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259666/; classtype:trojan-activity;sid:84122766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.239.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259665/; classtype:trojan-activity;sid:84122765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.17.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259664/; classtype:trojan-activity;sid:84122764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.243.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259663/; classtype:trojan-activity;sid:84122763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.73.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259662/; classtype:trojan-activity;sid:84122762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.56.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259660/; classtype:trojan-activity;sid:84122760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.113.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259661/; classtype:trojan-activity;sid:84122761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.177.68.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259659/; classtype:trojan-activity;sid:84122759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.105.172.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259658/; classtype:trojan-activity;sid:84122758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.41.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259657/; classtype:trojan-activity;sid:84122757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.88.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259656/; classtype:trojan-activity;sid:84122756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.142.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259654/; classtype:trojan-activity;sid:84122754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.93.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259655/; classtype:trojan-activity;sid:84122755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.143.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259653/; classtype:trojan-activity;sid:84122753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.54.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259652/; classtype:trojan-activity;sid:84122752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259651/; classtype:trojan-activity;sid:84122751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.213.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259650/; classtype:trojan-activity;sid:84122750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.10.59"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259649/; classtype:trojan-activity;sid:84122749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.75.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259648/; classtype:trojan-activity;sid:84122748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.34.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259647/; classtype:trojan-activity;sid:84122747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.210.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259646/; classtype:trojan-activity;sid:84122746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259645/; classtype:trojan-activity;sid:84122745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.86.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259642/; classtype:trojan-activity;sid:84122742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.104.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259643/; classtype:trojan-activity;sid:84122743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.74.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259644/; classtype:trojan-activity;sid:84122744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"140.237.8.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259641/; classtype:trojan-activity;sid:84122741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.223.4.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259640/; classtype:trojan-activity;sid:84122740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.182.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259639/; classtype:trojan-activity;sid:84122739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.65.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259638/; classtype:trojan-activity;sid:84122738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.107.193.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259637/; classtype:trojan-activity;sid:84122737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.163.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259636/; classtype:trojan-activity;sid:84122736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.143.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259635/; classtype:trojan-activity;sid:84122735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.177.68.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259634/; classtype:trojan-activity;sid:84122734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.65.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259633/; classtype:trojan-activity;sid:84122733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.66.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259632/; classtype:trojan-activity;sid:84122732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.182.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259631/; classtype:trojan-activity;sid:84122731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.244.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259630/; classtype:trojan-activity;sid:84122730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.162.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259629/; classtype:trojan-activity;sid:84122729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.51.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259628/; classtype:trojan-activity;sid:84122728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.54.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259626/; classtype:trojan-activity;sid:84122726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259627/; classtype:trojan-activity;sid:84122727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.178.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259625/; classtype:trojan-activity;sid:84122725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.34.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259624/; classtype:trojan-activity;sid:84122724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.38.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259622/; classtype:trojan-activity;sid:84122722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.242.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259623/; classtype:trojan-activity;sid:84122723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.220.213.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259617/; classtype:trojan-activity;sid:84122717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.209.136.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259618/; classtype:trojan-activity;sid:84122718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.29.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259619/; classtype:trojan-activity;sid:84122719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.177.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259620/; classtype:trojan-activity;sid:84122720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.33.40.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259621/; classtype:trojan-activity;sid:84122721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.61.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259614/; classtype:trojan-activity;sid:84122714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259615/; classtype:trojan-activity;sid:84122715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259616/; classtype:trojan-activity;sid:84122716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.243.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259613/; classtype:trojan-activity;sid:84122713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.58.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259612/; classtype:trojan-activity;sid:84122712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.174.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259611/; classtype:trojan-activity;sid:84122711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.222.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259609/; classtype:trojan-activity;sid:84122709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.27.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259610/; classtype:trojan-activity;sid:84122710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.210.138.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259607/; classtype:trojan-activity;sid:84122707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.87.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259608/; classtype:trojan-activity;sid:84122708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.210.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259606/; classtype:trojan-activity;sid:84122706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.61.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259605/; classtype:trojan-activity;sid:84122705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259604/; classtype:trojan-activity;sid:84122704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.213.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259603/; classtype:trojan-activity;sid:84122703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.47.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259602/; classtype:trojan-activity;sid:84122702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.104.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259601/; classtype:trojan-activity;sid:84122701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.118.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259600/; classtype:trojan-activity;sid:84122700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.74.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259599/; classtype:trojan-activity;sid:84122699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.210.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259598/; classtype:trojan-activity;sid:84122698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.187.82.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259597/; classtype:trojan-activity;sid:84122697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259596/; classtype:trojan-activity;sid:84122696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.143.171.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259595/; classtype:trojan-activity;sid:84122695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.161.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259594/; classtype:trojan-activity;sid:84122694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.107.193.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259593/; classtype:trojan-activity;sid:84122693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.255.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259591/; classtype:trojan-activity;sid:84122691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259592/; classtype:trojan-activity;sid:84122692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.51.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259590/; classtype:trojan-activity;sid:84122690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.194.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259589/; classtype:trojan-activity;sid:84122689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.162.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259588/; classtype:trojan-activity;sid:84122688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.48.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259587/; classtype:trojan-activity;sid:84122687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259586/; classtype:trojan-activity;sid:84122686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259585/; classtype:trojan-activity;sid:84122685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.64.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259584/; classtype:trojan-activity;sid:84122684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.1.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259583/; classtype:trojan-activity;sid:84122683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.10.19.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259582/; classtype:trojan-activity;sid:84122682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.235.177.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259581/; classtype:trojan-activity;sid:84122681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.26.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259580/; classtype:trojan-activity;sid:84122680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.118.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259579/; classtype:trojan-activity;sid:84122679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.212.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259578/; classtype:trojan-activity;sid:84122678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.77.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259577/; classtype:trojan-activity;sid:84122677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.255.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259576/; classtype:trojan-activity;sid:84122676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.116.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259575/; classtype:trojan-activity;sid:84122675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.227.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259574/; classtype:trojan-activity;sid:84122674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.109.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259573/; classtype:trojan-activity;sid:84122673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.244.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259572/; classtype:trojan-activity;sid:84122672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.121.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259571/; classtype:trojan-activity;sid:84122671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.163.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259570/; classtype:trojan-activity;sid:84122670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.194.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259569/; classtype:trojan-activity;sid:84122669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259568/; classtype:trojan-activity;sid:84122668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.88.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259567/; classtype:trojan-activity;sid:84122667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.159.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259566/; classtype:trojan-activity;sid:84122666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.244.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259565/; classtype:trojan-activity;sid:84122665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.5.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259564/; classtype:trojan-activity;sid:84122664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.58.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259563/; classtype:trojan-activity;sid:84122663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.164.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259562/; classtype:trojan-activity;sid:84122662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.30.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259561/; classtype:trojan-activity;sid:84122661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.77.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259560/; classtype:trojan-activity;sid:84122660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.103.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259559/; classtype:trojan-activity;sid:84122659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.26.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259558/; classtype:trojan-activity;sid:84122658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.181.30.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259557/; classtype:trojan-activity;sid:84122657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.240.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259556/; classtype:trojan-activity;sid:84122656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.98.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259555/; classtype:trojan-activity;sid:84122655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.87.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259554/; classtype:trojan-activity;sid:84122654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.105.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259553/; classtype:trojan-activity;sid:84122653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.99.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259552/; classtype:trojan-activity;sid:84122652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259550/; classtype:trojan-activity;sid:84122650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.237.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259551/; classtype:trojan-activity;sid:84122651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.122.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259549/; classtype:trojan-activity;sid:84122649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.212.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259548/; classtype:trojan-activity;sid:84122648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.88.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259547/; classtype:trojan-activity;sid:84122647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.6.91.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259546/; classtype:trojan-activity;sid:84122646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.98.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259545/; classtype:trojan-activity;sid:84122645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.35.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259544/; classtype:trojan-activity;sid:84122644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.31.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259543/; classtype:trojan-activity;sid:84122643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259541/; classtype:trojan-activity;sid:84122641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.137.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259542/; classtype:trojan-activity;sid:84122642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259540/; classtype:trojan-activity;sid:84122640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.158.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259539/; classtype:trojan-activity;sid:84122639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.103.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259538/; classtype:trojan-activity;sid:84122638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.26.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259537/; classtype:trojan-activity;sid:84122637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.50.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259536/; classtype:trojan-activity;sid:84122636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.3.27.240"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259535/; classtype:trojan-activity;sid:84122635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.192.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259534/; classtype:trojan-activity;sid:84122634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.237.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259533/; classtype:trojan-activity;sid:84122633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.124.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259532/; classtype:trojan-activity;sid:84122632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.81.190.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259529/; classtype:trojan-activity;sid:84122629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.117.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259530/; classtype:trojan-activity;sid:84122630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.240.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259531/; classtype:trojan-activity;sid:84122631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259528/; classtype:trojan-activity;sid:84122628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.94.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259526/; classtype:trojan-activity;sid:84122626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.98.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259527/; classtype:trojan-activity;sid:84122627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.158.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259525/; classtype:trojan-activity;sid:84122625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.211.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259522/; classtype:trojan-activity;sid:84122622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259523/; classtype:trojan-activity;sid:84122623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.211.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259524/; classtype:trojan-activity;sid:84122624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.172.25.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259521/; classtype:trojan-activity;sid:84122621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.84.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259520/; classtype:trojan-activity;sid:84122620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.208.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259519/; classtype:trojan-activity;sid:84122619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259518/; classtype:trojan-activity;sid:84122618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.73.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259517/; classtype:trojan-activity;sid:84122617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.31.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259516/; classtype:trojan-activity;sid:84122616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.128.11.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259515/; classtype:trojan-activity;sid:84122615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259514/; classtype:trojan-activity;sid:84122614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.173.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259513/; classtype:trojan-activity;sid:84122613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.104.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259512/; classtype:trojan-activity;sid:84122612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.117.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259511/; classtype:trojan-activity;sid:84122611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.140.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259510/; classtype:trojan-activity;sid:84122610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.88.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259509/; classtype:trojan-activity;sid:84122609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259508/; classtype:trojan-activity;sid:84122608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.98.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259507/; classtype:trojan-activity;sid:84122607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.94.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259505/; classtype:trojan-activity;sid:84122605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259506/; classtype:trojan-activity;sid:84122606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.105.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259504/; classtype:trojan-activity;sid:84122604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.54.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259503/; classtype:trojan-activity;sid:84122603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.181.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259502/; classtype:trojan-activity;sid:84122602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.69.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259500/; classtype:trojan-activity;sid:84122600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.31.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259501/; classtype:trojan-activity;sid:84122601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.9.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259499/; classtype:trojan-activity;sid:84122599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.42.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259498/; classtype:trojan-activity;sid:84122598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.192.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259497/; classtype:trojan-activity;sid:84122597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.207.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259495/; classtype:trojan-activity;sid:84122595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.211.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259496/; classtype:trojan-activity;sid:84122596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259493/; classtype:trojan-activity;sid:84122593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.73.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259494/; classtype:trojan-activity;sid:84122594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.21.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259492/; classtype:trojan-activity;sid:84122592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.173.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259491/; classtype:trojan-activity;sid:84122591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259490/; classtype:trojan-activity;sid:84122590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.66.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259489/; classtype:trojan-activity;sid:84122589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259488/; classtype:trojan-activity;sid:84122588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/request/captcha.cmd"; depth:20; endswith; nocase; http.host; content:"1drv.media"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259487/; classtype:trojan-activity;sid:84122587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/request/captcha.cmd"; depth:20; endswith; nocase; http.host; content:"1drv.media"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259486/; classtype:trojan-activity;sid:84122586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.245.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259485/; classtype:trojan-activity;sid:84122585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xc.exe"; depth:7; endswith; nocase; http.host; content:"159.223.8.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259484/; classtype:trojan-activity;sid:84122584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xc.exe"; depth:7; endswith; nocase; http.host; content:"1drv.media"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259483/; classtype:trojan-activity;sid:84122583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xc.exe"; depth:7; endswith; nocase; http.host; content:"1drv.media"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259482/; classtype:trojan-activity;sid:84122582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/naxieb7q"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259481/; classtype:trojan-activity;sid:84122581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.36.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259480/; classtype:trojan-activity;sid:84122580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/request/captcha.cmd"; depth:20; endswith; nocase; http.host; content:"159.223.8.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259479/; classtype:trojan-activity;sid:84122579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.33.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259478/; classtype:trojan-activity;sid:84122578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.9.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259477/; classtype:trojan-activity;sid:84122577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.187.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259476/; classtype:trojan-activity;sid:84122576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.42.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259475/; classtype:trojan-activity;sid:84122575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.54.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259474/; classtype:trojan-activity;sid:84122574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259473/; classtype:trojan-activity;sid:84122573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.27.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259472/; classtype:trojan-activity;sid:84122572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.206.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259471/; classtype:trojan-activity;sid:84122571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.64.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259470/; classtype:trojan-activity;sid:84122570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.67.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259468/; classtype:trojan-activity;sid:84122568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.36.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259469/; classtype:trojan-activity;sid:84122569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.101.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259465/; classtype:trojan-activity;sid:84122565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259466/; classtype:trojan-activity;sid:84122566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.103.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259467/; classtype:trojan-activity;sid:84122567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.9.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259462/; classtype:trojan-activity;sid:84122562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259463/; classtype:trojan-activity;sid:84122563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.35.12.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259464/; classtype:trojan-activity;sid:84122564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.114.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259461/; classtype:trojan-activity;sid:84122561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259460/; classtype:trojan-activity;sid:84122560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.57.205.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259457/; classtype:trojan-activity;sid:84122557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.8.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259458/; classtype:trojan-activity;sid:84122558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.98.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259459/; classtype:trojan-activity;sid:84122559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.221.44.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259456/; classtype:trojan-activity;sid:84122556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.105.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259455/; classtype:trojan-activity;sid:84122555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.89.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259454/; classtype:trojan-activity;sid:84122554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259453/; classtype:trojan-activity;sid:84122553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259452/; classtype:trojan-activity;sid:84122552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.91.41"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259451/; classtype:trojan-activity;sid:84122551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.114.139.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259447/; classtype:trojan-activity;sid:84122547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.213.69.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259448/; classtype:trojan-activity;sid:84122548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.185.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259449/; classtype:trojan-activity;sid:84122549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259450/; classtype:trojan-activity;sid:84122550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.20.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259445/; classtype:trojan-activity;sid:84122545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.245.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259446/; classtype:trojan-activity;sid:84122546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.50.82"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259444/; classtype:trojan-activity;sid:84122544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.45.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259443/; classtype:trojan-activity;sid:84122543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259442/; classtype:trojan-activity;sid:84122542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.69.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259441/; classtype:trojan-activity;sid:84122541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.19.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259440/; classtype:trojan-activity;sid:84122540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.154.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259439/; classtype:trojan-activity;sid:84122539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.93.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259438/; classtype:trojan-activity;sid:84122538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259437/; classtype:trojan-activity;sid:84122537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.233.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259436/; classtype:trojan-activity;sid:84122536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.255.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259435/; classtype:trojan-activity;sid:84122535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259433/; classtype:trojan-activity;sid:84122533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.187.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259434/; classtype:trojan-activity;sid:84122534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.217.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259432/; classtype:trojan-activity;sid:84122532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.217.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259431/; classtype:trojan-activity;sid:84122531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.218.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259429/; classtype:trojan-activity;sid:84122529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.91.180.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259430/; classtype:trojan-activity;sid:84122530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.143.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259428/; classtype:trojan-activity;sid:84122528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.38.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259427/; classtype:trojan-activity;sid:84122527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.36.217"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259426/; classtype:trojan-activity;sid:84122526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259425/; classtype:trojan-activity;sid:84122525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.19.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259424/; classtype:trojan-activity;sid:84122524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.235.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259423/; classtype:trojan-activity;sid:84122523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.45.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259422/; classtype:trojan-activity;sid:84122522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.245.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259421/; classtype:trojan-activity;sid:84122521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"zxload1.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259420/; classtype:trojan-activity;sid:84122520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.101.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259419/; classtype:trojan-activity;sid:84122519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.177.68.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259418/; classtype:trojan-activity;sid:84122518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.170.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259417/; classtype:trojan-activity;sid:84122517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.234.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259416/; classtype:trojan-activity;sid:84122516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.143.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259415/; classtype:trojan-activity;sid:84122515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.234.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259414/; classtype:trojan-activity;sid:84122514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259413/; classtype:trojan-activity;sid:84122513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.180.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259412/; classtype:trojan-activity;sid:84122512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.244.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259411/; classtype:trojan-activity;sid:84122511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.129.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259410/; classtype:trojan-activity;sid:84122510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.143.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259409/; classtype:trojan-activity;sid:84122509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259408/; classtype:trojan-activity;sid:84122508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259407/; classtype:trojan-activity;sid:84122507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259406/; classtype:trojan-activity;sid:84122506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.69.4.209"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259405/; classtype:trojan-activity;sid:84122505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.217.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259404/; classtype:trojan-activity;sid:84122504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.38.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259403/; classtype:trojan-activity;sid:84122503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.123.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259402/; classtype:trojan-activity;sid:84122502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.228.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259401/; classtype:trojan-activity;sid:84122501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.125.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259400/; classtype:trojan-activity;sid:84122500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259399/; classtype:trojan-activity;sid:84122499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259391/; classtype:trojan-activity;sid:84122491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259392/; classtype:trojan-activity;sid:84122492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-6.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259393/; classtype:trojan-activity;sid:84122493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259394/; classtype:trojan-activity;sid:84122494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259395/; classtype:trojan-activity;sid:84122495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-p.a-k.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259396/; classtype:trojan-activity;sid:84122496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259397/; classtype:trojan-activity;sid:84122497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259398/; classtype:trojan-activity;sid:84122498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259386/; classtype:trojan-activity;sid:84122486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259387/; classtype:trojan-activity;sid:84122487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259388/; classtype:trojan-activity;sid:84122488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259389/; classtype:trojan-activity;sid:84122489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259390/; classtype:trojan-activity;sid:84122490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.118.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259383/; classtype:trojan-activity;sid:84122483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"payconiqs.co"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259384/; classtype:trojan-activity;sid:84122484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.122.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259385/; classtype:trojan-activity;sid:84122485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259382/; classtype:trojan-activity;sid:84122482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.80.128.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259381/; classtype:trojan-activity;sid:84122481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.249.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259380/; classtype:trojan-activity;sid:84122480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.88.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259379/; classtype:trojan-activity;sid:84122479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.88.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259378/; classtype:trojan-activity;sid:84122478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.180.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259377/; classtype:trojan-activity;sid:84122477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.77.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259376/; classtype:trojan-activity;sid:84122476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.170.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259375/; classtype:trojan-activity;sid:84122475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.244.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259374/; classtype:trojan-activity;sid:84122474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.30.176"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259373/; classtype:trojan-activity;sid:84122473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.176.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259372/; classtype:trojan-activity;sid:84122472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.25.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259371/; classtype:trojan-activity;sid:84122471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259370/; classtype:trojan-activity;sid:84122470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.164.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259369/; classtype:trojan-activity;sid:84122469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.148.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259368/; classtype:trojan-activity;sid:84122468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.119.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259366/; classtype:trojan-activity;sid:84122466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.86.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259367/; classtype:trojan-activity;sid:84122467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.148.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259365/; classtype:trojan-activity;sid:84122465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.178.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259364/; classtype:trojan-activity;sid:84122464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.101.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259363/; classtype:trojan-activity;sid:84122463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.115.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259362/; classtype:trojan-activity;sid:84122462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259361/; classtype:trojan-activity;sid:84122461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259360/; classtype:trojan-activity;sid:84122460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.228.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259359/; classtype:trojan-activity;sid:84122459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.10.68"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259358/; classtype:trojan-activity;sid:84122458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.245.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259357/; classtype:trojan-activity;sid:84122457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.120.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259355/; classtype:trojan-activity;sid:84122455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259356/; classtype:trojan-activity;sid:84122456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259354/; classtype:trojan-activity;sid:84122454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.88.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259353/; classtype:trojan-activity;sid:84122453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.98.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259352/; classtype:trojan-activity;sid:84122452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.177.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259351/; classtype:trojan-activity;sid:84122451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.70.82.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259350/; classtype:trojan-activity;sid:84122450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259349/; classtype:trojan-activity;sid:84122449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.251.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259348/; classtype:trojan-activity;sid:84122448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.2.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259347/; classtype:trojan-activity;sid:84122447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259346/; classtype:trojan-activity;sid:84122446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.164.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259344/; classtype:trojan-activity;sid:84122444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259345/; classtype:trojan-activity;sid:84122445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259343/; classtype:trojan-activity;sid:84122443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.101.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259342/; classtype:trojan-activity;sid:84122442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.16.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259341/; classtype:trojan-activity;sid:84122441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259340/; classtype:trojan-activity;sid:84122440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.245.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259339/; classtype:trojan-activity;sid:84122439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259338/; classtype:trojan-activity;sid:84122438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.206.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259337/; classtype:trojan-activity;sid:84122437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.67.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259336/; classtype:trojan-activity;sid:84122436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.84.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259335/; classtype:trojan-activity;sid:84122435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.248.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259334/; classtype:trojan-activity;sid:84122434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.73.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259333/; classtype:trojan-activity;sid:84122433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.93.44.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259332/; classtype:trojan-activity;sid:84122432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"183.152.18.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259331/; classtype:trojan-activity;sid:84122431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259330/; classtype:trojan-activity;sid:84122430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259329/; classtype:trojan-activity;sid:84122429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.221.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259328/; classtype:trojan-activity;sid:84122428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259327/; classtype:trojan-activity;sid:84122427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.80.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259326/; classtype:trojan-activity;sid:84122426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.2.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259325/; classtype:trojan-activity;sid:84122425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.143.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259324/; classtype:trojan-activity;sid:84122424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.76.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259323/; classtype:trojan-activity;sid:84122423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.103.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259322/; classtype:trojan-activity;sid:84122422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.203.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259321/; classtype:trojan-activity;sid:84122421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259320/; classtype:trojan-activity;sid:84122420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.148.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259319/; classtype:trojan-activity;sid:84122419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.206.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259318/; classtype:trojan-activity;sid:84122418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.73.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259316/; classtype:trojan-activity;sid:84122416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.237.77.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259317/; classtype:trojan-activity;sid:84122417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.16.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259315/; classtype:trojan-activity;sid:84122415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.20.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259314/; classtype:trojan-activity;sid:84122414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.73.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259313/; classtype:trojan-activity;sid:84122413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.25.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259312/; classtype:trojan-activity;sid:84122412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.226.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259311/; classtype:trojan-activity;sid:84122411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.233.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259309/; classtype:trojan-activity;sid:84122409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.208.47.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259310/; classtype:trojan-activity;sid:84122410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.31.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259308/; classtype:trojan-activity;sid:84122408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.48.23"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259307/; classtype:trojan-activity;sid:84122407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.98.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259306/; classtype:trojan-activity;sid:84122406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.16.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259305/; classtype:trojan-activity;sid:84122405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.85.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259304/; classtype:trojan-activity;sid:84122404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.48.23"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259302/; classtype:trojan-activity;sid:84122402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.203.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259303/; classtype:trojan-activity;sid:84122403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.241.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259301/; classtype:trojan-activity;sid:84122401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.15.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259300/; classtype:trojan-activity;sid:84122400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.35.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259299/; classtype:trojan-activity;sid:84122399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259298/; classtype:trojan-activity;sid:84122398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.8.163.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259297/; classtype:trojan-activity;sid:84122397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.26.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259296/; classtype:trojan-activity;sid:84122396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.173.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259295/; classtype:trojan-activity;sid:84122395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.151.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259294/; classtype:trojan-activity;sid:84122394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.165.66.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259293/; classtype:trojan-activity;sid:84122393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.245.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259291/; classtype:trojan-activity;sid:84122391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.170.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259292/; classtype:trojan-activity;sid:84122392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.55.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259289/; classtype:trojan-activity;sid:84122389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.208.47.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259288/; classtype:trojan-activity;sid:84122388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.190.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259287/; classtype:trojan-activity;sid:84122387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.92.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259286/; classtype:trojan-activity;sid:84122386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259284/; classtype:trojan-activity;sid:84122384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.94.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259285/; classtype:trojan-activity;sid:84122385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.98.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259283/; classtype:trojan-activity;sid:84122383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.22.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259282/; classtype:trojan-activity;sid:84122382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.175.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259281/; classtype:trojan-activity;sid:84122381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.69.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259280/; classtype:trojan-activity;sid:84122380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.99.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259279/; classtype:trojan-activity;sid:84122379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.242.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259277/; classtype:trojan-activity;sid:84122377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.25.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259278/; classtype:trojan-activity;sid:84122378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.46.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259276/; classtype:trojan-activity;sid:84122376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.160.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259275/; classtype:trojan-activity;sid:84122375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259274/; classtype:trojan-activity;sid:84122374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259273/; classtype:trojan-activity;sid:84122373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.112.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259272/; classtype:trojan-activity;sid:84122372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259271/; classtype:trojan-activity;sid:84122371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.48.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259270/; classtype:trojan-activity;sid:84122370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.60.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259269/; classtype:trojan-activity;sid:84122369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.15.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259268/; classtype:trojan-activity;sid:84122368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.8.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259267/; classtype:trojan-activity;sid:84122367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.190.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259265/; classtype:trojan-activity;sid:84122365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.36.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259266/; classtype:trojan-activity;sid:84122366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.95.190.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259264/; classtype:trojan-activity;sid:84122364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.168.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259263/; classtype:trojan-activity;sid:84122363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259262/; classtype:trojan-activity;sid:84122362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.118.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259260/; classtype:trojan-activity;sid:84122360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.64.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259261/; classtype:trojan-activity;sid:84122361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trust_wallet.apk"; depth:17; endswith; nocase; http.host; content:"www.trvstwallet.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259259/; classtype:trojan-activity;sid:84122359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.129.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259258/; classtype:trojan-activity;sid:84122358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.245.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259257/; classtype:trojan-activity;sid:84122357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvsbeps"; depth:8; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259256/; classtype:trojan-activity;sid:84122356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.231.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259255/; classtype:trojan-activity;sid:84122355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solgoodman/zixenberg/downloads/bybit.exe"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259254/; classtype:trojan-activity;sid:84122354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.113.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259253/; classtype:trojan-activity;sid:84122353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.92.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259252/; classtype:trojan-activity;sid:84122352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.20.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259251/; classtype:trojan-activity;sid:84122351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259250/; classtype:trojan-activity;sid:84122350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.143.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259249/; classtype:trojan-activity;sid:84122349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.82.152"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259248/; classtype:trojan-activity;sid:84122348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.8.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259247/; classtype:trojan-activity;sid:84122347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.175.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259246/; classtype:trojan-activity;sid:84122346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.83.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259244/; classtype:trojan-activity;sid:84122344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.159.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259245/; classtype:trojan-activity;sid:84122345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.78.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259243/; classtype:trojan-activity;sid:84122343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.62.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259242/; classtype:trojan-activity;sid:84122342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.60.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259240/; classtype:trojan-activity;sid:84122340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.178.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259241/; classtype:trojan-activity;sid:84122341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.109.182.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259239/; classtype:trojan-activity;sid:84122339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259238/; classtype:trojan-activity;sid:84122338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.11.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259237/; classtype:trojan-activity;sid:84122337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.219.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259236/; classtype:trojan-activity;sid:84122336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.241.176.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259235/; classtype:trojan-activity;sid:84122335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.171.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259234/; classtype:trojan-activity;sid:84122334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goodbyedpiconfigsnew.exe"; depth:25; endswith; nocase; http.host; content:"uebki.one"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259233/; classtype:trojan-activity;sid:84122333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259232/; classtype:trojan-activity;sid:84122332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259230/; classtype:trojan-activity;sid:84122330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.176.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259231/; classtype:trojan-activity;sid:84122331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.139.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259229/; classtype:trojan-activity;sid:84122329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.102.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259228/; classtype:trojan-activity;sid:84122328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.95.190.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259227/; classtype:trojan-activity;sid:84122327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259226/; classtype:trojan-activity;sid:84122326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.40.172.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259225/; classtype:trojan-activity;sid:84122325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.26.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259224/; classtype:trojan-activity;sid:84122324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.30.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259223/; classtype:trojan-activity;sid:84122323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.60.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259221/; classtype:trojan-activity;sid:84122321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.123.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259222/; classtype:trojan-activity;sid:84122322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.213.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259220/; classtype:trojan-activity;sid:84122320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.55.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259219/; classtype:trojan-activity;sid:84122319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.64.37"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259218/; classtype:trojan-activity;sid:84122318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.72.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259217/; classtype:trojan-activity;sid:84122317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.159.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259216/; classtype:trojan-activity;sid:84122316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.231.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259215/; classtype:trojan-activity;sid:84122315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.36.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259214/; classtype:trojan-activity;sid:84122314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259213/; classtype:trojan-activity;sid:84122313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.16.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259212/; classtype:trojan-activity;sid:84122312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.138.139.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259211/; classtype:trojan-activity;sid:84122311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.39.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259210/; classtype:trojan-activity;sid:84122310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.177.68.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259209/; classtype:trojan-activity;sid:84122309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.11.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259208/; classtype:trojan-activity;sid:84122308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.150.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259207/; classtype:trojan-activity;sid:84122307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.121.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259206/; classtype:trojan-activity;sid:84122306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.98.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259204/; classtype:trojan-activity;sid:84122304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.199.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259205/; classtype:trojan-activity;sid:84122305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.28.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259203/; classtype:trojan-activity;sid:84122303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.94.31.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259202/; classtype:trojan-activity;sid:84122302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.166.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259201/; classtype:trojan-activity;sid:84122301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259200/; classtype:trojan-activity;sid:84122300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.154.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259199/; classtype:trojan-activity;sid:84122299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.196.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259198/; classtype:trojan-activity;sid:84122298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.69.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259197/; classtype:trojan-activity;sid:84122297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.32.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259196/; classtype:trojan-activity;sid:84122296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.192.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259195/; classtype:trojan-activity;sid:84122295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.109.182.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259194/; classtype:trojan-activity;sid:84122294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.88.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259193/; classtype:trojan-activity;sid:84122293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.215.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259192/; classtype:trojan-activity;sid:84122292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.107.206.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259191/; classtype:trojan-activity;sid:84122291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259190/; classtype:trojan-activity;sid:84122290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.148.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259189/; classtype:trojan-activity;sid:84122289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.100.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259188/; classtype:trojan-activity;sid:84122288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.4.164.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259187/; classtype:trojan-activity;sid:84122287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.208.234.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259186/; classtype:trojan-activity;sid:84122286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.150.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259185/; classtype:trojan-activity;sid:84122285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.195.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259184/; classtype:trojan-activity;sid:84122284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.96.148"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259183/; classtype:trojan-activity;sid:84122283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.234.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259182/; classtype:trojan-activity;sid:84122282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.151.115.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259181/; classtype:trojan-activity;sid:84122281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.188.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259180/; classtype:trojan-activity;sid:84122280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259179/; classtype:trojan-activity;sid:84122279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.128.11.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259178/; classtype:trojan-activity;sid:84122278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.253.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259177/; classtype:trojan-activity;sid:84122277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.153.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259176/; classtype:trojan-activity;sid:84122276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.162.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259175/; classtype:trojan-activity;sid:84122275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.178.248.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259174/; classtype:trojan-activity;sid:84122274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.228.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259173/; classtype:trojan-activity;sid:84122273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.154.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259172/; classtype:trojan-activity;sid:84122272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259171/; classtype:trojan-activity;sid:84122271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.107.206.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259170/; classtype:trojan-activity;sid:84122270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.241.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259169/; classtype:trojan-activity;sid:84122269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.160.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259168/; classtype:trojan-activity;sid:84122268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.84.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259167/; classtype:trojan-activity;sid:84122267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259166/; classtype:trojan-activity;sid:84122266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259165/; classtype:trojan-activity;sid:84122265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.186.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259164/; classtype:trojan-activity;sid:84122264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.233.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259163/; classtype:trojan-activity;sid:84122263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.64.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259162/; classtype:trojan-activity;sid:84122262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.196.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259160/; classtype:trojan-activity;sid:84122260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259161/; classtype:trojan-activity;sid:84122261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.103.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259159/; classtype:trojan-activity;sid:84122259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.100.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259157/; classtype:trojan-activity;sid:84122257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.8.163.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259158/; classtype:trojan-activity;sid:84122258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.153.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259156/; classtype:trojan-activity;sid:84122256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.178.79.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259155/; classtype:trojan-activity;sid:84122255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.235.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259154/; classtype:trojan-activity;sid:84122254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.160.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259153/; classtype:trojan-activity;sid:84122253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.162.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259152/; classtype:trojan-activity;sid:84122252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.96.148"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259151/; classtype:trojan-activity;sid:84122251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.69.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259150/; classtype:trojan-activity;sid:84122250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.250.184.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259149/; classtype:trojan-activity;sid:84122249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.204.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259148/; classtype:trojan-activity;sid:84122248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259146/; classtype:trojan-activity;sid:84122246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.178.248.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259147/; classtype:trojan-activity;sid:84122247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.235.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259145/; classtype:trojan-activity;sid:84122245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.101.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259143/; classtype:trojan-activity;sid:84122243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.111.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259144/; classtype:trojan-activity;sid:84122244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.47.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259142/; classtype:trojan-activity;sid:84122242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.123.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259141/; classtype:trojan-activity;sid:84122241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.17.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259140/; classtype:trojan-activity;sid:84122240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.84.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259139/; classtype:trojan-activity;sid:84122239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.101.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259138/; classtype:trojan-activity;sid:84122238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259137/; classtype:trojan-activity;sid:84122237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259136/; classtype:trojan-activity;sid:84122236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.64.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259134/; classtype:trojan-activity;sid:84122234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.253.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259135/; classtype:trojan-activity;sid:84122235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.241.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259133/; classtype:trojan-activity;sid:84122233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.178.79.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259132/; classtype:trojan-activity;sid:84122232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.196.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259131/; classtype:trojan-activity;sid:84122231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.103.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259130/; classtype:trojan-activity;sid:84122230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.131.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259129/; classtype:trojan-activity;sid:84122229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.184.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259128/; classtype:trojan-activity;sid:84122228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.44.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259127/; classtype:trojan-activity;sid:84122227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.180.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259126/; classtype:trojan-activity;sid:84122226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.186.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259125/; classtype:trojan-activity;sid:84122225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.13.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259124/; classtype:trojan-activity;sid:84122224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.73.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259123/; classtype:trojan-activity;sid:84122223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259122/; classtype:trojan-activity;sid:84122222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.135.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259121/; classtype:trojan-activity;sid:84122221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.196.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259120/; classtype:trojan-activity;sid:84122220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.83.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259119/; classtype:trojan-activity;sid:84122219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.12.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259118/; classtype:trojan-activity;sid:84122218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.87.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259117/; classtype:trojan-activity;sid:84122217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.29.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259115/; classtype:trojan-activity;sid:84122215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.130.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259116/; classtype:trojan-activity;sid:84122216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.64.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259114/; classtype:trojan-activity;sid:84122214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.204.202.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259113/; classtype:trojan-activity;sid:84122213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.131.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259112/; classtype:trojan-activity;sid:84122212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.44.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259111/; classtype:trojan-activity;sid:84122211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.221.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259109/; classtype:trojan-activity;sid:84122209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.65.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259110/; classtype:trojan-activity;sid:84122210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.146.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259108/; classtype:trojan-activity;sid:84122208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.73.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259107/; classtype:trojan-activity;sid:84122207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.22.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259106/; classtype:trojan-activity;sid:84122206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.34.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259105/; classtype:trojan-activity;sid:84122205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.149.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259103/; classtype:trojan-activity;sid:84122203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.12.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259104/; classtype:trojan-activity;sid:84122204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.68.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259101/; classtype:trojan-activity;sid:84122201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.226.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259102/; classtype:trojan-activity;sid:84122202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259100/; classtype:trojan-activity;sid:84122200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.121.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259099/; classtype:trojan-activity;sid:84122199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259098/; classtype:trojan-activity;sid:84122198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.253.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259095/; classtype:trojan-activity;sid:84122195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.94.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259096/; classtype:trojan-activity;sid:84122196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.83.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259097/; classtype:trojan-activity;sid:84122197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.158.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259094/; classtype:trojan-activity;sid:84122194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259093/; classtype:trojan-activity;sid:84122193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.181.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259092/; classtype:trojan-activity;sid:84122192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.10.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259091/; classtype:trojan-activity;sid:84122191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.132.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259090/; classtype:trojan-activity;sid:84122190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.250.184.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259089/; classtype:trojan-activity;sid:84122189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.13.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259088/; classtype:trojan-activity;sid:84122188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.130.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259087/; classtype:trojan-activity;sid:84122187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.183.132.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259086/; classtype:trojan-activity;sid:84122186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.102.189.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259083/; classtype:trojan-activity;sid:84122183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.51.37.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259084/; classtype:trojan-activity;sid:84122184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.133.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259085/; classtype:trojan-activity;sid:84122185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.154.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259081/; classtype:trojan-activity;sid:84122181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.215.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259082/; classtype:trojan-activity;sid:84122182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.196.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259080/; classtype:trojan-activity;sid:84122180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.164.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259079/; classtype:trojan-activity;sid:84122179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.61.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259078/; classtype:trojan-activity;sid:84122178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.98.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259074/; classtype:trojan-activity;sid:84122174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.165.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259075/; classtype:trojan-activity;sid:84122175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.89.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259076/; classtype:trojan-activity;sid:84122176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.152.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259077/; classtype:trojan-activity;sid:84122177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.130.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259073/; classtype:trojan-activity;sid:84122173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.24.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259072/; classtype:trojan-activity;sid:84122172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.100.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259071/; classtype:trojan-activity;sid:84122171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259069/; classtype:trojan-activity;sid:84122169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.146.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259070/; classtype:trojan-activity;sid:84122170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.65.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259068/; classtype:trojan-activity;sid:84122168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.186.45.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259067/; classtype:trojan-activity;sid:84122167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.46.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259066/; classtype:trojan-activity;sid:84122166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.3.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259065/; classtype:trojan-activity;sid:84122165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.47.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259064/; classtype:trojan-activity;sid:84122164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.83.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259063/; classtype:trojan-activity;sid:84122163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.154.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259062/; classtype:trojan-activity;sid:84122162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.94.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259061/; classtype:trojan-activity;sid:84122161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.3.35"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259060/; classtype:trojan-activity;sid:84122160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.36.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259059/; classtype:trojan-activity;sid:84122159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.226.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259058/; classtype:trojan-activity;sid:84122158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.89.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259057/; classtype:trojan-activity;sid:84122157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.202.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259055/; classtype:trojan-activity;sid:84122155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.174.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259056/; classtype:trojan-activity;sid:84122156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.158.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259054/; classtype:trojan-activity;sid:84122154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.22.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259053/; classtype:trojan-activity;sid:84122153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.225.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259052/; classtype:trojan-activity;sid:84122152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.134.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259051/; classtype:trojan-activity;sid:84122151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.181.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259050/; classtype:trojan-activity;sid:84122150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.8.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259049/; classtype:trojan-activity;sid:84122149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.24.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259048/; classtype:trojan-activity;sid:84122148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.10.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259047/; classtype:trojan-activity;sid:84122147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.132.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259046/; classtype:trojan-activity;sid:84122146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.185.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259045/; classtype:trojan-activity;sid:84122145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.24.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259044/; classtype:trojan-activity;sid:84122144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.254.206.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259043/; classtype:trojan-activity;sid:84122143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.124.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259042/; classtype:trojan-activity;sid:84122142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.8.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259041/; classtype:trojan-activity;sid:84122141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.89.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259040/; classtype:trojan-activity;sid:84122140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.213.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259039/; classtype:trojan-activity;sid:84122139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.43.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259038/; classtype:trojan-activity;sid:84122138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259037/; classtype:trojan-activity;sid:84122137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.81.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259036/; classtype:trojan-activity;sid:84122136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.229.161.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259035/; classtype:trojan-activity;sid:84122135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.17.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259034/; classtype:trojan-activity;sid:84122134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.186.45.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259033/; classtype:trojan-activity;sid:84122133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259032/; classtype:trojan-activity;sid:84122132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259031/; classtype:trojan-activity;sid:84122131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.228.45.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259030/; classtype:trojan-activity;sid:84122130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.84.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259029/; classtype:trojan-activity;sid:84122129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.184.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259028/; classtype:trojan-activity;sid:84122128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.194.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259027/; classtype:trojan-activity;sid:84122127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.154.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259026/; classtype:trojan-activity;sid:84122126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.245.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259025/; classtype:trojan-activity;sid:84122125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.109.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259024/; classtype:trojan-activity;sid:84122124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.89.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259023/; classtype:trojan-activity;sid:84122123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259022/; classtype:trojan-activity;sid:84122122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.12.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259021/; classtype:trojan-activity;sid:84122121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.202.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259019/; classtype:trojan-activity;sid:84122119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.54.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259020/; classtype:trojan-activity;sid:84122120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.24.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259018/; classtype:trojan-activity;sid:84122118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.224.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259016/; classtype:trojan-activity;sid:84122116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.120.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259017/; classtype:trojan-activity;sid:84122117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.185.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259015/; classtype:trojan-activity;sid:84122115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.241.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259014/; classtype:trojan-activity;sid:84122114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.244.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259013/; classtype:trojan-activity;sid:84122113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.86.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259012/; classtype:trojan-activity;sid:84122112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.43.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259011/; classtype:trojan-activity;sid:84122111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.195.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259010/; classtype:trojan-activity;sid:84122110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"43.254.206.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259009/; classtype:trojan-activity;sid:84122109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.237.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259008/; classtype:trojan-activity;sid:84122108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.138.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259007/; classtype:trojan-activity;sid:84122107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.40.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259005/; classtype:trojan-activity;sid:84122105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.75.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259006/; classtype:trojan-activity;sid:84122106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.182.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259004/; classtype:trojan-activity;sid:84122104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.84.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259003/; classtype:trojan-activity;sid:84122103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259002/; classtype:trojan-activity;sid:84122102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.55.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259001/; classtype:trojan-activity;sid:84122101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3259000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"105.158.67.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3259000/; classtype:trojan-activity;sid:84122100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.242.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258999/; classtype:trojan-activity;sid:84122099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.27.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258998/; classtype:trojan-activity;sid:84122098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258997/; classtype:trojan-activity;sid:84122097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258996/; classtype:trojan-activity;sid:84122096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.253.80.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258995/; classtype:trojan-activity;sid:84122095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.16"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258994/; classtype:trojan-activity;sid:84122094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.110.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258993/; classtype:trojan-activity;sid:84122093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258992/; classtype:trojan-activity;sid:84122092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.209.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258991/; classtype:trojan-activity;sid:84122091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.40.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258990/; classtype:trojan-activity;sid:84122090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.167.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258989/; classtype:trojan-activity;sid:84122089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.198.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258988/; classtype:trojan-activity;sid:84122088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.248.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258987/; classtype:trojan-activity;sid:84122087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.224.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258986/; classtype:trojan-activity;sid:84122086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.218.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258985/; classtype:trojan-activity;sid:84122085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258984/; classtype:trojan-activity;sid:84122084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.25.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258983/; classtype:trojan-activity;sid:84122083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.210.138.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258982/; classtype:trojan-activity;sid:84122082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.39.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258981/; classtype:trojan-activity;sid:84122081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258980/; classtype:trojan-activity;sid:84122080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.241.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258979/; classtype:trojan-activity;sid:84122079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.221.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258977/; classtype:trojan-activity;sid:84122077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.237.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258978/; classtype:trojan-activity;sid:84122078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.230.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258976/; classtype:trojan-activity;sid:84122076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.125.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258975/; classtype:trojan-activity;sid:84122075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.45.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258974/; classtype:trojan-activity;sid:84122074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.178.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258973/; classtype:trojan-activity;sid:84122073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.220.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258972/; classtype:trojan-activity;sid:84122072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.131.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258971/; classtype:trojan-activity;sid:84122071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.130.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258970/; classtype:trojan-activity;sid:84122070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.218.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258969/; classtype:trojan-activity;sid:84122069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258968/; classtype:trojan-activity;sid:84122068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.196.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258967/; classtype:trojan-activity;sid:84122067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.91.118.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258966/; classtype:trojan-activity;sid:84122066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.95.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258965/; classtype:trojan-activity;sid:84122065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.74.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258964/; classtype:trojan-activity;sid:84122064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.209.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258963/; classtype:trojan-activity;sid:84122063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.215.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258962/; classtype:trojan-activity;sid:84122062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.237.77.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258961/; classtype:trojan-activity;sid:84122061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.138.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258960/; classtype:trojan-activity;sid:84122060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.16.155.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258959/; classtype:trojan-activity;sid:84122059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.150.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258957/; classtype:trojan-activity;sid:84122057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.87.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258958/; classtype:trojan-activity;sid:84122058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258956/; classtype:trojan-activity;sid:84122056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.230.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258954/; classtype:trojan-activity;sid:84122054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.25.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258955/; classtype:trojan-activity;sid:84122055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.234.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258953/; classtype:trojan-activity;sid:84122053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.7.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258952/; classtype:trojan-activity;sid:84122052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258951/; classtype:trojan-activity;sid:84122051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.252.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258947/; classtype:trojan-activity;sid:84122047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.252.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258948/; classtype:trojan-activity;sid:84122048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.10.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258949/; classtype:trojan-activity;sid:84122049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.25.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258950/; classtype:trojan-activity;sid:84122050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.91.118.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258946/; classtype:trojan-activity;sid:84122046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.91.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258945/; classtype:trojan-activity;sid:84122045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258944/; classtype:trojan-activity;sid:84122044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.26.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258943/; classtype:trojan-activity;sid:84122043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.158.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258942/; classtype:trojan-activity;sid:84122042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.69.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258939/; classtype:trojan-activity;sid:84122039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.48.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258940/; classtype:trojan-activity;sid:84122040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258941/; classtype:trojan-activity;sid:84122041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.218.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258938/; classtype:trojan-activity;sid:84122038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.243.137.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258937/; classtype:trojan-activity;sid:84122037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.95.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258936/; classtype:trojan-activity;sid:84122036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.181.9.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258935/; classtype:trojan-activity;sid:84122035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.215.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258934/; classtype:trojan-activity;sid:84122034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.198.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258932/; classtype:trojan-activity;sid:84122032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.220.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258933/; classtype:trojan-activity;sid:84122033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.194.74.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258931/; classtype:trojan-activity;sid:84122031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.148.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258930/; classtype:trojan-activity;sid:84122030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.16.155.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258929/; classtype:trojan-activity;sid:84122029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258928/; classtype:trojan-activity;sid:84122028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.24.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258927/; classtype:trojan-activity;sid:84122027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.240.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258926/; classtype:trojan-activity;sid:84122026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.165.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258925/; classtype:trojan-activity;sid:84122025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.1.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258924/; classtype:trojan-activity;sid:84122024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.179.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258923/; classtype:trojan-activity;sid:84122023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.25.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258922/; classtype:trojan-activity;sid:84122022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.252.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258921/; classtype:trojan-activity;sid:84122021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.103.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258920/; classtype:trojan-activity;sid:84122020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.66.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258919/; classtype:trojan-activity;sid:84122019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258918/; classtype:trojan-activity;sid:84122018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.87.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258916/; classtype:trojan-activity;sid:84122016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.118.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258917/; classtype:trojan-activity;sid:84122017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.10.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258915/; classtype:trojan-activity;sid:84122015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.162.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258914/; classtype:trojan-activity;sid:84122014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.20.108"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258913/; classtype:trojan-activity;sid:84122013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.69.158"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258912/; classtype:trojan-activity;sid:84122012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.115.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258911/; classtype:trojan-activity;sid:84122011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.48.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258910/; classtype:trojan-activity;sid:84122010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.181.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258909/; classtype:trojan-activity;sid:84122009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.240.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258908/; classtype:trojan-activity;sid:84122008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.221.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258907/; classtype:trojan-activity;sid:84122007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258906/; classtype:trojan-activity;sid:84122006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258905/; classtype:trojan-activity;sid:84122005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.156.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258903/; classtype:trojan-activity;sid:84122003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.252.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258904/; classtype:trojan-activity;sid:84122004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258902/; classtype:trojan-activity;sid:84122002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.222.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258901/; classtype:trojan-activity;sid:84122001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.82.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258900/; classtype:trojan-activity;sid:84122000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258899/; classtype:trojan-activity;sid:84121999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmspicoinstaller.exe"; depth:21; endswith; nocase; http.host; content:"quiz.bloomingkids.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258898/; classtype:trojan-activity;sid:84121998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.156.31.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258897/; classtype:trojan-activity;sid:84121997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.227.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258896/; classtype:trojan-activity;sid:84121996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.103.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258895/; classtype:trojan-activity;sid:84121995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258894/; classtype:trojan-activity;sid:84121994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258893/; classtype:trojan-activity;sid:84121993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.169.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258892/; classtype:trojan-activity;sid:84121992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.118.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258891/; classtype:trojan-activity;sid:84121991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258890/; classtype:trojan-activity;sid:84121990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.93.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258889/; classtype:trojan-activity;sid:84121989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.66.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258888/; classtype:trojan-activity;sid:84121988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.72.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258887/; classtype:trojan-activity;sid:84121987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.23.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258886/; classtype:trojan-activity;sid:84121986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.104.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258885/; classtype:trojan-activity;sid:84121985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.33.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258884/; classtype:trojan-activity;sid:84121984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.171.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258883/; classtype:trojan-activity;sid:84121983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258882/; classtype:trojan-activity;sid:84121982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258881/; classtype:trojan-activity;sid:84121981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.58.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258880/; classtype:trojan-activity;sid:84121980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258879/; classtype:trojan-activity;sid:84121979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.91.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258878/; classtype:trojan-activity;sid:84121978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258877/; classtype:trojan-activity;sid:84121977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258876/; classtype:trojan-activity;sid:84121976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258875/; classtype:trojan-activity;sid:84121975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.169.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258874/; classtype:trojan-activity;sid:84121974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.156.31.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258873/; classtype:trojan-activity;sid:84121973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.236.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258872/; classtype:trojan-activity;sid:84121972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.66.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258870/; classtype:trojan-activity;sid:84121970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.84.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_28; reference:url, urlhaus.abuse.ch/url/3258871/; classtype:trojan-activity;sid:84121971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.236.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258869/; classtype:trojan-activity;sid:84121969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.241.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258868/; classtype:trojan-activity;sid:84121968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.132.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258867/; classtype:trojan-activity;sid:84121967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.158.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258866/; classtype:trojan-activity;sid:84121966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.26.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258865/; classtype:trojan-activity;sid:84121965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.180.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258864/; classtype:trojan-activity;sid:84121964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.113.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258863/; classtype:trojan-activity;sid:84121963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.12.17"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258862/; classtype:trojan-activity;sid:84121962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.243.152.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258861/; classtype:trojan-activity;sid:84121961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.33.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258860/; classtype:trojan-activity;sid:84121960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258859/; classtype:trojan-activity;sid:84121959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.46.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258858/; classtype:trojan-activity;sid:84121958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.186.110"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258857/; classtype:trojan-activity;sid:84121957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.190.77.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258856/; classtype:trojan-activity;sid:84121956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.197.167.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258855/; classtype:trojan-activity;sid:84121955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.40.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258854/; classtype:trojan-activity;sid:84121954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.70.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258853/; classtype:trojan-activity;sid:84121953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.69.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258852/; classtype:trojan-activity;sid:84121952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.9.146.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258851/; classtype:trojan-activity;sid:84121951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258850/; classtype:trojan-activity;sid:84121950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.236.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258848/; classtype:trojan-activity;sid:84121948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.241.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258849/; classtype:trojan-activity;sid:84121949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.103.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258847/; classtype:trojan-activity;sid:84121947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.158.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258846/; classtype:trojan-activity;sid:84121946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.201.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258845/; classtype:trojan-activity;sid:84121945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.132.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258844/; classtype:trojan-activity;sid:84121944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258843/; classtype:trojan-activity;sid:84121943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.220.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258842/; classtype:trojan-activity;sid:84121942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.98.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258841/; classtype:trojan-activity;sid:84121941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.201.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258840/; classtype:trojan-activity;sid:84121940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258839/; classtype:trojan-activity;sid:84121939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.184.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258838/; classtype:trojan-activity;sid:84121938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258837/; classtype:trojan-activity;sid:84121937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.190.77.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258836/; classtype:trojan-activity;sid:84121936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.134.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258835/; classtype:trojan-activity;sid:84121935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.89.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258834/; classtype:trojan-activity;sid:84121934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.175.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258833/; classtype:trojan-activity;sid:84121933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258832/; classtype:trojan-activity;sid:84121932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.129.145.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258831/; classtype:trojan-activity;sid:84121931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.43.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258830/; classtype:trojan-activity;sid:84121930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.15.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258829/; classtype:trojan-activity;sid:84121929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258828/; classtype:trojan-activity;sid:84121928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.65.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258827/; classtype:trojan-activity;sid:84121927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.184.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258826/; classtype:trojan-activity;sid:84121926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258825/; classtype:trojan-activity;sid:84121925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258818/; classtype:trojan-activity;sid:84121918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258819/; classtype:trojan-activity;sid:84121919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258820/; classtype:trojan-activity;sid:84121920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258821/; classtype:trojan-activity;sid:84121921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258822/; classtype:trojan-activity;sid:84121922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258823/; classtype:trojan-activity;sid:84121923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258824/; classtype:trojan-activity;sid:84121924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm5"; depth:6; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258817/; classtype:trojan-activity;sid:84121917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258812/; classtype:trojan-activity;sid:84121912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258813/; classtype:trojan-activity;sid:84121913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258814/; classtype:trojan-activity;sid:84121914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"80.76.51.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258815/; classtype:trojan-activity;sid:84121915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm6"; depth:6; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258816/; classtype:trojan-activity;sid:84121916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jvviiutrvhybd3mplt2sqvumltbjsztuoa"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258810/; classtype:trojan-activity;sid:84121910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/capm71rtkzsjycx0rpnoxmcwpye4hb9brs"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258811/; classtype:trojan-activity;sid:84121911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dclrpphkwm7jbpia8c2dv4zvrlujweqheb"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258798/; classtype:trojan-activity;sid:84121898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/luig7oxtwx8oz8ck0urnvbbrpnbcyca6qo"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258799/; classtype:trojan-activity;sid:84121899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/quwuuwizy6vslenfxxkqvqppjy54czvvz0"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258800/; classtype:trojan-activity;sid:84121900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xvq2ehwxzvf5gccyzr98v9ybrjkl9zynvf"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258801/; classtype:trojan-activity;sid:84121901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gtskuvj4s0huefllouzz3yteb6vmbaw6ms"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258802/; classtype:trojan-activity;sid:84121902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zsu3rig2tv4ly9srlgbucuyuvoeyto0awt"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258803/; classtype:trojan-activity;sid:84121903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ocp0uncnihbp8nicr9le7esswilpi1wt4k"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258804/; classtype:trojan-activity;sid:84121904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zacmbj05noshx614szhwsfst4whlb0wu7s"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258805/; classtype:trojan-activity;sid:84121905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/qctrgxipi33sqygzrzexhbwb5jqvl9pc1f"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258806/; classtype:trojan-activity;sid:84121906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/waapo0qq3lo5zsiiyrkkrfsolmterxjzxf"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258807/; classtype:trojan-activity;sid:84121907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/0aqu8r5hgjk6gy8ddl6f8xzlaxaxtw3yud"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258808/; classtype:trojan-activity;sid:84121908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/haszyooq1mr6rt2kbkyfmpc9kryleyuthu"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258809/; classtype:trojan-activity;sid:84121909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.133.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258797/; classtype:trojan-activity;sid:84121897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.243.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258795/; classtype:trojan-activity;sid:84121895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.9.146.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258796/; classtype:trojan-activity;sid:84121896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.52.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258794/; classtype:trojan-activity;sid:84121894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.22.110.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258793/; classtype:trojan-activity;sid:84121893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.197.167.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258792/; classtype:trojan-activity;sid:84121892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.1.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258791/; classtype:trojan-activity;sid:84121891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.124.1.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258790/; classtype:trojan-activity;sid:84121890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.120.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258789/; classtype:trojan-activity;sid:84121889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258788/; classtype:trojan-activity;sid:84121888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.209.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258787/; classtype:trojan-activity;sid:84121887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.238.127.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258786/; classtype:trojan-activity;sid:84121886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.28.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258785/; classtype:trojan-activity;sid:84121885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.35.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258784/; classtype:trojan-activity;sid:84121884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.7.168"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258781/; classtype:trojan-activity;sid:84121881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258782/; classtype:trojan-activity;sid:84121882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.32.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258783/; classtype:trojan-activity;sid:84121883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.210.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258780/; classtype:trojan-activity;sid:84121880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.133.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258779/; classtype:trojan-activity;sid:84121879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.84.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258778/; classtype:trojan-activity;sid:84121878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258777/; classtype:trojan-activity;sid:84121877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.86.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258776/; classtype:trojan-activity;sid:84121876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.91.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258775/; classtype:trojan-activity;sid:84121875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.236.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258774/; classtype:trojan-activity;sid:84121874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.19.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258773/; classtype:trojan-activity;sid:84121873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258772/; classtype:trojan-activity;sid:84121872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.93.142"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258771/; classtype:trojan-activity;sid:84121871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.52.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258768/; classtype:trojan-activity;sid:84121868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.137.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258769/; classtype:trojan-activity;sid:84121869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.137.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258770/; classtype:trojan-activity;sid:84121870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258766/; classtype:trojan-activity;sid:84121866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.255.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258767/; classtype:trojan-activity;sid:84121867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.124.1.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258765/; classtype:trojan-activity;sid:84121865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.7.168"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258764/; classtype:trojan-activity;sid:84121864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.25.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258762/; classtype:trojan-activity;sid:84121862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.136.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258763/; classtype:trojan-activity;sid:84121863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.160.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258761/; classtype:trojan-activity;sid:84121861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.172.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258760/; classtype:trojan-activity;sid:84121860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.237.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258759/; classtype:trojan-activity;sid:84121859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.211.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258757/; classtype:trojan-activity;sid:84121857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.141.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258758/; classtype:trojan-activity;sid:84121858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.242.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258756/; classtype:trojan-activity;sid:84121856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.32.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258755/; classtype:trojan-activity;sid:84121855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.10.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258754/; classtype:trojan-activity;sid:84121854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.204.26.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258753/; classtype:trojan-activity;sid:84121853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.245.60.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258752/; classtype:trojan-activity;sid:84121852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.221.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258751/; classtype:trojan-activity;sid:84121851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.28.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258750/; classtype:trojan-activity;sid:84121850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.99.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258749/; classtype:trojan-activity;sid:84121849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.142.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258748/; classtype:trojan-activity;sid:84121848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258747/; classtype:trojan-activity;sid:84121847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.91.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258746/; classtype:trojan-activity;sid:84121846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.225.125.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258745/; classtype:trojan-activity;sid:84121845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.97.200.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258744/; classtype:trojan-activity;sid:84121844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.80.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258743/; classtype:trojan-activity;sid:84121843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.0.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258742/; classtype:trojan-activity;sid:84121842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.47.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258741/; classtype:trojan-activity;sid:84121841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.93.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258740/; classtype:trojan-activity;sid:84121840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258739/; classtype:trojan-activity;sid:84121839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258738/; classtype:trojan-activity;sid:84121838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.25.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258737/; classtype:trojan-activity;sid:84121837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.177.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258736/; classtype:trojan-activity;sid:84121836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.96.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258735/; classtype:trojan-activity;sid:84121835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.229.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258734/; classtype:trojan-activity;sid:84121834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258733/; classtype:trojan-activity;sid:84121833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.86.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258732/; classtype:trojan-activity;sid:84121832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.141.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258731/; classtype:trojan-activity;sid:84121831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.195.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258730/; classtype:trojan-activity;sid:84121830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.89.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258729/; classtype:trojan-activity;sid:84121829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.108.234.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258728/; classtype:trojan-activity;sid:84121828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.157.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258726/; classtype:trojan-activity;sid:84121826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.245.60.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258727/; classtype:trojan-activity;sid:84121827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.71.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258725/; classtype:trojan-activity;sid:84121825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.114.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258724/; classtype:trojan-activity;sid:84121824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.85.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258723/; classtype:trojan-activity;sid:84121823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.183.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258722/; classtype:trojan-activity;sid:84121822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.93.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258721/; classtype:trojan-activity;sid:84121821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.150.7.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258720/; classtype:trojan-activity;sid:84121820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.135.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258719/; classtype:trojan-activity;sid:84121819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.109.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258718/; classtype:trojan-activity;sid:84121818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.75.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258717/; classtype:trojan-activity;sid:84121817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.208.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258716/; classtype:trojan-activity;sid:84121816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258715/; classtype:trojan-activity;sid:84121815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.98.69.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258714/; classtype:trojan-activity;sid:84121814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.223.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258713/; classtype:trojan-activity;sid:84121813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258712/; classtype:trojan-activity;sid:84121812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258711/; classtype:trojan-activity;sid:84121811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.83.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258710/; classtype:trojan-activity;sid:84121810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.96.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258708/; classtype:trojan-activity;sid:84121808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.157.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258709/; classtype:trojan-activity;sid:84121809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.237.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258707/; classtype:trojan-activity;sid:84121807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.26.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258705/; classtype:trojan-activity;sid:84121805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.91.168.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258706/; classtype:trojan-activity;sid:84121806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.91.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258703/; classtype:trojan-activity;sid:84121803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.29.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258704/; classtype:trojan-activity;sid:84121804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.31.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258702/; classtype:trojan-activity;sid:84121802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.98.69.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258701/; classtype:trojan-activity;sid:84121801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.20.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258700/; classtype:trojan-activity;sid:84121800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.71.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258699/; classtype:trojan-activity;sid:84121799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.91.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258698/; classtype:trojan-activity;sid:84121798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.183.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258696/; classtype:trojan-activity;sid:84121796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.10.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258697/; classtype:trojan-activity;sid:84121797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.75.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258695/; classtype:trojan-activity;sid:84121795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.108.234.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258694/; classtype:trojan-activity;sid:84121794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258693/; classtype:trojan-activity;sid:84121793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.186.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258692/; classtype:trojan-activity;sid:84121792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.182.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258691/; classtype:trojan-activity;sid:84121791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.121.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258690/; classtype:trojan-activity;sid:84121790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.217.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258689/; classtype:trojan-activity;sid:84121789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258688/; classtype:trojan-activity;sid:84121788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.253.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258687/; classtype:trojan-activity;sid:84121787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.151.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258686/; classtype:trojan-activity;sid:84121786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.184.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258685/; classtype:trojan-activity;sid:84121785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.109.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258684/; classtype:trojan-activity;sid:84121784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.178.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258683/; classtype:trojan-activity;sid:84121783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.76.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258682/; classtype:trojan-activity;sid:84121782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.60.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258681/; classtype:trojan-activity;sid:84121781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.167.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258680/; classtype:trojan-activity;sid:84121780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258679/; classtype:trojan-activity;sid:84121779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3z0ly4ivvgsgk74gh103zl9helqaqyfszfdmaq8ncomqvsjadwp62hynjypk5vp9fedkosvgu1qqpuovgrxpv-kd8xxtg92atmm0vtk6kprn-wpwbhfn2ubdrs8svdhfqbho3pbddjkzex8n7mmdsasbdovxtpja6rkzutk-2qziuw3t/px3w26m11jqsnb0/roblox+cheat.zip"; depth:210; endswith; nocase; http.host; content:"download2264.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258678/; classtype:trojan-activity;sid:84121778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.31.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258677/; classtype:trojan-activity;sid:84121777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.27.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258676/; classtype:trojan-activity;sid:84121776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.83.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258675/; classtype:trojan-activity;sid:84121775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.2.140.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258674/; classtype:trojan-activity;sid:84121774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258673/; classtype:trojan-activity;sid:84121773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258672/; classtype:trojan-activity;sid:84121772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258671/; classtype:trojan-activity;sid:84121771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.172.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258670/; classtype:trojan-activity;sid:84121770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.63.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258669/; classtype:trojan-activity;sid:84121769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.100.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258668/; classtype:trojan-activity;sid:84121768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.186.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258667/; classtype:trojan-activity;sid:84121767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.241.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258666/; classtype:trojan-activity;sid:84121766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.211.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258665/; classtype:trojan-activity;sid:84121765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.207.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258664/; classtype:trojan-activity;sid:84121764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.11.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258663/; classtype:trojan-activity;sid:84121763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.0.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258662/; classtype:trojan-activity;sid:84121762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.182.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258661/; classtype:trojan-activity;sid:84121761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.80.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258660/; classtype:trojan-activity;sid:84121760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/folder/qan9nwlkert49/b"; depth:23; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258656/; classtype:trojan-activity;sid:84121756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/folder/nliuafcwkyryt/a"; depth:23; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258657/; classtype:trojan-activity;sid:84121757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/xx31eu11rzttems/aura.zip/file"; depth:35; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258658/; classtype:trojan-activity;sid:84121758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/x3tft3k7j0atan4/galaxyswapper_v2.0.3.zip/file"; depth:51; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258659/; classtype:trojan-activity;sid:84121759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1l73gfuxjnagc15eyujeetqx4j-trudfdshao_iebpuisfdqamufddkf_xzkhxybdva9p0ngft48ej4ekcyhrnbnw_t_msglqj1bghstjcukr7uainz9wxb3ymoyqbqwh25uzq9zvyllidmxgrjga1h_49m1ydpvof3f_mruutw5oqkm/5404w0nxjzkh2aj/pass+whitecheats.rar"; depth:214; endswith; nocase; http.host; content:"download1979.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258655/; classtype:trojan-activity;sid:84121755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/5404w0nxjzkh2aj/pass_whitecheats.rar"; depth:42; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258654/; classtype:trojan-activity;sid:84121754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258653/; classtype:trojan-activity;sid:84121753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.6.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258652/; classtype:trojan-activity;sid:84121752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.155.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258651/; classtype:trojan-activity;sid:84121751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.243.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258650/; classtype:trojan-activity;sid:84121750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258649/; classtype:trojan-activity;sid:84121749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.59.107.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258648/; classtype:trojan-activity;sid:84121748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258647/; classtype:trojan-activity;sid:84121747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.198.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258645/; classtype:trojan-activity;sid:84121745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.59.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258646/; classtype:trojan-activity;sid:84121746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.172.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258644/; classtype:trojan-activity;sid:84121744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.26.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258643/; classtype:trojan-activity;sid:84121743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.242.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258642/; classtype:trojan-activity;sid:84121742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258641/; classtype:trojan-activity;sid:84121741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.241.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258640/; classtype:trojan-activity;sid:84121740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.46.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258639/; classtype:trojan-activity;sid:84121739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258638/; classtype:trojan-activity;sid:84121738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.162.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258637/; classtype:trojan-activity;sid:84121737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.33.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258636/; classtype:trojan-activity;sid:84121736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.63.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258635/; classtype:trojan-activity;sid:84121735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.100.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258634/; classtype:trojan-activity;sid:84121734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.255.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258633/; classtype:trojan-activity;sid:84121733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.227.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258632/; classtype:trojan-activity;sid:84121732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.80.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258631/; classtype:trojan-activity;sid:84121731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.241.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258630/; classtype:trojan-activity;sid:84121730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.96.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258629/; classtype:trojan-activity;sid:84121729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258628/; classtype:trojan-activity;sid:84121728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/res.js|3f|id=2"; depth:15; endswith; nocase; http.host; content:"62.197.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258627/; classtype:trojan-activity;sid:84121727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/res.js/|3f|id=2"; depth:16; endswith; nocase; http.host; content:"62.197.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258624/; classtype:trojan-activity;sid:84121724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/res.js/|3f|id=1"; depth:16; endswith; nocase; http.host; content:"62.197.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258625/; classtype:trojan-activity;sid:84121725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/res.js|3f|id=1"; depth:15; endswith; nocase; http.host; content:"62.197.48.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258626/; classtype:trojan-activity;sid:84121726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.243.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258623/; classtype:trojan-activity;sid:84121723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.126.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258622/; classtype:trojan-activity;sid:84121722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.81.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258621/; classtype:trojan-activity;sid:84121721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.255.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258620/; classtype:trojan-activity;sid:84121720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.164.237.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258619/; classtype:trojan-activity;sid:84121719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.59.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258618/; classtype:trojan-activity;sid:84121718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.24.25.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258617/; classtype:trojan-activity;sid:84121717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stlprograms/new/liveyours111/newinstaller27/buildlink.txt"; depth:58; endswith; nocase; http.host; content:"antiloxss.usite.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258616/; classtype:trojan-activity;sid:84121716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updater.zip"; depth:12; endswith; nocase; http.host; content:"updater.do.am"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258615/; classtype:trojan-activity;sid:84121715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.198.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258614/; classtype:trojan-activity;sid:84121714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258613/; classtype:trojan-activity;sid:84121713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.251.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258612/; classtype:trojan-activity;sid:84121712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.172.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258611/; classtype:trojan-activity;sid:84121711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.255.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258610/; classtype:trojan-activity;sid:84121710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.176.107.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258609/; classtype:trojan-activity;sid:84121709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.3.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258608/; classtype:trojan-activity;sid:84121708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.20.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258607/; classtype:trojan-activity;sid:84121707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.111.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258606/; classtype:trojan-activity;sid:84121706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.96.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258605/; classtype:trojan-activity;sid:84121705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.46.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258603/; classtype:trojan-activity;sid:84121703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.93.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258604/; classtype:trojan-activity;sid:84121704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.195.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258602/; classtype:trojan-activity;sid:84121702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.96.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258601/; classtype:trojan-activity;sid:84121701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.89.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258600/; classtype:trojan-activity;sid:84121700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.86.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258599/; classtype:trojan-activity;sid:84121699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.241.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258598/; classtype:trojan-activity;sid:84121698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.242.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258597/; classtype:trojan-activity;sid:84121697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.126.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258596/; classtype:trojan-activity;sid:84121696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.51.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258595/; classtype:trojan-activity;sid:84121695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.96.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258594/; classtype:trojan-activity;sid:84121694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.183.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258593/; classtype:trojan-activity;sid:84121693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.81.184"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258592/; classtype:trojan-activity;sid:84121692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hc9szil06oakgrztxk7vu5c19xzwwsro9w"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258567/; classtype:trojan-activity;sid:84121667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tqetvihocyw5ibxbluqzgcubsznhmphckx"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258568/; classtype:trojan-activity;sid:84121668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/0zdg6utiacbqpivrch7mjsv3kpdb5f27mm"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258569/; classtype:trojan-activity;sid:84121669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3ggi6jhyhc6xu2sglltrkkp9lrhaubzqfz"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258570/; classtype:trojan-activity;sid:84121670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/difxd9rbvs6go67sbarojwwksopce9sbhu"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258571/; classtype:trojan-activity;sid:84121671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xwyaahcwtwsswwblv1vgh55vxd7ujr19mm"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258572/; classtype:trojan-activity;sid:84121672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gfabuhzyopcj94of1heeahraxkdjmnvvs7"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258573/; classtype:trojan-activity;sid:84121673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/woefvxigljnsefl4gwhuf5tvclk4ndfvgm"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258574/; classtype:trojan-activity;sid:84121674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/luvdw1yftoirofvybszbfk4v7thwpg1k0p"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258575/; classtype:trojan-activity;sid:84121675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/0zdg6utiacbqpivrch7mjsv3kpdb5f27mm"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258576/; classtype:trojan-activity;sid:84121676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/u5xts0we7wqbkdfppqrwfelwhmszu7bsa5"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258577/; classtype:trojan-activity;sid:84121677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4etnsrkvqbw9yyaoektxyvkykju8hmuppf"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258578/; classtype:trojan-activity;sid:84121678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4etnsrkvqbw9yyaoektxyvkykju8hmuppf"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258579/; classtype:trojan-activity;sid:84121679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/difxd9rbvs6go67sbarojwwksopce9sbhu"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258580/; classtype:trojan-activity;sid:84121680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/luvdw1yftoirofvybszbfk4v7thwpg1k0p"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258581/; classtype:trojan-activity;sid:84121681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gfabuhzyopcj94of1heeahraxkdjmnvvs7"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258582/; classtype:trojan-activity;sid:84121682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/8kxyl2ax9zavyeobjhp38e9g3ef4hiipuo"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258583/; classtype:trojan-activity;sid:84121683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/8kxyl2ax9zavyeobjhp38e9g3ef4hiipuo"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258584/; classtype:trojan-activity;sid:84121684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3ggi6jhyhc6xu2sglltrkkp9lrhaubzqfz"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258585/; classtype:trojan-activity;sid:84121685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xwyaahcwtwsswwblv1vgh55vxd7ujr19mm"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258586/; classtype:trojan-activity;sid:84121686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ux4pm6cagp9mp7rq4u150dpaieocqacos9"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258587/; classtype:trojan-activity;sid:84121687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hc9szil06oakgrztxk7vu5c19xzwwsro9w"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258588/; classtype:trojan-activity;sid:84121688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ux4pm6cagp9mp7rq4u150dpaieocqacos9"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258589/; classtype:trojan-activity;sid:84121689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x9bkltn8uk1q0rb1d2cmmjlto7fqpcbijp"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258590/; classtype:trojan-activity;sid:84121690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tqetvihocyw5ibxbluqzgcubsznhmphckx"; depth:40; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258591/; classtype:trojan-activity;sid:84121691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.102.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258561/; classtype:trojan-activity;sid:84121661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258562/; classtype:trojan-activity;sid:84121662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258563/; classtype:trojan-activity;sid:84121663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/u5xts0we7wqbkdfppqrwfelwhmszu7bsa5"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258564/; classtype:trojan-activity;sid:84121664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x9bkltn8uk1q0rb1d2cmmjlto7fqpcbijp"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258565/; classtype:trojan-activity;sid:84121665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/woefvxigljnsefl4gwhuf5tvclk4ndfvgm"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258566/; classtype:trojan-activity;sid:84121666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258560/; classtype:trojan-activity;sid:84121660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258559/; classtype:trojan-activity;sid:84121659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258553/; classtype:trojan-activity;sid:84121653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258554/; classtype:trojan-activity;sid:84121654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.8.167"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258555/; classtype:trojan-activity;sid:84121655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258556/; classtype:trojan-activity;sid:84121656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258557/; classtype:trojan-activity;sid:84121657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.150.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258558/; classtype:trojan-activity;sid:84121658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258545/; classtype:trojan-activity;sid:84121645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258546/; classtype:trojan-activity;sid:84121646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258547/; classtype:trojan-activity;sid:84121647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258548/; classtype:trojan-activity;sid:84121648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258549/; classtype:trojan-activity;sid:84121649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258550/; classtype:trojan-activity;sid:84121650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258551/; classtype:trojan-activity;sid:84121651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"abc.sdnt.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258552/; classtype:trojan-activity;sid:84121652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.247.85.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258544/; classtype:trojan-activity;sid:84121644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.33.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258543/; classtype:trojan-activity;sid:84121643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258542/; classtype:trojan-activity;sid:84121642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258541/; classtype:trojan-activity;sid:84121641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258535/; classtype:trojan-activity;sid:84121635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258536/; classtype:trojan-activity;sid:84121636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258537/; classtype:trojan-activity;sid:84121637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258538/; classtype:trojan-activity;sid:84121638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258539/; classtype:trojan-activity;sid:84121639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258540/; classtype:trojan-activity;sid:84121640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258532/; classtype:trojan-activity;sid:84121632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258533/; classtype:trojan-activity;sid:84121633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"o0s.cc"; depth:6; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258534/; classtype:trojan-activity;sid:84121634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.100.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258531/; classtype:trojan-activity;sid:84121631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258530/; classtype:trojan-activity;sid:84121630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.176.107.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258529/; classtype:trojan-activity;sid:84121629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.102.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258528/; classtype:trojan-activity;sid:84121628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.111.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258527/; classtype:trojan-activity;sid:84121627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.93.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258526/; classtype:trojan-activity;sid:84121626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.28.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258525/; classtype:trojan-activity;sid:84121625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.215.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258524/; classtype:trojan-activity;sid:84121624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.243.189.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258523/; classtype:trojan-activity;sid:84121623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258522/; classtype:trojan-activity;sid:84121622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258521/; classtype:trojan-activity;sid:84121621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258520/; classtype:trojan-activity;sid:84121620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.177.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258519/; classtype:trojan-activity;sid:84121619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.252.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258518/; classtype:trojan-activity;sid:84121618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.86.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258517/; classtype:trojan-activity;sid:84121617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.235.183.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258516/; classtype:trojan-activity;sid:84121616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258515/; classtype:trojan-activity;sid:84121615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.100.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258514/; classtype:trojan-activity;sid:84121614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.152.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258513/; classtype:trojan-activity;sid:84121613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.242.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258512/; classtype:trojan-activity;sid:84121612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.150.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258511/; classtype:trojan-activity;sid:84121611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258510/; classtype:trojan-activity;sid:84121610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.172.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258509/; classtype:trojan-activity;sid:84121609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.188.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258508/; classtype:trojan-activity;sid:84121608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.233.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258507/; classtype:trojan-activity;sid:84121607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258506/; classtype:trojan-activity;sid:84121606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.176.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258505/; classtype:trojan-activity;sid:84121605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.70.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258504/; classtype:trojan-activity;sid:84121604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.218.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258503/; classtype:trojan-activity;sid:84121603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.70.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258502/; classtype:trojan-activity;sid:84121602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.198.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258501/; classtype:trojan-activity;sid:84121601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.2.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258500/; classtype:trojan-activity;sid:84121600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.215.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258499/; classtype:trojan-activity;sid:84121599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.255.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258498/; classtype:trojan-activity;sid:84121598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.126.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258497/; classtype:trojan-activity;sid:84121597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.62.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258496/; classtype:trojan-activity;sid:84121596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.238.194.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258495/; classtype:trojan-activity;sid:84121595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.204.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258489/; classtype:trojan-activity;sid:84121589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i5"; depth:3; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258490/; classtype:trojan-activity;sid:84121590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258491/; classtype:trojan-activity;sid:84121591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258492/; classtype:trojan-activity;sid:84121592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258493/; classtype:trojan-activity;sid:84121593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258494/; classtype:trojan-activity;sid:84121594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pmips"; depth:6; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258486/; classtype:trojan-activity;sid:84121586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/px86"; depth:5; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258487/; classtype:trojan-activity;sid:84121587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm6"; depth:6; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258488/; classtype:trojan-activity;sid:84121588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm5"; depth:6; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258485/; classtype:trojan-activity;sid:84121585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258482/; classtype:trojan-activity;sid:84121582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pmpsl"; depth:6; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258483/; classtype:trojan-activity;sid:84121583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258484/; classtype:trojan-activity;sid:84121584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"156.234.42.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258481/; classtype:trojan-activity;sid:84121581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258480/; classtype:trojan-activity;sid:84121580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm"; depth:5; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258477/; classtype:trojan-activity;sid:84121577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pm68k"; depth:6; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258478/; classtype:trojan-activity;sid:84121578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258479/; classtype:trojan-activity;sid:84121579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"156.234.42.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258475/; classtype:trojan-activity;sid:84121575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"156.234.42.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258476/; classtype:trojan-activity;sid:84121576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pmips"; depth:6; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258468/; classtype:trojan-activity;sid:84121568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258469/; classtype:trojan-activity;sid:84121569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258470/; classtype:trojan-activity;sid:84121570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"154.216.18.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258471/; classtype:trojan-activity;sid:84121571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258472/; classtype:trojan-activity;sid:84121572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258473/; classtype:trojan-activity;sid:84121573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258474/; classtype:trojan-activity;sid:84121574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258463/; classtype:trojan-activity;sid:84121563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258464/; classtype:trojan-activity;sid:84121564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"212.224.93.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258465/; classtype:trojan-activity;sid:84121565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_mips"; depth:12; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258466/; classtype:trojan-activity;sid:84121566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_arm6"; depth:12; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258467/; classtype:trojan-activity;sid:84121567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258459/; classtype:trojan-activity;sid:84121559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258460/; classtype:trojan-activity;sid:84121560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258461/; classtype:trojan-activity;sid:84121561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258462/; classtype:trojan-activity;sid:84121562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ws2oa8jfaxviyhipiskv6ul1ezorcbm9gb"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258452/; classtype:trojan-activity;sid:84121552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258453/; classtype:trojan-activity;sid:84121553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmips"; depth:6; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258454/; classtype:trojan-activity;sid:84121554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_arm5"; depth:12; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258455/; classtype:trojan-activity;sid:84121555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258456/; classtype:trojan-activity;sid:84121556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm5"; depth:6; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258457/; classtype:trojan-activity;sid:84121557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258458/; classtype:trojan-activity;sid:84121558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258450/; classtype:trojan-activity;sid:84121550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/uqbovbmfwuzkmxa8xs0fgoquktdz1cirwg"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258451/; classtype:trojan-activity;sid:84121551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258438/; classtype:trojan-activity;sid:84121538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258439/; classtype:trojan-activity;sid:84121539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258440/; classtype:trojan-activity;sid:84121540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258441/; classtype:trojan-activity;sid:84121541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258442/; classtype:trojan-activity;sid:84121542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258443/; classtype:trojan-activity;sid:84121543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_x86"; depth:11; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258444/; classtype:trojan-activity;sid:84121544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_arm"; depth:11; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258445/; classtype:trojan-activity;sid:84121545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/px86"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258446/; classtype:trojan-activity;sid:84121546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258447/; classtype:trojan-activity;sid:84121547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258448/; classtype:trojan-activity;sid:84121548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mwofroblucy1p7l2pgfhdai7qt0axekykl"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258449/; classtype:trojan-activity;sid:84121549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258435/; classtype:trojan-activity;sid:84121535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258436/; classtype:trojan-activity;sid:84121536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258437/; classtype:trojan-activity;sid:84121537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258430/; classtype:trojan-activity;sid:84121530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cbie10qhbkpuebmfqzunidwwy3m8wzkeub"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258431/; classtype:trojan-activity;sid:84121531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fwkkiswjougpjeipeyj7bdd5ttu9teuw5e"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258432/; classtype:trojan-activity;sid:84121532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/5fketnygm2ilmamzra75sbaxelo3cgqjao"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258433/; classtype:trojan-activity;sid:84121533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"212.224.93.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258434/; classtype:trojan-activity;sid:84121534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258427/; classtype:trojan-activity;sid:84121527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258428/; classtype:trojan-activity;sid:84121528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258429/; classtype:trojan-activity;sid:84121529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4dlczfmlan2fgdq74n3ttetau7czmih8ru"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258421/; classtype:trojan-activity;sid:84121521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogmu6negalsisdfv4oflmbfilakau81we8"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258422/; classtype:trojan-activity;sid:84121522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iy3sptph12wucww5ghxfdn0g9tzjephwgn"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258423/; classtype:trojan-activity;sid:84121523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258424/; classtype:trojan-activity;sid:84121524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258425/; classtype:trojan-activity;sid:84121525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258426/; classtype:trojan-activity;sid:84121526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258413/; classtype:trojan-activity;sid:84121513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258414/; classtype:trojan-activity;sid:84121514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tabtaftasvipxqwafqwwnrou4jrsoo8nue"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258415/; classtype:trojan-activity;sid:84121515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_ppc"; depth:11; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258416/; classtype:trojan-activity;sid:84121516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.18.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258417/; classtype:trojan-activity;sid:84121517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258418/; classtype:trojan-activity;sid:84121518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/synm2cyap1m89naongummh3fzelulhjcxb"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258419/; classtype:trojan-activity;sid:84121519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258420/; classtype:trojan-activity;sid:84121520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258393/; classtype:trojan-activity;sid:84121493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258394/; classtype:trojan-activity;sid:84121494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.18.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258395/; classtype:trojan-activity;sid:84121495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_arm7"; depth:12; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258396/; classtype:trojan-activity;sid:84121496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258397/; classtype:trojan-activity;sid:84121497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258398/; classtype:trojan-activity;sid:84121498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258399/; classtype:trojan-activity;sid:84121499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258400/; classtype:trojan-activity;sid:84121500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258401/; classtype:trojan-activity;sid:84121501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258402/; classtype:trojan-activity;sid:84121502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"193.46.218.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258403/; classtype:trojan-activity;sid:84121503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258404/; classtype:trojan-activity;sid:84121504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258405/; classtype:trojan-activity;sid:84121505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"91.229.239.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258406/; classtype:trojan-activity;sid:84121506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pm68k"; depth:6; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258407/; classtype:trojan-activity;sid:84121507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_mpsl"; depth:12; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258408/; classtype:trojan-activity;sid:84121508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258409/; classtype:trojan-activity;sid:84121509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258410/; classtype:trojan-activity;sid:84121510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ecf4gnmeyiqwtneow0zuj0j7mohi8gofzv"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258411/; classtype:trojan-activity;sid:84121511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm6"; depth:6; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258412/; classtype:trojan-activity;sid:84121512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rxehu58rxnwxc1chubmef3k4jg2mcskrrx"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258382/; classtype:trojan-activity;sid:84121482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258383/; classtype:trojan-activity;sid:84121483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258384/; classtype:trojan-activity;sid:84121484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_spc"; depth:11; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258385/; classtype:trojan-activity;sid:84121485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258386/; classtype:trojan-activity;sid:84121486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pmpsl"; depth:6; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258387/; classtype:trojan-activity;sid:84121487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"212.224.93.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258388/; classtype:trojan-activity;sid:84121488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_sh4"; depth:11; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258389/; classtype:trojan-activity;sid:84121489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"212.224.93.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258390/; classtype:trojan-activity;sid:84121490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/_m68k"; depth:12; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258391/; classtype:trojan-activity;sid:84121491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"31.172.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258392/; classtype:trojan-activity;sid:84121492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258381/; classtype:trojan-activity;sid:84121481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jxo4pyiihmt3tbpd55yfnbwfbmz15h3qbe"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258378/; classtype:trojan-activity;sid:84121478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kxdg9pmesbikv4eunaslxymgy1xcu1yc5y"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258379/; classtype:trojan-activity;sid:84121479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"77.221.143.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258380/; classtype:trojan-activity;sid:84121480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/p57evfbu9oul8mtvt8nm3296bsdahv9m4n"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258377/; classtype:trojan-activity;sid:84121477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258374/; classtype:trojan-activity;sid:84121474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/5hgy8ts2dbbjdczcxniuphhzmolytvuee8"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258375/; classtype:trojan-activity;sid:84121475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xmpfsv05rorwlyfivsrmzydobiht9ircok"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258376/; classtype:trojan-activity;sid:84121476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258373/; classtype:trojan-activity;sid:84121473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ffjg7lkn468rytjfa9pul8j2sadxcjl8hn"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258371/; classtype:trojan-activity;sid:84121471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mfkxcunglcsnymlkb1n08nw6gv6mozxiff"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258372/; classtype:trojan-activity;sid:84121472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gkatfl1yzrh4kstierciqkiqzlzzquupiy"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258362/; classtype:trojan-activity;sid:84121462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mf5t6v8sqq7sfckb4gaeviglqg2vpy15z2"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258363/; classtype:trojan-activity;sid:84121463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ba32hlirgcb6cedtrmivp90vno4tkxfpmu"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258364/; classtype:trojan-activity;sid:84121464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/p0flf8glr11tgfnt7becalrwyiz8t4lpsr"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258365/; classtype:trojan-activity;sid:84121465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i63f4xlswxjq12uyybq9lhwaqxpboqwmvf"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258366/; classtype:trojan-activity;sid:84121466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/myvk4p56djop2lfm5xxb8blvyjzzrrmory"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258367/; classtype:trojan-activity;sid:84121467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/djzdj3cr27hqm6mfsgb6ymrhr6kmcipxc2"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258368/; classtype:trojan-activity;sid:84121468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cdvuiewsva79vsvzmttbdbdy3sqd8fvslw"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258369/; classtype:trojan-activity;sid:84121469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258370/; classtype:trojan-activity;sid:84121470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.98.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258361/; classtype:trojan-activity;sid:84121461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.173.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258360/; classtype:trojan-activity;sid:84121460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.154.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258359/; classtype:trojan-activity;sid:84121459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.186.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258358/; classtype:trojan-activity;sid:84121458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.8.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258357/; classtype:trojan-activity;sid:84121457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.176.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258356/; classtype:trojan-activity;sid:84121456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.204.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258355/; classtype:trojan-activity;sid:84121455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.116.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258354/; classtype:trojan-activity;sid:84121454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.221.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258351/; classtype:trojan-activity;sid:84121451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258352/; classtype:trojan-activity;sid:84121452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.170.148.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258353/; classtype:trojan-activity;sid:84121453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/http://bitbucket.org/georgy1ss1s/geoasdfasdf/downloads/project_slayers_script.rar"; depth:116; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258350/; classtype:trojan-activity;sid:84121450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.156.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258348/; classtype:trojan-activity;sid:84121448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.20.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258349/; classtype:trojan-activity;sid:84121449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.5.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258347/; classtype:trojan-activity;sid:84121447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.4.253.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258346/; classtype:trojan-activity;sid:84121446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.223.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258345/; classtype:trojan-activity;sid:84121445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.234.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258344/; classtype:trojan-activity;sid:84121444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.112.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258343/; classtype:trojan-activity;sid:84121443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.147.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258342/; classtype:trojan-activity;sid:84121442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258341/; classtype:trojan-activity;sid:84121441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.90.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258340/; classtype:trojan-activity;sid:84121440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.241.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258339/; classtype:trojan-activity;sid:84121439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258338/; classtype:trojan-activity;sid:84121438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.7.96"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258337/; classtype:trojan-activity;sid:84121437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.119.100.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258336/; classtype:trojan-activity;sid:84121436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.33.40.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258335/; classtype:trojan-activity;sid:84121435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.22.35"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258332/; classtype:trojan-activity;sid:84121432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.80.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258333/; classtype:trojan-activity;sid:84121433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.199.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258334/; classtype:trojan-activity;sid:84121434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258331/; classtype:trojan-activity;sid:84121431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.87.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258330/; classtype:trojan-activity;sid:84121430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258329/; classtype:trojan-activity;sid:84121429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.249.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258328/; classtype:trojan-activity;sid:84121428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.114.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258327/; classtype:trojan-activity;sid:84121427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258326/; classtype:trojan-activity;sid:84121426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.151.230.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258324/; classtype:trojan-activity;sid:84121424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.7.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258325/; classtype:trojan-activity;sid:84121425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.109.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258322/; classtype:trojan-activity;sid:84121422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.220.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258323/; classtype:trojan-activity;sid:84121423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.237.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258321/; classtype:trojan-activity;sid:84121421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.5.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258320/; classtype:trojan-activity;sid:84121420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.111.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258319/; classtype:trojan-activity;sid:84121419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.105.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258318/; classtype:trojan-activity;sid:84121418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258317/; classtype:trojan-activity;sid:84121417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.138.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258316/; classtype:trojan-activity;sid:84121416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.6.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258315/; classtype:trojan-activity;sid:84121415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.221.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258314/; classtype:trojan-activity;sid:84121414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.2.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258313/; classtype:trojan-activity;sid:84121413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.170.148.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258312/; classtype:trojan-activity;sid:84121412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.104.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258311/; classtype:trojan-activity;sid:84121411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.104.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258310/; classtype:trojan-activity;sid:84121410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.136.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258309/; classtype:trojan-activity;sid:84121409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.17.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258308/; classtype:trojan-activity;sid:84121408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258307/; classtype:trojan-activity;sid:84121407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.25.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258306/; classtype:trojan-activity;sid:84121406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.195.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258305/; classtype:trojan-activity;sid:84121405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.24.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258304/; classtype:trojan-activity;sid:84121404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.247.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258303/; classtype:trojan-activity;sid:84121403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.114.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258302/; classtype:trojan-activity;sid:84121402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.173.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258301/; classtype:trojan-activity;sid:84121401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.214.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258300/; classtype:trojan-activity;sid:84121400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258299/; classtype:trojan-activity;sid:84121399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.241.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258298/; classtype:trojan-activity;sid:84121398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.21.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258297/; classtype:trojan-activity;sid:84121397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.6.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258296/; classtype:trojan-activity;sid:84121396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.28.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258295/; classtype:trojan-activity;sid:84121395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.108.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258294/; classtype:trojan-activity;sid:84121394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.26.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258293/; classtype:trojan-activity;sid:84121393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.17.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258292/; classtype:trojan-activity;sid:84121392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.48.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258291/; classtype:trojan-activity;sid:84121391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258290/; classtype:trojan-activity;sid:84121390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.104.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258289/; classtype:trojan-activity;sid:84121389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.114.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258288/; classtype:trojan-activity;sid:84121388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.52.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258287/; classtype:trojan-activity;sid:84121387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.203.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258286/; classtype:trojan-activity;sid:84121386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258284/; classtype:trojan-activity;sid:84121384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.202.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258285/; classtype:trojan-activity;sid:84121385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.134.41.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258283/; classtype:trojan-activity;sid:84121383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.41.138.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258282/; classtype:trojan-activity;sid:84121382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.228.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258281/; classtype:trojan-activity;sid:84121381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.63.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258280/; classtype:trojan-activity;sid:84121380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258279/; classtype:trojan-activity;sid:84121379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.7.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258278/; classtype:trojan-activity;sid:84121378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.38.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258277/; classtype:trojan-activity;sid:84121377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.177.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258276/; classtype:trojan-activity;sid:84121376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.19.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258275/; classtype:trojan-activity;sid:84121375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258273/; classtype:trojan-activity;sid:84121373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.226.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258274/; classtype:trojan-activity;sid:84121374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258272/; classtype:trojan-activity;sid:84121372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.47.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258271/; classtype:trojan-activity;sid:84121371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258270/; classtype:trojan-activity;sid:84121370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.169.174.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258269/; classtype:trojan-activity;sid:84121369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.233.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258268/; classtype:trojan-activity;sid:84121368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.73.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258267/; classtype:trojan-activity;sid:84121367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.104.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258266/; classtype:trojan-activity;sid:84121366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.121.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258265/; classtype:trojan-activity;sid:84121365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258264/; classtype:trojan-activity;sid:84121364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.48.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258263/; classtype:trojan-activity;sid:84121363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.132.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258262/; classtype:trojan-activity;sid:84121362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.233.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258261/; classtype:trojan-activity;sid:84121361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.19.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258260/; classtype:trojan-activity;sid:84121360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.94.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258259/; classtype:trojan-activity;sid:84121359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.207.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258258/; classtype:trojan-activity;sid:84121358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.184.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258257/; classtype:trojan-activity;sid:84121357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.248.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258256/; classtype:trojan-activity;sid:84121356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.119.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258255/; classtype:trojan-activity;sid:84121355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258254/; classtype:trojan-activity;sid:84121354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.134.41.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258253/; classtype:trojan-activity;sid:84121353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.182.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258252/; classtype:trojan-activity;sid:84121352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.228.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258251/; classtype:trojan-activity;sid:84121351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.41.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258250/; classtype:trojan-activity;sid:84121350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.122.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258249/; classtype:trojan-activity;sid:84121349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.121.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258248/; classtype:trojan-activity;sid:84121348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.21.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258247/; classtype:trojan-activity;sid:84121347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.253.55.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258246/; classtype:trojan-activity;sid:84121346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.134.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258245/; classtype:trojan-activity;sid:84121345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.72.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258244/; classtype:trojan-activity;sid:84121344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.248.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258243/; classtype:trojan-activity;sid:84121343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.159.183.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258242/; classtype:trojan-activity;sid:84121342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.40.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258240/; classtype:trojan-activity;sid:84121340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.175.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258241/; classtype:trojan-activity;sid:84121341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.136.102.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258239/; classtype:trojan-activity;sid:84121339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.226.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258238/; classtype:trojan-activity;sid:84121338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.203.68.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258237/; classtype:trojan-activity;sid:84121337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.94.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258236/; classtype:trojan-activity;sid:84121336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.64.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258235/; classtype:trojan-activity;sid:84121335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.207.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258234/; classtype:trojan-activity;sid:84121334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258233/; classtype:trojan-activity;sid:84121333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip.dll"; depth:25; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258232/; classtype:trojan-activity;sid:84121332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258231/; classtype:trojan-activity;sid:84121331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258230/; classtype:trojan-activity;sid:84121330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258227/; classtype:trojan-activity;sid:84121327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258228/; classtype:trojan-activity;sid:84121328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.215.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258229/; classtype:trojan-activity;sid:84121329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.215.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258225/; classtype:trojan-activity;sid:84121325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258226/; classtype:trojan-activity;sid:84121326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.30.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258224/; classtype:trojan-activity;sid:84121324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.20.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258223/; classtype:trojan-activity;sid:84121323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.77.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258222/; classtype:trojan-activity;sid:84121322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.172.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258221/; classtype:trojan-activity;sid:84121321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.205.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258220/; classtype:trojan-activity;sid:84121320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cbff507d3fb9f0d/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"5.188.87.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258218/; classtype:trojan-activity;sid:84121318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.45.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258219/; classtype:trojan-activity;sid:84121319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013b21cbc9e3ff58/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"82.115.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258214/; classtype:trojan-activity;sid:84121314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013b21cbc9e3ff58/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"82.115.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258215/; classtype:trojan-activity;sid:84121315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013b21cbc9e3ff58/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"82.115.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258216/; classtype:trojan-activity;sid:84121316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013b21cbc9e3ff58/nss3.dll"; depth:26; endswith; nocase; http.host; content:"82.115.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258217/; classtype:trojan-activity;sid:84121317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013b21cbc9e3ff58/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"82.115.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258212/; classtype:trojan-activity;sid:84121312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013b21cbc9e3ff58/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"82.115.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258213/; classtype:trojan-activity;sid:84121313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.179.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258211/; classtype:trojan-activity;sid:84121311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.102.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258210/; classtype:trojan-activity;sid:84121310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.193.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258209/; classtype:trojan-activity;sid:84121309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258206/; classtype:trojan-activity;sid:84121306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.196.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258207/; classtype:trojan-activity;sid:84121307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.161.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258208/; classtype:trojan-activity;sid:84121308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.248.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258205/; classtype:trojan-activity;sid:84121305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.252.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258204/; classtype:trojan-activity;sid:84121304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258203/; classtype:trojan-activity;sid:84121303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258200/; classtype:trojan-activity;sid:84121300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258201/; classtype:trojan-activity;sid:84121301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258202/; classtype:trojan-activity;sid:84121302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258198/; classtype:trojan-activity;sid:84121298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258199/; classtype:trojan-activity;sid:84121299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.122.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258197/; classtype:trojan-activity;sid:84121297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.122.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258195/; classtype:trojan-activity;sid:84121295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/nss3.dll"; depth:26; endswith; nocase; http.host; content:"62.122.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258196/; classtype:trojan-activity;sid:84121296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.122.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258194/; classtype:trojan-activity;sid:84121294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"62.122.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258192/; classtype:trojan-activity;sid:84121292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.122.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258193/; classtype:trojan-activity;sid:84121293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.248.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258191/; classtype:trojan-activity;sid:84121291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.15.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258190/; classtype:trojan-activity;sid:84121290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.21.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258189/; classtype:trojan-activity;sid:84121289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.7.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258188/; classtype:trojan-activity;sid:84121288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.122.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258186/; classtype:trojan-activity;sid:84121286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.122.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258187/; classtype:trojan-activity;sid:84121287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.134.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258184/; classtype:trojan-activity;sid:84121284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"62.122.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258185/; classtype:trojan-activity;sid:84121285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.122.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258179/; classtype:trojan-activity;sid:84121279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.122.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258180/; classtype:trojan-activity;sid:84121280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.122.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258181/; classtype:trojan-activity;sid:84121281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"62.122.184.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258182/; classtype:trojan-activity;sid:84121282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00122117a2c73c51/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"62.122.184.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258183/; classtype:trojan-activity;sid:84121283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.169.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258178/; classtype:trojan-activity;sid:84121278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.124.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258177/; classtype:trojan-activity;sid:84121277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258176/; classtype:trojan-activity;sid:84121276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.17.66.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258173/; classtype:trojan-activity;sid:84121273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.233.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258174/; classtype:trojan-activity;sid:84121274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.40.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258175/; classtype:trojan-activity;sid:84121275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258170/; classtype:trojan-activity;sid:84121270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db293a2c1b1c70c4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"62.204.41.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258171/; classtype:trojan-activity;sid:84121271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013b21cbc9e3ff58/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"82.115.223.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258172/; classtype:trojan-activity;sid:84121272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.30.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258169/; classtype:trojan-activity;sid:84121269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.24.79.199"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258168/; classtype:trojan-activity;sid:84121268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/431/goodpersonwithniceheartwhichkissyougoodlips.tif"; depth:52; endswith; nocase; http.host; content:"104.168.7.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258167/; classtype:trojan-activity;sid:84121267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258166/; classtype:trojan-activity;sid:84121266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giwi64"; depth:7; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258165/; classtype:trojan-activity;sid:84121265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.77.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258164/; classtype:trojan-activity;sid:84121264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.193.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258163/; classtype:trojan-activity;sid:84121263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.166.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258162/; classtype:trojan-activity;sid:84121262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258161/; classtype:trojan-activity;sid:84121261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.220.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258160/; classtype:trojan-activity;sid:84121260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.183.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258159/; classtype:trojan-activity;sid:84121259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.211.37.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258158/; classtype:trojan-activity;sid:84121258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1292159820077731941/1292547258159595550/trashcc_comunnity.exe|3f|ex=671e7ff0|7c|26|7c|is=671d2e70|7c|26|7c|hm=cd96b89755a1aeb48a42321a4f257c20ddb759427c1c7a1a141dc47c2e90dfbb|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258157/; classtype:trojan-activity;sid:84121257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1295818772757614723/1295819002844676228/freemenu.dll|3f|ex=671f323d|7c|26|7c|is=671de0bd|7c|26|7c|hm=6da2e8b12eab0b52724bd6efabe4d2daaf7f429fd79bb21e4204af2aa0700834|7c|26|7c|"; depth:188; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258156/; classtype:trojan-activity;sid:84121256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.248.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258155/; classtype:trojan-activity;sid:84121255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258154/; classtype:trojan-activity;sid:84121254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.220.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258153/; classtype:trojan-activity;sid:84121253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1289467210565287966/1298465492750700616/mwiii_unlocker_spoofer_v2.exe|3f|ex=671eefb9|7c|26|7c|is=671d9e39|7c|26|7c|hm=c6cdc439cece30735663abc3025c376eccee406913ba03cb26031cedb8b6a391|7c|26|7c|"; depth:205; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258152/; classtype:trojan-activity;sid:84121252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1295518814271705118/1299505447992164476/semo_executer_1.7.zip|3f|ex=671ec3c2|7c|26|7c|is=671d7242|7c|26|7c|hm=19b5da4611aeb348da2143ebd34bb28fc6d7651245fdbe4ff0bf8cb542ec3c9c|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258150/; classtype:trojan-activity;sid:84121250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1290377259034742847/1299895150331560066/egidbfbfhj.exe|3f|ex=671edd32|7c|26|7c|is=671d8bb2|7c|26|7c|hm=bd52aa011c04d11d81544f584efb42acd3c1af16d45533b6cd1d62c808e2fd5c|7c|26|7c|"; depth:190; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258151/; classtype:trojan-activity;sid:84121251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1297125559213625385/1299959398520586260/legend-rank1shop.exe|3f|ex=671f1908|7c|26|7c|is=671dc788|7c|26|7c|hm=7758a4dd6193ac59497cb53da1cb2fd57f24c011c5eefd2ca7d0bf89d7e12720|7c|26|7c|"; depth:196; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258149/; classtype:trojan-activity;sid:84121249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1291406311279427634/1299810533691621376/bb2f91a11e055b14.zip|3f|ex=671e8e64|7c|26|7c|is=671d3ce4|7c|26|7c|hm=c557e3126b27011b0e481c05e8f67f04fee6630482507cc04d1febbca3e6aec4|7c|26|7c|"; depth:196; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258147/; classtype:trojan-activity;sid:84121247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1297125559213625385/1299966549893054464/legend.rar|3f|ex=671f1fb1|7c|26|7c|is=671dce31|7c|26|7c|hm=dc2ec7be04953204360937bc9aba81912348a10b46f06da85a7448d94cb48316|7c|26|7c|"; depth:186; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258148/; classtype:trojan-activity;sid:84121248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299820961461440584/1299824726948057108/project_eternity_3.zip|3f|ex=671e9b9c|7c|26|7c|is=671d4a1c|7c|26|7c|hm=7e33bd1ffe2b0a6782624312886544519b3d4ca6c5c2ca11f579da659ffb46cf|7c|26|7c|"; depth:198; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258146/; classtype:trojan-activity;sid:84121246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299667234142289950/1299879340393369630/xoila.exe|3f|ex=671f7739|7c|26|7c|is=671e25b9|7c|26|7c|hm=74ec554f47e37502d84493154644dcc9ec20509e8b2491010ba1dff6bd04e6b7|7c|26|7c|"; depth:185; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258145/; classtype:trojan-activity;sid:84121245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/874343010857545838/1299835989652541500/facbot-868409318020624404-modified_1.zip|3f|ex=671ea619|7c|26|7c|is=671d5499|7c|26|7c|hm=39c3c41c81483b98b0c318140cbeaf773fcfe05a91900716e540ed8790ec1e97|7c|26|7c|"; depth:215; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258144/; classtype:trojan-activity;sid:84121244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1297610435088089251/1297612318569664622/fortnite_streched.exe|3f|ex=671e7825|7c|26|7c|is=671d26a5|7c|26|7c|hm=c506eda6d2f590af449b9546248cd6494d35e6a968b3ffaa75403728ec87fe69|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258143/; classtype:trojan-activity;sid:84121243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299866977967407146/1299871073352810597/risxn_extreme_v4.5.exe|3f|ex=671ec6c6|7c|26|7c|is=671d7546|7c|26|7c|hm=8f856a565aa2966c9423bf0c9a3c97bdc6668f641d00e49fb37162093d560c84|7c|26|7c|"; depth:198; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258142/; classtype:trojan-activity;sid:84121242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.56.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258141/; classtype:trojan-activity;sid:84121241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.101.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258140/; classtype:trojan-activity;sid:84121240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.91.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258139/; classtype:trojan-activity;sid:84121239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.203.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258138/; classtype:trojan-activity;sid:84121238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.0.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258137/; classtype:trojan-activity;sid:84121237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258136/; classtype:trojan-activity;sid:84121236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.170.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258135/; classtype:trojan-activity;sid:84121235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.215.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258134/; classtype:trojan-activity;sid:84121234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.119.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258132/; classtype:trojan-activity;sid:84121232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258131/; classtype:trojan-activity;sid:84121231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.62.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258130/; classtype:trojan-activity;sid:84121230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1287831188525809744/1300056733900865616/test_file.zip|3f|ex=671f73af|7c|26|7c|is=671e222f|7c|26|7c|hm=cd2ce327e2ed144c7ba28aceef3f4701a5997933e94b41d3724ab78ef6e45cc7|7c|26|7c|"; depth:189; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258129/; classtype:trojan-activity;sid:84121229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1295478825848803369/1299818334094626897/ichanger.exe|3f|ex=671e95a8|7c|26|7c|is=671d4428|7c|26|7c|hm=dff3656b09dec0a9ad173162b978e92a56c0204757369efa4031ee326d604856|7c|26|7c|"; depth:188; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258128/; classtype:trojan-activity;sid:84121228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1147877012246110322/1299827808507269183/forza-mods-aio.exe|3f|ex=671e9e7b|7c|26|7c|is=671d4cfb|7c|26|7c|hm=91e54ac2df2ee38a11edbf009f80d32ae6abb04937e10f416d9ba866cc05b325|7c|26|7c|"; depth:194; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258125/; classtype:trojan-activity;sid:84121225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1298643796413906966/1299851217736040448/thunderbird.exe|3f|ex=671eb448|7c|26|7c|is=671d62c8|7c|26|7c|hm=90228e36bf1f227142f42b791d71d7f1c96691cf5ffac94be441d7de544a5ba5|7c|26|7c|"; depth:191; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258126/; classtype:trojan-activity;sid:84121226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1298959463423676416/1299828712644153466/1.1.5_.exe|3f|ex=671e9f52|7c|26|7c|is=671d4dd2|7c|26|7c|hm=288c83ccf4f05c15955325ee6892ee4782f948554649bed65b147e1a1ec4c7d0|7c|26|7c|"; depth:186; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258127/; classtype:trojan-activity;sid:84121227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1295048058442354769/1299824703099113553/atw7ir.zip|3f|ex=671e9b96|7c|26|7c|is=671d4a16|7c|26|7c|hm=179378023d37f3ed3617ee6136453800e2478d692b66f2bb23293beecdda2503|7c|26|7c|"; depth:186; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258119/; classtype:trojan-activity;sid:84121219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299863199197429852/1299869839820587108/ultimate_nigga_money_make_tutorial.zip|3f|ex=671f6e60|7c|26|7c|is=671e1ce0|7c|26|7c|hm=8235bbb0c05655e29b87abd91ed5c7cb425c15f4f2b8b3bbebe771bbc3f5ecde|7c|26|7c|"; depth:214; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258120/; classtype:trojan-activity;sid:84121220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1257646501341958185/1275763656587612181/mprov5_bypun.rar|3f|ex=671f677e|7c|26|7c|is=671e15fe|7c|26|7c|hm=d4fb5056950ec690ee9e7c1380f36fc490828c0baf12e269e9e81bb2cea43cf8|7c|26|7c|"; depth:192; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258121/; classtype:trojan-activity;sid:84121221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1292674459496615936/1298036544497782874/spoofer.exe|3f|ex=671eb1bc|7c|26|7c|is=671d603c|7c|26|7c|hm=3b96134201981c6a9e23d260363c7954b1d3acc058df3a07014eaa2a56725de0|7c|26|7c|"; depth:187; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258122/; classtype:trojan-activity;sid:84121222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299832248136110131/1299832359792676956/atw7ir_1.zip|3f|ex=671ea2b8|7c|26|7c|is=671d5138|7c|26|7c|hm=86bc0b00bb87ae73fc036b5b14daa16ef03aa527944b80d90cb5b5605da6ed25|7c|26|7c|"; depth:188; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258123/; classtype:trojan-activity;sid:84121223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1296567596333797384/1299877275633975336/cstealer-main.zip|3f|ex=671ecc8d|7c|26|7c|is=671d7b0d|7c|26|7c|hm=75b50158b1ab90d38f15c40d96ce33cef418da49a5105461589b3f4e7730dcc6|7c|26|7c|"; depth:193; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258124/; classtype:trojan-activity;sid:84121224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.102.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258118/; classtype:trojan-activity;sid:84121218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.189.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258116/; classtype:trojan-activity;sid:84121216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.211.37.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258117/; classtype:trojan-activity;sid:84121217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.93.27.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258115/; classtype:trojan-activity;sid:84121215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.120.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258113/; classtype:trojan-activity;sid:84121213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.49.26.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258114/; classtype:trojan-activity;sid:84121214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.56.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258112/; classtype:trojan-activity;sid:84121212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258111/; classtype:trojan-activity;sid:84121211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.220.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258110/; classtype:trojan-activity;sid:84121210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.203.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258109/; classtype:trojan-activity;sid:84121209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1287061941583614012/1287062349328547901/unlocker_v2.exe|3f|ex=671efaf8|7c|26|7c|is=671da978|7c|26|7c|hm=6973360432dc28871d4dd662b9ee128d148f4f446f05ee1a3ea1e4db1742e414|7c|26|7c|"; depth:191; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258104/; classtype:trojan-activity;sid:84121204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299815786109730827/1299816064305201252/jjsploit_8.6.0_x64-setup_2.exe|3f|ex=671e938b|7c|26|7c|is=671d420b|7c|26|7c|hm=21737e4594bfb40b57ad22479742bd76304c0f3f551047a508514234870e8e02|7c|26|7c|"; depth:206; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258105/; classtype:trojan-activity;sid:84121205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1207461551867433031/1210643188583501824/voidnet-fix.rar|3f|ex=671f2494|7c|26|7c|is=671dd314|7c|26|7c|hm=91ed44514a4fb1708f6dda3e6e653880ddbd9afcd6c6eb37a6ed1e68e0ac66aa|7c|26|7c|"; depth:191; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258106/; classtype:trojan-activity;sid:84121206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1237079150737620994/1254126465696665672/bgamer_.rar|3f|ex=671e78c9|7c|26|7c|is=671d2749|7c|26|7c|hm=df589fb52129c104472352fe3ff4f12c1aadff1c4950fa0e5c5435c4c3c3fb89|7c|26|7c|"; depth:187; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258107/; classtype:trojan-activity;sid:84121207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1264752169274441729/1294159944429600768/trashcc_comunnity.exe|3f|ex=671f17df|7c|26|7c|is=671dc65f|7c|26|7c|hm=08ebb628466849bef8a1311dbd95dd21c22d3b09591f457214a8178f68be29de|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258108/; classtype:trojan-activity;sid:84121208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1275409132643418133/1299810164744130560/freetp.orgsubnautica-multiplayer-fix-online-v1710.exe|3f|ex=671e8e0c|7c|26|7c|is=671d3c8c|7c|26|7c|hm=99d8dd0bbcc0fe597d4d6a64a7779a3a884d41b946d8752ffe011cee4ee197cd|7c|26|7c|"; depth:229; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258103/; classtype:trojan-activity;sid:84121203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1274737580172247102/1300073492812922950/goodbyedpi-0.2.3rc3-2_1.zip|3f|ex=671f834a|7c|26|7c|is=671e31ca|7c|26|7c|hm=d8379f7f8f11944bcb62f6d41de4e21c56cf7da0123a7744c5a62b59220afcdb|7c|26|7c|"; depth:203; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258100/; classtype:trojan-activity;sid:84121200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1217505050176393276/1221537139712458862/microsoft_edge.exe|3f|ex=671e909d|7c|26|7c|is=671d3f1d|7c|26|7c|hm=ecd50207be2e92594ed21febfd9ba8c0d2994e21edff1452f37ec65929725082|7c|26|7c|"; depth:194; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258101/; classtype:trojan-activity;sid:84121201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1172651424845406322/1299902227409932319/carbon_v1.7_beta.7z|3f|ex=671ee3ca|7c|26|7c|is=671d924a|7c|26|7c|hm=a056e66e7cbfed1d0aef0a4d229f85b63daaa6e3e9dfe067944de96e926ac183|7c|26|7c|"; depth:195; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258102/; classtype:trojan-activity;sid:84121202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1261064668513042622/1291554791075479562/zenpro.exe|3f|ex=671ed822|7c|26|7c|is=671d86a2|7c|26|7c|hm=7b8550fd4ac2a9d971e71d98e5077b839e1f4b55661c3a51e38cbf20d6c3bca0|7c|26|7c|"; depth:186; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258097/; classtype:trojan-activity;sid:84121197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1285219213493141546/1299811690736779315/sharpmonoinjector_v2.5_unknowncheats.me_.rar|3f|ex=671e8f78|7c|26|7c|is=671d3df8|7c|26|7c|hm=f62597d398af22c3cbdd737f403e9d725f2d6c24295e91a7b7950ac1c594d313|7c|26|7c|"; depth:220; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258098/; classtype:trojan-activity;sid:84121198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1218491682761216040/1299771810308554813/tkezs1zvg.exe|3f|ex=671e6a54|7c|26|7c|is=671d18d4|7c|26|7c|hm=f53ef9fec252ce3172b6e3f445e4ee200db4d9619573e8b2f42168168fc5a7a7|7c|26|7c|"; depth:189; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258099/; classtype:trojan-activity;sid:84121199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1283848362772398080/1299807248561868870/alzaabi_sooofer.exe|3f|ex=671f3415|7c|26|7c|is=671de295|7c|26|7c|hm=9716f8194fe8dcfc87a566127614c9b3b48109b4de205e591e48491b1140f611|7c|26|7c|"; depth:195; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258094/; classtype:trojan-activity;sid:84121194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1278653048993873995/1279099254501150771/randytweaker_free_v2_1.zip|3f|ex=671f03c2|7c|26|7c|is=671db242|7c|26|7c|hm=1f26cfe0c557a18508a76d14a1512d37b3ba0f0191fd91e48db66e70e66aa5d4|7c|26|7c|"; depth:202; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258095/; classtype:trojan-activity;sid:84121195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1217505050176393276/1217532566601597048/tdloader.exe|3f|ex=671e7f90|7c|26|7c|is=671d2e10|7c|26|7c|hm=69a49d918c58f39bbd1ffe89e4ba38fd19154797165657b0a51fb3162b223476|7c|26|7c|"; depth:188; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258096/; classtype:trojan-activity;sid:84121196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299763617625014302/1299763780183527484/goodbyedpi.rar|3f|ex=671e62d9|7c|26|7c|is=671d1159|7c|26|7c|hm=5ce6673dc957c3a4b60c2e63e840054631e38c27358ae565a7be98d592bf1466|7c|26|7c|"; depth:190; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258092/; classtype:trojan-activity;sid:84121192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299878044873261137/1299878528182915172/solara.zip|3f|ex=671ecdb7|7c|26|7c|is=671d7c37|7c|26|7c|hm=3691a580a1d1f5f8294e959d1d4bac265895256c59961ef8606ca575c378c3fe|7c|26|7c|"; depth:186; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258093/; classtype:trojan-activity;sid:84121193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1172651424845406322/1299911834584744058/carbon_v1.7_beta.rar|3f|ex=671eecbc|7c|26|7c|is=671d9b3c|7c|26|7c|hm=86bbef2d2e3d840878c81c078e4e2d247032380e283bdfcecf2093d1e447815c|7c|26|7c|"; depth:196; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258088/; classtype:trojan-activity;sid:84121188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1275755081337278507/1299807890177134693/goodbyedpi-0.2.3rc3-2.zip|3f|ex=671e8bee|7c|26|7c|is=671d3a6e|7c|26|7c|hm=83d2c9d0c1285794d0a1649c13d1f0937b546b103b2cd7f4763bab00ab6935a1|7c|26|7c|"; depth:201; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258089/; classtype:trojan-activity;sid:84121189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1281088564909838408/1281438127315091548/jarvy_x_sideflipz.zip.zip|3f|ex=671ef441|7c|26|7c|is=671da2c1|7c|26|7c|hm=cfc4d4ef93862666f1e0de7da9b097f89438ac5588f57b1dcee2729219bdf28b|7c|26|7c|"; depth:201; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258090/; classtype:trojan-activity;sid:84121190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1239899010228031531/1299662610756538368/discord_zapret_with_voice_update__4.1.zip|3f|ex=671f5620|7c|26|7c|is=671e04a0|7c|26|7c|hm=6f0ba23923f58bb65968e07b458ee3eb8251f84e2cd4c4d52b772078eca5e37f|7c|26|7c|"; depth:217; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258091/; classtype:trojan-activity;sid:84121191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299654863046574100/1299768799397937244/blank-grabber-main.zip|3f|ex=671e6786|7c|26|7c|is=671d1606|7c|26|7c|hm=25829e3ebb44c54ded2955df0f24b8f3c3245e0e8221a567d8b6b1d077cdfb7e|7c|26|7c|"; depth:198; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258087/; classtype:trojan-activity;sid:84121187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.248.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258086/; classtype:trojan-activity;sid:84121186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.183.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258085/; classtype:trojan-activity;sid:84121185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.66.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258084/; classtype:trojan-activity;sid:84121184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258083/; classtype:trojan-activity;sid:84121183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.62.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258082/; classtype:trojan-activity;sid:84121182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.188.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258079/; classtype:trojan-activity;sid:84121179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.62.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258080/; classtype:trojan-activity;sid:84121180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.26.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258081/; classtype:trojan-activity;sid:84121181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258078/; classtype:trojan-activity;sid:84121178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.215.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258077/; classtype:trojan-activity;sid:84121177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.24.4"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258076/; classtype:trojan-activity;sid:84121176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1298288768712839361/1299366599479787591/bootstrapperv1.22.exe|3f|ex=671f93f2|7c|26|7c|is=671e4272|7c|26|7c|hm=a33e9ed070c95c6855fd659bf2f69142eaa4bcfb208d6be0681c202f264178e1|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258075/; classtype:trojan-activity;sid:84121175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.70.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258074/; classtype:trojan-activity;sid:84121174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.115.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258073/; classtype:trojan-activity;sid:84121173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.254.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258072/; classtype:trojan-activity;sid:84121172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.0.18"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258071/; classtype:trojan-activity;sid:84121171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299796203994878002/1299797168974204968/booststrapper.exe|3f|ex=671e81f2|7c|26|7c|is=671d3072|7c|26|7c|hm=6e856db5449f7a52e5ef9b98fc7fe74e5fa796c216b5a1370df0cd6ec9248485|7c|26|7c|"; depth:193; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258070/; classtype:trojan-activity;sid:84121170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1279033254892273667/1287517529627168788/bootstrapper.exe|3f|ex=671ea8a3|7c|26|7c|is=671d5723|7c|26|7c|hm=938d9e45d74b28b96c67574b37d5f13a183b7b86f594ee29fc5b6c2a3ba5ad45|7c|26|7c|"; depth:192; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258067/; classtype:trojan-activity;sid:84121167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1298960923133874199/1299998960894607381/booststrapperv1.22.exe|3f|ex=671f3de1|7c|26|7c|is=671dec61|7c|26|7c|hm=c2ea09da2314b8e2b083fb4861f4df82f19953e0e98f529c558e1368e85a1de6|7c|26|7c|"; depth:198; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258068/; classtype:trojan-activity;sid:84121168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1268326978105376980/1269663530626580521/tdpremium.exe|3f|ex=671ef70e|7c|26|7c|is=671da58e|7c|26|7c|hm=6e8d574eaedbe4ff3cfebbc98681ad9fc37f2d7e7025c6a5ed829be2ee7af61a|7c|26|7c|"; depth:189; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258069/; classtype:trojan-activity;sid:84121169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1287170085915459624/1294550228631949342/bootstrapperv1.22.exe|3f|ex=671e891a|7c|26|7c|is=671d379a|7c|26|7c|hm=7717506ea2a5dbdc20384fda38ad7a0df69973e2a7618be40069cff9957edb82|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258063/; classtype:trojan-activity;sid:84121163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1220828957750988920/1299898419984207982/bootstrapperv1.22.exe|3f|ex=671ee03e|7c|26|7c|is=671d8ebe|7c|26|7c|hm=1bc14f4cc958d8a1edde0f8cd80a51c5070f32e8ef90866cf700d92d7146ba42|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258064/; classtype:trojan-activity;sid:84121164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1296483079262699532/1299810131776901223/bootstrapperv1.22.exe|3f|ex=671e8e04|7c|26|7c|is=671d3c84|7c|26|7c|hm=3a79046f4e1dfb8aa8dbbe4a453c7010cd92a15e03e5101535a42ae4b8ecf29e|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258065/; classtype:trojan-activity;sid:84121165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1299664998704091137/1299669918811422752/bootstrapperv1.22.exe|3f|ex=671eb42f|7c|26|7c|is=671d62af|7c|26|7c|hm=1f78029e7178b110e57f3a4519cc664aca6e0ff17eb17fbb003e46b8730d329f|7c|26|7c|"; depth:197; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258066/; classtype:trojan-activity;sid:84121166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.207.42.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258061/; classtype:trojan-activity;sid:84121161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.246.227.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258062/; classtype:trojan-activity;sid:84121162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258060/; classtype:trojan-activity;sid:84121160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.102.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258059/; classtype:trojan-activity;sid:84121159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.93.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258057/; classtype:trojan-activity;sid:84121157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.146.38.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258058/; classtype:trojan-activity;sid:84121158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.153.132.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258056/; classtype:trojan-activity;sid:84121156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/rcm_dcdedkd.txt"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258049/; classtype:trojan-activity;sid:84121149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/rcf_omfnorh.txt"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258050/; classtype:trojan-activity;sid:84121150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/gpieisb.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258051/; classtype:trojan-activity;sid:84121151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/fffaemf.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258052/; classtype:trojan-activity;sid:84121152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/rooahio.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258053/; classtype:trojan-activity;sid:84121153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/araofkh.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258054/; classtype:trojan-activity;sid:84121154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/oahinkn.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258055/; classtype:trojan-activity;sid:84121155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/asy_dffaaep.txt"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258045/; classtype:trojan-activity;sid:84121145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/iksjbpj.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258046/; classtype:trojan-activity;sid:84121146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/jaadkfh.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258047/; classtype:trojan-activity;sid:84121147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/bkpmdom.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258048/; classtype:trojan-activity;sid:84121148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/igapsme.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258044/; classtype:trojan-activity;sid:84121144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/domcfbs.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258042/; classtype:trojan-activity;sid:84121142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/krkmakc.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258043/; classtype:trojan-activity;sid:84121143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.120.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258041/; classtype:trojan-activity;sid:84121141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/graffiti.txt"; depth:13; endswith; nocase; http.host; content:"pointpangalengan.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258040/; classtype:trojan-activity;sid:84121140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.68.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258039/; classtype:trojan-activity;sid:84121139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258038/; classtype:trojan-activity;sid:84121138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.77.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258037/; classtype:trojan-activity;sid:84121137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.21.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258036/; classtype:trojan-activity;sid:84121136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.189.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258035/; classtype:trojan-activity;sid:84121135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/xwmm_aakkhbm.txt"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258034/; classtype:trojan-activity;sid:84121134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caibe/fwga/refs/heads/main/apfjrdf.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258032/; classtype:trojan-activity;sid:84121132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/richie213/zede/refs/heads/main/rnbdmhj.txt"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258031/; classtype:trojan-activity;sid:84121131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.183.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258028/; classtype:trojan-activity;sid:84121128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; depth:69; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.165.69.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258030/; classtype:trojan-activity;sid:84121130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamesom1942/wiskey/downloads/set-up.exe"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258027/; classtype:trojan-activity;sid:84121127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258026/; classtype:trojan-activity;sid:84121126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/beekeeper_studio.zip"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258022/; classtype:trojan-activity;sid:84121122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-aa/download_aaa/downloads/fortnite_hack.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258023/; classtype:trojan-activity;sid:84121123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chermander20/sonicwawe/downloads/bybit.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258021/; classtype:trojan-activity;sid:84121121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contore/update/downloads/password_2022_installer.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258017/; classtype:trojan-activity;sid:84121117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chermander20/sonicwawe/downloads/rmmai.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258018/; classtype:trojan-activity;sid:84121118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/zsoft_.7z"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258020/; classtype:trojan-activity;sid:84121120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-aa/download_aaa/downloads/kiddions_mod_menu.rar"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258015/; classtype:trojan-activity;sid:84121115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpvpov0nqt/rpvpov0nqt/downloads/roblox_doors_src.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258016/; classtype:trojan-activity;sid:84121116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/easyfirewall.exe"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258014/; classtype:trojan-activity;sid:84121114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/google_chrome.exe"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258013/; classtype:trojan-activity;sid:84121113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhjhhjhjjhhj/regge/downloads/f%d0%bertnit%d0%b5_h%d0%a1.rar"; depth:60; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258012/; classtype:trojan-activity;sid:84121112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/soda-pdf.zip"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258011/; classtype:trojan-activity;sid:84121111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/g%d0%bed_of_war_ragnar%d0%bek_cr%d0%b0%d1%81k.rar"; depth:79; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258010/; classtype:trojan-activity;sid:84121110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neironner/app/downloads/appwesoft.rar"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258009/; classtype:trojan-activity;sid:84121109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/waterfox.zip"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258008/; classtype:trojan-activity;sid:84121108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/afterburner.zip"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258007/; classtype:trojan-activity;sid:84121107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/adsblock.zip"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258006/; classtype:trojan-activity;sid:84121106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myworkescxz/meyca/downloads/soft.rar"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258005/; classtype:trojan-activity;sid:84121105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpvpov0nqt/rpvpov0nqt/downloads/fortnite_hack.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258004/; classtype:trojan-activity;sid:84121104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautata-hacks/download/downloads/kiddions_menu.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258002/; classtype:trojan-activity;sid:84121102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpvpov0nqt/rpvpov0nqt/downloads/new_kiddions.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258003/; classtype:trojan-activity;sid:84121103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/brave.zip"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258000/; classtype:trojan-activity;sid:84121100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wavelength54/topu/downloads/was.ps1"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258001/; classtype:trojan-activity;sid:84121101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/5m_mod_menu.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257999/; classtype:trojan-activity;sid:84121099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/programmerbfh/softbfh/downloads/asdz2.png"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257998/; classtype:trojan-activity;sid:84121098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chermander20/sonicwawe/downloads/redeemshore.exe"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257997/; classtype:trojan-activity;sid:84121097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it-alert-2023/update/downloads/sns_24.apk"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257995/; classtype:trojan-activity;sid:84121095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apilogic2023/api/downloads/password_2022_installer.rar"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257996/; classtype:trojan-activity;sid:84121096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/linkhelper.zip"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257994/; classtype:trojan-activity;sid:84121094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhbghnj1/kjhi1a/downloads/newapp.exe"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257993/; classtype:trojan-activity;sid:84121093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/vuex.exe"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257991/; classtype:trojan-activity;sid:84121091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zesoftwares/zesoft/downloads/zesoftapp.rar"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257992/; classtype:trojan-activity;sid:84121092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/programmerbfh/softbfh/downloads/sdadsasad.png"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257990/; classtype:trojan-activity;sid:84121090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhbghnj1/kjhi1a/downloads/updater.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257988/; classtype:trojan-activity;sid:84121088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/mounmeinlylo/bqaeer/5b924a1aa7fee2cb51377a9085ed3793f6a749a7/files/file"; depth:90; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257989/; classtype:trojan-activity;sid:84121089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/mounmeinlylo/6qano5/2aa998bdd45ea12f5552d98e8e28825a5a95cc86/files/file"; depth:90; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257987/; classtype:trojan-activity;sid:84121087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/softshipment.exe"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257986/; classtype:trojan-activity;sid:84121086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlo2/a/downloads/adobe2024.rar"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257984/; classtype:trojan-activity;sid:84121084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inseller31/loverskit1/downloads/fort.rar"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257985/; classtype:trojan-activity;sid:84121085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/valentinomaseratti/symphitems/downloads/passw_items_applicationsetupfile14.1.rar"; depth:81; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257982/; classtype:trojan-activity;sid:84121082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adobeofficial/adobeofficiall/downloads/setup_en_x64.zip"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257983/; classtype:trojan-activity;sid:84121083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/!api/2.0/snippets/mounmeinlylo/6qaezk/68ca2fb6aac2a81f027f3153f0d611c70af8c116/files/file"; depth:90; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257981/; classtype:trojan-activity;sid:84121081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/programmerbfh/softbfh/downloads/updatemmmm.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257976/; classtype:trojan-activity;sid:84121076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/%d0%a1s_g%d0%9e_ch%d0%90ng%d0%95r.rar"; depth:67; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257977/; classtype:trojan-activity;sid:84121077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuevldsdslsfasfsaf/tar2/downloads/tarnj.txt"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257978/; classtype:trojan-activity;sid:84121078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeengo/xcaseasd/downloads/sonic_frontiers_cracked.rar"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257979/; classtype:trojan-activity;sid:84121079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlo2/a/downloads/in.exe"; depth:24; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257980/; classtype:trojan-activity;sid:84121080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shgz2/sghz3/downloads/fortnie_hack.rar"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257975/; classtype:trojan-activity;sid:84121075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/hhhhhfgh/downloads/chiiiiiii.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257968/; classtype:trojan-activity;sid:84121068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/architecturetvs.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257969/; classtype:trojan-activity;sid:84121069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easy-s0ft/easys0ft/downloads/fortnite_hack.rar"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257970/; classtype:trojan-activity;sid:84121070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osaka123/mahoa1/downloads/suburbanskamacite.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257971/; classtype:trojan-activity;sid:84121071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcatelin/jameson/downloads/hna.exe"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257972/; classtype:trojan-activity;sid:84121072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/programmerbfh/softbfh/downloads/updatessss.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257973/; classtype:trojan-activity;sid:84121073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shgz2/sghz3/downloads/kiddions_mod_menu.rar"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257974/; classtype:trojan-activity;sid:84121074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdfffdfdd/sasa/downloads/crypted.exe"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257967/; classtype:trojan-activity;sid:84121067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.112.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257965/; classtype:trojan-activity;sid:84121065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.82.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257966/; classtype:trojan-activity;sid:84121066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.60.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257964/; classtype:trojan-activity;sid:84121064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.24.4"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257962/; classtype:trojan-activity;sid:84121062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.153.132.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257963/; classtype:trojan-activity;sid:84121063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.173.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257961/; classtype:trojan-activity;sid:84121061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olkfsd/vsdavdcs/downloads/auto.ru.pdf"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257957/; classtype:trojan-activity;sid:84121057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/anime_adventure_script.rar"; depth:71; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257954/; classtype:trojan-activity;sid:84121054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/newfiles_setup_2023_useas_passkey.rar"; depth:79; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257955/; classtype:trojan-activity;sid:84121055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/thelatest_setups_full_version.rar"; depth:75; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257956/; classtype:trojan-activity;sid:84121056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/anime_fighters_simulator.rar"; depth:73; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257953/; classtype:trojan-activity;sid:84121053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/mw_3_unlock_tool.rar"; depth:65; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257952/; classtype:trojan-activity;sid:84121052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/final_setups_full_version.rar"; depth:71; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257951/; classtype:trojan-activity;sid:84121051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solgoodman/zixenberg/downloads/bybit.exe"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257950/; classtype:trojan-activity;sid:84121050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/keyless_executor.rar"; depth:65; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257949/; classtype:trojan-activity;sid:84121049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/latest_setups_full_version.rar"; depth:72; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257947/; classtype:trojan-activity;sid:84121047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wfwfwe2/2/downloads/softinstall.rar"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257948/; classtype:trojan-activity;sid:84121048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/blox_fruits_script.rar"; depth:67; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257946/; classtype:trojan-activity;sid:84121046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/anime_chapions_script.rar"; depth:70; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257945/; classtype:trojan-activity;sid:84121045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhatdzcyti/socks3/downloads/out.exe"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257944/; classtype:trojan-activity;sid:84121044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olkfsd/vsdavdcs/downloads/biib.exe"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257943/; classtype:trojan-activity;sid:84121043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olkfsd/vsdavdcs/downloads/release.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257940/; classtype:trojan-activity;sid:84121040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/brovpn_win_v1.0.8.exe"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257941/; classtype:trojan-activity;sid:84121041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olkfsd/vsdavdcs/downloads/1.exe"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257942/; classtype:trojan-activity;sid:84121042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/latest1_setup_fullynew_version.rar"; depth:76; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257939/; classtype:trojan-activity;sid:84121039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/blox_fruits_script.rar"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257937/; classtype:trojan-activity;sid:84121037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/keyless_executor.rar"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257938/; classtype:trojan-activity;sid:84121038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/themain_setup_full_version.rar"; depth:72; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257934/; classtype:trojan-activity;sid:84121034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/pet_simulator_script.rar"; depth:69; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257935/; classtype:trojan-activity;sid:84121035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/val.rar"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257936/; classtype:trojan-activity;sid:84121036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/kiddions_mod_menu.rar"; depth:66; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257933/; classtype:trojan-activity;sid:84121033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/themain_setup_2023_useas_passkey.rar"; depth:78; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257932/; classtype:trojan-activity;sid:84121032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solgoodman/zixenberg/downloads/onepackage.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257929/; classtype:trojan-activity;sid:84121029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/misticcs.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257930/; classtype:trojan-activity;sid:84121030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautaracheats-dwnld/tautaracheats/downloads/fortnite_cheat.rar"; depth:63; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257931/; classtype:trojan-activity;sid:84121031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/project_slayers_script.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257928/; classtype:trojan-activity;sid:84121028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olkfsd/vsdavdcs/downloads/3.exe"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257927/; classtype:trojan-activity;sid:84121027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/123.exe"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257926/; classtype:trojan-activity;sid:84121026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softwarefiles/fulldownloadhere/downloads/main_setups_full_version.rar"; depth:70; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257925/; classtype:trojan-activity;sid:84121025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pavelalekseev11/346346/downloads/socks5.exe"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257924/; classtype:trojan-activity;sid:84121024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/freecad-0.20.2-win-x64-installer-3.exe"; depth:72; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257923/; classtype:trojan-activity;sid:84121023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testing77777/appdevlompent55555555/downloads/m5traider.exe"; depth:59; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257921/; classtype:trojan-activity;sid:84121021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pavelalekseev11/346346/downloads/kidsq.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257922/; classtype:trojan-activity;sid:84121022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/project1.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257920/; classtype:trojan-activity;sid:84121020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/anime_champions.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257918/; classtype:trojan-activity;sid:84121018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olkfsd/vsdavdcs/downloads/rils.exe"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257919/; classtype:trojan-activity;sid:84121019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/forti.rar"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257917/; classtype:trojan-activity;sid:84121017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testing77777/appdevlompent55555555/downloads/v2.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257916/; classtype:trojan-activity;sid:84121016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/unl_tool.rar"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257915/; classtype:trojan-activity;sid:84121015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slack-files/windows/downloads/siacksetupwin.iso"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257913/; classtype:trojan-activity;sid:84121013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pavelalekseev11/346346/downloads/ss.exe"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257914/; classtype:trojan-activity;sid:84121014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/bladeball.rar"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257912/; classtype:trojan-activity;sid:84121012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/grvbsovu.mp3"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257910/; classtype:trojan-activity;sid:84121010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/cook.exe"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257911/; classtype:trojan-activity;sid:84121011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/build19.exe"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257909/; classtype:trojan-activity;sid:84121009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o1lov/repo1lov/downloads/kidi.rar"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257908/; classtype:trojan-activity;sid:84121008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/123_4.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257906/; classtype:trojan-activity;sid:84121006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/mystics.exe"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257907/; classtype:trojan-activity;sid:84121007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olkfsd/vsdavdcs/downloads/xfilepumper.exe"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257905/; classtype:trojan-activity;sid:84121005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/build.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257904/; classtype:trojan-activity;sid:84121004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pavelalekseev11/346346/downloads/socks5.ps1"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257903/; classtype:trojan-activity;sid:84121003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workker300066/partners/downloads/project_8.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257902/; classtype:trojan-activity;sid:84121002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solgoodman/zixenberg/downloads/chrome.bat"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257901/; classtype:trojan-activity;sid:84121001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.93.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257900/; classtype:trojan-activity;sid:84121000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.165.69.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257899/; classtype:trojan-activity;sid:84120999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.62.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257898/; classtype:trojan-activity;sid:84120998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257897/; classtype:trojan-activity;sid:84120997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257896/; classtype:trojan-activity;sid:84120996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.146.38.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257895/; classtype:trojan-activity;sid:84120995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.189.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257894/; classtype:trojan-activity;sid:84120994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/project_slayers_script.rar"; depth:61; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257893/; classtype:trojan-activity;sid:84120993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.28.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257891/; classtype:trojan-activity;sid:84120991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.6.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257892/; classtype:trojan-activity;sid:84120992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.2.140.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257889/; classtype:trojan-activity;sid:84120989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.27.224"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257890/; classtype:trojan-activity;sid:84120990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/fl_studio_21_update.zip"; depth:62; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257886/; classtype:trojan-activity;sid:84120986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/adobe_premier_pro_update.zip"; depth:67; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257884/; classtype:trojan-activity;sid:84120984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/adobe_photoshop_update.zip"; depth:65; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257883/; classtype:trojan-activity;sid:84120983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/adobe_photoshop_2023_update.zip"; depth:70; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257882/; classtype:trojan-activity;sid:84120982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/adobe_illustrator_2023.zip"; depth:65; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257881/; classtype:trojan-activity;sid:84120981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/adobe_installer.zip"; depth:58; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257880/; classtype:trojan-activity;sid:84120980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/anime_adventure.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257879/; classtype:trojan-activity;sid:84120979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/mw3_unlocker.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257878/; classtype:trojan-activity;sid:84120978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monkeymanusa12/man/raw/main/nvcontainer.exe"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257877/; classtype:trojan-activity;sid:84120977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwgo-software/software_good/downloads/svcpjuhbt.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257876/; classtype:trojan-activity;sid:84120976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.0.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257875/; classtype:trojan-activity;sid:84120975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.183.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257874/; classtype:trojan-activity;sid:84120974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/tautara_hack.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257869/; classtype:trojan-activity;sid:84120969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/anime_champions.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257870/; classtype:trojan-activity;sid:84120970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/pet_simulatorx.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257871/; classtype:trojan-activity;sid:84120971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/kiddions_menu.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257872/; classtype:trojan-activity;sid:84120972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/skin_changer.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257873/; classtype:trojan-activity;sid:84120973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/valorant.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257867/; classtype:trojan-activity;sid:84120967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/fortnite.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257868/; classtype:trojan-activity;sid:84120968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/executor_.rar"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257866/; classtype:trojan-activity;sid:84120966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/executor.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257865/; classtype:trojan-activity;sid:84120965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/blox_fruits.rar"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257864/; classtype:trojan-activity;sid:84120964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tautara-dwnl/download/downloads/anime_fighters.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257863/; classtype:trojan-activity;sid:84120963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sheb127/2816rotate/downloads/myguests.exe"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257862/; classtype:trojan-activity;sid:84120962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sheb127/2816rotate/downloads/coinbaseupdate.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257861/; classtype:trojan-activity;sid:84120961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.105.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257859/; classtype:trojan-activity;sid:84120959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsuscom/go/downloads/signal.exe"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257858/; classtype:trojan-activity;sid:84120958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucianoeasy1/whythefuckareutryingtotrackthishttpdebuggerlol/raw/67c59c70dfb800fa2bf21b3217e2485221c20428/fund.exe"; depth:114; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257857/; classtype:trojan-activity;sid:84120957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/care.rtf"; depth:9; endswith; nocase; http.host; content:"ship-care.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257856/; classtype:trojan-activity;sid:84120956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samesaaa/123/downloads/tjeajweeeh.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257855/; classtype:trojan-activity;sid:84120955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgtbvfd11/123aqd/downloads/s0ftware.rar"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257854/; classtype:trojan-activity;sid:84120954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neonbatsv4/neonbats2/downloads/infinitycheatloader.rar"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257853/; classtype:trojan-activity;sid:84120953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neonbatsv4/neonbats2/downloads/neonbatsloader.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257849/; classtype:trojan-activity;sid:84120949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.1.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257850/; classtype:trojan-activity;sid:84120950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgtbvfd11/123aqd/downloads/updater.exe"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257851/; classtype:trojan-activity;sid:84120951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/skcareo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257852/; classtype:trojan-activity;sid:84120952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/injocah.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257847/; classtype:trojan-activity;sid:84120947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/osgkamo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257848/; classtype:trojan-activity;sid:84120948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neonbatsv4/neonbats2/downloads/setup.rar"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257846/; classtype:trojan-activity;sid:84120946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgtbvfd11/123aqd/downloads/newapp.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257845/; classtype:trojan-activity;sid:84120945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/mmpginn.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257844/; classtype:trojan-activity;sid:84120944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neonbatsv4/neonbats2/downloads/pmsoftware.rar"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257843/; classtype:trojan-activity;sid:84120943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/ksfciif.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257842/; classtype:trojan-activity;sid:84120942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.165.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257841/; classtype:trojan-activity;sid:84120941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.173.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257840/; classtype:trojan-activity;sid:84120940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257839/; classtype:trojan-activity;sid:84120939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.62.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257838/; classtype:trojan-activity;sid:84120938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.227.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257837/; classtype:trojan-activity;sid:84120937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.199.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257836/; classtype:trojan-activity;sid:84120936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.120.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257835/; classtype:trojan-activity;sid:84120935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.29.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257833/; classtype:trojan-activity;sid:84120933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257834/; classtype:trojan-activity;sid:84120934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haremkoota/letsgouuuuu/downloads/rawworm-crypted.exe"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257832/; classtype:trojan-activity;sid:84120932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grogos817/34f45gh44h554h/raw/4e68095e513496512d02602fdccf2ffee5be8d05/loader.rar"; depth:81; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257831/; classtype:trojan-activity;sid:84120931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.137.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257830/; classtype:trojan-activity;sid:84120930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/executor.rar"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257824/; classtype:trojan-activity;sid:84120924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/mw3_unlocker.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257825/; classtype:trojan-activity;sid:84120925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/anime_champions.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257826/; classtype:trojan-activity;sid:84120926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/pet_simulatorx.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257827/; classtype:trojan-activity;sid:84120927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/anime_fighters.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257828/; classtype:trojan-activity;sid:84120928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/anime_adventure.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257829/; classtype:trojan-activity;sid:84120929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/fn.rar"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257819/; classtype:trojan-activity;sid:84120919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/valorant_hack.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257820/; classtype:trojan-activity;sid:84120920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/hack_setup.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257821/; classtype:trojan-activity;sid:84120921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/king_legacy_script.rar"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257822/; classtype:trojan-activity;sid:84120922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/skin_changer.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257823/; classtype:trojan-activity;sid:84120923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/valorant.rar"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257818/; classtype:trojan-activity;sid:84120918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/blox_fruits_script.rar"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257817/; classtype:trojan-activity;sid:84120917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/blade_ball_script.rar"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257815/; classtype:trojan-activity;sid:84120915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/blox_fruits.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257816/; classtype:trojan-activity;sid:84120916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/waezone_2_hack.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257813/; classtype:trojan-activity;sid:84120913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frozenthrone1337/yeah/downloads/64.dll"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257814/; classtype:trojan-activity;sid:84120914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/tautara_hack.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257812/; classtype:trojan-activity;sid:84120912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/anime_champions_script.rar"; depth:61; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257811/; classtype:trojan-activity;sid:84120911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/evon_executor.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257809/; classtype:trojan-activity;sid:84120909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/electron_executor.rar"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257810/; classtype:trojan-activity;sid:84120910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download-hack/download/downloads/kiddions_menu.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257808/; classtype:trojan-activity;sid:84120908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/fortnite_hack.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257807/; classtype:trojan-activity;sid:84120907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsadsdavasdvasdc/olesyalkve/downloads/mas.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257806/; classtype:trojan-activity;sid:84120906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgy1ss1s/geoasdfasdf/downloads/kiddions_mod_menu.rar"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257803/; classtype:trojan-activity;sid:84120903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxxlrep/repo/downloads/za.xlsx"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257804/; classtype:trojan-activity;sid:84120904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsadsdavasdvasdc/olesyalkve/downloads/mg.exe"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257805/; classtype:trojan-activity;sid:84120905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxxlrep/repo/downloads/zip.zip"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257801/; classtype:trojan-activity;sid:84120901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxxlrep/repo/downloads/newf.dotm"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257802/; classtype:trojan-activity;sid:84120902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/brave.zip"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257797/; classtype:trojan-activity;sid:84120897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/soda-pdf.zip"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257795/; classtype:trojan-activity;sid:84120895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/adsblock.zip"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257796/; classtype:trojan-activity;sid:84120896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/linkhelper.zip"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257793/; classtype:trojan-activity;sid:84120893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcloud-load-ad/ads1022/downloads/waterfox.zip"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257794/; classtype:trojan-activity;sid:84120894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlo2/a/downloads/adobe2024.rar"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257792/; classtype:trojan-activity;sid:84120892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.48.28.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257791/; classtype:trojan-activity;sid:84120891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/project_slayers_script.rar"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257789/; classtype:trojan-activity;sid:84120889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/blox_fruits_script.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257790/; classtype:trojan-activity;sid:84120890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/keyless_executor.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257782/; classtype:trojan-activity;sid:84120882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/unl_tool.rar"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257783/; classtype:trojan-activity;sid:84120883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/val.rar"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257784/; classtype:trojan-activity;sid:84120884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/bladeball.rar"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257785/; classtype:trojan-activity;sid:84120885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/kid.rar"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257786/; classtype:trojan-activity;sid:84120886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/anime_champions.rar"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257787/; classtype:trojan-activity;sid:84120887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodywawe/downwawe/downloads/fort.rar"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257788/; classtype:trojan-activity;sid:84120888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/remcosoctubre.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257781/; classtype:trojan-activity;sid:84120881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/asynenvio.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257779/; classtype:trojan-activity;sid:84120879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/notifico_demanda_laboral.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257780/; classtype:trojan-activity;sid:84120880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/sostener_con_dcrat.txt"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257778/; classtype:trojan-activity;sid:84120878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257777/; classtype:trojan-activity;sid:84120877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/codh/downloads/cod_warzone_2_unlock.rar"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257776/; classtype:trojan-activity;sid:84120876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/warzone_2.0_unlock_tool_aim_esp/downloads/warzone_2.0_unlock_tool_aim_esp.rar"; depth:84; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257775/; classtype:trojan-activity;sid:84120875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/rust-aim-esp/downloads/rust_aimesp.rar"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257773/; classtype:trojan-activity;sid:84120873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/codvideo/downloads/cod_warzone_2_unlock.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257774/; classtype:trojan-activity;sid:84120874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/sonic/downloads/sonic_frontiers_crack.zip"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257772/; classtype:trojan-activity;sid:84120872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.139.176.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257771/; classtype:trojan-activity;sid:84120871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.1.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257770/; classtype:trojan-activity;sid:84120870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.105.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257769/; classtype:trojan-activity;sid:84120869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/gtaaaaa/downloads/kiddions_menu.rar"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257767/; classtype:trojan-activity;sid:84120867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneex/gtavnew/downloads/kiddions_menu.rar"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257768/; classtype:trojan-activity;sid:84120868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/arsenal_script.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257765/; classtype:trojan-activity;sid:84120865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/synps_x.rar"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257766/; classtype:trojan-activity;sid:84120866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/pet_simulator_x_script.rar"; depth:58; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257764/; classtype:trojan-activity;sid:84120864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/fortnite_hack.rar"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257762/; classtype:trojan-activity;sid:84120862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/new_valorant_hack.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257763/; classtype:trojan-activity;sid:84120863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/new_kiddions.rar"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257761/; classtype:trojan-activity;sid:84120861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/fortnite_skin_swapper.rar"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257760/; classtype:trojan-activity;sid:84120860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/blox_fruits_scr.rar"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257759/; classtype:trojan-activity;sid:84120859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/fivem_mod_menu.rar"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257758/; classtype:trojan-activity;sid:84120858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/roblox_doors_src.rar"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257757/; classtype:trojan-activity;sid:84120857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/525252/legitcheck/downloads/contract.zip"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257756/; classtype:trojan-activity;sid:84120856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/525252/legitcheck/downloads/data_recovery.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257755/; classtype:trojan-activity;sid:84120855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.2.9"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257754/; classtype:trojan-activity;sid:84120854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/defe/downloads/dllrod.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257753/; classtype:trojan-activity;sid:84120853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/robertiro/downloads/perepepepepe.txt"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257748/; classtype:trojan-activity;sid:84120848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/8880000000000000/downloads/hopedll.txt"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257749/; classtype:trojan-activity;sid:84120849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/robertiro/downloads/dotnet_reactor.txt"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257750/; classtype:trojan-activity;sid:84120850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/8880000000000000/downloads/dotnet_reactor.txt"; depth:54; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257751/; classtype:trojan-activity;sid:84120851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/525252/legitcheck/downloads/capcut.zip"; depth:39; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257752/; classtype:trojan-activity;sid:84120852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/hhhhhfgh/downloads/chiiiiiii.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257746/; classtype:trojan-activity;sid:84120846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/443432/downloads/delelechichi.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257747/; classtype:trojan-activity;sid:84120847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/defe/downloads/pererere.txt"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257744/; classtype:trojan-activity;sid:84120844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/8880000000000000/downloads/hopepe.txt"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257745/; classtype:trojan-activity;sid:84120845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/8880000000000000/downloads/perepepepepe.txt"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257743/; classtype:trojan-activity;sid:84120843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.167.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257742/; classtype:trojan-activity;sid:84120842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.165.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257741/; classtype:trojan-activity;sid:84120841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112download/browser/downloads/onionbrowser.rar"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257740/; classtype:trojan-activity;sid:84120840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.137.173"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257739/; classtype:trojan-activity;sid:84120839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.100.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257737/; classtype:trojan-activity;sid:84120837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.29.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257738/; classtype:trojan-activity;sid:84120838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.169.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257736/; classtype:trojan-activity;sid:84120836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.0.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257735/; classtype:trojan-activity;sid:84120835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/ndlvxzd.exe"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257734/; classtype:trojan-activity;sid:84120834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/installs.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257733/; classtype:trojan-activity;sid:84120833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/qkzohebkmb.exe"; depth:54; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257732/; classtype:trojan-activity;sid:84120832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/installer.exe"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257731/; classtype:trojan-activity;sid:84120831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/dcratbuild8.exe"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257730/; classtype:trojan-activity;sid:84120830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/dheend.exe"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257723/; classtype:trojan-activity;sid:84120823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/setupwin32_64.exe"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257724/; classtype:trojan-activity;sid:84120824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/traderbro770.exe"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257725/; classtype:trojan-activity;sid:84120825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/111_2023-04-07_08-22.exe"; depth:64; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257726/; classtype:trojan-activity;sid:84120826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/droidcamappx64.zip"; depth:58; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257727/; classtype:trojan-activity;sid:84120827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/nemesis_soft.exe"; depth:56; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257728/; classtype:trojan-activity;sid:84120828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/testt.exe"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257729/; classtype:trojan-activity;sid:84120829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/hillmen.exe"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257719/; classtype:trojan-activity;sid:84120819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/build123456789.exe"; depth:58; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257720/; classtype:trojan-activity;sid:84120820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/droldcamappx64.rar"; depth:58; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257721/; classtype:trojan-activity;sid:84120821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/dcratbuild127.exe"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257722/; classtype:trojan-activity;sid:84120822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/miles.exe"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257717/; classtype:trojan-activity;sid:84120817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/02.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257718/; classtype:trojan-activity;sid:84120818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldminusthousand/needheater/downloads/360_.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257716/; classtype:trojan-activity;sid:84120816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.96.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257715/; classtype:trojan-activity;sid:84120815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.162.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257714/; classtype:trojan-activity;sid:84120814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.73.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257712/; classtype:trojan-activity;sid:84120812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.91.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257713/; classtype:trojan-activity;sid:84120813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.208.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257711/; classtype:trojan-activity;sid:84120811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.121.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257710/; classtype:trojan-activity;sid:84120810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.221.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257709/; classtype:trojan-activity;sid:84120809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.230.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257708/; classtype:trojan-activity;sid:84120808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.198.34.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257707/; classtype:trojan-activity;sid:84120807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.188.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257705/; classtype:trojan-activity;sid:84120805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.225.37.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257706/; classtype:trojan-activity;sid:84120806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.233.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257704/; classtype:trojan-activity;sid:84120804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.32.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257703/; classtype:trojan-activity;sid:84120803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.179.165.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257702/; classtype:trojan-activity;sid:84120802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.127.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257701/; classtype:trojan-activity;sid:84120801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klndnwenp155.bin"; depth:17; endswith; nocase; http.host; content:"pharmaciedelaplage.bounceme.net"; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257700/; classtype:trojan-activity;sid:84120800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.246.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257699/; classtype:trojan-activity;sid:84120799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.67.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257698/; classtype:trojan-activity;sid:84120798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.78.220.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257697/; classtype:trojan-activity;sid:84120797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.74.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257696/; classtype:trojan-activity;sid:84120796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.100.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257695/; classtype:trojan-activity;sid:84120795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.188.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257694/; classtype:trojan-activity;sid:84120794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.115.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257693/; classtype:trojan-activity;sid:84120793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.115.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257692/; classtype:trojan-activity;sid:84120792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.208.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257691/; classtype:trojan-activity;sid:84120791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/remcosoctubre.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257688/; classtype:trojan-activity;sid:84120788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/sostener_con_dcrat.txt"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257689/; classtype:trojan-activity;sid:84120789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/notifico_demanda_laboral.rar"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257690/; classtype:trojan-activity;sid:84120790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awgwrtwa/asss/downloads/asynenvio.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257687/; classtype:trojan-activity;sid:84120787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/topg-side.exe"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257684/; classtype:trojan-activity;sid:84120784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/rl.exe"; depth:43; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257685/; classtype:trojan-activity;sid:84120785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/crackmidnight.zip"; depth:54; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257686/; classtype:trojan-activity;sid:84120786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/payload.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257683/; classtype:trojan-activity;sid:84120783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/qqapps.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257679/; classtype:trojan-activity;sid:84120779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/steamer.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257680/; classtype:trojan-activity;sid:84120780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/launcher.exe"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257681/; classtype:trojan-activity;sid:84120781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/xunlei.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257682/; classtype:trojan-activity;sid:84120782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/buildru.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257678/; classtype:trojan-activity;sid:84120778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/aikahurakami.exe"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257677/; classtype:trojan-activity;sid:84120777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/crackmidnight.rar"; depth:54; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257675/; classtype:trojan-activity;sid:84120775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/sef.exe"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257676/; classtype:trojan-activity;sid:84120776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/kibikohatsumi.exe"; depth:54; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257674/; classtype:trojan-activity;sid:84120774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/nefor.exe"; depth:46; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257671/; classtype:trojan-activity;sid:84120771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/seykonagashi.exe"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257672/; classtype:trojan-activity;sid:84120772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/sysfiles.exe"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257673/; classtype:trojan-activity;sid:84120773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/mm_uniq"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257670/; classtype:trojan-activity;sid:84120770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/ocean-final.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257666/; classtype:trojan-activity;sid:84120766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/libcurl-addon.exe"; depth:54; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257667/; classtype:trojan-activity;sid:84120767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/topgtraff.exe"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257668/; classtype:trojan-activity;sid:84120768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/sakibo.exe"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257669/; classtype:trojan-activity;sid:84120769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/lummaforlife.exe"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257665/; classtype:trojan-activity;sid:84120765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/ayahuraki.exe"; depth:50; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257664/; classtype:trojan-activity;sid:84120764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/sunekositoi.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257663/; classtype:trojan-activity;sid:84120763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/uniq.txt"; depth:45; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257661/; classtype:trojan-activity;sid:84120761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/kinarusogui.exe"; depth:52; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257662/; classtype:trojan-activity;sid:84120762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/example.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257660/; classtype:trojan-activity;sid:84120760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/testqpp.exe"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257659/; classtype:trojan-activity;sid:84120759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36273637sunshine/sunshine/downloads/testapps.exe"; depth:49; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257658/; classtype:trojan-activity;sid:84120758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.230.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257657/; classtype:trojan-activity;sid:84120757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/431/sees/see/seethebestthingwhichgivebetterservicewithbestthingstobe_________seethebestlovewhogivingtogetbackwithbestthignstobegetme________seeethebestthingsundersatndwithbestdealingksillwithbest.doc"; depth:200; endswith; nocase; http.host; content:"104.168.7.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257656/; classtype:trojan-activity;sid:84120756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/431/sees/sheisverynicegirlwithgreatworkingskillwithgereatniceworkign.hta"; depth:73; endswith; nocase; http.host; content:"104.168.7.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257654/; classtype:trojan-activity;sid:84120754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/431/rfgvtt.txt"; depth:15; endswith; nocase; http.host; content:"104.168.7.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257655/; classtype:trojan-activity;sid:84120755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/mnxcvvplawyuio.doc"; depth:23; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257646/; classtype:trojan-activity;sid:84120746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/1sccexdhycwi9ns.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257647/; classtype:trojan-activity;sid:84120747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/ixst7yv1krqcq4e.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257648/; classtype:trojan-activity;sid:84120748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/kopievbnghhy.doc"; depth:21; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257649/; classtype:trojan-activity;sid:84120749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/tcgbu2jh0wz80zw.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257650/; classtype:trojan-activity;sid:84120750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fridayssssmadamwebaaaaay.txt"; depth:29; endswith; nocase; http.host; content:"107.172.31.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257651/; classtype:trojan-activity;sid:84120751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlhosted.txt"; depth:13; endswith; nocase; http.host; content:"107.173.4.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257652/; classtype:trojan-activity;sid:84120752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/380/wrrdfvc.txt"; depth:16; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257653/; classtype:trojan-activity;sid:84120753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/477/ec/nc/newthingswtihgreatnewwithgreatthingsevengiven________seethebstworldkingofthejunglewhichwhogivengreatthigns________seethebestthignswithgereatloverkissingmeonlips.doc"; depth:175; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257640/; classtype:trojan-activity;sid:84120740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/mnobizxv.doc"; depth:17; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257641/; classtype:trojan-activity;sid:84120741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/380/nnb/seemeherewithgreatthingsentiretimewithgreatthingsonhere.hta"; depth:68; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257642/; classtype:trojan-activity;sid:84120742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38/nk/seethebestthingswhichgivennewthingswithmewesee.hta"; depth:57; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257643/; classtype:trojan-activity;sid:84120743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/sxyq5lpzwkntump.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257644/; classtype:trojan-activity;sid:84120744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38/lcrrdf.txt"; depth:14; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257645/; classtype:trojan-activity;sid:84120745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/380/nnb/nn/weseeingthebestthingswithentirethinsgshoudbegood_______everythingveryfineforgreatthignstobeinthelinefor_______somethignnewthignswrwarecomingforgoodthings.doc"; depth:169; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257638/; classtype:trojan-activity;sid:84120738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/477/ec/kissingismissingbesthingwithevergivenmebestthingstogive.hta"; depth:67; endswith; nocase; http.host; content:"85.215.206.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257639/; classtype:trojan-activity;sid:84120739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/ab/f3.txt"; depth:31; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257637/; classtype:trojan-activity;sid:84120737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/mmkfpmi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257623/; classtype:trojan-activity;sid:84120723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/adkrinm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257624/; classtype:trojan-activity;sid:84120724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/jdgmgjk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257625/; classtype:trojan-activity;sid:84120725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/osimdcc.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257626/; classtype:trojan-activity;sid:84120726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/nicffck.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257627/; classtype:trojan-activity;sid:84120727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/jnsffih.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257628/; classtype:trojan-activity;sid:84120728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/mihkmkm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257629/; classtype:trojan-activity;sid:84120729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/gbmpiap.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257630/; classtype:trojan-activity;sid:84120730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kkfpmej.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257631/; classtype:trojan-activity;sid:84120731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ahpfabk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257632/; classtype:trojan-activity;sid:84120732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/anbssss.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257633/; classtype:trojan-activity;sid:84120733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/bmhifoa.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257634/; classtype:trojan-activity;sid:84120734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ekskemi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257635/; classtype:trojan-activity;sid:84120735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fmhfajs.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257636/; classtype:trojan-activity;sid:84120736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/refggdi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257611/; classtype:trojan-activity;sid:84120711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kmdndce.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257612/; classtype:trojan-activity;sid:84120712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kimidmd.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257613/; classtype:trojan-activity;sid:84120713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ordbemi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257614/; classtype:trojan-activity;sid:84120714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/bmksccp.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257615/; classtype:trojan-activity;sid:84120715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/magrdra.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257616/; classtype:trojan-activity;sid:84120716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/dipahhd.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257617/; classtype:trojan-activity;sid:84120717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/ifkrnmg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257618/; classtype:trojan-activity;sid:84120718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/nemoaea.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257619/; classtype:trojan-activity;sid:84120719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/dreipmm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257620/; classtype:trojan-activity;sid:84120720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/rmoekkn.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257621/; classtype:trojan-activity;sid:84120721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/esjnrdg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257622/; classtype:trojan-activity;sid:84120722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/kaohkrb.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257608/; classtype:trojan-activity;sid:84120708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/hfffmip.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257609/; classtype:trojan-activity;sid:84120709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/idafmps.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257610/; classtype:trojan-activity;sid:84120710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/phemfee.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257607/; classtype:trojan-activity;sid:84120707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/msrhkof.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257605/; classtype:trojan-activity;sid:84120705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/aemodkg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257606/; classtype:trojan-activity;sid:84120706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fckiffn.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257601/; classtype:trojan-activity;sid:84120701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/idmdpea.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257602/; classtype:trojan-activity;sid:84120702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/fiebagh.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257603/; classtype:trojan-activity;sid:84120703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/gjkrkha.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257604/; classtype:trojan-activity;sid:84120704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/prfkari.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257599/; classtype:trojan-activity;sid:84120699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/aobjfrp.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257600/; classtype:trojan-activity;sid:84120700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/mkiormi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257598/; classtype:trojan-activity;sid:84120698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.85.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257597/; classtype:trojan-activity;sid:84120697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.225.37.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257596/; classtype:trojan-activity;sid:84120696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.162.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257595/; classtype:trojan-activity;sid:84120695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.182.245.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257594/; classtype:trojan-activity;sid:84120694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.235.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257593/; classtype:trojan-activity;sid:84120693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.5.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257592/; classtype:trojan-activity;sid:84120692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.241.176.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257591/; classtype:trojan-activity;sid:84120691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.67.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257590/; classtype:trojan-activity;sid:84120690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.103.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257589/; classtype:trojan-activity;sid:84120689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.108.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257588/; classtype:trojan-activity;sid:84120688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.178.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257587/; classtype:trojan-activity;sid:84120687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.74.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257586/; classtype:trojan-activity;sid:84120686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.160.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257585/; classtype:trojan-activity;sid:84120685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.199.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257584/; classtype:trojan-activity;sid:84120684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.221.77.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257583/; classtype:trojan-activity;sid:84120683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.106.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257582/; classtype:trojan-activity;sid:84120682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.215.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257581/; classtype:trojan-activity;sid:84120681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257580/; classtype:trojan-activity;sid:84120680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.137.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257579/; classtype:trojan-activity;sid:84120679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.220.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257578/; classtype:trojan-activity;sid:84120678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.115.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257577/; classtype:trojan-activity;sid:84120677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.137.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257576/; classtype:trojan-activity;sid:84120676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257575/; classtype:trojan-activity;sid:84120675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257574/; classtype:trojan-activity;sid:84120674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.16.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257573/; classtype:trojan-activity;sid:84120673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.205.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257572/; classtype:trojan-activity;sid:84120672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.242.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257571/; classtype:trojan-activity;sid:84120671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.41.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257570/; classtype:trojan-activity;sid:84120670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.250.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257569/; classtype:trojan-activity;sid:84120669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.64.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257568/; classtype:trojan-activity;sid:84120668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.178.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257567/; classtype:trojan-activity;sid:84120667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f/fikbam1024193.exe"; depth:20; endswith; nocase; http.host; content:"241024204809193.dmi.fyml86.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257566/; classtype:trojan-activity;sid:84120666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.122.115.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257565/; classtype:trojan-activity;sid:84120665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.19.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257564/; classtype:trojan-activity;sid:84120664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osupdater.exe"; depth:14; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257562/; classtype:trojan-activity;sid:84120662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zx.zip"; depth:7; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257563/; classtype:trojan-activity;sid:84120663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nova.exe"; depth:9; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257561/; classtype:trojan-activity;sid:84120661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257560/; classtype:trojan-activity;sid:84120660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257559/; classtype:trojan-activity;sid:84120659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896c9ad8bf739ee8/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"194.15.46.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257556/; classtype:trojan-activity;sid:84120656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257557/; classtype:trojan-activity;sid:84120657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896c9ad8bf739ee8/nss3.dll"; depth:26; endswith; nocase; http.host; content:"194.15.46.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257558/; classtype:trojan-activity;sid:84120658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896c9ad8bf739ee8/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"194.15.46.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257552/; classtype:trojan-activity;sid:84120652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896c9ad8bf739ee8/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"194.15.46.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257553/; classtype:trojan-activity;sid:84120653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257554/; classtype:trojan-activity;sid:84120654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257555/; classtype:trojan-activity;sid:84120655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257549/; classtype:trojan-activity;sid:84120649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d60be0de163924d/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257550/; classtype:trojan-activity;sid:84120650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896c9ad8bf739ee8/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"194.15.46.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257551/; classtype:trojan-activity;sid:84120651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896c9ad8bf739ee8/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"194.15.46.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257547/; classtype:trojan-activity;sid:84120647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896c9ad8bf739ee8/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"194.15.46.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257548/; classtype:trojan-activity;sid:84120648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.106.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257546/; classtype:trojan-activity;sid:84120646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.16.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257545/; classtype:trojan-activity;sid:84120645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.64.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257544/; classtype:trojan-activity;sid:84120644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.117.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257543/; classtype:trojan-activity;sid:84120643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.72.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257542/; classtype:trojan-activity;sid:84120642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.215.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257541/; classtype:trojan-activity;sid:84120641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.106.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257540/; classtype:trojan-activity;sid:84120640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257539/; classtype:trojan-activity;sid:84120639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.202.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257538/; classtype:trojan-activity;sid:84120638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.122.115.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257537/; classtype:trojan-activity;sid:84120637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.221.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257536/; classtype:trojan-activity;sid:84120636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.123.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257535/; classtype:trojan-activity;sid:84120635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.49.147.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257534/; classtype:trojan-activity;sid:84120634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.22.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257533/; classtype:trojan-activity;sid:84120633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.97.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257532/; classtype:trojan-activity;sid:84120632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.106.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257531/; classtype:trojan-activity;sid:84120631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.233.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257530/; classtype:trojan-activity;sid:84120630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.202.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257529/; classtype:trojan-activity;sid:84120629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.182.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257528/; classtype:trojan-activity;sid:84120628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.66.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257525/; classtype:trojan-activity;sid:84120625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.187.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257526/; classtype:trojan-activity;sid:84120626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.78.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257527/; classtype:trojan-activity;sid:84120627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.54.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257524/; classtype:trojan-activity;sid:84120624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.167.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257523/; classtype:trojan-activity;sid:84120623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.29.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257522/; classtype:trojan-activity;sid:84120622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.247.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257521/; classtype:trojan-activity;sid:84120621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.233.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257520/; classtype:trojan-activity;sid:84120620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.113.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257518/; classtype:trojan-activity;sid:84120618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.59.225.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257519/; classtype:trojan-activity;sid:84120619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.94.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257517/; classtype:trojan-activity;sid:84120617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.97.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257516/; classtype:trojan-activity;sid:84120616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.16.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257515/; classtype:trojan-activity;sid:84120615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.54.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257514/; classtype:trojan-activity;sid:84120614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.160.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257513/; classtype:trojan-activity;sid:84120613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.76.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257512/; classtype:trojan-activity;sid:84120612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.103.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257510/; classtype:trojan-activity;sid:84120610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.152.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257511/; classtype:trojan-activity;sid:84120611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.105.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257508/; classtype:trojan-activity;sid:84120608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.66.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257509/; classtype:trojan-activity;sid:84120609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.91.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257505/; classtype:trojan-activity;sid:84120605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.187.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257506/; classtype:trojan-activity;sid:84120606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.159.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257507/; classtype:trojan-activity;sid:84120607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.24.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257504/; classtype:trojan-activity;sid:84120604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257502/; classtype:trojan-activity;sid:84120602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.109.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257503/; classtype:trojan-activity;sid:84120603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.159.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257501/; classtype:trojan-activity;sid:84120601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.167.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257500/; classtype:trojan-activity;sid:84120600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.44.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257499/; classtype:trojan-activity;sid:84120599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257498/; classtype:trojan-activity;sid:84120598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.57.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257497/; classtype:trojan-activity;sid:84120597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.252.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257496/; classtype:trojan-activity;sid:84120596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257495/; classtype:trojan-activity;sid:84120595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.74.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257494/; classtype:trojan-activity;sid:84120594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.61.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257493/; classtype:trojan-activity;sid:84120593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/winring0x64.sys"; depth:23; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257490/; classtype:trojan-activity;sid:84120590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.159.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257491/; classtype:trojan-activity;sid:84120591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.76.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257492/; classtype:trojan-activity;sid:84120592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/javaw/instance.ps1"; depth:24; endswith; nocase; http.host; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257489/; classtype:trojan-activity;sid:84120589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/javaw"; depth:13; endswith; nocase; http.host; content:"sec.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257487/; classtype:trojan-activity;sid:84120587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/javaw"; depth:13; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257488/; classtype:trojan-activity;sid:84120588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/networks.ps1"; depth:13; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257486/; classtype:trojan-activity;sid:84120586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/networks.ps1"; depth:13; endswith; nocase; http.host; content:"cat.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257485/; classtype:trojan-activity;sid:84120585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/javaw/winring0x64.sys"; depth:27; endswith; nocase; http.host; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257483/; classtype:trojan-activity;sid:84120583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/javaw/net/net.xsl"; depth:23; endswith; nocase; http.host; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhash.txt"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257482/; classtype:trojan-activity;sid:84120582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/winring0x64.sys"; depth:23; endswith; nocase; http.host; content:"sec.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257480/; classtype:trojan-activity;sid:84120580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nssm.txt"; depth:9; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257481/; classtype:trojan-activity;sid:84120581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inst.xsl"; depth:9; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257468/; classtype:trojan-activity;sid:84120568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/net/inst.xsl"; depth:20; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257469/; classtype:trojan-activity;sid:84120569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.ps1"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257470/; classtype:trojan-activity;sid:84120570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net/net.xsl"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257471/; classtype:trojan-activity;sid:84120571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys.txt"; depth:8; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257472/; classtype:trojan-activity;sid:84120572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/net/net.xsl"; depth:19; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257473/; classtype:trojan-activity;sid:84120573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/inst.ps1"; depth:16; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257474/; classtype:trojan-activity;sid:84120574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.xsl"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257475/; classtype:trojan-activity;sid:84120575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver.txt"; depth:8; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257476/; classtype:trojan-activity;sid:84120576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/instance.ps1"; depth:20; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257477/; classtype:trojan-activity;sid:84120577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monhash.txt"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257478/; classtype:trojan-activity;sid:84120578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nssmhash.txt"; depth:13; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257479/; classtype:trojan-activity;sid:84120579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.ps1"; depth:12; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257450/; classtype:trojan-activity;sid:84120550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/winring0x64.sys"; depth:23; endswith; nocase; http.host; content:"sec.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257451/; classtype:trojan-activity;sid:84120551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver.txt"; depth:8; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257452/; classtype:trojan-activity;sid:84120552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mon.txt"; depth:8; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257453/; classtype:trojan-activity;sid:84120553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.xsl"; depth:12; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257454/; classtype:trojan-activity;sid:84120554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nssmhash.txt"; depth:13; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257455/; classtype:trojan-activity;sid:84120555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/instance.ps1"; depth:20; endswith; nocase; http.host; content:"sec.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257456/; classtype:trojan-activity;sid:84120556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/javaw"; depth:13; endswith; nocase; http.host; content:"sec.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257457/; classtype:trojan-activity;sid:84120557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monhash.txt"; depth:12; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257458/; classtype:trojan-activity;sid:84120558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nssm.txt"; depth:9; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257459/; classtype:trojan-activity;sid:84120559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/net/net.xsl"; depth:19; endswith; nocase; http.host; content:"sec.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257460/; classtype:trojan-activity;sid:84120560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.xsl"; depth:12; endswith; nocase; http.host; content:"cat.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257461/; classtype:trojan-activity;sid:84120561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhash.txt"; depth:12; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257462/; classtype:trojan-activity;sid:84120562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys.txt"; depth:8; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257463/; classtype:trojan-activity;sid:84120563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/instance.ps1"; depth:20; endswith; nocase; http.host; content:"sec.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257464/; classtype:trojan-activity;sid:84120564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.ps1"; depth:12; endswith; nocase; http.host; content:"cat.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257465/; classtype:trojan-activity;sid:84120565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/networks.ps1"; depth:13; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257466/; classtype:trojan-activity;sid:84120566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/net/net.xsl"; depth:19; endswith; nocase; http.host; content:"sec.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257467/; classtype:trojan-activity;sid:84120567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.153.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257449/; classtype:trojan-activity;sid:84120549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.89.165.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257448/; classtype:trojan-activity;sid:84120548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.237.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257447/; classtype:trojan-activity;sid:84120547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.104.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257446/; classtype:trojan-activity;sid:84120546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.5.31.245"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257445/; classtype:trojan-activity;sid:84120545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257443/; classtype:trojan-activity;sid:84120543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257444/; classtype:trojan-activity;sid:84120544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.42.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257442/; classtype:trojan-activity;sid:84120542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"98.96.40.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257441/; classtype:trojan-activity;sid:84120541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.140.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257440/; classtype:trojan-activity;sid:84120540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.7.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257439/; classtype:trojan-activity;sid:84120539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.4.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257438/; classtype:trojan-activity;sid:84120538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257436/; classtype:trojan-activity;sid:84120536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257437/; classtype:trojan-activity;sid:84120537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257433/; classtype:trojan-activity;sid:84120533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oblivion121.sh"; depth:15; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257434/; classtype:trojan-activity;sid:84120534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.151.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257435/; classtype:trojan-activity;sid:84120535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257432/; classtype:trojan-activity;sid:84120532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257431/; classtype:trojan-activity;sid:84120531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257429/; classtype:trojan-activity;sid:84120529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257430/; classtype:trojan-activity;sid:84120530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257428/; classtype:trojan-activity;sid:84120528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257426/; classtype:trojan-activity;sid:84120526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257427/; classtype:trojan-activity;sid:84120527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257424/; classtype:trojan-activity;sid:84120524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"80.76.51.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257425/; classtype:trojan-activity;sid:84120525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.57.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257423/; classtype:trojan-activity;sid:84120523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.228.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257422/; classtype:trojan-activity;sid:84120522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.34.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257421/; classtype:trojan-activity;sid:84120521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.230.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257420/; classtype:trojan-activity;sid:84120520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257419/; classtype:trojan-activity;sid:84120519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.149.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257418/; classtype:trojan-activity;sid:84120518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.12.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257417/; classtype:trojan-activity;sid:84120517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257416/; classtype:trojan-activity;sid:84120516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257415/; classtype:trojan-activity;sid:84120515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.75.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257414/; classtype:trojan-activity;sid:84120514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.185.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257413/; classtype:trojan-activity;sid:84120513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.105.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257412/; classtype:trojan-activity;sid:84120512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.64.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257411/; classtype:trojan-activity;sid:84120511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.78.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257410/; classtype:trojan-activity;sid:84120510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.173.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257409/; classtype:trojan-activity;sid:84120509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.12.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257408/; classtype:trojan-activity;sid:84120508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.232.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257407/; classtype:trojan-activity;sid:84120507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.29.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257406/; classtype:trojan-activity;sid:84120506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.179.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257405/; classtype:trojan-activity;sid:84120505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.103.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257404/; classtype:trojan-activity;sid:84120504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.237.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257403/; classtype:trojan-activity;sid:84120503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.140.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257402/; classtype:trojan-activity;sid:84120502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.196.86.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257400/; classtype:trojan-activity;sid:84120500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.230.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257401/; classtype:trojan-activity;sid:84120501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.21.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257399/; classtype:trojan-activity;sid:84120499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.34.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257398/; classtype:trojan-activity;sid:84120498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.228.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257397/; classtype:trojan-activity;sid:84120497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.214.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257396/; classtype:trojan-activity;sid:84120496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.8.131.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257394/; classtype:trojan-activity;sid:84120494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.111.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257395/; classtype:trojan-activity;sid:84120495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.209.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257393/; classtype:trojan-activity;sid:84120493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.174.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257392/; classtype:trojan-activity;sid:84120492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.201.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257391/; classtype:trojan-activity;sid:84120491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.185.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257390/; classtype:trojan-activity;sid:84120490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.35.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257389/; classtype:trojan-activity;sid:84120489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.0.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257388/; classtype:trojan-activity;sid:84120488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.222.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257387/; classtype:trojan-activity;sid:84120487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.136.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257386/; classtype:trojan-activity;sid:84120486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.214.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257385/; classtype:trojan-activity;sid:84120485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257384/; classtype:trojan-activity;sid:84120484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.95.113"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257382/; classtype:trojan-activity;sid:84120482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.196.86.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257381/; classtype:trojan-activity;sid:84120481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.174.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257380/; classtype:trojan-activity;sid:84120480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257379/; classtype:trojan-activity;sid:84120479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.132.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257378/; classtype:trojan-activity;sid:84120478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.211.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257377/; classtype:trojan-activity;sid:84120477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257376/; classtype:trojan-activity;sid:84120476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.223.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257375/; classtype:trojan-activity;sid:84120475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.197.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257374/; classtype:trojan-activity;sid:84120474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.179.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257373/; classtype:trojan-activity;sid:84120473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.243.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257372/; classtype:trojan-activity;sid:84120472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.190.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257371/; classtype:trojan-activity;sid:84120471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.36.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257370/; classtype:trojan-activity;sid:84120470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.46.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257368/; classtype:trojan-activity;sid:84120468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.160.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257369/; classtype:trojan-activity;sid:84120469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.48.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257366/; classtype:trojan-activity;sid:84120466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.225.37.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257367/; classtype:trojan-activity;sid:84120467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257365/; classtype:trojan-activity;sid:84120465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257364/; classtype:trojan-activity;sid:84120464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.47.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257363/; classtype:trojan-activity;sid:84120463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"217.15.159.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257362/; classtype:trojan-activity;sid:84120462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.2.177.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257361/; classtype:trojan-activity;sid:84120461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.17.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257360/; classtype:trojan-activity;sid:84120460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257359/; classtype:trojan-activity;sid:84120459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.30.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257358/; classtype:trojan-activity;sid:84120458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.219.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257356/; classtype:trojan-activity;sid:84120456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.109.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257357/; classtype:trojan-activity;sid:84120457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.245.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257355/; classtype:trojan-activity;sid:84120455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.230.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257354/; classtype:trojan-activity;sid:84120454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257353/; classtype:trojan-activity;sid:84120453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.0.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257352/; classtype:trojan-activity;sid:84120452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.222.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257351/; classtype:trojan-activity;sid:84120451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257342/; classtype:trojan-activity;sid:84120442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257343/; classtype:trojan-activity;sid:84120443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257344/; classtype:trojan-activity;sid:84120444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257345/; classtype:trojan-activity;sid:84120445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257346/; classtype:trojan-activity;sid:84120446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257347/; classtype:trojan-activity;sid:84120447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257348/; classtype:trojan-activity;sid:84120448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257349/; classtype:trojan-activity;sid:84120449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.141.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257350/; classtype:trojan-activity;sid:84120450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257340/; classtype:trojan-activity;sid:84120440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257341/; classtype:trojan-activity;sid:84120441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257338/; classtype:trojan-activity;sid:84120438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257339/; classtype:trojan-activity;sid:84120439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257320/; classtype:trojan-activity;sid:84120420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257321/; classtype:trojan-activity;sid:84120421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257322/; classtype:trojan-activity;sid:84120422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257323/; classtype:trojan-activity;sid:84120423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257324/; classtype:trojan-activity;sid:84120424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257325/; classtype:trojan-activity;sid:84120425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257326/; classtype:trojan-activity;sid:84120426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257327/; classtype:trojan-activity;sid:84120427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257328/; classtype:trojan-activity;sid:84120428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257329/; classtype:trojan-activity;sid:84120429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257330/; classtype:trojan-activity;sid:84120430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257331/; classtype:trojan-activity;sid:84120431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257332/; classtype:trojan-activity;sid:84120432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257333/; classtype:trojan-activity;sid:84120433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257334/; classtype:trojan-activity;sid:84120434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257335/; classtype:trojan-activity;sid:84120435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257336/; classtype:trojan-activity;sid:84120436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257337/; classtype:trojan-activity;sid:84120437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257312/; classtype:trojan-activity;sid:84120412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257313/; classtype:trojan-activity;sid:84120413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257314/; classtype:trojan-activity;sid:84120414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257315/; classtype:trojan-activity;sid:84120415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257316/; classtype:trojan-activity;sid:84120416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257317/; classtype:trojan-activity;sid:84120417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257318/; classtype:trojan-activity;sid:84120418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257319/; classtype:trojan-activity;sid:84120419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257308/; classtype:trojan-activity;sid:84120408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257309/; classtype:trojan-activity;sid:84120409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257310/; classtype:trojan-activity;sid:84120410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257311/; classtype:trojan-activity;sid:84120411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257301/; classtype:trojan-activity;sid:84120401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257302/; classtype:trojan-activity;sid:84120402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257303/; classtype:trojan-activity;sid:84120403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257304/; classtype:trojan-activity;sid:84120404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257305/; classtype:trojan-activity;sid:84120405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257306/; classtype:trojan-activity;sid:84120406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257307/; classtype:trojan-activity;sid:84120407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257299/; classtype:trojan-activity;sid:84120399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257300/; classtype:trojan-activity;sid:84120400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257296/; classtype:trojan-activity;sid:84120396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257297/; classtype:trojan-activity;sid:84120397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257298/; classtype:trojan-activity;sid:84120398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257292/; classtype:trojan-activity;sid:84120392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257293/; classtype:trojan-activity;sid:84120393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257294/; classtype:trojan-activity;sid:84120394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257295/; classtype:trojan-activity;sid:84120395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257286/; classtype:trojan-activity;sid:84120386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257287/; classtype:trojan-activity;sid:84120387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257288/; classtype:trojan-activity;sid:84120388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257289/; classtype:trojan-activity;sid:84120389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257290/; classtype:trojan-activity;sid:84120390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257291/; classtype:trojan-activity;sid:84120391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257278/; classtype:trojan-activity;sid:84120378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257279/; classtype:trojan-activity;sid:84120379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257280/; classtype:trojan-activity;sid:84120380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257281/; classtype:trojan-activity;sid:84120381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257282/; classtype:trojan-activity;sid:84120382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257283/; classtype:trojan-activity;sid:84120383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257284/; classtype:trojan-activity;sid:84120384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257285/; classtype:trojan-activity;sid:84120385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257274/; classtype:trojan-activity;sid:84120374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257275/; classtype:trojan-activity;sid:84120375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257276/; classtype:trojan-activity;sid:84120376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257277/; classtype:trojan-activity;sid:84120377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257270/; classtype:trojan-activity;sid:84120370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257271/; classtype:trojan-activity;sid:84120371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257272/; classtype:trojan-activity;sid:84120372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257273/; classtype:trojan-activity;sid:84120373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257266/; classtype:trojan-activity;sid:84120366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257267/; classtype:trojan-activity;sid:84120367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257268/; classtype:trojan-activity;sid:84120368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257269/; classtype:trojan-activity;sid:84120369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257263/; classtype:trojan-activity;sid:84120363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257264/; classtype:trojan-activity;sid:84120364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257265/; classtype:trojan-activity;sid:84120365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257252/; classtype:trojan-activity;sid:84120352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257253/; classtype:trojan-activity;sid:84120353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257254/; classtype:trojan-activity;sid:84120354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257255/; classtype:trojan-activity;sid:84120355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257256/; classtype:trojan-activity;sid:84120356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257257/; classtype:trojan-activity;sid:84120357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257258/; classtype:trojan-activity;sid:84120358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257259/; classtype:trojan-activity;sid:84120359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257260/; classtype:trojan-activity;sid:84120360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257261/; classtype:trojan-activity;sid:84120361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257262/; classtype:trojan-activity;sid:84120362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257247/; classtype:trojan-activity;sid:84120347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257248/; classtype:trojan-activity;sid:84120348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257249/; classtype:trojan-activity;sid:84120349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257250/; classtype:trojan-activity;sid:84120350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257251/; classtype:trojan-activity;sid:84120351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257242/; classtype:trojan-activity;sid:84120342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257243/; classtype:trojan-activity;sid:84120343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257244/; classtype:trojan-activity;sid:84120344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257245/; classtype:trojan-activity;sid:84120345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257246/; classtype:trojan-activity;sid:84120346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257239/; classtype:trojan-activity;sid:84120339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257240/; classtype:trojan-activity;sid:84120340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257241/; classtype:trojan-activity;sid:84120341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257233/; classtype:trojan-activity;sid:84120333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257234/; classtype:trojan-activity;sid:84120334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257235/; classtype:trojan-activity;sid:84120335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257236/; classtype:trojan-activity;sid:84120336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257237/; classtype:trojan-activity;sid:84120337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257238/; classtype:trojan-activity;sid:84120338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257230/; classtype:trojan-activity;sid:84120330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257231/; classtype:trojan-activity;sid:84120331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257232/; classtype:trojan-activity;sid:84120332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257229/; classtype:trojan-activity;sid:84120329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257225/; classtype:trojan-activity;sid:84120325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257226/; classtype:trojan-activity;sid:84120326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257227/; classtype:trojan-activity;sid:84120327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257228/; classtype:trojan-activity;sid:84120328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257223/; classtype:trojan-activity;sid:84120323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257224/; classtype:trojan-activity;sid:84120324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257215/; classtype:trojan-activity;sid:84120315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257216/; classtype:trojan-activity;sid:84120316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257217/; classtype:trojan-activity;sid:84120317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257218/; classtype:trojan-activity;sid:84120318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257219/; classtype:trojan-activity;sid:84120319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257220/; classtype:trojan-activity;sid:84120320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257221/; classtype:trojan-activity;sid:84120321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257222/; classtype:trojan-activity;sid:84120322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257206/; classtype:trojan-activity;sid:84120306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257207/; classtype:trojan-activity;sid:84120307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257208/; classtype:trojan-activity;sid:84120308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257209/; classtype:trojan-activity;sid:84120309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257210/; classtype:trojan-activity;sid:84120310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257211/; classtype:trojan-activity;sid:84120311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257212/; classtype:trojan-activity;sid:84120312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257213/; classtype:trojan-activity;sid:84120313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257214/; classtype:trojan-activity;sid:84120314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257198/; classtype:trojan-activity;sid:84120298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257199/; classtype:trojan-activity;sid:84120299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257200/; classtype:trojan-activity;sid:84120300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257201/; classtype:trojan-activity;sid:84120301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257202/; classtype:trojan-activity;sid:84120302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257203/; classtype:trojan-activity;sid:84120303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257204/; classtype:trojan-activity;sid:84120304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257205/; classtype:trojan-activity;sid:84120305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257195/; classtype:trojan-activity;sid:84120295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257196/; classtype:trojan-activity;sid:84120296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257197/; classtype:trojan-activity;sid:84120297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257190/; classtype:trojan-activity;sid:84120290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257191/; classtype:trojan-activity;sid:84120291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257192/; classtype:trojan-activity;sid:84120292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257193/; classtype:trojan-activity;sid:84120293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257194/; classtype:trojan-activity;sid:84120294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257189/; classtype:trojan-activity;sid:84120289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257186/; classtype:trojan-activity;sid:84120286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257187/; classtype:trojan-activity;sid:84120287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257188/; classtype:trojan-activity;sid:84120288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257185/; classtype:trojan-activity;sid:84120285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257183/; classtype:trojan-activity;sid:84120283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257184/; classtype:trojan-activity;sid:84120284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257173/; classtype:trojan-activity;sid:84120273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257174/; classtype:trojan-activity;sid:84120274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257175/; classtype:trojan-activity;sid:84120275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257176/; classtype:trojan-activity;sid:84120276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257177/; classtype:trojan-activity;sid:84120277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257178/; classtype:trojan-activity;sid:84120278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257179/; classtype:trojan-activity;sid:84120279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257180/; classtype:trojan-activity;sid:84120280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257181/; classtype:trojan-activity;sid:84120281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257182/; classtype:trojan-activity;sid:84120282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257162/; classtype:trojan-activity;sid:84120262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257163/; classtype:trojan-activity;sid:84120263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257164/; classtype:trojan-activity;sid:84120264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257165/; classtype:trojan-activity;sid:84120265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257166/; classtype:trojan-activity;sid:84120266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257167/; classtype:trojan-activity;sid:84120267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257168/; classtype:trojan-activity;sid:84120268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257169/; classtype:trojan-activity;sid:84120269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257170/; classtype:trojan-activity;sid:84120270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257171/; classtype:trojan-activity;sid:84120271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257172/; classtype:trojan-activity;sid:84120272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257158/; classtype:trojan-activity;sid:84120258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257159/; classtype:trojan-activity;sid:84120259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257160/; classtype:trojan-activity;sid:84120260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257161/; classtype:trojan-activity;sid:84120261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257154/; classtype:trojan-activity;sid:84120254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257155/; classtype:trojan-activity;sid:84120255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257156/; classtype:trojan-activity;sid:84120256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257157/; classtype:trojan-activity;sid:84120257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257151/; classtype:trojan-activity;sid:84120251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257152/; classtype:trojan-activity;sid:84120252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257153/; classtype:trojan-activity;sid:84120253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257148/; classtype:trojan-activity;sid:84120248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257149/; classtype:trojan-activity;sid:84120249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257150/; classtype:trojan-activity;sid:84120250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257145/; classtype:trojan-activity;sid:84120245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257146/; classtype:trojan-activity;sid:84120246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257147/; classtype:trojan-activity;sid:84120247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257141/; classtype:trojan-activity;sid:84120241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257142/; classtype:trojan-activity;sid:84120242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257143/; classtype:trojan-activity;sid:84120243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257144/; classtype:trojan-activity;sid:84120244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257123/; classtype:trojan-activity;sid:84120223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257124/; classtype:trojan-activity;sid:84120224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257125/; classtype:trojan-activity;sid:84120225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257126/; classtype:trojan-activity;sid:84120226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257127/; classtype:trojan-activity;sid:84120227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257128/; classtype:trojan-activity;sid:84120228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257129/; classtype:trojan-activity;sid:84120229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257130/; classtype:trojan-activity;sid:84120230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257131/; classtype:trojan-activity;sid:84120231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257132/; classtype:trojan-activity;sid:84120232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257133/; classtype:trojan-activity;sid:84120233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257134/; classtype:trojan-activity;sid:84120234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257135/; classtype:trojan-activity;sid:84120235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257136/; classtype:trojan-activity;sid:84120236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257137/; classtype:trojan-activity;sid:84120237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257138/; classtype:trojan-activity;sid:84120238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257139/; classtype:trojan-activity;sid:84120239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257140/; classtype:trojan-activity;sid:84120240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257115/; classtype:trojan-activity;sid:84120215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257116/; classtype:trojan-activity;sid:84120216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257117/; classtype:trojan-activity;sid:84120217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257118/; classtype:trojan-activity;sid:84120218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257119/; classtype:trojan-activity;sid:84120219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257120/; classtype:trojan-activity;sid:84120220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257121/; classtype:trojan-activity;sid:84120221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257122/; classtype:trojan-activity;sid:84120222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257112/; classtype:trojan-activity;sid:84120212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257113/; classtype:trojan-activity;sid:84120213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257114/; classtype:trojan-activity;sid:84120214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257110/; classtype:trojan-activity;sid:84120210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257111/; classtype:trojan-activity;sid:84120211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257107/; classtype:trojan-activity;sid:84120207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257108/; classtype:trojan-activity;sid:84120208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257109/; classtype:trojan-activity;sid:84120209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257106/; classtype:trojan-activity;sid:84120206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257105/; classtype:trojan-activity;sid:84120205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257083/; classtype:trojan-activity;sid:84120183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257084/; classtype:trojan-activity;sid:84120184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257085/; classtype:trojan-activity;sid:84120185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257086/; classtype:trojan-activity;sid:84120186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257087/; classtype:trojan-activity;sid:84120187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257088/; classtype:trojan-activity;sid:84120188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257089/; classtype:trojan-activity;sid:84120189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257090/; classtype:trojan-activity;sid:84120190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257091/; classtype:trojan-activity;sid:84120191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257092/; classtype:trojan-activity;sid:84120192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257093/; classtype:trojan-activity;sid:84120193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257094/; classtype:trojan-activity;sid:84120194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257095/; classtype:trojan-activity;sid:84120195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257096/; classtype:trojan-activity;sid:84120196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257097/; classtype:trojan-activity;sid:84120197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257098/; classtype:trojan-activity;sid:84120198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257099/; classtype:trojan-activity;sid:84120199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257100/; classtype:trojan-activity;sid:84120200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257101/; classtype:trojan-activity;sid:84120201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257102/; classtype:trojan-activity;sid:84120202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257103/; classtype:trojan-activity;sid:84120203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257104/; classtype:trojan-activity;sid:84120204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257080/; classtype:trojan-activity;sid:84120180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257081/; classtype:trojan-activity;sid:84120181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257082/; classtype:trojan-activity;sid:84120182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257079/; classtype:trojan-activity;sid:84120179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257076/; classtype:trojan-activity;sid:84120176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257077/; classtype:trojan-activity;sid:84120177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257078/; classtype:trojan-activity;sid:84120178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257071/; classtype:trojan-activity;sid:84120171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257072/; classtype:trojan-activity;sid:84120172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257073/; classtype:trojan-activity;sid:84120173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257074/; classtype:trojan-activity;sid:84120174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257075/; classtype:trojan-activity;sid:84120175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257067/; classtype:trojan-activity;sid:84120167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257068/; classtype:trojan-activity;sid:84120168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257069/; classtype:trojan-activity;sid:84120169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257070/; classtype:trojan-activity;sid:84120170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257065/; classtype:trojan-activity;sid:84120165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257066/; classtype:trojan-activity;sid:84120166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257064/; classtype:trojan-activity;sid:84120164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257060/; classtype:trojan-activity;sid:84120160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257061/; classtype:trojan-activity;sid:84120161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257062/; classtype:trojan-activity;sid:84120162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257063/; classtype:trojan-activity;sid:84120163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257053/; classtype:trojan-activity;sid:84120153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257054/; classtype:trojan-activity;sid:84120154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257055/; classtype:trojan-activity;sid:84120155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257056/; classtype:trojan-activity;sid:84120156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257057/; classtype:trojan-activity;sid:84120157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257058/; classtype:trojan-activity;sid:84120158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257059/; classtype:trojan-activity;sid:84120159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257052/; classtype:trojan-activity;sid:84120152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257049/; classtype:trojan-activity;sid:84120149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257050/; classtype:trojan-activity;sid:84120150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257051/; classtype:trojan-activity;sid:84120151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257046/; classtype:trojan-activity;sid:84120146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257047/; classtype:trojan-activity;sid:84120147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257048/; classtype:trojan-activity;sid:84120148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257042/; classtype:trojan-activity;sid:84120142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257043/; classtype:trojan-activity;sid:84120143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257044/; classtype:trojan-activity;sid:84120144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257045/; classtype:trojan-activity;sid:84120145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257039/; classtype:trojan-activity;sid:84120139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257040/; classtype:trojan-activity;sid:84120140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257041/; classtype:trojan-activity;sid:84120141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257036/; classtype:trojan-activity;sid:84120136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257037/; classtype:trojan-activity;sid:84120137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257038/; classtype:trojan-activity;sid:84120138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257034/; classtype:trojan-activity;sid:84120134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257035/; classtype:trojan-activity;sid:84120135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257023/; classtype:trojan-activity;sid:84120123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257024/; classtype:trojan-activity;sid:84120124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257025/; classtype:trojan-activity;sid:84120125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257026/; classtype:trojan-activity;sid:84120126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257027/; classtype:trojan-activity;sid:84120127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257028/; classtype:trojan-activity;sid:84120128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257029/; classtype:trojan-activity;sid:84120129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257030/; classtype:trojan-activity;sid:84120130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257031/; classtype:trojan-activity;sid:84120131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257032/; classtype:trojan-activity;sid:84120132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257033/; classtype:trojan-activity;sid:84120133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257022/; classtype:trojan-activity;sid:84120122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257019/; classtype:trojan-activity;sid:84120119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257020/; classtype:trojan-activity;sid:84120120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257021/; classtype:trojan-activity;sid:84120121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257018/; classtype:trojan-activity;sid:84120118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257017/; classtype:trojan-activity;sid:84120117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257008/; classtype:trojan-activity;sid:84120108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257009/; classtype:trojan-activity;sid:84120109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257010/; classtype:trojan-activity;sid:84120110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257011/; classtype:trojan-activity;sid:84120111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257012/; classtype:trojan-activity;sid:84120112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257013/; classtype:trojan-activity;sid:84120113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257014/; classtype:trojan-activity;sid:84120114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257015/; classtype:trojan-activity;sid:84120115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257016/; classtype:trojan-activity;sid:84120116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257005/; classtype:trojan-activity;sid:84120105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257006/; classtype:trojan-activity;sid:84120106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257007/; classtype:trojan-activity;sid:84120107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257001/; classtype:trojan-activity;sid:84120101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257002/; classtype:trojan-activity;sid:84120102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257003/; classtype:trojan-activity;sid:84120103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257004/; classtype:trojan-activity;sid:84120104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256998/; classtype:trojan-activity;sid:84120098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256999/; classtype:trojan-activity;sid:84120099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257000/; classtype:trojan-activity;sid:84120100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256992/; classtype:trojan-activity;sid:84120092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256993/; classtype:trojan-activity;sid:84120093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256994/; classtype:trojan-activity;sid:84120094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256995/; classtype:trojan-activity;sid:84120095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256996/; classtype:trojan-activity;sid:84120096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256997/; classtype:trojan-activity;sid:84120097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256984/; classtype:trojan-activity;sid:84120084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256985/; classtype:trojan-activity;sid:84120085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256986/; classtype:trojan-activity;sid:84120086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256987/; classtype:trojan-activity;sid:84120087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256988/; classtype:trojan-activity;sid:84120088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256989/; classtype:trojan-activity;sid:84120089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256990/; classtype:trojan-activity;sid:84120090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256991/; classtype:trojan-activity;sid:84120091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256980/; classtype:trojan-activity;sid:84120080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256981/; classtype:trojan-activity;sid:84120081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256982/; classtype:trojan-activity;sid:84120082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256983/; classtype:trojan-activity;sid:84120083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256977/; classtype:trojan-activity;sid:84120077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256978/; classtype:trojan-activity;sid:84120078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256979/; classtype:trojan-activity;sid:84120079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256976/; classtype:trojan-activity;sid:84120076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256975/; classtype:trojan-activity;sid:84120075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256969/; classtype:trojan-activity;sid:84120069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256970/; classtype:trojan-activity;sid:84120070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256971/; classtype:trojan-activity;sid:84120071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256972/; classtype:trojan-activity;sid:84120072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256973/; classtype:trojan-activity;sid:84120073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256974/; classtype:trojan-activity;sid:84120074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256965/; classtype:trojan-activity;sid:84120065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256966/; classtype:trojan-activity;sid:84120066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256967/; classtype:trojan-activity;sid:84120067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256968/; classtype:trojan-activity;sid:84120068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256961/; classtype:trojan-activity;sid:84120061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256962/; classtype:trojan-activity;sid:84120062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256963/; classtype:trojan-activity;sid:84120063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256964/; classtype:trojan-activity;sid:84120064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256955/; classtype:trojan-activity;sid:84120055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256956/; classtype:trojan-activity;sid:84120056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256957/; classtype:trojan-activity;sid:84120057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256958/; classtype:trojan-activity;sid:84120058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256959/; classtype:trojan-activity;sid:84120059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256960/; classtype:trojan-activity;sid:84120060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256953/; classtype:trojan-activity;sid:84120053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256954/; classtype:trojan-activity;sid:84120054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256948/; classtype:trojan-activity;sid:84120048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256949/; classtype:trojan-activity;sid:84120049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256950/; classtype:trojan-activity;sid:84120050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256951/; classtype:trojan-activity;sid:84120051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256952/; classtype:trojan-activity;sid:84120052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256941/; classtype:trojan-activity;sid:84120041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256942/; classtype:trojan-activity;sid:84120042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256943/; classtype:trojan-activity;sid:84120043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256944/; classtype:trojan-activity;sid:84120044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256945/; classtype:trojan-activity;sid:84120045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256946/; classtype:trojan-activity;sid:84120046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256947/; classtype:trojan-activity;sid:84120047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256939/; classtype:trojan-activity;sid:84120039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256940/; classtype:trojan-activity;sid:84120040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256938/; classtype:trojan-activity;sid:84120038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256936/; classtype:trojan-activity;sid:84120036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256937/; classtype:trojan-activity;sid:84120037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256935/; classtype:trojan-activity;sid:84120035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256933/; classtype:trojan-activity;sid:84120033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256934/; classtype:trojan-activity;sid:84120034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256932/; classtype:trojan-activity;sid:84120032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256928/; classtype:trojan-activity;sid:84120028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256929/; classtype:trojan-activity;sid:84120029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256930/; classtype:trojan-activity;sid:84120030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256931/; classtype:trojan-activity;sid:84120031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256924/; classtype:trojan-activity;sid:84120024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256925/; classtype:trojan-activity;sid:84120025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256926/; classtype:trojan-activity;sid:84120026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256927/; classtype:trojan-activity;sid:84120027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256919/; classtype:trojan-activity;sid:84120019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256920/; classtype:trojan-activity;sid:84120020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256921/; classtype:trojan-activity;sid:84120021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256922/; classtype:trojan-activity;sid:84120022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256923/; classtype:trojan-activity;sid:84120023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256916/; classtype:trojan-activity;sid:84120016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256917/; classtype:trojan-activity;sid:84120017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256918/; classtype:trojan-activity;sid:84120018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256913/; classtype:trojan-activity;sid:84120013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256914/; classtype:trojan-activity;sid:84120014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256915/; classtype:trojan-activity;sid:84120015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256911/; classtype:trojan-activity;sid:84120011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256912/; classtype:trojan-activity;sid:84120012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256905/; classtype:trojan-activity;sid:84120005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256906/; classtype:trojan-activity;sid:84120006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256907/; classtype:trojan-activity;sid:84120007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256908/; classtype:trojan-activity;sid:84120008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256909/; classtype:trojan-activity;sid:84120009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256910/; classtype:trojan-activity;sid:84120010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256898/; classtype:trojan-activity;sid:84119998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256899/; classtype:trojan-activity;sid:84119999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256900/; classtype:trojan-activity;sid:84120000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256901/; classtype:trojan-activity;sid:84120001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256902/; classtype:trojan-activity;sid:84120002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256903/; classtype:trojan-activity;sid:84120003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256904/; classtype:trojan-activity;sid:84120004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256895/; classtype:trojan-activity;sid:84119995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256896/; classtype:trojan-activity;sid:84119996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256897/; classtype:trojan-activity;sid:84119997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256893/; classtype:trojan-activity;sid:84119993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256894/; classtype:trojan-activity;sid:84119994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256886/; classtype:trojan-activity;sid:84119986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256887/; classtype:trojan-activity;sid:84119987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256888/; classtype:trojan-activity;sid:84119988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256889/; classtype:trojan-activity;sid:84119989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256890/; classtype:trojan-activity;sid:84119990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256891/; classtype:trojan-activity;sid:84119991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256892/; classtype:trojan-activity;sid:84119992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256881/; classtype:trojan-activity;sid:84119981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256882/; classtype:trojan-activity;sid:84119982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256883/; classtype:trojan-activity;sid:84119983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256884/; classtype:trojan-activity;sid:84119984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256885/; classtype:trojan-activity;sid:84119985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256874/; classtype:trojan-activity;sid:84119974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256875/; classtype:trojan-activity;sid:84119975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256876/; classtype:trojan-activity;sid:84119976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256877/; classtype:trojan-activity;sid:84119977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256878/; classtype:trojan-activity;sid:84119978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256879/; classtype:trojan-activity;sid:84119979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256880/; classtype:trojan-activity;sid:84119980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256868/; classtype:trojan-activity;sid:84119968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256869/; classtype:trojan-activity;sid:84119969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256870/; classtype:trojan-activity;sid:84119970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256871/; classtype:trojan-activity;sid:84119971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256872/; classtype:trojan-activity;sid:84119972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256873/; classtype:trojan-activity;sid:84119973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256865/; classtype:trojan-activity;sid:84119965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256866/; classtype:trojan-activity;sid:84119966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256867/; classtype:trojan-activity;sid:84119967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256856/; classtype:trojan-activity;sid:84119956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256857/; classtype:trojan-activity;sid:84119957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256858/; classtype:trojan-activity;sid:84119958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256859/; classtype:trojan-activity;sid:84119959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256860/; classtype:trojan-activity;sid:84119960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256861/; classtype:trojan-activity;sid:84119961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256862/; classtype:trojan-activity;sid:84119962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256863/; classtype:trojan-activity;sid:84119963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256864/; classtype:trojan-activity;sid:84119964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256852/; classtype:trojan-activity;sid:84119952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256853/; classtype:trojan-activity;sid:84119953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256854/; classtype:trojan-activity;sid:84119954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256855/; classtype:trojan-activity;sid:84119955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256846/; classtype:trojan-activity;sid:84119946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256847/; classtype:trojan-activity;sid:84119947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256848/; classtype:trojan-activity;sid:84119948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256849/; classtype:trojan-activity;sid:84119949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256850/; classtype:trojan-activity;sid:84119950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256851/; classtype:trojan-activity;sid:84119951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256842/; classtype:trojan-activity;sid:84119942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256843/; classtype:trojan-activity;sid:84119943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256844/; classtype:trojan-activity;sid:84119944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256845/; classtype:trojan-activity;sid:84119945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256833/; classtype:trojan-activity;sid:84119933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256834/; classtype:trojan-activity;sid:84119934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256835/; classtype:trojan-activity;sid:84119935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256836/; classtype:trojan-activity;sid:84119936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256837/; classtype:trojan-activity;sid:84119937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256838/; classtype:trojan-activity;sid:84119938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256839/; classtype:trojan-activity;sid:84119939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256840/; classtype:trojan-activity;sid:84119940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256841/; classtype:trojan-activity;sid:84119941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256829/; classtype:trojan-activity;sid:84119929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256830/; classtype:trojan-activity;sid:84119930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256831/; classtype:trojan-activity;sid:84119931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256832/; classtype:trojan-activity;sid:84119932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256824/; classtype:trojan-activity;sid:84119924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256825/; classtype:trojan-activity;sid:84119925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256826/; classtype:trojan-activity;sid:84119926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256827/; classtype:trojan-activity;sid:84119927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256828/; classtype:trojan-activity;sid:84119928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256819/; classtype:trojan-activity;sid:84119919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256820/; classtype:trojan-activity;sid:84119920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256821/; classtype:trojan-activity;sid:84119921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256822/; classtype:trojan-activity;sid:84119922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256823/; classtype:trojan-activity;sid:84119923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256813/; classtype:trojan-activity;sid:84119913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256814/; classtype:trojan-activity;sid:84119914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256815/; classtype:trojan-activity;sid:84119915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256816/; classtype:trojan-activity;sid:84119916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256817/; classtype:trojan-activity;sid:84119917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256818/; classtype:trojan-activity;sid:84119918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256804/; classtype:trojan-activity;sid:84119904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256805/; classtype:trojan-activity;sid:84119905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256806/; classtype:trojan-activity;sid:84119906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256807/; classtype:trojan-activity;sid:84119907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256808/; classtype:trojan-activity;sid:84119908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256809/; classtype:trojan-activity;sid:84119909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256810/; classtype:trojan-activity;sid:84119910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256811/; classtype:trojan-activity;sid:84119911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256812/; classtype:trojan-activity;sid:84119912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256801/; classtype:trojan-activity;sid:84119901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256802/; classtype:trojan-activity;sid:84119902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256803/; classtype:trojan-activity;sid:84119903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256799/; classtype:trojan-activity;sid:84119899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256800/; classtype:trojan-activity;sid:84119900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256792/; classtype:trojan-activity;sid:84119892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256793/; classtype:trojan-activity;sid:84119893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256794/; classtype:trojan-activity;sid:84119894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256795/; classtype:trojan-activity;sid:84119895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256796/; classtype:trojan-activity;sid:84119896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256797/; classtype:trojan-activity;sid:84119897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256798/; classtype:trojan-activity;sid:84119898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256785/; classtype:trojan-activity;sid:84119885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256786/; classtype:trojan-activity;sid:84119886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256787/; classtype:trojan-activity;sid:84119887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256788/; classtype:trojan-activity;sid:84119888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256789/; classtype:trojan-activity;sid:84119889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256790/; classtype:trojan-activity;sid:84119890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256791/; classtype:trojan-activity;sid:84119891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256780/; classtype:trojan-activity;sid:84119880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256781/; classtype:trojan-activity;sid:84119881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256782/; classtype:trojan-activity;sid:84119882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256783/; classtype:trojan-activity;sid:84119883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256784/; classtype:trojan-activity;sid:84119884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256775/; classtype:trojan-activity;sid:84119875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256776/; classtype:trojan-activity;sid:84119876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256777/; classtype:trojan-activity;sid:84119877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256778/; classtype:trojan-activity;sid:84119878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256779/; classtype:trojan-activity;sid:84119879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256768/; classtype:trojan-activity;sid:84119868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256769/; classtype:trojan-activity;sid:84119869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256770/; classtype:trojan-activity;sid:84119870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256771/; classtype:trojan-activity;sid:84119871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256772/; classtype:trojan-activity;sid:84119872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256773/; classtype:trojan-activity;sid:84119873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256774/; classtype:trojan-activity;sid:84119874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256761/; classtype:trojan-activity;sid:84119861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256762/; classtype:trojan-activity;sid:84119862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256763/; classtype:trojan-activity;sid:84119863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256764/; classtype:trojan-activity;sid:84119864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256765/; classtype:trojan-activity;sid:84119865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256766/; classtype:trojan-activity;sid:84119866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256767/; classtype:trojan-activity;sid:84119867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256757/; classtype:trojan-activity;sid:84119857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256758/; classtype:trojan-activity;sid:84119858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256759/; classtype:trojan-activity;sid:84119859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256760/; classtype:trojan-activity;sid:84119860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256752/; classtype:trojan-activity;sid:84119852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256753/; classtype:trojan-activity;sid:84119853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256754/; classtype:trojan-activity;sid:84119854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256755/; classtype:trojan-activity;sid:84119855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256756/; classtype:trojan-activity;sid:84119856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256749/; classtype:trojan-activity;sid:84119849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256750/; classtype:trojan-activity;sid:84119850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256751/; classtype:trojan-activity;sid:84119851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256743/; classtype:trojan-activity;sid:84119843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256744/; classtype:trojan-activity;sid:84119844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256745/; classtype:trojan-activity;sid:84119845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256746/; classtype:trojan-activity;sid:84119846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256747/; classtype:trojan-activity;sid:84119847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256748/; classtype:trojan-activity;sid:84119848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256740/; classtype:trojan-activity;sid:84119840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256741/; classtype:trojan-activity;sid:84119841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256742/; classtype:trojan-activity;sid:84119842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256735/; classtype:trojan-activity;sid:84119835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256736/; classtype:trojan-activity;sid:84119836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256737/; classtype:trojan-activity;sid:84119837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256738/; classtype:trojan-activity;sid:84119838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256739/; classtype:trojan-activity;sid:84119839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256727/; classtype:trojan-activity;sid:84119827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256728/; classtype:trojan-activity;sid:84119828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256729/; classtype:trojan-activity;sid:84119829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256730/; classtype:trojan-activity;sid:84119830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256731/; classtype:trojan-activity;sid:84119831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256732/; classtype:trojan-activity;sid:84119832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256733/; classtype:trojan-activity;sid:84119833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256734/; classtype:trojan-activity;sid:84119834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256717/; classtype:trojan-activity;sid:84119817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256718/; classtype:trojan-activity;sid:84119818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256719/; classtype:trojan-activity;sid:84119819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256720/; classtype:trojan-activity;sid:84119820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256721/; classtype:trojan-activity;sid:84119821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256722/; classtype:trojan-activity;sid:84119822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256723/; classtype:trojan-activity;sid:84119823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256724/; classtype:trojan-activity;sid:84119824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256725/; classtype:trojan-activity;sid:84119825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256726/; classtype:trojan-activity;sid:84119826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256711/; classtype:trojan-activity;sid:84119811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256712/; classtype:trojan-activity;sid:84119812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256713/; classtype:trojan-activity;sid:84119813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256714/; classtype:trojan-activity;sid:84119814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256715/; classtype:trojan-activity;sid:84119815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256716/; classtype:trojan-activity;sid:84119816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256707/; classtype:trojan-activity;sid:84119807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256708/; classtype:trojan-activity;sid:84119808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256709/; classtype:trojan-activity;sid:84119809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256710/; classtype:trojan-activity;sid:84119810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256700/; classtype:trojan-activity;sid:84119800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256701/; classtype:trojan-activity;sid:84119801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256702/; classtype:trojan-activity;sid:84119802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256703/; classtype:trojan-activity;sid:84119803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256704/; classtype:trojan-activity;sid:84119804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256705/; classtype:trojan-activity;sid:84119805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256706/; classtype:trojan-activity;sid:84119806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256697/; classtype:trojan-activity;sid:84119797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256698/; classtype:trojan-activity;sid:84119798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256699/; classtype:trojan-activity;sid:84119799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256695/; classtype:trojan-activity;sid:84119795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256696/; classtype:trojan-activity;sid:84119796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256688/; classtype:trojan-activity;sid:84119788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256689/; classtype:trojan-activity;sid:84119789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256690/; classtype:trojan-activity;sid:84119790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256691/; classtype:trojan-activity;sid:84119791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256692/; classtype:trojan-activity;sid:84119792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256693/; classtype:trojan-activity;sid:84119793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256694/; classtype:trojan-activity;sid:84119794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256683/; classtype:trojan-activity;sid:84119783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256684/; classtype:trojan-activity;sid:84119784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256685/; classtype:trojan-activity;sid:84119785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256686/; classtype:trojan-activity;sid:84119786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256687/; classtype:trojan-activity;sid:84119787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256675/; classtype:trojan-activity;sid:84119775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256676/; classtype:trojan-activity;sid:84119776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256677/; classtype:trojan-activity;sid:84119777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256678/; classtype:trojan-activity;sid:84119778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256679/; classtype:trojan-activity;sid:84119779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256680/; classtype:trojan-activity;sid:84119780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256681/; classtype:trojan-activity;sid:84119781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256682/; classtype:trojan-activity;sid:84119782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256669/; classtype:trojan-activity;sid:84119769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256670/; classtype:trojan-activity;sid:84119770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256671/; classtype:trojan-activity;sid:84119771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256672/; classtype:trojan-activity;sid:84119772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256673/; classtype:trojan-activity;sid:84119773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256674/; classtype:trojan-activity;sid:84119774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256665/; classtype:trojan-activity;sid:84119765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256666/; classtype:trojan-activity;sid:84119766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256667/; classtype:trojan-activity;sid:84119767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256668/; classtype:trojan-activity;sid:84119768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256661/; classtype:trojan-activity;sid:84119761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256662/; classtype:trojan-activity;sid:84119762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256663/; classtype:trojan-activity;sid:84119763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256664/; classtype:trojan-activity;sid:84119764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256660/; classtype:trojan-activity;sid:84119760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256653/; classtype:trojan-activity;sid:84119753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256654/; classtype:trojan-activity;sid:84119754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256655/; classtype:trojan-activity;sid:84119755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256656/; classtype:trojan-activity;sid:84119756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256657/; classtype:trojan-activity;sid:84119757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256658/; classtype:trojan-activity;sid:84119758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256659/; classtype:trojan-activity;sid:84119759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256646/; classtype:trojan-activity;sid:84119746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256647/; classtype:trojan-activity;sid:84119747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256648/; classtype:trojan-activity;sid:84119748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256649/; classtype:trojan-activity;sid:84119749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256650/; classtype:trojan-activity;sid:84119750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256651/; classtype:trojan-activity;sid:84119751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256652/; classtype:trojan-activity;sid:84119752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256635/; classtype:trojan-activity;sid:84119735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256636/; classtype:trojan-activity;sid:84119736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256637/; classtype:trojan-activity;sid:84119737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256638/; classtype:trojan-activity;sid:84119738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256639/; classtype:trojan-activity;sid:84119739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256640/; classtype:trojan-activity;sid:84119740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256641/; classtype:trojan-activity;sid:84119741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256642/; classtype:trojan-activity;sid:84119742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256643/; classtype:trojan-activity;sid:84119743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256644/; classtype:trojan-activity;sid:84119744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256645/; classtype:trojan-activity;sid:84119745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256631/; classtype:trojan-activity;sid:84119731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256632/; classtype:trojan-activity;sid:84119732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256633/; classtype:trojan-activity;sid:84119733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256634/; classtype:trojan-activity;sid:84119734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256626/; classtype:trojan-activity;sid:84119726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256627/; classtype:trojan-activity;sid:84119727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256628/; classtype:trojan-activity;sid:84119728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256629/; classtype:trojan-activity;sid:84119729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256630/; classtype:trojan-activity;sid:84119730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256625/; classtype:trojan-activity;sid:84119725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256618/; classtype:trojan-activity;sid:84119718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256619/; classtype:trojan-activity;sid:84119719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256620/; classtype:trojan-activity;sid:84119720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256621/; classtype:trojan-activity;sid:84119721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256622/; classtype:trojan-activity;sid:84119722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256623/; classtype:trojan-activity;sid:84119723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256624/; classtype:trojan-activity;sid:84119724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256615/; classtype:trojan-activity;sid:84119715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256616/; classtype:trojan-activity;sid:84119716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256617/; classtype:trojan-activity;sid:84119717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256605/; classtype:trojan-activity;sid:84119705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256606/; classtype:trojan-activity;sid:84119706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256607/; classtype:trojan-activity;sid:84119707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256608/; classtype:trojan-activity;sid:84119708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256609/; classtype:trojan-activity;sid:84119709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256610/; classtype:trojan-activity;sid:84119710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256611/; classtype:trojan-activity;sid:84119711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256612/; classtype:trojan-activity;sid:84119712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256613/; classtype:trojan-activity;sid:84119713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256614/; classtype:trojan-activity;sid:84119714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256601/; classtype:trojan-activity;sid:84119701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256602/; classtype:trojan-activity;sid:84119702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256603/; classtype:trojan-activity;sid:84119703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256604/; classtype:trojan-activity;sid:84119704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256591/; classtype:trojan-activity;sid:84119691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256592/; classtype:trojan-activity;sid:84119692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256593/; classtype:trojan-activity;sid:84119693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256594/; classtype:trojan-activity;sid:84119694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256595/; classtype:trojan-activity;sid:84119695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256596/; classtype:trojan-activity;sid:84119696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256597/; classtype:trojan-activity;sid:84119697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256598/; classtype:trojan-activity;sid:84119698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256599/; classtype:trojan-activity;sid:84119699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256600/; classtype:trojan-activity;sid:84119700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256585/; classtype:trojan-activity;sid:84119685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256586/; classtype:trojan-activity;sid:84119686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256587/; classtype:trojan-activity;sid:84119687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256588/; classtype:trojan-activity;sid:84119688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256589/; classtype:trojan-activity;sid:84119689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256590/; classtype:trojan-activity;sid:84119690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256577/; classtype:trojan-activity;sid:84119677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256578/; classtype:trojan-activity;sid:84119678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256579/; classtype:trojan-activity;sid:84119679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256580/; classtype:trojan-activity;sid:84119680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256581/; classtype:trojan-activity;sid:84119681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256582/; classtype:trojan-activity;sid:84119682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256583/; classtype:trojan-activity;sid:84119683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256584/; classtype:trojan-activity;sid:84119684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256574/; classtype:trojan-activity;sid:84119674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256575/; classtype:trojan-activity;sid:84119675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256576/; classtype:trojan-activity;sid:84119676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256572/; classtype:trojan-activity;sid:84119672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256573/; classtype:trojan-activity;sid:84119673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256568/; classtype:trojan-activity;sid:84119668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256569/; classtype:trojan-activity;sid:84119669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256570/; classtype:trojan-activity;sid:84119670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256571/; classtype:trojan-activity;sid:84119671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256559/; classtype:trojan-activity;sid:84119659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256560/; classtype:trojan-activity;sid:84119660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256561/; classtype:trojan-activity;sid:84119661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256562/; classtype:trojan-activity;sid:84119662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256563/; classtype:trojan-activity;sid:84119663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256564/; classtype:trojan-activity;sid:84119664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256565/; classtype:trojan-activity;sid:84119665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256566/; classtype:trojan-activity;sid:84119666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256567/; classtype:trojan-activity;sid:84119667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256552/; classtype:trojan-activity;sid:84119652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256553/; classtype:trojan-activity;sid:84119653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256554/; classtype:trojan-activity;sid:84119654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256555/; classtype:trojan-activity;sid:84119655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256556/; classtype:trojan-activity;sid:84119656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256557/; classtype:trojan-activity;sid:84119657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256558/; classtype:trojan-activity;sid:84119658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256547/; classtype:trojan-activity;sid:84119647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256548/; classtype:trojan-activity;sid:84119648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256549/; classtype:trojan-activity;sid:84119649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256550/; classtype:trojan-activity;sid:84119650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256551/; classtype:trojan-activity;sid:84119651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256541/; classtype:trojan-activity;sid:84119641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256542/; classtype:trojan-activity;sid:84119642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256543/; classtype:trojan-activity;sid:84119643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256544/; classtype:trojan-activity;sid:84119644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256545/; classtype:trojan-activity;sid:84119645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256546/; classtype:trojan-activity;sid:84119646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256536/; classtype:trojan-activity;sid:84119636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256537/; classtype:trojan-activity;sid:84119637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256538/; classtype:trojan-activity;sid:84119638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256539/; classtype:trojan-activity;sid:84119639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256540/; classtype:trojan-activity;sid:84119640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256532/; classtype:trojan-activity;sid:84119632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256533/; classtype:trojan-activity;sid:84119633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256534/; classtype:trojan-activity;sid:84119634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256535/; classtype:trojan-activity;sid:84119635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256530/; classtype:trojan-activity;sid:84119630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256531/; classtype:trojan-activity;sid:84119631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256525/; classtype:trojan-activity;sid:84119625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256526/; classtype:trojan-activity;sid:84119626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256527/; classtype:trojan-activity;sid:84119627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256528/; classtype:trojan-activity;sid:84119628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256529/; classtype:trojan-activity;sid:84119629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256515/; classtype:trojan-activity;sid:84119615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256516/; classtype:trojan-activity;sid:84119616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256517/; classtype:trojan-activity;sid:84119617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256518/; classtype:trojan-activity;sid:84119618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256519/; classtype:trojan-activity;sid:84119619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256520/; classtype:trojan-activity;sid:84119620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256521/; classtype:trojan-activity;sid:84119621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256522/; classtype:trojan-activity;sid:84119622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256523/; classtype:trojan-activity;sid:84119623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256524/; classtype:trojan-activity;sid:84119624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256505/; classtype:trojan-activity;sid:84119605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256506/; classtype:trojan-activity;sid:84119606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256507/; classtype:trojan-activity;sid:84119607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256508/; classtype:trojan-activity;sid:84119608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256509/; classtype:trojan-activity;sid:84119609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256510/; classtype:trojan-activity;sid:84119610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256511/; classtype:trojan-activity;sid:84119611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256512/; classtype:trojan-activity;sid:84119612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256513/; classtype:trojan-activity;sid:84119613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256514/; classtype:trojan-activity;sid:84119614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256499/; classtype:trojan-activity;sid:84119599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256500/; classtype:trojan-activity;sid:84119600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256501/; classtype:trojan-activity;sid:84119601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256502/; classtype:trojan-activity;sid:84119602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256503/; classtype:trojan-activity;sid:84119603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256504/; classtype:trojan-activity;sid:84119604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256496/; classtype:trojan-activity;sid:84119596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256497/; classtype:trojan-activity;sid:84119597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256498/; classtype:trojan-activity;sid:84119598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256490/; classtype:trojan-activity;sid:84119590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256491/; classtype:trojan-activity;sid:84119591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256492/; classtype:trojan-activity;sid:84119592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256493/; classtype:trojan-activity;sid:84119593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256494/; classtype:trojan-activity;sid:84119594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256495/; classtype:trojan-activity;sid:84119595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256488/; classtype:trojan-activity;sid:84119588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256489/; classtype:trojan-activity;sid:84119589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256487/; classtype:trojan-activity;sid:84119587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256478/; classtype:trojan-activity;sid:84119578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256479/; classtype:trojan-activity;sid:84119579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256480/; classtype:trojan-activity;sid:84119580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256481/; classtype:trojan-activity;sid:84119581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256482/; classtype:trojan-activity;sid:84119582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256483/; classtype:trojan-activity;sid:84119583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256484/; classtype:trojan-activity;sid:84119584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256485/; classtype:trojan-activity;sid:84119585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256486/; classtype:trojan-activity;sid:84119586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256466/; classtype:trojan-activity;sid:84119566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256467/; classtype:trojan-activity;sid:84119567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256468/; classtype:trojan-activity;sid:84119568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256469/; classtype:trojan-activity;sid:84119569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256470/; classtype:trojan-activity;sid:84119570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256471/; classtype:trojan-activity;sid:84119571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256472/; classtype:trojan-activity;sid:84119572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256473/; classtype:trojan-activity;sid:84119573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256474/; classtype:trojan-activity;sid:84119574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256475/; classtype:trojan-activity;sid:84119575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256476/; classtype:trojan-activity;sid:84119576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256477/; classtype:trojan-activity;sid:84119577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256456/; classtype:trojan-activity;sid:84119556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256457/; classtype:trojan-activity;sid:84119557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256458/; classtype:trojan-activity;sid:84119558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256459/; classtype:trojan-activity;sid:84119559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256460/; classtype:trojan-activity;sid:84119560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256461/; classtype:trojan-activity;sid:84119561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256462/; classtype:trojan-activity;sid:84119562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256463/; classtype:trojan-activity;sid:84119563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256464/; classtype:trojan-activity;sid:84119564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256465/; classtype:trojan-activity;sid:84119565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256453/; classtype:trojan-activity;sid:84119553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256454/; classtype:trojan-activity;sid:84119554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256455/; classtype:trojan-activity;sid:84119555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256447/; classtype:trojan-activity;sid:84119547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256448/; classtype:trojan-activity;sid:84119548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256449/; classtype:trojan-activity;sid:84119549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256450/; classtype:trojan-activity;sid:84119550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256451/; classtype:trojan-activity;sid:84119551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256452/; classtype:trojan-activity;sid:84119552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256439/; classtype:trojan-activity;sid:84119539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256440/; classtype:trojan-activity;sid:84119540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256441/; classtype:trojan-activity;sid:84119541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256442/; classtype:trojan-activity;sid:84119542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256443/; classtype:trojan-activity;sid:84119543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256444/; classtype:trojan-activity;sid:84119544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256445/; classtype:trojan-activity;sid:84119545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256446/; classtype:trojan-activity;sid:84119546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256437/; classtype:trojan-activity;sid:84119537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256438/; classtype:trojan-activity;sid:84119538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256431/; classtype:trojan-activity;sid:84119531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256432/; classtype:trojan-activity;sid:84119532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256433/; classtype:trojan-activity;sid:84119533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256434/; classtype:trojan-activity;sid:84119534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256435/; classtype:trojan-activity;sid:84119535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256436/; classtype:trojan-activity;sid:84119536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256418/; classtype:trojan-activity;sid:84119518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256419/; classtype:trojan-activity;sid:84119519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256420/; classtype:trojan-activity;sid:84119520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256421/; classtype:trojan-activity;sid:84119521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256422/; classtype:trojan-activity;sid:84119522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256423/; classtype:trojan-activity;sid:84119523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256424/; classtype:trojan-activity;sid:84119524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256425/; classtype:trojan-activity;sid:84119525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256426/; classtype:trojan-activity;sid:84119526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256427/; classtype:trojan-activity;sid:84119527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256428/; classtype:trojan-activity;sid:84119528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256429/; classtype:trojan-activity;sid:84119529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256430/; classtype:trojan-activity;sid:84119530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256411/; classtype:trojan-activity;sid:84119511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256412/; classtype:trojan-activity;sid:84119512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256413/; classtype:trojan-activity;sid:84119513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256414/; classtype:trojan-activity;sid:84119514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256415/; classtype:trojan-activity;sid:84119515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256416/; classtype:trojan-activity;sid:84119516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256417/; classtype:trojan-activity;sid:84119517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256405/; classtype:trojan-activity;sid:84119505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256406/; classtype:trojan-activity;sid:84119506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256407/; classtype:trojan-activity;sid:84119507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256408/; classtype:trojan-activity;sid:84119508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256409/; classtype:trojan-activity;sid:84119509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256410/; classtype:trojan-activity;sid:84119510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256402/; classtype:trojan-activity;sid:84119502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256403/; classtype:trojan-activity;sid:84119503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256404/; classtype:trojan-activity;sid:84119504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256396/; classtype:trojan-activity;sid:84119496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256397/; classtype:trojan-activity;sid:84119497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256398/; classtype:trojan-activity;sid:84119498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256399/; classtype:trojan-activity;sid:84119499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256400/; classtype:trojan-activity;sid:84119500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256401/; classtype:trojan-activity;sid:84119501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256388/; classtype:trojan-activity;sid:84119488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256389/; classtype:trojan-activity;sid:84119489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256390/; classtype:trojan-activity;sid:84119490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256391/; classtype:trojan-activity;sid:84119491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256392/; classtype:trojan-activity;sid:84119492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256393/; classtype:trojan-activity;sid:84119493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256394/; classtype:trojan-activity;sid:84119494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256395/; classtype:trojan-activity;sid:84119495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256381/; classtype:trojan-activity;sid:84119481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256382/; classtype:trojan-activity;sid:84119482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256383/; classtype:trojan-activity;sid:84119483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256384/; classtype:trojan-activity;sid:84119484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256385/; classtype:trojan-activity;sid:84119485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256386/; classtype:trojan-activity;sid:84119486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256387/; classtype:trojan-activity;sid:84119487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256372/; classtype:trojan-activity;sid:84119472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256373/; classtype:trojan-activity;sid:84119473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256374/; classtype:trojan-activity;sid:84119474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256375/; classtype:trojan-activity;sid:84119475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256376/; classtype:trojan-activity;sid:84119476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256377/; classtype:trojan-activity;sid:84119477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256378/; classtype:trojan-activity;sid:84119478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256379/; classtype:trojan-activity;sid:84119479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256380/; classtype:trojan-activity;sid:84119480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256365/; classtype:trojan-activity;sid:84119465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256366/; classtype:trojan-activity;sid:84119466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256367/; classtype:trojan-activity;sid:84119467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256368/; classtype:trojan-activity;sid:84119468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256369/; classtype:trojan-activity;sid:84119469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256370/; classtype:trojan-activity;sid:84119470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256371/; classtype:trojan-activity;sid:84119471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256362/; classtype:trojan-activity;sid:84119462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256363/; classtype:trojan-activity;sid:84119463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256364/; classtype:trojan-activity;sid:84119464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256360/; classtype:trojan-activity;sid:84119460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256361/; classtype:trojan-activity;sid:84119461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256355/; classtype:trojan-activity;sid:84119455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256356/; classtype:trojan-activity;sid:84119456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256357/; classtype:trojan-activity;sid:84119457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256358/; classtype:trojan-activity;sid:84119458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256359/; classtype:trojan-activity;sid:84119459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256351/; classtype:trojan-activity;sid:84119451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256352/; classtype:trojan-activity;sid:84119452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256353/; classtype:trojan-activity;sid:84119453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256354/; classtype:trojan-activity;sid:84119454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256342/; classtype:trojan-activity;sid:84119442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256343/; classtype:trojan-activity;sid:84119443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256344/; classtype:trojan-activity;sid:84119444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256345/; classtype:trojan-activity;sid:84119445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256346/; classtype:trojan-activity;sid:84119446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256347/; classtype:trojan-activity;sid:84119447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256348/; classtype:trojan-activity;sid:84119448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256349/; classtype:trojan-activity;sid:84119449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256350/; classtype:trojan-activity;sid:84119450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256326/; classtype:trojan-activity;sid:84119426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256327/; classtype:trojan-activity;sid:84119427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256328/; classtype:trojan-activity;sid:84119428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256329/; classtype:trojan-activity;sid:84119429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256330/; classtype:trojan-activity;sid:84119430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256331/; classtype:trojan-activity;sid:84119431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256332/; classtype:trojan-activity;sid:84119432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256333/; classtype:trojan-activity;sid:84119433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256334/; classtype:trojan-activity;sid:84119434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256335/; classtype:trojan-activity;sid:84119435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256336/; classtype:trojan-activity;sid:84119436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256337/; classtype:trojan-activity;sid:84119437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256338/; classtype:trojan-activity;sid:84119438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256339/; classtype:trojan-activity;sid:84119439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256340/; classtype:trojan-activity;sid:84119440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256341/; classtype:trojan-activity;sid:84119441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256321/; classtype:trojan-activity;sid:84119421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256322/; classtype:trojan-activity;sid:84119422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256323/; classtype:trojan-activity;sid:84119423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256324/; classtype:trojan-activity;sid:84119424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256325/; classtype:trojan-activity;sid:84119425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256319/; classtype:trojan-activity;sid:84119419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256320/; classtype:trojan-activity;sid:84119420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256313/; classtype:trojan-activity;sid:84119413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256314/; classtype:trojan-activity;sid:84119414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256315/; classtype:trojan-activity;sid:84119415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256316/; classtype:trojan-activity;sid:84119416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256317/; classtype:trojan-activity;sid:84119417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256318/; classtype:trojan-activity;sid:84119418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256311/; classtype:trojan-activity;sid:84119411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256312/; classtype:trojan-activity;sid:84119412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256291/; classtype:trojan-activity;sid:84119391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256292/; classtype:trojan-activity;sid:84119392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256293/; classtype:trojan-activity;sid:84119393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256294/; classtype:trojan-activity;sid:84119394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256295/; classtype:trojan-activity;sid:84119395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256296/; classtype:trojan-activity;sid:84119396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256297/; classtype:trojan-activity;sid:84119397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256298/; classtype:trojan-activity;sid:84119398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256299/; classtype:trojan-activity;sid:84119399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256300/; classtype:trojan-activity;sid:84119400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256301/; classtype:trojan-activity;sid:84119401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256302/; classtype:trojan-activity;sid:84119402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256303/; classtype:trojan-activity;sid:84119403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256304/; classtype:trojan-activity;sid:84119404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256305/; classtype:trojan-activity;sid:84119405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256306/; classtype:trojan-activity;sid:84119406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256307/; classtype:trojan-activity;sid:84119407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256308/; classtype:trojan-activity;sid:84119408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256309/; classtype:trojan-activity;sid:84119409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256310/; classtype:trojan-activity;sid:84119410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256278/; classtype:trojan-activity;sid:84119378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256279/; classtype:trojan-activity;sid:84119379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256280/; classtype:trojan-activity;sid:84119380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256281/; classtype:trojan-activity;sid:84119381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256282/; classtype:trojan-activity;sid:84119382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256283/; classtype:trojan-activity;sid:84119383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256284/; classtype:trojan-activity;sid:84119384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256285/; classtype:trojan-activity;sid:84119385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256286/; classtype:trojan-activity;sid:84119386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256287/; classtype:trojan-activity;sid:84119387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256288/; classtype:trojan-activity;sid:84119388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256289/; classtype:trojan-activity;sid:84119389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256290/; classtype:trojan-activity;sid:84119390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256277/; classtype:trojan-activity;sid:84119377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256276/; classtype:trojan-activity;sid:84119376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256272/; classtype:trojan-activity;sid:84119372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256273/; classtype:trojan-activity;sid:84119373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256274/; classtype:trojan-activity;sid:84119374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256275/; classtype:trojan-activity;sid:84119375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.188.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256271/; classtype:trojan-activity;sid:84119371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.197.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256270/; classtype:trojan-activity;sid:84119370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.36.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256269/; classtype:trojan-activity;sid:84119369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256268/; classtype:trojan-activity;sid:84119368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/"; depth:6; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256267/; classtype:trojan-activity;sid:84119367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mpsl"; depth:16; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256262/; classtype:trojan-activity;sid:84119362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.ppc"; depth:15; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256263/; classtype:trojan-activity;sid:84119363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm4"; depth:16; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256264/; classtype:trojan-activity;sid:84119364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sparc"; depth:17; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256265/; classtype:trojan-activity;sid:84119365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sh"; depth:14; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256266/; classtype:trojan-activity;sid:84119366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm5"; depth:16; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256257/; classtype:trojan-activity;sid:84119357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.x86"; depth:15; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256258/; classtype:trojan-activity;sid:84119358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mips"; depth:16; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256259/; classtype:trojan-activity;sid:84119359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm6"; depth:16; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256260/; classtype:trojan-activity;sid:84119360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm7"; depth:16; endswith; nocase; http.host; content:"94.141.123.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256261/; classtype:trojan-activity;sid:84119361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.78.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256256/; classtype:trojan-activity;sid:84119356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256250/; classtype:trojan-activity;sid:84119350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256251/; classtype:trojan-activity;sid:84119351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256252/; classtype:trojan-activity;sid:84119352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256253/; classtype:trojan-activity;sid:84119353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256254/; classtype:trojan-activity;sid:84119354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256255/; classtype:trojan-activity;sid:84119355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256241/; classtype:trojan-activity;sid:84119341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256242/; classtype:trojan-activity;sid:84119342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256243/; classtype:trojan-activity;sid:84119343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256244/; classtype:trojan-activity;sid:84119344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256245/; classtype:trojan-activity;sid:84119345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256246/; classtype:trojan-activity;sid:84119346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256247/; classtype:trojan-activity;sid:84119347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256248/; classtype:trojan-activity;sid:84119348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256249/; classtype:trojan-activity;sid:84119349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256232/; classtype:trojan-activity;sid:84119332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256233/; classtype:trojan-activity;sid:84119333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256234/; classtype:trojan-activity;sid:84119334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256235/; classtype:trojan-activity;sid:84119335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256236/; classtype:trojan-activity;sid:84119336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256237/; classtype:trojan-activity;sid:84119337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256238/; classtype:trojan-activity;sid:84119338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256239/; classtype:trojan-activity;sid:84119339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256240/; classtype:trojan-activity;sid:84119340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256225/; classtype:trojan-activity;sid:84119325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256226/; classtype:trojan-activity;sid:84119326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256227/; classtype:trojan-activity;sid:84119327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256228/; classtype:trojan-activity;sid:84119328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256229/; classtype:trojan-activity;sid:84119329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256230/; classtype:trojan-activity;sid:84119330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256231/; classtype:trojan-activity;sid:84119331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256219/; classtype:trojan-activity;sid:84119319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256220/; classtype:trojan-activity;sid:84119320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256221/; classtype:trojan-activity;sid:84119321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256222/; classtype:trojan-activity;sid:84119322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256223/; classtype:trojan-activity;sid:84119323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256224/; classtype:trojan-activity;sid:84119324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256213/; classtype:trojan-activity;sid:84119313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256214/; classtype:trojan-activity;sid:84119314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256215/; classtype:trojan-activity;sid:84119315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256216/; classtype:trojan-activity;sid:84119316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256217/; classtype:trojan-activity;sid:84119317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256218/; classtype:trojan-activity;sid:84119318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256207/; classtype:trojan-activity;sid:84119307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256208/; classtype:trojan-activity;sid:84119308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256209/; classtype:trojan-activity;sid:84119309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256210/; classtype:trojan-activity;sid:84119310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256211/; classtype:trojan-activity;sid:84119311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256212/; classtype:trojan-activity;sid:84119312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256204/; classtype:trojan-activity;sid:84119304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256205/; classtype:trojan-activity;sid:84119305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256206/; classtype:trojan-activity;sid:84119306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256201/; classtype:trojan-activity;sid:84119301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256202/; classtype:trojan-activity;sid:84119302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256203/; classtype:trojan-activity;sid:84119303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256196/; classtype:trojan-activity;sid:84119296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256197/; classtype:trojan-activity;sid:84119297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256198/; classtype:trojan-activity;sid:84119298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256199/; classtype:trojan-activity;sid:84119299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256200/; classtype:trojan-activity;sid:84119300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256188/; classtype:trojan-activity;sid:84119288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256189/; classtype:trojan-activity;sid:84119289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256190/; classtype:trojan-activity;sid:84119290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256191/; classtype:trojan-activity;sid:84119291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256192/; classtype:trojan-activity;sid:84119292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256193/; classtype:trojan-activity;sid:84119293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256194/; classtype:trojan-activity;sid:84119294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256195/; classtype:trojan-activity;sid:84119295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256184/; classtype:trojan-activity;sid:84119284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256185/; classtype:trojan-activity;sid:84119285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256186/; classtype:trojan-activity;sid:84119286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256187/; classtype:trojan-activity;sid:84119287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256177/; classtype:trojan-activity;sid:84119277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256178/; classtype:trojan-activity;sid:84119278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256179/; classtype:trojan-activity;sid:84119279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256180/; classtype:trojan-activity;sid:84119280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256181/; classtype:trojan-activity;sid:84119281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256182/; classtype:trojan-activity;sid:84119282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256183/; classtype:trojan-activity;sid:84119283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256167/; classtype:trojan-activity;sid:84119267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256168/; classtype:trojan-activity;sid:84119268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256169/; classtype:trojan-activity;sid:84119269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256170/; classtype:trojan-activity;sid:84119270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256171/; classtype:trojan-activity;sid:84119271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256172/; classtype:trojan-activity;sid:84119272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256173/; classtype:trojan-activity;sid:84119273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256174/; classtype:trojan-activity;sid:84119274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256175/; classtype:trojan-activity;sid:84119275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256176/; classtype:trojan-activity;sid:84119276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256160/; classtype:trojan-activity;sid:84119260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256161/; classtype:trojan-activity;sid:84119261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256162/; classtype:trojan-activity;sid:84119262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256163/; classtype:trojan-activity;sid:84119263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256164/; classtype:trojan-activity;sid:84119264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256165/; classtype:trojan-activity;sid:84119265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256166/; classtype:trojan-activity;sid:84119266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256156/; classtype:trojan-activity;sid:84119256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256157/; classtype:trojan-activity;sid:84119257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256158/; classtype:trojan-activity;sid:84119258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256159/; classtype:trojan-activity;sid:84119259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256154/; classtype:trojan-activity;sid:84119254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256155/; classtype:trojan-activity;sid:84119255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256152/; classtype:trojan-activity;sid:84119252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256153/; classtype:trojan-activity;sid:84119253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256148/; classtype:trojan-activity;sid:84119248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256149/; classtype:trojan-activity;sid:84119249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256150/; classtype:trojan-activity;sid:84119250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256151/; classtype:trojan-activity;sid:84119251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256137/; classtype:trojan-activity;sid:84119237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256138/; classtype:trojan-activity;sid:84119238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256139/; classtype:trojan-activity;sid:84119239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256140/; classtype:trojan-activity;sid:84119240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256141/; classtype:trojan-activity;sid:84119241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256142/; classtype:trojan-activity;sid:84119242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256143/; classtype:trojan-activity;sid:84119243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256144/; classtype:trojan-activity;sid:84119244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256145/; classtype:trojan-activity;sid:84119245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256146/; classtype:trojan-activity;sid:84119246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256147/; classtype:trojan-activity;sid:84119247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256123/; classtype:trojan-activity;sid:84119223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256124/; classtype:trojan-activity;sid:84119224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256125/; classtype:trojan-activity;sid:84119225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256126/; classtype:trojan-activity;sid:84119226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256127/; classtype:trojan-activity;sid:84119227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256128/; classtype:trojan-activity;sid:84119228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256129/; classtype:trojan-activity;sid:84119229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256130/; classtype:trojan-activity;sid:84119230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256131/; classtype:trojan-activity;sid:84119231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256132/; classtype:trojan-activity;sid:84119232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256133/; classtype:trojan-activity;sid:84119233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256134/; classtype:trojan-activity;sid:84119234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256135/; classtype:trojan-activity;sid:84119235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256136/; classtype:trojan-activity;sid:84119236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256112/; classtype:trojan-activity;sid:84119212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256113/; classtype:trojan-activity;sid:84119213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256114/; classtype:trojan-activity;sid:84119214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256115/; classtype:trojan-activity;sid:84119215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256116/; classtype:trojan-activity;sid:84119216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256117/; classtype:trojan-activity;sid:84119217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256118/; classtype:trojan-activity;sid:84119218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256119/; classtype:trojan-activity;sid:84119219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256120/; classtype:trojan-activity;sid:84119220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256121/; classtype:trojan-activity;sid:84119221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256122/; classtype:trojan-activity;sid:84119222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256110/; classtype:trojan-activity;sid:84119210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256111/; classtype:trojan-activity;sid:84119211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256109/; classtype:trojan-activity;sid:84119209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"search-slv.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256103/; classtype:trojan-activity;sid:84119203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"search-jrd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256104/; classtype:trojan-activity;sid:84119204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"search-spd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256105/; classtype:trojan-activity;sid:84119205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"search-gld.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256106/; classtype:trojan-activity;sid:84119206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"stats.search-st1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256107/; classtype:trojan-activity;sid:84119207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"www.185-150-24-68.cprapid.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256108/; classtype:trojan-activity;sid:84119208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"js1.search-st1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256102/; classtype:trojan-activity;sid:84119202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.16.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256101/; classtype:trojan-activity;sid:84119201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.136.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256100/; classtype:trojan-activity;sid:84119200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.172.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256099/; classtype:trojan-activity;sid:84119199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.163.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256098/; classtype:trojan-activity;sid:84119198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3256097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3256097/; classtype:trojan-activity;sid:84119197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.76.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255942/; classtype:trojan-activity;sid:84119042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.211.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255941/; classtype:trojan-activity;sid:84119041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.239.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255940/; classtype:trojan-activity;sid:84119040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.210.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255939/; classtype:trojan-activity;sid:84119039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255938/; classtype:trojan-activity;sid:84119038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.34.103"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255937/; classtype:trojan-activity;sid:84119037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.188.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255936/; classtype:trojan-activity;sid:84119036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.243.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255935/; classtype:trojan-activity;sid:84119035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.230.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255934/; classtype:trojan-activity;sid:84119034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.50.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255933/; classtype:trojan-activity;sid:84119033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.173.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255932/; classtype:trojan-activity;sid:84119032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.80.139.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255930/; classtype:trojan-activity;sid:84119030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.221.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255931/; classtype:trojan-activity;sid:84119031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.118.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255929/; classtype:trojan-activity;sid:84119029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.151.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255928/; classtype:trojan-activity;sid:84119028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255927/; classtype:trojan-activity;sid:84119027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.185.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255926/; classtype:trojan-activity;sid:84119026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.141.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255925/; classtype:trojan-activity;sid:84119025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.36.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255924/; classtype:trojan-activity;sid:84119024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.89.165.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255923/; classtype:trojan-activity;sid:84119023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255922/; classtype:trojan-activity;sid:84119022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g-927414.appspot.com/index"; depth:27; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255921/; classtype:trojan-activity;sid:84119021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255920/; classtype:trojan-activity;sid:84119020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.26.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255918/; classtype:trojan-activity;sid:84119018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.78.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255919/; classtype:trojan-activity;sid:84119019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.163.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255917/; classtype:trojan-activity;sid:84119017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.151.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255916/; classtype:trojan-activity;sid:84119016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.112.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255914/; classtype:trojan-activity;sid:84119014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.237.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255915/; classtype:trojan-activity;sid:84119015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255913/; classtype:trojan-activity;sid:84119013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.233.158.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255912/; classtype:trojan-activity;sid:84119012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.93.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255911/; classtype:trojan-activity;sid:84119011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.215.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255910/; classtype:trojan-activity;sid:84119010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.209.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255909/; classtype:trojan-activity;sid:84119009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.126.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255908/; classtype:trojan-activity;sid:84119008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.22.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255907/; classtype:trojan-activity;sid:84119007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255906/; classtype:trojan-activity;sid:84119006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.114.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255905/; classtype:trojan-activity;sid:84119005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255904/; classtype:trojan-activity;sid:84119004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.txt"; depth:6; endswith; nocase; http.host; content:"stak.pages.dev"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255903/; classtype:trojan-activity;sid:84119003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.251.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255901/; classtype:trojan-activity;sid:84119001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.212.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255902/; classtype:trojan-activity;sid:84119002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/swallow%20sperm%20or%20not%20how%20to%20convince%20that%20it%27s%20not%20only%20tasty%2c%20but%20also%20healthy..lnk"; depth:127; endswith; nocase; http.host; content:"62.133.61.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255900/; classtype:trojan-activity;sid:84119000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255898/; classtype:trojan-activity;sid:84118998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.144.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255899/; classtype:trojan-activity;sid:84118999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot-armv7"; depth:10; endswith; nocase; http.host; content:"167.172.21.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255896/; classtype:trojan-activity;sid:84118996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot-x86"; depth:8; endswith; nocase; http.host; content:"167.172.21.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255897/; classtype:trojan-activity;sid:84118997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.155.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255894/; classtype:trojan-activity;sid:84118994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.66.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255895/; classtype:trojan-activity;sid:84118995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.86.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255893/; classtype:trojan-activity;sid:84118993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.155.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255892/; classtype:trojan-activity;sid:84118992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255891/; classtype:trojan-activity;sid:84118991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255890/; classtype:trojan-activity;sid:84118990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255868/; classtype:trojan-activity;sid:84118968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255869/; classtype:trojan-activity;sid:84118969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255870/; classtype:trojan-activity;sid:84118970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255871/; classtype:trojan-activity;sid:84118971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255872/; classtype:trojan-activity;sid:84118972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255873/; classtype:trojan-activity;sid:84118973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255874/; classtype:trojan-activity;sid:84118974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255875/; classtype:trojan-activity;sid:84118975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255876/; classtype:trojan-activity;sid:84118976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255877/; classtype:trojan-activity;sid:84118977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255878/; classtype:trojan-activity;sid:84118978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255879/; classtype:trojan-activity;sid:84118979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255880/; classtype:trojan-activity;sid:84118980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255881/; classtype:trojan-activity;sid:84118981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255882/; classtype:trojan-activity;sid:84118982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255883/; classtype:trojan-activity;sid:84118983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255884/; classtype:trojan-activity;sid:84118984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255885/; classtype:trojan-activity;sid:84118985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255886/; classtype:trojan-activity;sid:84118986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255887/; classtype:trojan-activity;sid:84118987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255888/; classtype:trojan-activity;sid:84118988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255889/; classtype:trojan-activity;sid:84118989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255862/; classtype:trojan-activity;sid:84118962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255863/; classtype:trojan-activity;sid:84118963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255864/; classtype:trojan-activity;sid:84118964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255865/; classtype:trojan-activity;sid:84118965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255866/; classtype:trojan-activity;sid:84118966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.185.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255867/; classtype:trojan-activity;sid:84118967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255839/; classtype:trojan-activity;sid:84118939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255840/; classtype:trojan-activity;sid:84118940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255841/; classtype:trojan-activity;sid:84118941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255842/; classtype:trojan-activity;sid:84118942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255843/; classtype:trojan-activity;sid:84118943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255844/; classtype:trojan-activity;sid:84118944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255845/; classtype:trojan-activity;sid:84118945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255846/; classtype:trojan-activity;sid:84118946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255847/; classtype:trojan-activity;sid:84118947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255848/; classtype:trojan-activity;sid:84118948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255849/; classtype:trojan-activity;sid:84118949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255850/; classtype:trojan-activity;sid:84118950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255851/; classtype:trojan-activity;sid:84118951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255852/; classtype:trojan-activity;sid:84118952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255853/; classtype:trojan-activity;sid:84118953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255854/; classtype:trojan-activity;sid:84118954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255855/; classtype:trojan-activity;sid:84118955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255856/; classtype:trojan-activity;sid:84118956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255857/; classtype:trojan-activity;sid:84118957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255858/; classtype:trojan-activity;sid:84118958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255859/; classtype:trojan-activity;sid:84118959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255860/; classtype:trojan-activity;sid:84118960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255861/; classtype:trojan-activity;sid:84118961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255837/; classtype:trojan-activity;sid:84118937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255838/; classtype:trojan-activity;sid:84118938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255836/; classtype:trojan-activity;sid:84118936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255814/; classtype:trojan-activity;sid:84118914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255815/; classtype:trojan-activity;sid:84118915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255816/; classtype:trojan-activity;sid:84118916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255817/; classtype:trojan-activity;sid:84118917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255818/; classtype:trojan-activity;sid:84118918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255819/; classtype:trojan-activity;sid:84118919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255820/; classtype:trojan-activity;sid:84118920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255821/; classtype:trojan-activity;sid:84118921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255822/; classtype:trojan-activity;sid:84118922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255823/; classtype:trojan-activity;sid:84118923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255824/; classtype:trojan-activity;sid:84118924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255825/; classtype:trojan-activity;sid:84118925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255826/; classtype:trojan-activity;sid:84118926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255827/; classtype:trojan-activity;sid:84118927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255828/; classtype:trojan-activity;sid:84118928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255829/; classtype:trojan-activity;sid:84118929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255830/; classtype:trojan-activity;sid:84118930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255831/; classtype:trojan-activity;sid:84118931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255832/; classtype:trojan-activity;sid:84118932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255833/; classtype:trojan-activity;sid:84118933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255834/; classtype:trojan-activity;sid:84118934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255835/; classtype:trojan-activity;sid:84118935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255801/; classtype:trojan-activity;sid:84118901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255802/; classtype:trojan-activity;sid:84118902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255803/; classtype:trojan-activity;sid:84118903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255804/; classtype:trojan-activity;sid:84118904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255805/; classtype:trojan-activity;sid:84118905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255806/; classtype:trojan-activity;sid:84118906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255807/; classtype:trojan-activity;sid:84118907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255808/; classtype:trojan-activity;sid:84118908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255809/; classtype:trojan-activity;sid:84118909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255810/; classtype:trojan-activity;sid:84118910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255811/; classtype:trojan-activity;sid:84118911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255812/; classtype:trojan-activity;sid:84118912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255813/; classtype:trojan-activity;sid:84118913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255798/; classtype:trojan-activity;sid:84118898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255799/; classtype:trojan-activity;sid:84118899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255800/; classtype:trojan-activity;sid:84118900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255797/; classtype:trojan-activity;sid:84118897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255795/; classtype:trojan-activity;sid:84118895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255796/; classtype:trojan-activity;sid:84118896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255792/; classtype:trojan-activity;sid:84118892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255793/; classtype:trojan-activity;sid:84118893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255794/; classtype:trojan-activity;sid:84118894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255790/; classtype:trojan-activity;sid:84118890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255791/; classtype:trojan-activity;sid:84118891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255786/; classtype:trojan-activity;sid:84118886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255787/; classtype:trojan-activity;sid:84118887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255788/; classtype:trojan-activity;sid:84118888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255789/; classtype:trojan-activity;sid:84118889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255785/; classtype:trojan-activity;sid:84118885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255784/; classtype:trojan-activity;sid:84118884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255761/; classtype:trojan-activity;sid:84118861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255762/; classtype:trojan-activity;sid:84118862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255763/; classtype:trojan-activity;sid:84118863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255764/; classtype:trojan-activity;sid:84118864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255765/; classtype:trojan-activity;sid:84118865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255766/; classtype:trojan-activity;sid:84118866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255767/; classtype:trojan-activity;sid:84118867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255768/; classtype:trojan-activity;sid:84118868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255769/; classtype:trojan-activity;sid:84118869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255770/; classtype:trojan-activity;sid:84118870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255771/; classtype:trojan-activity;sid:84118871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255772/; classtype:trojan-activity;sid:84118872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255773/; classtype:trojan-activity;sid:84118873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255774/; classtype:trojan-activity;sid:84118874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255775/; classtype:trojan-activity;sid:84118875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255776/; classtype:trojan-activity;sid:84118876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255777/; classtype:trojan-activity;sid:84118877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255778/; classtype:trojan-activity;sid:84118878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255779/; classtype:trojan-activity;sid:84118879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255780/; classtype:trojan-activity;sid:84118880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255781/; classtype:trojan-activity;sid:84118881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255782/; classtype:trojan-activity;sid:84118882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255783/; classtype:trojan-activity;sid:84118883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255758/; classtype:trojan-activity;sid:84118858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklx86"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255759/; classtype:trojan-activity;sid:84118859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255760/; classtype:trojan-activity;sid:84118860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255756/; classtype:trojan-activity;sid:84118856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255757/; classtype:trojan-activity;sid:84118857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdvr"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255755/; classtype:trojan-activity;sid:84118855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255738/; classtype:trojan-activity;sid:84118838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255739/; classtype:trojan-activity;sid:84118839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255740/; classtype:trojan-activity;sid:84118840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255741/; classtype:trojan-activity;sid:84118841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buf"; depth:4; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255742/; classtype:trojan-activity;sid:84118842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255743/; classtype:trojan-activity;sid:84118843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wert"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255744/; classtype:trojan-activity;sid:84118844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255745/; classtype:trojan-activity;sid:84118845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.58.42.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255746/; classtype:trojan-activity;sid:84118846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255747/; classtype:trojan-activity;sid:84118847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255748/; classtype:trojan-activity;sid:84118848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.190.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255749/; classtype:trojan-activity;sid:84118849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255750/; classtype:trojan-activity;sid:84118850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ah"; depth:3; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255751/; classtype:trojan-activity;sid:84118851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255752/; classtype:trojan-activity;sid:84118852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255753/; classtype:trojan-activity;sid:84118853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255754/; classtype:trojan-activity;sid:84118854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255723/; classtype:trojan-activity;sid:84118823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255724/; classtype:trojan-activity;sid:84118824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255725/; classtype:trojan-activity;sid:84118825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255726/; classtype:trojan-activity;sid:84118826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255727/; classtype:trojan-activity;sid:84118827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255728/; classtype:trojan-activity;sid:84118828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255729/; classtype:trojan-activity;sid:84118829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255730/; classtype:trojan-activity;sid:84118830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255731/; classtype:trojan-activity;sid:84118831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255732/; classtype:trojan-activity;sid:84118832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabarm7"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255733/; classtype:trojan-activity;sid:84118833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nklm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255734/; classtype:trojan-activity;sid:84118834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255735/; classtype:trojan-activity;sid:84118835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmips"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255736/; classtype:trojan-activity;sid:84118836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wop"; depth:4; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255737/; classtype:trojan-activity;sid:84118837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255713/; classtype:trojan-activity;sid:84118813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255714/; classtype:trojan-activity;sid:84118814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255715/; classtype:trojan-activity;sid:84118815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255716/; classtype:trojan-activity;sid:84118816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255717/; classtype:trojan-activity;sid:84118817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255718/; classtype:trojan-activity;sid:84118818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255719/; classtype:trojan-activity;sid:84118819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabmpsl"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255720/; classtype:trojan-activity;sid:84118820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255721/; classtype:trojan-activity;sid:84118821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255722/; classtype:trojan-activity;sid:84118822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255712/; classtype:trojan-activity;sid:84118812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255710/; classtype:trojan-activity;sid:84118810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255711/; classtype:trojan-activity;sid:84118811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/"; depth:6; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255709/; classtype:trojan-activity;sid:84118809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255704/; classtype:trojan-activity;sid:84118804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255705/; classtype:trojan-activity;sid:84118805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255706/; classtype:trojan-activity;sid:84118806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255707/; classtype:trojan-activity;sid:84118807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255708/; classtype:trojan-activity;sid:84118808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.147.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255703/; classtype:trojan-activity;sid:84118803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.127.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255702/; classtype:trojan-activity;sid:84118802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.112.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255701/; classtype:trojan-activity;sid:84118801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.185.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255700/; classtype:trojan-activity;sid:84118800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255699/; classtype:trojan-activity;sid:84118799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255698/; classtype:trojan-activity;sid:84118798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255697/; classtype:trojan-activity;sid:84118797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255676/; classtype:trojan-activity;sid:84118776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255677/; classtype:trojan-activity;sid:84118777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255678/; classtype:trojan-activity;sid:84118778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255679/; classtype:trojan-activity;sid:84118779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255680/; classtype:trojan-activity;sid:84118780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255681/; classtype:trojan-activity;sid:84118781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255682/; classtype:trojan-activity;sid:84118782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255683/; classtype:trojan-activity;sid:84118783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255684/; classtype:trojan-activity;sid:84118784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255685/; classtype:trojan-activity;sid:84118785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255686/; classtype:trojan-activity;sid:84118786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255687/; classtype:trojan-activity;sid:84118787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255688/; classtype:trojan-activity;sid:84118788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255689/; classtype:trojan-activity;sid:84118789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255690/; classtype:trojan-activity;sid:84118790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255691/; classtype:trojan-activity;sid:84118791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255692/; classtype:trojan-activity;sid:84118792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255693/; classtype:trojan-activity;sid:84118793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255694/; classtype:trojan-activity;sid:84118794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255695/; classtype:trojan-activity;sid:84118795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255696/; classtype:trojan-activity;sid:84118796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255667/; classtype:trojan-activity;sid:84118767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255668/; classtype:trojan-activity;sid:84118768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255669/; classtype:trojan-activity;sid:84118769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255670/; classtype:trojan-activity;sid:84118770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255671/; classtype:trojan-activity;sid:84118771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255672/; classtype:trojan-activity;sid:84118772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255673/; classtype:trojan-activity;sid:84118773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255674/; classtype:trojan-activity;sid:84118774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255675/; classtype:trojan-activity;sid:84118775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255662/; classtype:trojan-activity;sid:84118762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255663/; classtype:trojan-activity;sid:84118763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255664/; classtype:trojan-activity;sid:84118764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255665/; classtype:trojan-activity;sid:84118765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255666/; classtype:trojan-activity;sid:84118766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255659/; classtype:trojan-activity;sid:84118759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255660/; classtype:trojan-activity;sid:84118760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255661/; classtype:trojan-activity;sid:84118761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255657/; classtype:trojan-activity;sid:84118757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255658/; classtype:trojan-activity;sid:84118758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255652/; classtype:trojan-activity;sid:84118752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255653/; classtype:trojan-activity;sid:84118753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255654/; classtype:trojan-activity;sid:84118754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255655/; classtype:trojan-activity;sid:84118755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255656/; classtype:trojan-activity;sid:84118756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255642/; classtype:trojan-activity;sid:84118742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255643/; classtype:trojan-activity;sid:84118743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255644/; classtype:trojan-activity;sid:84118744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255645/; classtype:trojan-activity;sid:84118745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255646/; classtype:trojan-activity;sid:84118746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255647/; classtype:trojan-activity;sid:84118747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255648/; classtype:trojan-activity;sid:84118748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255649/; classtype:trojan-activity;sid:84118749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255650/; classtype:trojan-activity;sid:84118750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255651/; classtype:trojan-activity;sid:84118751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255631/; classtype:trojan-activity;sid:84118731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255632/; classtype:trojan-activity;sid:84118732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255633/; classtype:trojan-activity;sid:84118733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255634/; classtype:trojan-activity;sid:84118734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255635/; classtype:trojan-activity;sid:84118735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255636/; classtype:trojan-activity;sid:84118736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255637/; classtype:trojan-activity;sid:84118737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255638/; classtype:trojan-activity;sid:84118738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255639/; classtype:trojan-activity;sid:84118739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255640/; classtype:trojan-activity;sid:84118740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255641/; classtype:trojan-activity;sid:84118741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255623/; classtype:trojan-activity;sid:84118723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255624/; classtype:trojan-activity;sid:84118724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255625/; classtype:trojan-activity;sid:84118725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255626/; classtype:trojan-activity;sid:84118726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255627/; classtype:trojan-activity;sid:84118727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255628/; classtype:trojan-activity;sid:84118728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255629/; classtype:trojan-activity;sid:84118729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255630/; classtype:trojan-activity;sid:84118730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255621/; classtype:trojan-activity;sid:84118721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255622/; classtype:trojan-activity;sid:84118722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255620/; classtype:trojan-activity;sid:84118720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255614/; classtype:trojan-activity;sid:84118714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255615/; classtype:trojan-activity;sid:84118715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255616/; classtype:trojan-activity;sid:84118716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tftp.sh"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255617/; classtype:trojan-activity;sid:84118717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255618/; classtype:trojan-activity;sid:84118718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255619/; classtype:trojan-activity;sid:84118719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255607/; classtype:trojan-activity;sid:84118707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255608/; classtype:trojan-activity;sid:84118708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255609/; classtype:trojan-activity;sid:84118709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255610/; classtype:trojan-activity;sid:84118710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255611/; classtype:trojan-activity;sid:84118711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255612/; classtype:trojan-activity;sid:84118712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermips"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255613/; classtype:trojan-activity;sid:84118713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255603/; classtype:trojan-activity;sid:84118703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255604/; classtype:trojan-activity;sid:84118704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255605/; classtype:trojan-activity;sid:84118705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255606/; classtype:trojan-activity;sid:84118706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255593/; classtype:trojan-activity;sid:84118693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255594/; classtype:trojan-activity;sid:84118694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255595/; classtype:trojan-activity;sid:84118695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255596/; classtype:trojan-activity;sid:84118696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255597/; classtype:trojan-activity;sid:84118697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255598/; classtype:trojan-activity;sid:84118698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255599/; classtype:trojan-activity;sid:84118699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255600/; classtype:trojan-activity;sid:84118700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zxc.sh"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255601/; classtype:trojan-activity;sid:84118701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255602/; classtype:trojan-activity;sid:84118702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255578/; classtype:trojan-activity;sid:84118678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zermpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255579/; classtype:trojan-activity;sid:84118679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255580/; classtype:trojan-activity;sid:84118680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255581/; classtype:trojan-activity;sid:84118681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255582/; classtype:trojan-activity;sid:84118682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255583/; classtype:trojan-activity;sid:84118683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255584/; classtype:trojan-activity;sid:84118684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255585/; classtype:trojan-activity;sid:84118685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255586/; classtype:trojan-activity;sid:84118686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255587/; classtype:trojan-activity;sid:84118687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255588/; classtype:trojan-activity;sid:84118688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x"; depth:7; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255589/; classtype:trojan-activity;sid:84118689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255590/; classtype:trojan-activity;sid:84118690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255591/; classtype:trojan-activity;sid:84118691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255592/; classtype:trojan-activity;sid:84118692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255571/; classtype:trojan-activity;sid:84118671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255572/; classtype:trojan-activity;sid:84118672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255573/; classtype:trojan-activity;sid:84118673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255574/; classtype:trojan-activity;sid:84118674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255575/; classtype:trojan-activity;sid:84118675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255576/; classtype:trojan-activity;sid:84118676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255577/; classtype:trojan-activity;sid:84118677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm7"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255566/; classtype:trojan-activity;sid:84118666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255567/; classtype:trojan-activity;sid:84118667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255568/; classtype:trojan-activity;sid:84118668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255569/; classtype:trojan-activity;sid:84118669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255570/; classtype:trojan-activity;sid:84118670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_32"; depth:12; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255565/; classtype:trojan-activity;sid:84118665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255560/; classtype:trojan-activity;sid:84118660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklm68k"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255561/; classtype:trojan-activity;sid:84118661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255562/; classtype:trojan-activity;sid:84118662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255563/; classtype:trojan-activity;sid:84118663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255564/; classtype:trojan-activity;sid:84118664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255558/; classtype:trojan-activity;sid:84118658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255559/; classtype:trojan-activity;sid:84118659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255538/; classtype:trojan-activity;sid:84118638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255539/; classtype:trojan-activity;sid:84118639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255540/; classtype:trojan-activity;sid:84118640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255541/; classtype:trojan-activity;sid:84118641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255542/; classtype:trojan-activity;sid:84118642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklspc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255543/; classtype:trojan-activity;sid:84118643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255544/; classtype:trojan-activity;sid:84118644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabsh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255545/; classtype:trojan-activity;sid:84118645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255546/; classtype:trojan-activity;sid:84118646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255547/; classtype:trojan-activity;sid:84118647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255548/; classtype:trojan-activity;sid:84118648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255549/; classtype:trojan-activity;sid:84118649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255550/; classtype:trojan-activity;sid:84118650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255551/; classtype:trojan-activity;sid:84118651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255552/; classtype:trojan-activity;sid:84118652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255553/; classtype:trojan-activity;sid:84118653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255554/; classtype:trojan-activity;sid:84118654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm6"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255555/; classtype:trojan-activity;sid:84118655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"45.90.97.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255556/; classtype:trojan-activity;sid:84118656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/curl.sh"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255557/; classtype:trojan-activity;sid:84118657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.114.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255524/; classtype:trojan-activity;sid:84118624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255525/; classtype:trojan-activity;sid:84118625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255526/; classtype:trojan-activity;sid:84118626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255527/; classtype:trojan-activity;sid:84118627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklmips"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255528/; classtype:trojan-activity;sid:84118628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255529/; classtype:trojan-activity;sid:84118629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255530/; classtype:trojan-activity;sid:84118630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splarm5"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255531/; classtype:trojan-activity;sid:84118631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255532/; classtype:trojan-activity;sid:84118632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zersh4"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255533/; classtype:trojan-activity;sid:84118633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nklmpsl"; depth:13; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255534/; classtype:trojan-activity;sid:84118634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklx86"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255535/; classtype:trojan-activity;sid:84118635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cn"; depth:8; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255536/; classtype:trojan-activity;sid:84118636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/splppc"; depth:12; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255537/; classtype:trojan-activity;sid:84118637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ftpget.sh"; depth:15; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255523/; classtype:trojan-activity;sid:84118623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"185.150.24.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255519/; classtype:trojan-activity;sid:84118619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255520/; classtype:trojan-activity;sid:84118620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255521/; classtype:trojan-activity;sid:84118621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"185.150.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255522/; classtype:trojan-activity;sid:84118622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.225.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255518/; classtype:trojan-activity;sid:84118618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255517/; classtype:trojan-activity;sid:84118617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.255.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255516/; classtype:trojan-activity;sid:84118616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.208.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255515/; classtype:trojan-activity;sid:84118615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.188.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255513/; classtype:trojan-activity;sid:84118613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.93.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255514/; classtype:trojan-activity;sid:84118614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.97.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255512/; classtype:trojan-activity;sid:84118612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.20.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255511/; classtype:trojan-activity;sid:84118611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.212.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255510/; classtype:trojan-activity;sid:84118610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255509/; classtype:trojan-activity;sid:84118609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.155.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255508/; classtype:trojan-activity;sid:84118608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.237.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255507/; classtype:trojan-activity;sid:84118607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255506/; classtype:trojan-activity;sid:84118606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.171.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255505/; classtype:trojan-activity;sid:84118605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.238.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255503/; classtype:trojan-activity;sid:84118603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255504/; classtype:trojan-activity;sid:84118604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.203.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255501/; classtype:trojan-activity;sid:84118601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.2.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255502/; classtype:trojan-activity;sid:84118602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.205.142.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255500/; classtype:trojan-activity;sid:84118600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.104.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255499/; classtype:trojan-activity;sid:84118599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.66.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255498/; classtype:trojan-activity;sid:84118598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.35.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255497/; classtype:trojan-activity;sid:84118597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.190.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255496/; classtype:trojan-activity;sid:84118596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.151.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255495/; classtype:trojan-activity;sid:84118595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.247.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255494/; classtype:trojan-activity;sid:84118594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255493/; classtype:trojan-activity;sid:84118593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255492/; classtype:trojan-activity;sid:84118592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.26.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255491/; classtype:trojan-activity;sid:84118591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255490/; classtype:trojan-activity;sid:84118590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.20.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255489/; classtype:trojan-activity;sid:84118589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.147.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255488/; classtype:trojan-activity;sid:84118588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.247.255.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255487/; classtype:trojan-activity;sid:84118587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255485/; classtype:trojan-activity;sid:84118585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.185.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255486/; classtype:trojan-activity;sid:84118586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.103.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255483/; classtype:trojan-activity;sid:84118583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.97.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255484/; classtype:trojan-activity;sid:84118584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255482/; classtype:trojan-activity;sid:84118582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255481/; classtype:trojan-activity;sid:84118581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.31.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255480/; classtype:trojan-activity;sid:84118580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.80.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255479/; classtype:trojan-activity;sid:84118579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255478/; classtype:trojan-activity;sid:84118578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255476/; classtype:trojan-activity;sid:84118576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255477/; classtype:trojan-activity;sid:84118577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255475/; classtype:trojan-activity;sid:84118575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255472/; classtype:trojan-activity;sid:84118572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255473/; classtype:trojan-activity;sid:84118573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255474/; classtype:trojan-activity;sid:84118574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.35.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255470/; classtype:trojan-activity;sid:84118570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.113.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255471/; classtype:trojan-activity;sid:84118571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.27.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255469/; classtype:trojan-activity;sid:84118569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.251.114.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255468/; classtype:trojan-activity;sid:84118568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255467/; classtype:trojan-activity;sid:84118567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.12.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255466/; classtype:trojan-activity;sid:84118566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.85.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255465/; classtype:trojan-activity;sid:84118565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.188.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255464/; classtype:trojan-activity;sid:84118564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255462/; classtype:trojan-activity;sid:84118562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.29.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255463/; classtype:trojan-activity;sid:84118563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.238.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255461/; classtype:trojan-activity;sid:84118561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.81.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255460/; classtype:trojan-activity;sid:84118560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.113.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255459/; classtype:trojan-activity;sid:84118559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.85.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255458/; classtype:trojan-activity;sid:84118558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.125.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255457/; classtype:trojan-activity;sid:84118557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.91.8.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255456/; classtype:trojan-activity;sid:84118556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.66.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255455/; classtype:trojan-activity;sid:84118555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.62.162"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255454/; classtype:trojan-activity;sid:84118554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.140.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255452/; classtype:trojan-activity;sid:84118552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.33.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255453/; classtype:trojan-activity;sid:84118553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.154.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255451/; classtype:trojan-activity;sid:84118551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.103.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255450/; classtype:trojan-activity;sid:84118550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.244.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255448/; classtype:trojan-activity;sid:84118548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.80.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255449/; classtype:trojan-activity;sid:84118549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255447/; classtype:trojan-activity;sid:84118547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.237.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255446/; classtype:trojan-activity;sid:84118546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.110.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255445/; classtype:trojan-activity;sid:84118545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.27.93"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255444/; classtype:trojan-activity;sid:84118544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.184.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255443/; classtype:trojan-activity;sid:84118543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255442/; classtype:trojan-activity;sid:84118542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255441/; classtype:trojan-activity;sid:84118541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.87.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255440/; classtype:trojan-activity;sid:84118540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.38.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255439/; classtype:trojan-activity;sid:84118539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.218.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255438/; classtype:trojan-activity;sid:84118538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.5.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255436/; classtype:trojan-activity;sid:84118536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.70.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255437/; classtype:trojan-activity;sid:84118537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.135.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255435/; classtype:trojan-activity;sid:84118535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.57.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255434/; classtype:trojan-activity;sid:84118534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255432/; classtype:trojan-activity;sid:84118532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.47.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255433/; classtype:trojan-activity;sid:84118533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.215.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255431/; classtype:trojan-activity;sid:84118531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.26.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255430/; classtype:trojan-activity;sid:84118530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.29.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255429/; classtype:trojan-activity;sid:84118529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.122.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255428/; classtype:trojan-activity;sid:84118528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.53.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255427/; classtype:trojan-activity;sid:84118527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.76.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255426/; classtype:trojan-activity;sid:84118526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.244.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255425/; classtype:trojan-activity;sid:84118525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.84.214.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255424/; classtype:trojan-activity;sid:84118524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.39.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255423/; classtype:trojan-activity;sid:84118523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.144.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255422/; classtype:trojan-activity;sid:84118522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.76.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255421/; classtype:trojan-activity;sid:84118521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.7.96"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255420/; classtype:trojan-activity;sid:84118520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255419/; classtype:trojan-activity;sid:84118519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.66.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255418/; classtype:trojan-activity;sid:84118518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.11.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255416/; classtype:trojan-activity;sid:84118516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.110.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255417/; classtype:trojan-activity;sid:84118517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.34.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255415/; classtype:trojan-activity;sid:84118515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.146.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255414/; classtype:trojan-activity;sid:84118514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255413/; classtype:trojan-activity;sid:84118513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.184.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255412/; classtype:trojan-activity;sid:84118512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.84.139.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255411/; classtype:trojan-activity;sid:84118511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.87.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255410/; classtype:trojan-activity;sid:84118510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255408/; classtype:trojan-activity;sid:84118508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.182.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255409/; classtype:trojan-activity;sid:84118509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.17.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255407/; classtype:trojan-activity;sid:84118507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.154.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255406/; classtype:trojan-activity;sid:84118506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.94.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255405/; classtype:trojan-activity;sid:84118505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.173.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255404/; classtype:trojan-activity;sid:84118504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.183.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255403/; classtype:trojan-activity;sid:84118503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.154.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255402/; classtype:trojan-activity;sid:84118502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.47.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255401/; classtype:trojan-activity;sid:84118501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.197.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255400/; classtype:trojan-activity;sid:84118500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.26.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255399/; classtype:trojan-activity;sid:84118499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.144.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255398/; classtype:trojan-activity;sid:84118498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255397/; classtype:trojan-activity;sid:84118497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.39.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255396/; classtype:trojan-activity;sid:84118496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.154.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255395/; classtype:trojan-activity;sid:84118495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.92.205.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255394/; classtype:trojan-activity;sid:84118494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.45.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255393/; classtype:trojan-activity;sid:84118493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255392/; classtype:trojan-activity;sid:84118492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.173.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255391/; classtype:trojan-activity;sid:84118491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.238.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255390/; classtype:trojan-activity;sid:84118490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.112.100.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255389/; classtype:trojan-activity;sid:84118489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.172.51.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255384/; classtype:trojan-activity;sid:84118484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.112.100.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255385/; classtype:trojan-activity;sid:84118485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.76.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255386/; classtype:trojan-activity;sid:84118486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.206.103.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255387/; classtype:trojan-activity;sid:84118487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.62.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255388/; classtype:trojan-activity;sid:84118488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.102.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255383/; classtype:trojan-activity;sid:84118483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.30.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255382/; classtype:trojan-activity;sid:84118482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.113.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255381/; classtype:trojan-activity;sid:84118481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.234.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255380/; classtype:trojan-activity;sid:84118480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.238.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255379/; classtype:trojan-activity;sid:84118479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.51.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255378/; classtype:trojan-activity;sid:84118478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.232.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255377/; classtype:trojan-activity;sid:84118477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.210.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255376/; classtype:trojan-activity;sid:84118476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.11.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255375/; classtype:trojan-activity;sid:84118475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.65.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255374/; classtype:trojan-activity;sid:84118474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.128.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255373/; classtype:trojan-activity;sid:84118473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.147.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255372/; classtype:trojan-activity;sid:84118472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.18.24"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255371/; classtype:trojan-activity;sid:84118471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.9.247.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255370/; classtype:trojan-activity;sid:84118470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.102.139.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255369/; classtype:trojan-activity;sid:84118469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.2.140.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255368/; classtype:trojan-activity;sid:84118468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.182.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255367/; classtype:trojan-activity;sid:84118467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.27.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255366/; classtype:trojan-activity;sid:84118466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.145.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255365/; classtype:trojan-activity;sid:84118465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.26.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255363/; classtype:trojan-activity;sid:84118463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.186.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255364/; classtype:trojan-activity;sid:84118464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.197.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255361/; classtype:trojan-activity;sid:84118461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.206.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255362/; classtype:trojan-activity;sid:84118462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.154.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255359/; classtype:trojan-activity;sid:84118459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.235.199.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255360/; classtype:trojan-activity;sid:84118460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.67.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255358/; classtype:trojan-activity;sid:84118458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.82.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255357/; classtype:trojan-activity;sid:84118457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.190.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255356/; classtype:trojan-activity;sid:84118456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255355/; classtype:trojan-activity;sid:84118455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.63.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255353/; classtype:trojan-activity;sid:84118453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.116.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255354/; classtype:trojan-activity;sid:84118454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.185.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255352/; classtype:trojan-activity;sid:84118452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.26.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255351/; classtype:trojan-activity;sid:84118451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.20.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255350/; classtype:trojan-activity;sid:84118450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.6.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255349/; classtype:trojan-activity;sid:84118449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.34.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255348/; classtype:trojan-activity;sid:84118448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.200.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255347/; classtype:trojan-activity;sid:84118447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.128.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255346/; classtype:trojan-activity;sid:84118446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255345/; classtype:trojan-activity;sid:84118445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.235.199.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255344/; classtype:trojan-activity;sid:84118444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.121.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255343/; classtype:trojan-activity;sid:84118443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.63.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255342/; classtype:trojan-activity;sid:84118442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.31.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255341/; classtype:trojan-activity;sid:84118441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.68.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255339/; classtype:trojan-activity;sid:84118439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.237.77.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255340/; classtype:trojan-activity;sid:84118440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.191.30.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255338/; classtype:trojan-activity;sid:84118438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.67.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255337/; classtype:trojan-activity;sid:84118437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.116.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255336/; classtype:trojan-activity;sid:84118436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255335/; classtype:trojan-activity;sid:84118435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.190.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255334/; classtype:trojan-activity;sid:84118434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.169.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255333/; classtype:trojan-activity;sid:84118433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.139.12"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255332/; classtype:trojan-activity;sid:84118432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255331/; classtype:trojan-activity;sid:84118431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.20.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255330/; classtype:trojan-activity;sid:84118430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.71.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255329/; classtype:trojan-activity;sid:84118429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.34.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255328/; classtype:trojan-activity;sid:84118428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.0.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255327/; classtype:trojan-activity;sid:84118427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255326/; classtype:trojan-activity;sid:84118426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.121.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255325/; classtype:trojan-activity;sid:84118425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.32.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255324/; classtype:trojan-activity;sid:84118424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.158.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255323/; classtype:trojan-activity;sid:84118423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.223.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255322/; classtype:trojan-activity;sid:84118422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.14.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255321/; classtype:trojan-activity;sid:84118421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255320/; classtype:trojan-activity;sid:84118420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.107.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255319/; classtype:trojan-activity;sid:84118419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.31.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255318/; classtype:trojan-activity;sid:84118418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.113.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255316/; classtype:trojan-activity;sid:84118416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255317/; classtype:trojan-activity;sid:84118417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255315/; classtype:trojan-activity;sid:84118415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.155.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255314/; classtype:trojan-activity;sid:84118414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.185.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255313/; classtype:trojan-activity;sid:84118413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255312/; classtype:trojan-activity;sid:84118412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255311/; classtype:trojan-activity;sid:84118411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.200.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255310/; classtype:trojan-activity;sid:84118410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryyy.exe"; depth:10; endswith; nocase; http.host; content:"sirault.be"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255309/; classtype:trojan-activity;sid:84118409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.153.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255308/; classtype:trojan-activity;sid:84118408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.136.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255307/; classtype:trojan-activity;sid:84118407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.185.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255306/; classtype:trojan-activity;sid:84118406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.27.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255305/; classtype:trojan-activity;sid:84118405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.169.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255304/; classtype:trojan-activity;sid:84118404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.89.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255303/; classtype:trojan-activity;sid:84118403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.209.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255302/; classtype:trojan-activity;sid:84118402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.136.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255301/; classtype:trojan-activity;sid:84118401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.71.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255300/; classtype:trojan-activity;sid:84118400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.195.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255299/; classtype:trojan-activity;sid:84118399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.13.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255298/; classtype:trojan-activity;sid:84118398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.0.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255297/; classtype:trojan-activity;sid:84118397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.73.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255296/; classtype:trojan-activity;sid:84118396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.13.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255295/; classtype:trojan-activity;sid:84118395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.155.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255294/; classtype:trojan-activity;sid:84118394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.92.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255293/; classtype:trojan-activity;sid:84118393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.194.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255292/; classtype:trojan-activity;sid:84118392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255291/; classtype:trojan-activity;sid:84118391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.19.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255290/; classtype:trojan-activity;sid:84118390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.122.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255289/; classtype:trojan-activity;sid:84118389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.107.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255288/; classtype:trojan-activity;sid:84118388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255285/; classtype:trojan-activity;sid:84118385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.89.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255286/; classtype:trojan-activity;sid:84118386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255287/; classtype:trojan-activity;sid:84118387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255284/; classtype:trojan-activity;sid:84118384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.191.124.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255283/; classtype:trojan-activity;sid:84118383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.153.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255281/; classtype:trojan-activity;sid:84118381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.137.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255282/; classtype:trojan-activity;sid:84118382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.85.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255280/; classtype:trojan-activity;sid:84118380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.147.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255279/; classtype:trojan-activity;sid:84118379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.186.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255278/; classtype:trojan-activity;sid:84118378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.189.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255277/; classtype:trojan-activity;sid:84118377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255276/; classtype:trojan-activity;sid:84118376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.132.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255275/; classtype:trojan-activity;sid:84118375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.209.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255273/; classtype:trojan-activity;sid:84118373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.122.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255274/; classtype:trojan-activity;sid:84118374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.13.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255272/; classtype:trojan-activity;sid:84118372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.40.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255271/; classtype:trojan-activity;sid:84118371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.222.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255270/; classtype:trojan-activity;sid:84118370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.124.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255269/; classtype:trojan-activity;sid:84118369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.73.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255268/; classtype:trojan-activity;sid:84118368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.136.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255266/; classtype:trojan-activity;sid:84118366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.66.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255267/; classtype:trojan-activity;sid:84118367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255264/; classtype:trojan-activity;sid:84118364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.21.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255265/; classtype:trojan-activity;sid:84118365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.233.205.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255263/; classtype:trojan-activity;sid:84118363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.198.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255262/; classtype:trojan-activity;sid:84118362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.110.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255261/; classtype:trojan-activity;sid:84118361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.184.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255260/; classtype:trojan-activity;sid:84118360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.31.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255259/; classtype:trojan-activity;sid:84118359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.191.124.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255258/; classtype:trojan-activity;sid:84118358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.122.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255257/; classtype:trojan-activity;sid:84118357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.85.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255256/; classtype:trojan-activity;sid:84118356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.13.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255255/; classtype:trojan-activity;sid:84118355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.167.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255254/; classtype:trojan-activity;sid:84118354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.19.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255253/; classtype:trojan-activity;sid:84118353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255252/; classtype:trojan-activity;sid:84118352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.184.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255251/; classtype:trojan-activity;sid:84118351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.77.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255250/; classtype:trojan-activity;sid:84118350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.124.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255249/; classtype:trojan-activity;sid:84118349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.248.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255248/; classtype:trojan-activity;sid:84118348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.207.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255247/; classtype:trojan-activity;sid:84118347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.118.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255246/; classtype:trojan-activity;sid:84118346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.1.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255245/; classtype:trojan-activity;sid:84118345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.190.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255244/; classtype:trojan-activity;sid:84118344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.251.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255243/; classtype:trojan-activity;sid:84118343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.66.100"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255242/; classtype:trojan-activity;sid:84118342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.125.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255241/; classtype:trojan-activity;sid:84118341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.194.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255240/; classtype:trojan-activity;sid:84118340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.27.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255239/; classtype:trojan-activity;sid:84118339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.129.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255238/; classtype:trojan-activity;sid:84118338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.200.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255237/; classtype:trojan-activity;sid:84118337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.129.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255236/; classtype:trojan-activity;sid:84118336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.22.85.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255235/; classtype:trojan-activity;sid:84118335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255233/; classtype:trojan-activity;sid:84118333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255234/; classtype:trojan-activity;sid:84118334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.67.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255232/; classtype:trojan-activity;sid:84118332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.31.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255230/; classtype:trojan-activity;sid:84118330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.88.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255231/; classtype:trojan-activity;sid:84118331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.184.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255229/; classtype:trojan-activity;sid:84118329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.248.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255228/; classtype:trojan-activity;sid:84118328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.19.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255227/; classtype:trojan-activity;sid:84118327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.198.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255226/; classtype:trojan-activity;sid:84118326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic2.jpg"; depth:27; endswith; nocase; http.host; content:"therichscents.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255225/; classtype:trojan-activity;sid:84118325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.86.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255223/; classtype:trojan-activity;sid:84118323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.184.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255224/; classtype:trojan-activity;sid:84118324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zxcv.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255220/; classtype:trojan-activity;sid:84118320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.144.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255221/; classtype:trojan-activity;sid:84118321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lumma/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255222/; classtype:trojan-activity;sid:84118322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.152.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255219/; classtype:trojan-activity;sid:84118319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.251.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255217/; classtype:trojan-activity;sid:84118317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.122.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255218/; classtype:trojan-activity;sid:84118318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.97.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255216/; classtype:trojan-activity;sid:84118316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.27.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255215/; classtype:trojan-activity;sid:84118315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.97.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255214/; classtype:trojan-activity;sid:84118314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.194.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255212/; classtype:trojan-activity;sid:84118312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.200.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255213/; classtype:trojan-activity;sid:84118313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.240.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255211/; classtype:trojan-activity;sid:84118311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255210/; classtype:trojan-activity;sid:84118310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255209/; classtype:trojan-activity;sid:84118309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.199.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255208/; classtype:trojan-activity;sid:84118308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.202.76.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255207/; classtype:trojan-activity;sid:84118307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.116.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255206/; classtype:trojan-activity;sid:84118306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.152.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255203/; classtype:trojan-activity;sid:84118303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.8.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255204/; classtype:trojan-activity;sid:84118304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255205/; classtype:trojan-activity;sid:84118305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.50.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255202/; classtype:trojan-activity;sid:84118302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.125.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255200/; classtype:trojan-activity;sid:84118300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.86.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255201/; classtype:trojan-activity;sid:84118301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"148.103.220.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255199/; classtype:trojan-activity;sid:84118299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255198/; classtype:trojan-activity;sid:84118298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.221.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255197/; classtype:trojan-activity;sid:84118297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.159.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255195/; classtype:trojan-activity;sid:84118295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.228.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255196/; classtype:trojan-activity;sid:84118296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.99.81"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255194/; classtype:trojan-activity;sid:84118294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.150.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255192/; classtype:trojan-activity;sid:84118292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.215.249.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255193/; classtype:trojan-activity;sid:84118293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.147.255.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255191/; classtype:trojan-activity;sid:84118291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.18.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255190/; classtype:trojan-activity;sid:84118290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.82.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255189/; classtype:trojan-activity;sid:84118289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.62.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255188/; classtype:trojan-activity;sid:84118288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.118.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255187/; classtype:trojan-activity;sid:84118287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.254.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255186/; classtype:trojan-activity;sid:84118286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.111.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255185/; classtype:trojan-activity;sid:84118285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.77.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255184/; classtype:trojan-activity;sid:84118284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.241.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255183/; classtype:trojan-activity;sid:84118283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.172.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255182/; classtype:trojan-activity;sid:84118282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.237.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255181/; classtype:trojan-activity;sid:84118281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.232.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255180/; classtype:trojan-activity;sid:84118280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255178/; classtype:trojan-activity;sid:84118278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.180.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255179/; classtype:trojan-activity;sid:84118279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.146.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255177/; classtype:trojan-activity;sid:84118277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.82.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255176/; classtype:trojan-activity;sid:84118276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.228.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255175/; classtype:trojan-activity;sid:84118275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"148.103.220.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255174/; classtype:trojan-activity;sid:84118274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255173/; classtype:trojan-activity;sid:84118273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255172/; classtype:trojan-activity;sid:84118272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.221.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255171/; classtype:trojan-activity;sid:84118271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.159.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255170/; classtype:trojan-activity;sid:84118270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.125.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255169/; classtype:trojan-activity;sid:84118269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255168/; classtype:trojan-activity;sid:84118268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.62.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255167/; classtype:trojan-activity;sid:84118267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.111.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255166/; classtype:trojan-activity;sid:84118266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.214.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255165/; classtype:trojan-activity;sid:84118265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.123.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255163/; classtype:trojan-activity;sid:84118263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.233.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255164/; classtype:trojan-activity;sid:84118264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.237.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255162/; classtype:trojan-activity;sid:84118262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.168.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255161/; classtype:trojan-activity;sid:84118261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.141.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255160/; classtype:trojan-activity;sid:84118260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.113.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255159/; classtype:trojan-activity;sid:84118259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.186.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255158/; classtype:trojan-activity;sid:84118258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.214.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255157/; classtype:trojan-activity;sid:84118257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.32.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255156/; classtype:trojan-activity;sid:84118256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.197.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255154/; classtype:trojan-activity;sid:84118254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.29.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255155/; classtype:trojan-activity;sid:84118255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.124.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255153/; classtype:trojan-activity;sid:84118253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.147.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255152/; classtype:trojan-activity;sid:84118252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.83.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255151/; classtype:trojan-activity;sid:84118251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.13.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255150/; classtype:trojan-activity;sid:84118250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.204.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255149/; classtype:trojan-activity;sid:84118249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.123.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255148/; classtype:trojan-activity;sid:84118248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.78.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255147/; classtype:trojan-activity;sid:84118247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.170.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255146/; classtype:trojan-activity;sid:84118246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.141.92"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255145/; classtype:trojan-activity;sid:84118245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.122.114.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255144/; classtype:trojan-activity;sid:84118244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.168.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255143/; classtype:trojan-activity;sid:84118243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.233.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255142/; classtype:trojan-activity;sid:84118242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.94.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255141/; classtype:trojan-activity;sid:84118241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.240.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255140/; classtype:trojan-activity;sid:84118240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.19.45"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255139/; classtype:trojan-activity;sid:84118239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.227.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255138/; classtype:trojan-activity;sid:84118238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.113.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255137/; classtype:trojan-activity;sid:84118237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255136/; classtype:trojan-activity;sid:84118236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.32.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255135/; classtype:trojan-activity;sid:84118235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.124.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255134/; classtype:trojan-activity;sid:84118234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.175.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255133/; classtype:trojan-activity;sid:84118233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.133.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255132/; classtype:trojan-activity;sid:84118232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.84.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255131/; classtype:trojan-activity;sid:84118231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.123.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255130/; classtype:trojan-activity;sid:84118230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.94.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255129/; classtype:trojan-activity;sid:84118229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255128/; classtype:trojan-activity;sid:84118228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.204.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255125/; classtype:trojan-activity;sid:84118225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.120.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255126/; classtype:trojan-activity;sid:84118226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.246.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255127/; classtype:trojan-activity;sid:84118227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.186.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255124/; classtype:trojan-activity;sid:84118224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255123/; classtype:trojan-activity;sid:84118223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.86.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255122/; classtype:trojan-activity;sid:84118222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.210.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255121/; classtype:trojan-activity;sid:84118221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.175.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255120/; classtype:trojan-activity;sid:84118220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255119/; classtype:trojan-activity;sid:84118219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.3.76"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255118/; classtype:trojan-activity;sid:84118218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.235.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255117/; classtype:trojan-activity;sid:84118217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.40.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255116/; classtype:trojan-activity;sid:84118216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255115/; classtype:trojan-activity;sid:84118215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.209.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255114/; classtype:trojan-activity;sid:84118214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.53.14.241"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255113/; classtype:trojan-activity;sid:84118213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.49.118"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255112/; classtype:trojan-activity;sid:84118212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.242.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255111/; classtype:trojan-activity;sid:84118211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.246.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255110/; classtype:trojan-activity;sid:84118210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.124.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255109/; classtype:trojan-activity;sid:84118209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.79.254"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255108/; classtype:trojan-activity;sid:84118208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255107/; classtype:trojan-activity;sid:84118207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255106/; classtype:trojan-activity;sid:84118206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.86.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255105/; classtype:trojan-activity;sid:84118205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.122.114.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255104/; classtype:trojan-activity;sid:84118204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255103/; classtype:trojan-activity;sid:84118203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255102/; classtype:trojan-activity;sid:84118202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255101/; classtype:trojan-activity;sid:84118201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.119.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255099/; classtype:trojan-activity;sid:84118199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.232.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255100/; classtype:trojan-activity;sid:84118200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.210.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255098/; classtype:trojan-activity;sid:84118198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.125.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255097/; classtype:trojan-activity;sid:84118197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.75.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255096/; classtype:trojan-activity;sid:84118196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.3.76"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255095/; classtype:trojan-activity;sid:84118195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.49.118"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255094/; classtype:trojan-activity;sid:84118194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.156.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255093/; classtype:trojan-activity;sid:84118193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.242.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255092/; classtype:trojan-activity;sid:84118192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.182.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255091/; classtype:trojan-activity;sid:84118191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.1.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255090/; classtype:trojan-activity;sid:84118190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.53.14.241"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255088/; classtype:trojan-activity;sid:84118188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.47.29.25"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255089/; classtype:trojan-activity;sid:84118189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.79.254"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255087/; classtype:trojan-activity;sid:84118187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255086/; classtype:trojan-activity;sid:84118186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.91.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255085/; classtype:trojan-activity;sid:84118185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.10.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255084/; classtype:trojan-activity;sid:84118184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255083/; classtype:trojan-activity;sid:84118183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255082/; classtype:trojan-activity;sid:84118182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255080/; classtype:trojan-activity;sid:84118180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.72.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255081/; classtype:trojan-activity;sid:84118181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.104.126.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255079/; classtype:trojan-activity;sid:84118179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.119.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255078/; classtype:trojan-activity;sid:84118178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.104.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255077/; classtype:trojan-activity;sid:84118177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255076/; classtype:trojan-activity;sid:84118176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.86.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255075/; classtype:trojan-activity;sid:84118175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.121.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255074/; classtype:trojan-activity;sid:84118174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.159.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255073/; classtype:trojan-activity;sid:84118173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.243.152.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255072/; classtype:trojan-activity;sid:84118172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255071/; classtype:trojan-activity;sid:84118171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255070/; classtype:trojan-activity;sid:84118170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255069/; classtype:trojan-activity;sid:84118169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255067/; classtype:trojan-activity;sid:84118167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.30.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255068/; classtype:trojan-activity;sid:84118168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.139.176.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255064/; classtype:trojan-activity;sid:84118164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255065/; classtype:trojan-activity;sid:84118165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.9.40.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255066/; classtype:trojan-activity;sid:84118166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255063/; classtype:trojan-activity;sid:84118163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.112.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255062/; classtype:trojan-activity;sid:84118162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255061/; classtype:trojan-activity;sid:84118161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.128.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255059/; classtype:trojan-activity;sid:84118159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.61.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255060/; classtype:trojan-activity;sid:84118160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.10.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255058/; classtype:trojan-activity;sid:84118158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.191.1"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255057/; classtype:trojan-activity;sid:84118157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.75.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255056/; classtype:trojan-activity;sid:84118156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255055/; classtype:trojan-activity;sid:84118155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.155.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255054/; classtype:trojan-activity;sid:84118154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.161.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255053/; classtype:trojan-activity;sid:84118153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.89.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255052/; classtype:trojan-activity;sid:84118152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.229.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255051/; classtype:trojan-activity;sid:84118151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.97.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255050/; classtype:trojan-activity;sid:84118150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.93.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255049/; classtype:trojan-activity;sid:84118149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.104.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255048/; classtype:trojan-activity;sid:84118148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.9.51"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255047/; classtype:trojan-activity;sid:84118147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.191.242.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255046/; classtype:trojan-activity;sid:84118146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.125.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255045/; classtype:trojan-activity;sid:84118145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.16.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255044/; classtype:trojan-activity;sid:84118144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255043/; classtype:trojan-activity;sid:84118143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.12.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255042/; classtype:trojan-activity;sid:84118142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.204.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255041/; classtype:trojan-activity;sid:84118141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.159.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255040/; classtype:trojan-activity;sid:84118140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.68.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255039/; classtype:trojan-activity;sid:84118139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.163.235.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255037/; classtype:trojan-activity;sid:84118137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.161.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255038/; classtype:trojan-activity;sid:84118138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.111.131.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255036/; classtype:trojan-activity;sid:84118136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.234.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255035/; classtype:trojan-activity;sid:84118135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.100.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255034/; classtype:trojan-activity;sid:84118134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.215.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255033/; classtype:trojan-activity;sid:84118133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.173.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255032/; classtype:trojan-activity;sid:84118132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.203.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255031/; classtype:trojan-activity;sid:84118131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.167.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255030/; classtype:trojan-activity;sid:84118130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.155.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255029/; classtype:trojan-activity;sid:84118129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.114.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255028/; classtype:trojan-activity;sid:84118128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255027/; classtype:trojan-activity;sid:84118127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.149.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255026/; classtype:trojan-activity;sid:84118126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.191.242.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255025/; classtype:trojan-activity;sid:84118125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.159.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255024/; classtype:trojan-activity;sid:84118124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.202.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255023/; classtype:trojan-activity;sid:84118123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.72.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255022/; classtype:trojan-activity;sid:84118122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.33.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255021/; classtype:trojan-activity;sid:84118121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.125.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255020/; classtype:trojan-activity;sid:84118120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.0.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255019/; classtype:trojan-activity;sid:84118119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.196.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255018/; classtype:trojan-activity;sid:84118118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.119.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255016/; classtype:trojan-activity;sid:84118116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.111.131.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255017/; classtype:trojan-activity;sid:84118117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.204.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255015/; classtype:trojan-activity;sid:84118115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.203.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255014/; classtype:trojan-activity;sid:84118114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.123.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255013/; classtype:trojan-activity;sid:84118113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.63.81.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255011/; classtype:trojan-activity;sid:84118111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.167.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255012/; classtype:trojan-activity;sid:84118112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.12.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255010/; classtype:trojan-activity;sid:84118110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.253.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255009/; classtype:trojan-activity;sid:84118109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.22.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255008/; classtype:trojan-activity;sid:84118108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.95.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255007/; classtype:trojan-activity;sid:84118107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.8.148"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255006/; classtype:trojan-activity;sid:84118106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.252.164.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255005/; classtype:trojan-activity;sid:84118105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.178.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255004/; classtype:trojan-activity;sid:84118104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.85.236.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255003/; classtype:trojan-activity;sid:84118103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.211.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255002/; classtype:trojan-activity;sid:84118102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.119.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255001/; classtype:trojan-activity;sid:84118101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.154.190.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254999/; classtype:trojan-activity;sid:84118099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.238.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3255000/; classtype:trojan-activity;sid:84118100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.86.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254998/; classtype:trojan-activity;sid:84118098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.176.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254997/; classtype:trojan-activity;sid:84118097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.153.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254996/; classtype:trojan-activity;sid:84118096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.94.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254995/; classtype:trojan-activity;sid:84118095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.85.236.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254994/; classtype:trojan-activity;sid:84118094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.10.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254993/; classtype:trojan-activity;sid:84118093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254991/; classtype:trojan-activity;sid:84118091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.192.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254992/; classtype:trojan-activity;sid:84118092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254990/; classtype:trojan-activity;sid:84118090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.233.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254989/; classtype:trojan-activity;sid:84118089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.191.30.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254988/; classtype:trojan-activity;sid:84118088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.123.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254987/; classtype:trojan-activity;sid:84118087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.75.210.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254986/; classtype:trojan-activity;sid:84118086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.3.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254985/; classtype:trojan-activity;sid:84118085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.85.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254984/; classtype:trojan-activity;sid:84118084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.194.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254983/; classtype:trojan-activity;sid:84118083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.214.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254982/; classtype:trojan-activity;sid:84118082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.80.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254980/; classtype:trojan-activity;sid:84118080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.9.90"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254981/; classtype:trojan-activity;sid:84118081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.251.244"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254979/; classtype:trojan-activity;sid:84118079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254978/; classtype:trojan-activity;sid:84118078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.69.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254977/; classtype:trojan-activity;sid:84118077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.22.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254976/; classtype:trojan-activity;sid:84118076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.211.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254975/; classtype:trojan-activity;sid:84118075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.242.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254974/; classtype:trojan-activity;sid:84118074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254973/; classtype:trojan-activity;sid:84118073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.86.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254972/; classtype:trojan-activity;sid:84118072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.192.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254971/; classtype:trojan-activity;sid:84118071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.153.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254970/; classtype:trojan-activity;sid:84118070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.81.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254969/; classtype:trojan-activity;sid:84118069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.18.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254968/; classtype:trojan-activity;sid:84118068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.176.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254967/; classtype:trojan-activity;sid:84118067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.165.69.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254966/; classtype:trojan-activity;sid:84118066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.173.85.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254965/; classtype:trojan-activity;sid:84118065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254964/; classtype:trojan-activity;sid:84118064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.191.131.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254963/; classtype:trojan-activity;sid:84118063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.213.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254962/; classtype:trojan-activity;sid:84118062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254961/; classtype:trojan-activity;sid:84118061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.194.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254960/; classtype:trojan-activity;sid:84118060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.161.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254959/; classtype:trojan-activity;sid:84118059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.80.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254958/; classtype:trojan-activity;sid:84118058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.97.113.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254957/; classtype:trojan-activity;sid:84118057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.102.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254956/; classtype:trojan-activity;sid:84118056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.96.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254955/; classtype:trojan-activity;sid:84118055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.54.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254954/; classtype:trojan-activity;sid:84118054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.101.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254952/; classtype:trojan-activity;sid:84118052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.51.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254953/; classtype:trojan-activity;sid:84118053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.8.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254951/; classtype:trojan-activity;sid:84118051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.206.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254950/; classtype:trojan-activity;sid:84118050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.40.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254949/; classtype:trojan-activity;sid:84118049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.138.139.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254948/; classtype:trojan-activity;sid:84118048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.81.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254947/; classtype:trojan-activity;sid:84118047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.40.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254945/; classtype:trojan-activity;sid:84118045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.143.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254946/; classtype:trojan-activity;sid:84118046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.213.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254944/; classtype:trojan-activity;sid:84118044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.239.199.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254943/; classtype:trojan-activity;sid:84118043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.161.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254942/; classtype:trojan-activity;sid:84118042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.97.113.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254940/; classtype:trojan-activity;sid:84118040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.49.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254941/; classtype:trojan-activity;sid:84118041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.60.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254939/; classtype:trojan-activity;sid:84118039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.12.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254938/; classtype:trojan-activity;sid:84118038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.141.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254937/; classtype:trojan-activity;sid:84118037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.84.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254936/; classtype:trojan-activity;sid:84118036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.102.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254935/; classtype:trojan-activity;sid:84118035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254933/; classtype:trojan-activity;sid:84118033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.245.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254934/; classtype:trojan-activity;sid:84118034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.78.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254932/; classtype:trojan-activity;sid:84118032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.119.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254931/; classtype:trojan-activity;sid:84118031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.8.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254930/; classtype:trojan-activity;sid:84118030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.175.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254929/; classtype:trojan-activity;sid:84118029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.17.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254928/; classtype:trojan-activity;sid:84118028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.84.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254927/; classtype:trojan-activity;sid:84118027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254926/; classtype:trojan-activity;sid:84118026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.243.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254925/; classtype:trojan-activity;sid:84118025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.143.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254924/; classtype:trojan-activity;sid:84118024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254923/; classtype:trojan-activity;sid:84118023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.204.75.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254922/; classtype:trojan-activity;sid:84118022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254921/; classtype:trojan-activity;sid:84118021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.116.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254920/; classtype:trojan-activity;sid:84118020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254919/; classtype:trojan-activity;sid:84118019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.25.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254918/; classtype:trojan-activity;sid:84118018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.204.75.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254917/; classtype:trojan-activity;sid:84118017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.192.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254916/; classtype:trojan-activity;sid:84118016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.188.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254914/; classtype:trojan-activity;sid:84118014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.84.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254915/; classtype:trojan-activity;sid:84118015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254913/; classtype:trojan-activity;sid:84118013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.17.33"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254912/; classtype:trojan-activity;sid:84118012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.177.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254911/; classtype:trojan-activity;sid:84118011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254909/; classtype:trojan-activity;sid:84118009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.78.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254910/; classtype:trojan-activity;sid:84118010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.83.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254908/; classtype:trojan-activity;sid:84118008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.89.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254907/; classtype:trojan-activity;sid:84118007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.95.0.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254906/; classtype:trojan-activity;sid:84118006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.236.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254905/; classtype:trojan-activity;sid:84118005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.113.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254904/; classtype:trojan-activity;sid:84118004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.162.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254903/; classtype:trojan-activity;sid:84118003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.226.245.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254902/; classtype:trojan-activity;sid:84118002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.166.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254901/; classtype:trojan-activity;sid:84118001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.179.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254900/; classtype:trojan-activity;sid:84118000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.84.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254899/; classtype:trojan-activity;sid:84117999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.238.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254898/; classtype:trojan-activity;sid:84117998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.117.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254897/; classtype:trojan-activity;sid:84117997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.53.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254895/; classtype:trojan-activity;sid:84117995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.191.21.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254896/; classtype:trojan-activity;sid:84117996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.29.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254894/; classtype:trojan-activity;sid:84117994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.170.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254893/; classtype:trojan-activity;sid:84117993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.60.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254892/; classtype:trojan-activity;sid:84117992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.25.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254891/; classtype:trojan-activity;sid:84117991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.219.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254890/; classtype:trojan-activity;sid:84117990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.210.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254889/; classtype:trojan-activity;sid:84117989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.93.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254888/; classtype:trojan-activity;sid:84117988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.103.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254887/; classtype:trojan-activity;sid:84117987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.222.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254886/; classtype:trojan-activity;sid:84117986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254885/; classtype:trojan-activity;sid:84117985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.117.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254884/; classtype:trojan-activity;sid:84117984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.128.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254883/; classtype:trojan-activity;sid:84117983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254882/; classtype:trojan-activity;sid:84117982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254881/; classtype:trojan-activity;sid:84117981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.238.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254880/; classtype:trojan-activity;sid:84117980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.63.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254879/; classtype:trojan-activity;sid:84117979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.55.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254878/; classtype:trojan-activity;sid:84117978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.53.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254877/; classtype:trojan-activity;sid:84117977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254876/; classtype:trojan-activity;sid:84117976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.59.85.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254875/; classtype:trojan-activity;sid:84117975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.185.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254874/; classtype:trojan-activity;sid:84117974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.87.8.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254873/; classtype:trojan-activity;sid:84117973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.93.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254872/; classtype:trojan-activity;sid:84117972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.222.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254871/; classtype:trojan-activity;sid:84117971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254870/; classtype:trojan-activity;sid:84117970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254869/; classtype:trojan-activity;sid:84117969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.133.43.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254868/; classtype:trojan-activity;sid:84117968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254867/; classtype:trojan-activity;sid:84117967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.19.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254866/; classtype:trojan-activity;sid:84117966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/reg/panto/"; depth:15; endswith; nocase; http.host; content:"ftp.timeless-tales.shop"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254865/; classtype:trojan-activity;sid:84117965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.212.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254864/; classtype:trojan-activity;sid:84117964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.49.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254863/; classtype:trojan-activity;sid:84117963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.168.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254862/; classtype:trojan-activity;sid:84117962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.117.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254861/; classtype:trojan-activity;sid:84117961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.8.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254860/; classtype:trojan-activity;sid:84117960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254859/; classtype:trojan-activity;sid:84117959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.179.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254858/; classtype:trojan-activity;sid:84117958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.172.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254857/; classtype:trojan-activity;sid:84117957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.85.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254856/; classtype:trojan-activity;sid:84117956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.103.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254855/; classtype:trojan-activity;sid:84117955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.195.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254853/; classtype:trojan-activity;sid:84117953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.75.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254854/; classtype:trojan-activity;sid:84117954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.134.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254852/; classtype:trojan-activity;sid:84117952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254851/; classtype:trojan-activity;sid:84117951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254850/; classtype:trojan-activity;sid:84117950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.133.43.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254849/; classtype:trojan-activity;sid:84117949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254848/; classtype:trojan-activity;sid:84117948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.212.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254847/; classtype:trojan-activity;sid:84117947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.95.135.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254846/; classtype:trojan-activity;sid:84117946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.8.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254845/; classtype:trojan-activity;sid:84117945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2018/03/clitoritissr.exe"; depth:44; endswith; nocase; http.host; content:"amatriciamo.it"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254843/; classtype:trojan-activity;sid:84117943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2018/03/clitoritissr.exe"; depth:44; endswith; nocase; http.host; content:"www.amatriciamo.it"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254844/; classtype:trojan-activity;sid:84117944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.198.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254842/; classtype:trojan-activity;sid:84117942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.24.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254841/; classtype:trojan-activity;sid:84117941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.208.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254840/; classtype:trojan-activity;sid:84117940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254839/; classtype:trojan-activity;sid:84117939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.26.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254838/; classtype:trojan-activity;sid:84117938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.151.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254837/; classtype:trojan-activity;sid:84117937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254836/; classtype:trojan-activity;sid:84117936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.208.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254835/; classtype:trojan-activity;sid:84117935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.103.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254834/; classtype:trojan-activity;sid:84117934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.162.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254833/; classtype:trojan-activity;sid:84117933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.215.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254832/; classtype:trojan-activity;sid:84117932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.224.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254831/; classtype:trojan-activity;sid:84117931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.46.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254830/; classtype:trojan-activity;sid:84117930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.69.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254829/; classtype:trojan-activity;sid:84117929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.19.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254828/; classtype:trojan-activity;sid:84117928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.198.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254827/; classtype:trojan-activity;sid:84117927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.10.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254826/; classtype:trojan-activity;sid:84117926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.50.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254825/; classtype:trojan-activity;sid:84117925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254824/; classtype:trojan-activity;sid:84117924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.242.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254823/; classtype:trojan-activity;sid:84117923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.201.232.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254822/; classtype:trojan-activity;sid:84117922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.103.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254821/; classtype:trojan-activity;sid:84117921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.187.204.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254820/; classtype:trojan-activity;sid:84117920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.215.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254819/; classtype:trojan-activity;sid:84117919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.181.9.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254818/; classtype:trojan-activity;sid:84117918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.26.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254817/; classtype:trojan-activity;sid:84117917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.153.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254816/; classtype:trojan-activity;sid:84117916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.215.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254815/; classtype:trojan-activity;sid:84117915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.226.142.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254814/; classtype:trojan-activity;sid:84117914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.200.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254813/; classtype:trojan-activity;sid:84117913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254812/; classtype:trojan-activity;sid:84117912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254811/; classtype:trojan-activity;sid:84117911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.10.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254810/; classtype:trojan-activity;sid:84117910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.114.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254808/; classtype:trojan-activity;sid:84117908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.4.209"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254809/; classtype:trojan-activity;sid:84117909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.202.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254807/; classtype:trojan-activity;sid:84117907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.242.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254806/; classtype:trojan-activity;sid:84117906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.68.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254805/; classtype:trojan-activity;sid:84117905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.23.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254804/; classtype:trojan-activity;sid:84117904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254803/; classtype:trojan-activity;sid:84117903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.26.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254802/; classtype:trojan-activity;sid:84117902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.212.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254801/; classtype:trojan-activity;sid:84117901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.33.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254800/; classtype:trojan-activity;sid:84117900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.202.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254799/; classtype:trojan-activity;sid:84117899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.153.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254798/; classtype:trojan-activity;sid:84117898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.171.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254797/; classtype:trojan-activity;sid:84117897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.96.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254796/; classtype:trojan-activity;sid:84117896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.226.142.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254795/; classtype:trojan-activity;sid:84117895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.34.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254793/; classtype:trojan-activity;sid:84117893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.42.185.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254794/; classtype:trojan-activity;sid:84117894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254792/; classtype:trojan-activity;sid:84117892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.119.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254791/; classtype:trojan-activity;sid:84117891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.37.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254790/; classtype:trojan-activity;sid:84117890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.211.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254789/; classtype:trojan-activity;sid:84117889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.200.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254788/; classtype:trojan-activity;sid:84117888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.254.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254787/; classtype:trojan-activity;sid:84117887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.167.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254786/; classtype:trojan-activity;sid:84117886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.64.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254785/; classtype:trojan-activity;sid:84117885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.22.242.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254784/; classtype:trojan-activity;sid:84117884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.58.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254783/; classtype:trojan-activity;sid:84117883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.167.31.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254782/; classtype:trojan-activity;sid:84117882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.202.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254781/; classtype:trojan-activity;sid:84117881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.64.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254780/; classtype:trojan-activity;sid:84117880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.2.210"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254779/; classtype:trojan-activity;sid:84117879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/kkkmpsl"; depth:15; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254778/; classtype:trojan-activity;sid:84117878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.68.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254777/; classtype:trojan-activity;sid:84117877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/kkkmips"; depth:15; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254774/; classtype:trojan-activity;sid:84117874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.37.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254770/; classtype:trojan-activity;sid:84117870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.148.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254769/; classtype:trojan-activity;sid:84117869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/kkkarm6"; depth:15; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254763/; classtype:trojan-activity;sid:84117863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hi.sh"; depth:6; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254764/; classtype:trojan-activity;sid:84117864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/kkkx86"; depth:14; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254765/; classtype:trojan-activity;sid:84117865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/kkkarm"; depth:14; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254766/; classtype:trojan-activity;sid:84117866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/kkkarm7"; depth:15; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254767/; classtype:trojan-activity;sid:84117867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacks/kkkarm5"; depth:15; endswith; nocase; http.host; content:"5.59.249.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254768/; classtype:trojan-activity;sid:84117868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.236.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254762/; classtype:trojan-activity;sid:84117862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.253.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254761/; classtype:trojan-activity;sid:84117861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.114.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254760/; classtype:trojan-activity;sid:84117860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.115.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254759/; classtype:trojan-activity;sid:84117859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.22.242.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254758/; classtype:trojan-activity;sid:84117858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.171.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254757/; classtype:trojan-activity;sid:84117857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.189.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254756/; classtype:trojan-activity;sid:84117856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.137.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254755/; classtype:trojan-activity;sid:84117855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.31.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254754/; classtype:trojan-activity;sid:84117854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254753/; classtype:trojan-activity;sid:84117853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.202.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254752/; classtype:trojan-activity;sid:84117852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.2.210"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254751/; classtype:trojan-activity;sid:84117851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.58.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254750/; classtype:trojan-activity;sid:84117850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.73.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254749/; classtype:trojan-activity;sid:84117849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.236.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254748/; classtype:trojan-activity;sid:84117848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.119.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254747/; classtype:trojan-activity;sid:84117847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254746/; classtype:trojan-activity;sid:84117846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.189.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254745/; classtype:trojan-activity;sid:84117845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.115.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254744/; classtype:trojan-activity;sid:84117844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.31.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254743/; classtype:trojan-activity;sid:84117843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.189.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254742/; classtype:trojan-activity;sid:84117842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.15.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254741/; classtype:trojan-activity;sid:84117841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.23.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254740/; classtype:trojan-activity;sid:84117840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips|3f|ddos"; depth:13; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254739/; classtype:trojan-activity;sid:84117839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.210.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254738/; classtype:trojan-activity;sid:84117838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254736/; classtype:trojan-activity;sid:84117836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.31.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254737/; classtype:trojan-activity;sid:84117837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254735/; classtype:trojan-activity;sid:84117835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.80.139.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254734/; classtype:trojan-activity;sid:84117834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.56.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254733/; classtype:trojan-activity;sid:84117833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.214.186.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254732/; classtype:trojan-activity;sid:84117832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.214.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254731/; classtype:trojan-activity;sid:84117831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.202.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254730/; classtype:trojan-activity;sid:84117830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.15.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254729/; classtype:trojan-activity;sid:84117829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.185.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254727/; classtype:trojan-activity;sid:84117827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.67.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254728/; classtype:trojan-activity;sid:84117828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254726/; classtype:trojan-activity;sid:84117826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.115.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254725/; classtype:trojan-activity;sid:84117825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254724/; classtype:trojan-activity;sid:84117824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.31.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254722/; classtype:trojan-activity;sid:84117822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.89.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254723/; classtype:trojan-activity;sid:84117823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec1e15e598e77d4/nss3.dll"; depth:26; endswith; nocase; http.host; content:"94.141.122.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254721/; classtype:trojan-activity;sid:84117821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254719/; classtype:trojan-activity;sid:84117819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec1e15e598e77d4/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"94.141.122.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254720/; classtype:trojan-activity;sid:84117820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec1e15e598e77d4/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"94.141.122.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254717/; classtype:trojan-activity;sid:84117817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec1e15e598e77d4/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"94.141.122.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254718/; classtype:trojan-activity;sid:84117818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec1e15e598e77d4/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"94.141.122.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254714/; classtype:trojan-activity;sid:84117814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec1e15e598e77d4/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"94.141.122.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254715/; classtype:trojan-activity;sid:84117815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec1e15e598e77d4/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"94.141.122.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254716/; classtype:trojan-activity;sid:84117816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreopt/plugins/cred64.dll"; depth:27; endswith; nocase; http.host; content:"185.215.113.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254713/; classtype:trojan-activity;sid:84117813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254712/; classtype:trojan-activity;sid:84117812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86_64"; depth:11; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254709/; classtype:trojan-activity;sid:84117809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mips"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254710/; classtype:trojan-activity;sid:84117810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.sh4"; depth:8; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254698/; classtype:trojan-activity;sid:84117798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mips64"; depth:11; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254699/; classtype:trojan-activity;sid:84117799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm7"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254700/; classtype:trojan-activity;sid:84117800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86"; depth:8; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254701/; classtype:trojan-activity;sid:84117801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.ppc"; depth:8; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254702/; classtype:trojan-activity;sid:84117802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.i486"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254703/; classtype:trojan-activity;sid:84117803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm"; depth:8; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254704/; classtype:trojan-activity;sid:84117804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm5"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254705/; classtype:trojan-activity;sid:84117805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.i686"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254706/; classtype:trojan-activity;sid:84117806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.m68k"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254707/; classtype:trojan-activity;sid:84117807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mpsl"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254708/; classtype:trojan-activity;sid:84117808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm6"; depth:9; endswith; nocase; http.host; content:"154.213.187.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254697/; classtype:trojan-activity;sid:84117797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254695/; classtype:trojan-activity;sid:84117795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.175.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254696/; classtype:trojan-activity;sid:84117796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.137.36.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254694/; classtype:trojan-activity;sid:84117794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.195.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254693/; classtype:trojan-activity;sid:84117793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.151.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254691/; classtype:trojan-activity;sid:84117791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.179.196.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254692/; classtype:trojan-activity;sid:84117792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.159.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254690/; classtype:trojan-activity;sid:84117790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.86.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254689/; classtype:trojan-activity;sid:84117789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/reg/config.bin"; depth:19; endswith; nocase; http.host; content:"ftp.timeless-tales.shop"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254688/; classtype:trojan-activity;sid:84117788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/reg/update.bin"; depth:19; endswith; nocase; http.host; content:"ftp.timeless-tales.shop"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254684/; classtype:trojan-activity;sid:84117784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/3rd_cc_form_oct_2024.pdf.lnk"; depth:39; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254685/; classtype:trojan-activity;sid:84117785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/agreement%20for%20youtube%20cooperation.pdf.lnk"; depth:58; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254686/; classtype:trojan-activity;sid:84117786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/instruction_1928.pdf.lnk"; depth:35; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254687/; classtype:trojan-activity;sid:84117787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.zip"; depth:11; endswith; nocase; http.host; content:"download.wsconnect.org"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254683/; classtype:trojan-activity;sid:84117783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.107.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254682/; classtype:trojan-activity;sid:84117782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.214.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254681/; classtype:trojan-activity;sid:84117781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.253.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254680/; classtype:trojan-activity;sid:84117780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254679/; classtype:trojan-activity;sid:84117779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254677/; classtype:trojan-activity;sid:84117777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254678/; classtype:trojan-activity;sid:84117778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.31.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254675/; classtype:trojan-activity;sid:84117775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.179.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254674/; classtype:trojan-activity;sid:84117774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.179.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254673/; classtype:trojan-activity;sid:84117773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.195.179.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254672/; classtype:trojan-activity;sid:84117772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.233.48.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254671/; classtype:trojan-activity;sid:84117771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.207.190.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254670/; classtype:trojan-activity;sid:84117770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.107.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254669/; classtype:trojan-activity;sid:84117769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.86.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254668/; classtype:trojan-activity;sid:84117768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.81.118"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254667/; classtype:trojan-activity;sid:84117767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.188.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254666/; classtype:trojan-activity;sid:84117766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.43.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254665/; classtype:trojan-activity;sid:84117765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.4.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254664/; classtype:trojan-activity;sid:84117764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254663/; classtype:trojan-activity;sid:84117763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.218.101.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254659/; classtype:trojan-activity;sid:84117759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.139.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254660/; classtype:trojan-activity;sid:84117760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254661/; classtype:trojan-activity;sid:84117761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254662/; classtype:trojan-activity;sid:84117762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.160.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254658/; classtype:trojan-activity;sid:84117758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.245.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254657/; classtype:trojan-activity;sid:84117757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.7.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254656/; classtype:trojan-activity;sid:84117756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254655/; classtype:trojan-activity;sid:84117755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.132.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254654/; classtype:trojan-activity;sid:84117754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.255.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254653/; classtype:trojan-activity;sid:84117753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.236.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254652/; classtype:trojan-activity;sid:84117752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.174.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254651/; classtype:trojan-activity;sid:84117751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"88.250.184.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254650/; classtype:trojan-activity;sid:84117750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.3.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254649/; classtype:trojan-activity;sid:84117749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.145.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254648/; classtype:trojan-activity;sid:84117748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.42.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254647/; classtype:trojan-activity;sid:84117747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.179.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254646/; classtype:trojan-activity;sid:84117746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.160.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254645/; classtype:trojan-activity;sid:84117745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.98.71"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254644/; classtype:trojan-activity;sid:84117744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254643/; classtype:trojan-activity;sid:84117743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm"; depth:5; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254642/; classtype:trojan-activity;sid:84117742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.113.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254641/; classtype:trojan-activity;sid:84117741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm7"; depth:6; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254638/; classtype:trojan-activity;sid:84117738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smpsl"; depth:6; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254639/; classtype:trojan-activity;sid:84117739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smips"; depth:6; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254640/; classtype:trojan-activity;sid:84117740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass.sh"; depth:8; endswith; nocase; http.host; content:"154.216.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254637/; classtype:trojan-activity;sid:84117737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.188.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254636/; classtype:trojan-activity;sid:84117736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.113.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254635/; classtype:trojan-activity;sid:84117735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.60.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254634/; classtype:trojan-activity;sid:84117734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.3.21.247"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254633/; classtype:trojan-activity;sid:84117733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.133.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254631/; classtype:trojan-activity;sid:84117731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.245.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254632/; classtype:trojan-activity;sid:84117732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.123.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254630/; classtype:trojan-activity;sid:84117730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254629/; classtype:trojan-activity;sid:84117729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.188.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254626/; classtype:trojan-activity;sid:84117726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254627/; classtype:trojan-activity;sid:84117727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.122.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254628/; classtype:trojan-activity;sid:84117728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.113.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254624/; classtype:trojan-activity;sid:84117724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.33.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254625/; classtype:trojan-activity;sid:84117725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.138.12.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254622/; classtype:trojan-activity;sid:84117722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.99.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254623/; classtype:trojan-activity;sid:84117723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.223.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254621/; classtype:trojan-activity;sid:84117721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.117.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254620/; classtype:trojan-activity;sid:84117720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.51.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254619/; classtype:trojan-activity;sid:84117719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.22.21.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254618/; classtype:trojan-activity;sid:84117718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.60.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254617/; classtype:trojan-activity;sid:84117717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254616/; classtype:trojan-activity;sid:84117716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.255.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254615/; classtype:trojan-activity;sid:84117715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254614/; classtype:trojan-activity;sid:84117714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.240.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254613/; classtype:trojan-activity;sid:84117713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.179.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254612/; classtype:trojan-activity;sid:84117712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.39.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254610/; classtype:trojan-activity;sid:84117710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254611/; classtype:trojan-activity;sid:84117711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.253.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254608/; classtype:trojan-activity;sid:84117708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.98.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254609/; classtype:trojan-activity;sid:84117709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.208.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254607/; classtype:trojan-activity;sid:84117707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.85.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254606/; classtype:trojan-activity;sid:84117706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.237.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254605/; classtype:trojan-activity;sid:84117705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.41.138.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254604/; classtype:trojan-activity;sid:84117704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.88.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254603/; classtype:trojan-activity;sid:84117703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.53.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254602/; classtype:trojan-activity;sid:84117702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.248.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254601/; classtype:trojan-activity;sid:84117701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.245.2.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254600/; classtype:trojan-activity;sid:84117700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.98.71"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254599/; classtype:trojan-activity;sid:84117699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254598/; classtype:trojan-activity;sid:84117698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.254.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254597/; classtype:trojan-activity;sid:84117697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.85.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254596/; classtype:trojan-activity;sid:84117696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.39.141"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254595/; classtype:trojan-activity;sid:84117695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.86.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254594/; classtype:trojan-activity;sid:84117694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.51.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254593/; classtype:trojan-activity;sid:84117693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.98.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254591/; classtype:trojan-activity;sid:84117691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.117.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254592/; classtype:trojan-activity;sid:84117692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.165.66.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254590/; classtype:trojan-activity;sid:84117690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.242.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254587/; classtype:trojan-activity;sid:84117687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.208.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254588/; classtype:trojan-activity;sid:84117688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.195.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254589/; classtype:trojan-activity;sid:84117689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254586/; classtype:trojan-activity;sid:84117686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.156.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254584/; classtype:trojan-activity;sid:84117684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.190.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254585/; classtype:trojan-activity;sid:84117685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.187.82.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254583/; classtype:trojan-activity;sid:84117683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.56.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254582/; classtype:trojan-activity;sid:84117682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254581/; classtype:trojan-activity;sid:84117681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254580/; classtype:trojan-activity;sid:84117680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.195.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254579/; classtype:trojan-activity;sid:84117679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.171.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254578/; classtype:trojan-activity;sid:84117678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.86.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254577/; classtype:trojan-activity;sid:84117677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.171.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254576/; classtype:trojan-activity;sid:84117676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254575/; classtype:trojan-activity;sid:84117675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.138.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254574/; classtype:trojan-activity;sid:84117674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254573/; classtype:trojan-activity;sid:84117673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254572/; classtype:trojan-activity;sid:84117672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.20.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254571/; classtype:trojan-activity;sid:84117671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254570/; classtype:trojan-activity;sid:84117670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.211.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254568/; classtype:trojan-activity;sid:84117668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.150.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254569/; classtype:trojan-activity;sid:84117669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254566/; classtype:trojan-activity;sid:84117666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.156.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254567/; classtype:trojan-activity;sid:84117667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.119.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254565/; classtype:trojan-activity;sid:84117665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.3.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254564/; classtype:trojan-activity;sid:84117664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.90.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254562/; classtype:trojan-activity;sid:84117662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.184.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254563/; classtype:trojan-activity;sid:84117663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.209.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254561/; classtype:trojan-activity;sid:84117661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.181.65.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254560/; classtype:trojan-activity;sid:84117660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.150.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254559/; classtype:trojan-activity;sid:84117659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254545/; classtype:trojan-activity;sid:84117645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254546/; classtype:trojan-activity;sid:84117646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254547/; classtype:trojan-activity;sid:84117647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254548/; classtype:trojan-activity;sid:84117648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254549/; classtype:trojan-activity;sid:84117649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254550/; classtype:trojan-activity;sid:84117650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254551/; classtype:trojan-activity;sid:84117651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254552/; classtype:trojan-activity;sid:84117652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254553/; classtype:trojan-activity;sid:84117653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254554/; classtype:trojan-activity;sid:84117654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254555/; classtype:trojan-activity;sid:84117655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254556/; classtype:trojan-activity;sid:84117656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254557/; classtype:trojan-activity;sid:84117657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254558/; classtype:trojan-activity;sid:84117658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254543/; classtype:trojan-activity;sid:84117643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254544/; classtype:trojan-activity;sid:84117644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254537/; classtype:trojan-activity;sid:84117637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254538/; classtype:trojan-activity;sid:84117638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254539/; classtype:trojan-activity;sid:84117639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254540/; classtype:trojan-activity;sid:84117640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254541/; classtype:trojan-activity;sid:84117641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"asdffasdfasdfas.o-r.kr"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254542/; classtype:trojan-activity;sid:84117642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.200.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254536/; classtype:trojan-activity;sid:84117636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.81.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254535/; classtype:trojan-activity;sid:84117635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254534/; classtype:trojan-activity;sid:84117634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.209.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254533/; classtype:trojan-activity;sid:84117633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254529/; classtype:trojan-activity;sid:84117629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254530/; classtype:trojan-activity;sid:84117630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254531/; classtype:trojan-activity;sid:84117631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm4"; depth:6; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254532/; classtype:trojan-activity;sid:84117632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254525/; classtype:trojan-activity;sid:84117625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254526/; classtype:trojan-activity;sid:84117626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm6"; depth:6; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254527/; classtype:trojan-activity;sid:84117627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254528/; classtype:trojan-activity;sid:84117628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254512/; classtype:trojan-activity;sid:84117612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254513/; classtype:trojan-activity;sid:84117613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254514/; classtype:trojan-activity;sid:84117614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmips"; depth:6; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254515/; classtype:trojan-activity;sid:84117615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254516/; classtype:trojan-activity;sid:84117616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254517/; classtype:trojan-activity;sid:84117617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254518/; classtype:trojan-activity;sid:84117618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254519/; classtype:trojan-activity;sid:84117619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254520/; classtype:trojan-activity;sid:84117620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254521/; classtype:trojan-activity;sid:84117621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254522/; classtype:trojan-activity;sid:84117622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254523/; classtype:trojan-activity;sid:84117623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harm5"; depth:6; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254524/; classtype:trojan-activity;sid:84117624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254511/; classtype:trojan-activity;sid:84117611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.244.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254510/; classtype:trojan-activity;sid:84117610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254502/; classtype:trojan-activity;sid:84117602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esh4"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254503/; classtype:trojan-activity;sid:84117603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm5"; depth:6; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254504/; classtype:trojan-activity;sid:84117604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm7"; depth:6; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254505/; classtype:trojan-activity;sid:84117605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emips"; depth:6; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254506/; classtype:trojan-activity;sid:84117606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eppc"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254507/; classtype:trojan-activity;sid:84117607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254508/; classtype:trojan-activity;sid:84117608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/empsl"; depth:6; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254509/; classtype:trojan-activity;sid:84117609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254499/; classtype:trojan-activity;sid:84117599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254500/; classtype:trojan-activity;sid:84117600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254501/; classtype:trojan-activity;sid:84117601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.81.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254498/; classtype:trojan-activity;sid:84117598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254496/; classtype:trojan-activity;sid:84117596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254497/; classtype:trojan-activity;sid:84117597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.214.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254495/; classtype:trojan-activity;sid:84117595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.182.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254494/; classtype:trojan-activity;sid:84117594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.197.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254493/; classtype:trojan-activity;sid:84117593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/empsl"; depth:6; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254492/; classtype:trojan-activity;sid:84117592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm"; depth:5; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254486/; classtype:trojan-activity;sid:84117586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emips"; depth:6; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254487/; classtype:trojan-activity;sid:84117587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm7"; depth:6; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254488/; classtype:trojan-activity;sid:84117588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esh4"; depth:5; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254489/; classtype:trojan-activity;sid:84117589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm5"; depth:6; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254490/; classtype:trojan-activity;sid:84117590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eppc"; depth:5; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254491/; classtype:trojan-activity;sid:84117591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.19.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254484/; classtype:trojan-activity;sid:84117584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254483/; classtype:trojan-activity;sid:84117583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.176.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254482/; classtype:trojan-activity;sid:84117582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.38.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254481/; classtype:trojan-activity;sid:84117581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.180.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254479/; classtype:trojan-activity;sid:84117579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.109.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254480/; classtype:trojan-activity;sid:84117580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gg"; depth:3; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254473/; classtype:trojan-activity;sid:84117573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8usa.sh"; depth:8; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254474/; classtype:trojan-activity;sid:84117574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254475/; classtype:trojan-activity;sid:84117575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254476/; classtype:trojan-activity;sid:84117576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254477/; classtype:trojan-activity;sid:84117577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254478/; classtype:trojan-activity;sid:84117578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254471/; classtype:trojan-activity;sid:84117571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254472/; classtype:trojan-activity;sid:84117572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254469/; classtype:trojan-activity;sid:84117569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254470/; classtype:trojan-activity;sid:84117570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrarm7"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254462/; classtype:trojan-activity;sid:84117562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254463/; classtype:trojan-activity;sid:84117563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm7"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254464/; classtype:trojan-activity;sid:84117564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm6"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254465/; classtype:trojan-activity;sid:84117565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254466/; classtype:trojan-activity;sid:84117566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254467/; classtype:trojan-activity;sid:84117567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254468/; classtype:trojan-activity;sid:84117568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254443/; classtype:trojan-activity;sid:84117543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254444/; classtype:trojan-activity;sid:84117544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm"; depth:5; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254445/; classtype:trojan-activity;sid:84117545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254446/; classtype:trojan-activity;sid:84117546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254447/; classtype:trojan-activity;sid:84117547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm5"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254448/; classtype:trojan-activity;sid:84117548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm6"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254449/; classtype:trojan-activity;sid:84117549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm5"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254450/; classtype:trojan-activity;sid:84117550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254451/; classtype:trojan-activity;sid:84117551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrsh4"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254452/; classtype:trojan-activity;sid:84117552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gppc"; depth:5; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254453/; classtype:trojan-activity;sid:84117553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrmips"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254454/; classtype:trojan-activity;sid:84117554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254455/; classtype:trojan-activity;sid:84117555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254456/; classtype:trojan-activity;sid:84117556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254457/; classtype:trojan-activity;sid:84117557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254458/; classtype:trojan-activity;sid:84117558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254459/; classtype:trojan-activity;sid:84117559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254460/; classtype:trojan-activity;sid:84117560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrppc"; depth:6; endswith; nocase; http.host; content:"154.216.18.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254461/; classtype:trojan-activity;sid:84117561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.30.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254441/; classtype:trojan-activity;sid:84117541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254440/; classtype:trojan-activity;sid:84117540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.62.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254439/; classtype:trojan-activity;sid:84117539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.28.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254438/; classtype:trojan-activity;sid:84117538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.113.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254437/; classtype:trojan-activity;sid:84117537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254436/; classtype:trojan-activity;sid:84117536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.90.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254435/; classtype:trojan-activity;sid:84117535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254434/; classtype:trojan-activity;sid:84117534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.68.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254433/; classtype:trojan-activity;sid:84117533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254432/; classtype:trojan-activity;sid:84117532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.198.8.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254431/; classtype:trojan-activity;sid:84117531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.51.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254429/; classtype:trojan-activity;sid:84117529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254430/; classtype:trojan-activity;sid:84117530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.15.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254428/; classtype:trojan-activity;sid:84117528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.197.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254427/; classtype:trojan-activity;sid:84117527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.19.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254426/; classtype:trojan-activity;sid:84117526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.75.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254425/; classtype:trojan-activity;sid:84117525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.15.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254424/; classtype:trojan-activity;sid:84117524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.91.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254423/; classtype:trojan-activity;sid:84117523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254422/; classtype:trojan-activity;sid:84117522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.19.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254421/; classtype:trojan-activity;sid:84117521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.135.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254419/; classtype:trojan-activity;sid:84117519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.116.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254420/; classtype:trojan-activity;sid:84117520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.164.178.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254418/; classtype:trojan-activity;sid:84117518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.39.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254417/; classtype:trojan-activity;sid:84117517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.30.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254416/; classtype:trojan-activity;sid:84117516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254415/; classtype:trojan-activity;sid:84117515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254414/; classtype:trojan-activity;sid:84117514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.49.65.210"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254413/; classtype:trojan-activity;sid:84117513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.225.37.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254412/; classtype:trojan-activity;sid:84117512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.8.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254411/; classtype:trojan-activity;sid:84117511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.92.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254410/; classtype:trojan-activity;sid:84117510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.247.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254409/; classtype:trojan-activity;sid:84117509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.164.178.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254408/; classtype:trojan-activity;sid:84117508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254407/; classtype:trojan-activity;sid:84117507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254406/; classtype:trojan-activity;sid:84117506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254403/; classtype:trojan-activity;sid:84117503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254404/; classtype:trojan-activity;sid:84117504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254405/; classtype:trojan-activity;sid:84117505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254402/; classtype:trojan-activity;sid:84117502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254401/; classtype:trojan-activity;sid:84117501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.77.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254400/; classtype:trojan-activity;sid:84117500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.91.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254399/; classtype:trojan-activity;sid:84117499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.208.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254398/; classtype:trojan-activity;sid:84117498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.217.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254397/; classtype:trojan-activity;sid:84117497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.85.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254396/; classtype:trojan-activity;sid:84117496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.245.208.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254395/; classtype:trojan-activity;sid:84117495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.0.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254394/; classtype:trojan-activity;sid:84117494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.51.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254393/; classtype:trojan-activity;sid:84117493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.18.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254392/; classtype:trojan-activity;sid:84117492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254391/; classtype:trojan-activity;sid:84117491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngqwpl/ngown.exe"; depth:17; endswith; nocase; http.host; content:"raziritop.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254390/; classtype:trojan-activity;sid:84117490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gitmx"; depth:8; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254389/; classtype:trojan-activity;sid:84117489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fridayfilempdw-constraints.vbs"; depth:31; endswith; nocase; http.host; content:"107.172.31.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254388/; classtype:trojan-activity;sid:84117488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.18.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254387/; classtype:trojan-activity;sid:84117487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.141.22.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254385/; classtype:trojan-activity;sid:84117485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqkjf64"; depth:8; endswith; nocase; http.host; content:"server2.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254386/; classtype:trojan-activity;sid:84117486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254384/; classtype:trojan-activity;sid:84117484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254383/; classtype:trojan-activity;sid:84117483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.106.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254382/; classtype:trojan-activity;sid:84117482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.126.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254381/; classtype:trojan-activity;sid:84117481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.77.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254380/; classtype:trojan-activity;sid:84117480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.7.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254379/; classtype:trojan-activity;sid:84117479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.92.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254378/; classtype:trojan-activity;sid:84117478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.122.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254377/; classtype:trojan-activity;sid:84117477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.208.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254376/; classtype:trojan-activity;sid:84117476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.179.27.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254375/; classtype:trojan-activity;sid:84117475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.149.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254374/; classtype:trojan-activity;sid:84117474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.86.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254373/; classtype:trojan-activity;sid:84117473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.0.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254372/; classtype:trojan-activity;sid:84117472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.15.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254371/; classtype:trojan-activity;sid:84117471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.136.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254370/; classtype:trojan-activity;sid:84117470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.46.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254369/; classtype:trojan-activity;sid:84117469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.6.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254368/; classtype:trojan-activity;sid:84117468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.41.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254367/; classtype:trojan-activity;sid:84117467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.225.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254366/; classtype:trojan-activity;sid:84117466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.179.27.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254365/; classtype:trojan-activity;sid:84117465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.24.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254364/; classtype:trojan-activity;sid:84117464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.247.85.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254363/; classtype:trojan-activity;sid:84117463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.15.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254362/; classtype:trojan-activity;sid:84117462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.191.189.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254361/; classtype:trojan-activity;sid:84117461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.118.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254360/; classtype:trojan-activity;sid:84117460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.203.68.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254359/; classtype:trojan-activity;sid:84117459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.40.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254358/; classtype:trojan-activity;sid:84117458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.220.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254357/; classtype:trojan-activity;sid:84117457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.92.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254356/; classtype:trojan-activity;sid:84117456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.99.1.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254355/; classtype:trojan-activity;sid:84117455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.46.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254354/; classtype:trojan-activity;sid:84117454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.235.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254353/; classtype:trojan-activity;sid:84117453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254352/; classtype:trojan-activity;sid:84117452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.58.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254351/; classtype:trojan-activity;sid:84117451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6613.exe"; depth:9; endswith; nocase; http.host; content:"45.202.35.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254350/; classtype:trojan-activity;sid:84117450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.109.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254349/; classtype:trojan-activity;sid:84117449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254348/; classtype:trojan-activity;sid:84117448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.182.82.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254347/; classtype:trojan-activity;sid:84117447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.34.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254346/; classtype:trojan-activity;sid:84117446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.79.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254345/; classtype:trojan-activity;sid:84117445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.114.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254344/; classtype:trojan-activity;sid:84117444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.225.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254343/; classtype:trojan-activity;sid:84117443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.202.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254342/; classtype:trojan-activity;sid:84117442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.78.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254341/; classtype:trojan-activity;sid:84117441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.247.85.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254340/; classtype:trojan-activity;sid:84117440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.4.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254339/; classtype:trojan-activity;sid:84117439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.165.117.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254337/; classtype:trojan-activity;sid:84117437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.92.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254338/; classtype:trojan-activity;sid:84117438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.162.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254336/; classtype:trojan-activity;sid:84117436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.8.130.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254335/; classtype:trojan-activity;sid:84117435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.170.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254334/; classtype:trojan-activity;sid:84117434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.137.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254333/; classtype:trojan-activity;sid:84117433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.191.189.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254332/; classtype:trojan-activity;sid:84117432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.245.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254331/; classtype:trojan-activity;sid:84117431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.114.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254330/; classtype:trojan-activity;sid:84117430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.52.225"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254329/; classtype:trojan-activity;sid:84117429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.249.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254328/; classtype:trojan-activity;sid:84117428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.178.251.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254326/; classtype:trojan-activity;sid:84117426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.91.223.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254327/; classtype:trojan-activity;sid:84117427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.1.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254325/; classtype:trojan-activity;sid:84117425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.248.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254324/; classtype:trojan-activity;sid:84117424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.82.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254323/; classtype:trojan-activity;sid:84117423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254322/; classtype:trojan-activity;sid:84117422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.162.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254321/; classtype:trojan-activity;sid:84117421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.29.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254320/; classtype:trojan-activity;sid:84117420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.204.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254319/; classtype:trojan-activity;sid:84117419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.130.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254318/; classtype:trojan-activity;sid:84117418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.245.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254317/; classtype:trojan-activity;sid:84117417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.26.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254316/; classtype:trojan-activity;sid:84117416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.5.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254315/; classtype:trojan-activity;sid:84117415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.96.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254314/; classtype:trojan-activity;sid:84117414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.77.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254311/; classtype:trojan-activity;sid:84117411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.210.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254312/; classtype:trojan-activity;sid:84117412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.185.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254313/; classtype:trojan-activity;sid:84117413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.186.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254310/; classtype:trojan-activity;sid:84117410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.14.169"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254309/; classtype:trojan-activity;sid:84117409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.6.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254308/; classtype:trojan-activity;sid:84117408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.194.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254307/; classtype:trojan-activity;sid:84117407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.151.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254306/; classtype:trojan-activity;sid:84117406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.248.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254305/; classtype:trojan-activity;sid:84117405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.87.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254304/; classtype:trojan-activity;sid:84117404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.178.251.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254303/; classtype:trojan-activity;sid:84117403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.234.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254302/; classtype:trojan-activity;sid:84117402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.84.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254301/; classtype:trojan-activity;sid:84117401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.0.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254300/; classtype:trojan-activity;sid:84117400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.82.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254297/; classtype:trojan-activity;sid:84117397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.71.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254298/; classtype:trojan-activity;sid:84117398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.10.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254299/; classtype:trojan-activity;sid:84117399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.39.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254296/; classtype:trojan-activity;sid:84117396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.83.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254295/; classtype:trojan-activity;sid:84117395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.29.26"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254294/; classtype:trojan-activity;sid:84117394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.248.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254293/; classtype:trojan-activity;sid:84117393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.204.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254292/; classtype:trojan-activity;sid:84117392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.58.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254291/; classtype:trojan-activity;sid:84117391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.194.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254290/; classtype:trojan-activity;sid:84117390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.112.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254289/; classtype:trojan-activity;sid:84117389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.99.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254288/; classtype:trojan-activity;sid:84117388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.2.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254287/; classtype:trojan-activity;sid:84117387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254286/; classtype:trojan-activity;sid:84117386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254284/; classtype:trojan-activity;sid:84117384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.13.4.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254285/; classtype:trojan-activity;sid:84117385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.57.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254283/; classtype:trojan-activity;sid:84117383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254282/; classtype:trojan-activity;sid:84117382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.57.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254281/; classtype:trojan-activity;sid:84117381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.83.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254280/; classtype:trojan-activity;sid:84117380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.113.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254279/; classtype:trojan-activity;sid:84117379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.41.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254278/; classtype:trojan-activity;sid:84117378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.214.108.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254277/; classtype:trojan-activity;sid:84117377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254276/; classtype:trojan-activity;sid:84117376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.226.192.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254275/; classtype:trojan-activity;sid:84117375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.22.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254274/; classtype:trojan-activity;sid:84117374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.105.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254273/; classtype:trojan-activity;sid:84117373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.115.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254272/; classtype:trojan-activity;sid:84117372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.208.230.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254271/; classtype:trojan-activity;sid:84117371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254270/; classtype:trojan-activity;sid:84117370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.146.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254269/; classtype:trojan-activity;sid:84117369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.156.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254268/; classtype:trojan-activity;sid:84117368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.58.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254267/; classtype:trojan-activity;sid:84117367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.55.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254266/; classtype:trojan-activity;sid:84117366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.43.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254265/; classtype:trojan-activity;sid:84117365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.63.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254264/; classtype:trojan-activity;sid:84117364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.46.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254263/; classtype:trojan-activity;sid:84117363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.59.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254262/; classtype:trojan-activity;sid:84117362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.115.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254261/; classtype:trojan-activity;sid:84117361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254260/; classtype:trojan-activity;sid:84117360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.57.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254259/; classtype:trojan-activity;sid:84117359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.160.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254258/; classtype:trojan-activity;sid:84117358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.108.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254257/; classtype:trojan-activity;sid:84117357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254256/; classtype:trojan-activity;sid:84117356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254255/; classtype:trojan-activity;sid:84117355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.50.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254254/; classtype:trojan-activity;sid:84117354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254253/; classtype:trojan-activity;sid:84117353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.43.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254252/; classtype:trojan-activity;sid:84117352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gln06/0"; depth:10; endswith; nocase; http.host; content:"paste.ee"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254250/; classtype:trojan-activity;sid:84117350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.153.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254251/; classtype:trojan-activity;sid:84117351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.9.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254249/; classtype:trojan-activity;sid:84117349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdot227/pythonpathfixer/main/main.ps1"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254248/; classtype:trojan-activity;sid:84117348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43a1723/test/refs/heads/main/shellcode/loaderclient.ps1"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254247/; classtype:trojan-activity;sid:84117347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.99.163.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254246/; classtype:trojan-activity;sid:84117346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254245/; classtype:trojan-activity;sid:84117345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.46.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254244/; classtype:trojan-activity;sid:84117344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.112.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254243/; classtype:trojan-activity;sid:84117343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.59.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254241/; classtype:trojan-activity;sid:84117341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.47.188.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254240/; classtype:trojan-activity;sid:84117340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.187.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254239/; classtype:trojan-activity;sid:84117339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254238/; classtype:trojan-activity;sid:84117338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.240.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254237/; classtype:trojan-activity;sid:84117337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.189.176.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254235/; classtype:trojan-activity;sid:84117335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.202.176.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254236/; classtype:trojan-activity;sid:84117336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.212.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254234/; classtype:trojan-activity;sid:84117334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.72.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254233/; classtype:trojan-activity;sid:84117333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.217.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254232/; classtype:trojan-activity;sid:84117332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.76.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254231/; classtype:trojan-activity;sid:84117331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.150.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254230/; classtype:trojan-activity;sid:84117330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43a1723/test/releases/download/siu/stub.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254229/; classtype:trojan-activity;sid:84117329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptersandtools/upload/blob/main/new_image.jpg|3f|raw=true"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254227/; classtype:trojan-activity;sid:84117327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxyonly/www/raw/main/security.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u6iko/do5a/raw/main/xclient.exe"; depth:32; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254223/; classtype:trojan-activity;sid:84117323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unblockedgames2/school-shit/raw/main/fuag.exe"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254224/; classtype:trojan-activity;sid:84117324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.160.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254225/; classtype:trojan-activity;sid:84117325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfedss/e/raw/refs/heads/main/powershell.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254220/; classtype:trojan-activity;sid:84117320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eq44/d/raw/main/wzcstatus.exe"; depth:30; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254221/; classtype:trojan-activity;sid:84117321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43a1723/test/releases/download/autobuild/download.bat"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254219/; classtype:trojan-activity;sid:84117319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.240.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254218/; classtype:trojan-activity;sid:84117318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.82.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254217/; classtype:trojan-activity;sid:84117317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.237.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254216/; classtype:trojan-activity;sid:84117316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55nqefb2/raw"; depth:13; endswith; nocase; http.host; content:"rentry.co"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254215/; classtype:trojan-activity;sid:84117315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254214/; classtype:trojan-activity;sid:84117314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.115.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254213/; classtype:trojan-activity;sid:84117313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.252.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254212/; classtype:trojan-activity;sid:84117312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.5.30"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254211/; classtype:trojan-activity;sid:84117311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.163.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254209/; classtype:trojan-activity;sid:84117309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.87.251.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254210/; classtype:trojan-activity;sid:84117310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.139.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254208/; classtype:trojan-activity;sid:84117308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.247.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254207/; classtype:trojan-activity;sid:84117307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.128.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254205/; classtype:trojan-activity;sid:84117305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.217.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254206/; classtype:trojan-activity;sid:84117306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.2.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254204/; classtype:trojan-activity;sid:84117304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.242.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254203/; classtype:trojan-activity;sid:84117303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254202/; classtype:trojan-activity;sid:84117302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.211.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254201/; classtype:trojan-activity;sid:84117301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.150.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254200/; classtype:trojan-activity;sid:84117300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.17.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254199/; classtype:trojan-activity;sid:84117299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.9.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254198/; classtype:trojan-activity;sid:84117298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.72.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254197/; classtype:trojan-activity;sid:84117297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.10.19.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254196/; classtype:trojan-activity;sid:84117296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.247.25.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254195/; classtype:trojan-activity;sid:84117295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.80.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254194/; classtype:trojan-activity;sid:84117294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.28.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254193/; classtype:trojan-activity;sid:84117293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.101.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254192/; classtype:trojan-activity;sid:84117292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.231.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254191/; classtype:trojan-activity;sid:84117291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.76.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254190/; classtype:trojan-activity;sid:84117290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.68.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254189/; classtype:trojan-activity;sid:84117289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.56.6.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254188/; classtype:trojan-activity;sid:84117288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254187/; classtype:trojan-activity;sid:84117287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254186/; classtype:trojan-activity;sid:84117286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.86.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254185/; classtype:trojan-activity;sid:84117285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.246.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254184/; classtype:trojan-activity;sid:84117284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.242.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254183/; classtype:trojan-activity;sid:84117283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.231.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254182/; classtype:trojan-activity;sid:84117282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.143.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254181/; classtype:trojan-activity;sid:84117281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.10.19.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254180/; classtype:trojan-activity;sid:84117280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.53.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254179/; classtype:trojan-activity;sid:84117279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.206.193.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254178/; classtype:trojan-activity;sid:84117278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.211.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254177/; classtype:trojan-activity;sid:84117277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.80.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254176/; classtype:trojan-activity;sid:84117276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.27.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254175/; classtype:trojan-activity;sid:84117275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.249.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254174/; classtype:trojan-activity;sid:84117274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.139.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254173/; classtype:trojan-activity;sid:84117273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.101.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254172/; classtype:trojan-activity;sid:84117272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.223.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254171/; classtype:trojan-activity;sid:84117271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.203.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254170/; classtype:trojan-activity;sid:84117270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.247.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254169/; classtype:trojan-activity;sid:84117269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254168/; classtype:trojan-activity;sid:84117268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"198.2.88.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254167/; classtype:trojan-activity;sid:84117267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.255.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254166/; classtype:trojan-activity;sid:84117266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.254.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254165/; classtype:trojan-activity;sid:84117265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.45.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254164/; classtype:trojan-activity;sid:84117264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.225.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254162/; classtype:trojan-activity;sid:84117262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.83.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254163/; classtype:trojan-activity;sid:84117263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.169.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254161/; classtype:trojan-activity;sid:84117261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.8.89"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254160/; classtype:trojan-activity;sid:84117260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.28.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254159/; classtype:trojan-activity;sid:84117259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.246.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254158/; classtype:trojan-activity;sid:84117258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.51.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254157/; classtype:trojan-activity;sid:84117257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.91.120.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254156/; classtype:trojan-activity;sid:84117256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.203.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254155/; classtype:trojan-activity;sid:84117255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.228.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254154/; classtype:trojan-activity;sid:84117254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.133.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254153/; classtype:trojan-activity;sid:84117253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.160.30.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254152/; classtype:trojan-activity;sid:84117252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.198.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254151/; classtype:trojan-activity;sid:84117251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.113.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254150/; classtype:trojan-activity;sid:84117250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.125.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254149/; classtype:trojan-activity;sid:84117249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.179.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254148/; classtype:trojan-activity;sid:84117248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254147/; classtype:trojan-activity;sid:84117247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.91.120.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254146/; classtype:trojan-activity;sid:84117246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.158.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254145/; classtype:trojan-activity;sid:84117245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.13.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254144/; classtype:trojan-activity;sid:84117244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.203.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254143/; classtype:trojan-activity;sid:84117243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.99.12.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254142/; classtype:trojan-activity;sid:84117242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.196.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254141/; classtype:trojan-activity;sid:84117241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.59.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254140/; classtype:trojan-activity;sid:84117240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.184.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254139/; classtype:trojan-activity;sid:84117239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.241.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254138/; classtype:trojan-activity;sid:84117238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.128.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254137/; classtype:trojan-activity;sid:84117237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.133.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254136/; classtype:trojan-activity;sid:84117236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.117.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254135/; classtype:trojan-activity;sid:84117235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.160.30.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254134/; classtype:trojan-activity;sid:84117234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254133/; classtype:trojan-activity;sid:84117233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/motocrossbanerne37.pif/"; depth:24; endswith; nocase; http.host; content:"apslline.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254131/; classtype:trojan-activity;sid:84117231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6615.exe"; depth:9; endswith; nocase; http.host; content:"45.202.35.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254132/; classtype:trojan-activity;sid:84117232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hg7dj4_receipt.zip"; depth:19; endswith; nocase; http.host; content:"apslline.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254130/; classtype:trojan-activity;sid:84117230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/derbylite.pif"; depth:14; endswith; nocase; http.host; content:"apslline.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254129/; classtype:trojan-activity;sid:84117229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.158.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254128/; classtype:trojan-activity;sid:84117228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.121.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254127/; classtype:trojan-activity;sid:84117227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.107.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254126/; classtype:trojan-activity;sid:84117226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.248.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254125/; classtype:trojan-activity;sid:84117225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.18.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254124/; classtype:trojan-activity;sid:84117224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.98.163.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254123/; classtype:trojan-activity;sid:84117223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.99.12.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254122/; classtype:trojan-activity;sid:84117222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254120/; classtype:trojan-activity;sid:84117220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.44.242.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254121/; classtype:trojan-activity;sid:84117221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.51.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254119/; classtype:trojan-activity;sid:84117219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.17.111.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254118/; classtype:trojan-activity;sid:84117218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254116/; classtype:trojan-activity;sid:84117216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254117/; classtype:trojan-activity;sid:84117217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.206.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254115/; classtype:trojan-activity;sid:84117215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.37.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254114/; classtype:trojan-activity;sid:84117214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.18.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254113/; classtype:trojan-activity;sid:84117213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.255.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254112/; classtype:trojan-activity;sid:84117212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.50.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254111/; classtype:trojan-activity;sid:84117211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.133.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254110/; classtype:trojan-activity;sid:84117210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.140.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254109/; classtype:trojan-activity;sid:84117209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.150.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254108/; classtype:trojan-activity;sid:84117208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.201.146.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254107/; classtype:trojan-activity;sid:84117207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.233.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254106/; classtype:trojan-activity;sid:84117206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.104.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254105/; classtype:trojan-activity;sid:84117205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.100.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254104/; classtype:trojan-activity;sid:84117204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254103/; classtype:trojan-activity;sid:84117203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.59.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254101/; classtype:trojan-activity;sid:84117201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254102/; classtype:trojan-activity;sid:84117202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.159.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254100/; classtype:trojan-activity;sid:84117200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.124.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254099/; classtype:trojan-activity;sid:84117199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.60.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254097/; classtype:trojan-activity;sid:84117197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.32.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254098/; classtype:trojan-activity;sid:84117198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.37.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254096/; classtype:trojan-activity;sid:84117196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.17.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254094/; classtype:trojan-activity;sid:84117194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.14.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254095/; classtype:trojan-activity;sid:84117195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.233.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254093/; classtype:trojan-activity;sid:84117193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.203.72.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254092/; classtype:trojan-activity;sid:84117192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.26.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254091/; classtype:trojan-activity;sid:84117191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.203.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254090/; classtype:trojan-activity;sid:84117190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.94.34.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254089/; classtype:trojan-activity;sid:84117189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.0.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254088/; classtype:trojan-activity;sid:84117188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.208.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254087/; classtype:trojan-activity;sid:84117187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.211.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254086/; classtype:trojan-activity;sid:84117186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.79.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254084/; classtype:trojan-activity;sid:84117184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.248.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254085/; classtype:trojan-activity;sid:84117185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.44.242.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254083/; classtype:trojan-activity;sid:84117183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.240.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254082/; classtype:trojan-activity;sid:84117182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.2.102.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254080/; classtype:trojan-activity;sid:84117180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.229.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254081/; classtype:trojan-activity;sid:84117181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.224.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254078/; classtype:trojan-activity;sid:84117178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.50.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254079/; classtype:trojan-activity;sid:84117179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.86.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254077/; classtype:trojan-activity;sid:84117177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.109.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254076/; classtype:trojan-activity;sid:84117176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.228.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254075/; classtype:trojan-activity;sid:84117175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.130.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254074/; classtype:trojan-activity;sid:84117174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.11.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254072/; classtype:trojan-activity;sid:84117172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.108.244.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254073/; classtype:trojan-activity;sid:84117173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.159.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254071/; classtype:trojan-activity;sid:84117171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.106.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254070/; classtype:trojan-activity;sid:84117170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.100.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254069/; classtype:trojan-activity;sid:84117169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.128.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254068/; classtype:trojan-activity;sid:84117168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.134.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254067/; classtype:trojan-activity;sid:84117167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.136.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254066/; classtype:trojan-activity;sid:84117166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.104.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254065/; classtype:trojan-activity;sid:84117165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.47.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254064/; classtype:trojan-activity;sid:84117164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.101.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254062/; classtype:trojan-activity;sid:84117162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.124.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254063/; classtype:trojan-activity;sid:84117163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.138.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254061/; classtype:trojan-activity;sid:84117161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.228.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254060/; classtype:trojan-activity;sid:84117160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.161.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254059/; classtype:trojan-activity;sid:84117159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.90.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254058/; classtype:trojan-activity;sid:84117158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.74.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254057/; classtype:trojan-activity;sid:84117157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254056/; classtype:trojan-activity;sid:84117156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.82.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254055/; classtype:trojan-activity;sid:84117155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.220.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254053/; classtype:trojan-activity;sid:84117153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.224.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254054/; classtype:trojan-activity;sid:84117154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.246.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254052/; classtype:trojan-activity;sid:84117152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.182.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254051/; classtype:trojan-activity;sid:84117151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.83.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254050/; classtype:trojan-activity;sid:84117150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.113.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254049/; classtype:trojan-activity;sid:84117149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254048/; classtype:trojan-activity;sid:84117148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.12.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254047/; classtype:trojan-activity;sid:84117147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.77.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254046/; classtype:trojan-activity;sid:84117146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.249.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254044/; classtype:trojan-activity;sid:84117144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254045/; classtype:trojan-activity;sid:84117145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.159.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254043/; classtype:trojan-activity;sid:84117143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.86.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254042/; classtype:trojan-activity;sid:84117142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.17.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254040/; classtype:trojan-activity;sid:84117140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.35.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254041/; classtype:trojan-activity;sid:84117141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpl.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254039/; classtype:trojan-activity;sid:84117139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.131.91.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254038/; classtype:trojan-activity;sid:84117138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.33.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254037/; classtype:trojan-activity;sid:84117137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254036/; classtype:trojan-activity;sid:84117136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.46.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254035/; classtype:trojan-activity;sid:84117135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.198.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254034/; classtype:trojan-activity;sid:84117134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.47.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254033/; classtype:trojan-activity;sid:84117133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.82.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254032/; classtype:trojan-activity;sid:84117132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.90.7"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254031/; classtype:trojan-activity;sid:84117131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.51.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254030/; classtype:trojan-activity;sid:84117130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2512365123/dk.exe"; depth:18; endswith; nocase; http.host; content:"185.208.158.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254029/; classtype:trojan-activity;sid:84117129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.79.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254028/; classtype:trojan-activity;sid:84117128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.177.123.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254027/; classtype:trojan-activity;sid:84117127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.74.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254026/; classtype:trojan-activity;sid:84117126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.75.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254025/; classtype:trojan-activity;sid:84117125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.182.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254024/; classtype:trojan-activity;sid:84117124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254023/; classtype:trojan-activity;sid:84117123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254022/; classtype:trojan-activity;sid:84117122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.117.23.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254021/; classtype:trojan-activity;sid:84117121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.35.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254020/; classtype:trojan-activity;sid:84117120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.83.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254019/; classtype:trojan-activity;sid:84117119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.195.93.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254018/; classtype:trojan-activity;sid:84117118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.113.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254017/; classtype:trojan-activity;sid:84117117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254016/; classtype:trojan-activity;sid:84117116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.43.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254015/; classtype:trojan-activity;sid:84117115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.191.30.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254014/; classtype:trojan-activity;sid:84117114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.26.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254013/; classtype:trojan-activity;sid:84117113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254012/; classtype:trojan-activity;sid:84117112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.109.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254011/; classtype:trojan-activity;sid:84117111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.130.104.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254004/; classtype:trojan-activity;sid:84117104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.245.58.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254005/; classtype:trojan-activity;sid:84117105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.108.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254006/; classtype:trojan-activity;sid:84117106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.73.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254007/; classtype:trojan-activity;sid:84117107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.139.255.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254008/; classtype:trojan-activity;sid:84117108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.53.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254009/; classtype:trojan-activity;sid:84117109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.77.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254010/; classtype:trojan-activity;sid:84117110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.24.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254003/; classtype:trojan-activity;sid:84117103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.79.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254001/; classtype:trojan-activity;sid:84117101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254002/; classtype:trojan-activity;sid:84117102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.237.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254000/; classtype:trojan-activity;sid:84117100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.139.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253998/; classtype:trojan-activity;sid:84117098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.194.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253999/; classtype:trojan-activity;sid:84117099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.144.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253997/; classtype:trojan-activity;sid:84117097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253996/; classtype:trojan-activity;sid:84117096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.60.11.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253994/; classtype:trojan-activity;sid:84117094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/snaffler-ruylopez.exe"; depth:30; endswith; nocase; http.host; content:"grantthrontonredteammicrosoft.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253995/; classtype:trojan-activity;sid:84117095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/interactiveps-ruy-lopez.exe"; depth:36; endswith; nocase; http.host; content:"grantthrontonredteammicrosoft.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253993/; classtype:trojan-activity;sid:84117093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.28.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253992/; classtype:trojan-activity;sid:84117092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.35.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253991/; classtype:trojan-activity;sid:84117091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.113.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253990/; classtype:trojan-activity;sid:84117090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.234.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253989/; classtype:trojan-activity;sid:84117089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.3.120.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253988/; classtype:trojan-activity;sid:84117088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.182.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253987/; classtype:trojan-activity;sid:84117087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.43.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253986/; classtype:trojan-activity;sid:84117086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253985/; classtype:trojan-activity;sid:84117085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.144.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253984/; classtype:trojan-activity;sid:84117084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.214.186.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253983/; classtype:trojan-activity;sid:84117083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.251.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253982/; classtype:trojan-activity;sid:84117082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.67.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253981/; classtype:trojan-activity;sid:84117081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.79.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253980/; classtype:trojan-activity;sid:84117080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.228.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253979/; classtype:trojan-activity;sid:84117079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.194.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253978/; classtype:trojan-activity;sid:84117078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.246.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253977/; classtype:trojan-activity;sid:84117077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.172.68.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253975/; classtype:trojan-activity;sid:84117075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.58.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253976/; classtype:trojan-activity;sid:84117076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.142.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253974/; classtype:trojan-activity;sid:84117074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.97.200.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253973/; classtype:trojan-activity;sid:84117073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.185.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253972/; classtype:trojan-activity;sid:84117072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.234.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253971/; classtype:trojan-activity;sid:84117071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.139.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253970/; classtype:trojan-activity;sid:84117070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253969/; classtype:trojan-activity;sid:84117069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.255.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253968/; classtype:trojan-activity;sid:84117068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.190.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253967/; classtype:trojan-activity;sid:84117067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.190.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253966/; classtype:trojan-activity;sid:84117066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253965/; classtype:trojan-activity;sid:84117065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.3.120.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253964/; classtype:trojan-activity;sid:84117064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.11.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253963/; classtype:trojan-activity;sid:84117063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.64.68.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253962/; classtype:trojan-activity;sid:84117062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.148.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253959/; classtype:trojan-activity;sid:84117059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.154.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253960/; classtype:trojan-activity;sid:84117060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.204.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253961/; classtype:trojan-activity;sid:84117061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.182.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253958/; classtype:trojan-activity;sid:84117058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.67.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253957/; classtype:trojan-activity;sid:84117057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.88.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253956/; classtype:trojan-activity;sid:84117056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.78.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253954/; classtype:trojan-activity;sid:84117054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.15.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253955/; classtype:trojan-activity;sid:84117055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"vantrong.id.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253953/; classtype:trojan-activity;sid:84117053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.151.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253952/; classtype:trojan-activity;sid:84117052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.209.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253951/; classtype:trojan-activity;sid:84117051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.155.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253950/; classtype:trojan-activity;sid:84117050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.58.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253949/; classtype:trojan-activity;sid:84117049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.190.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253948/; classtype:trojan-activity;sid:84117048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253947/; classtype:trojan-activity;sid:84117047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/interactiveps-ruy-lopez.dll"; depth:36; endswith; nocase; http.host; content:"grantthrontonredteammicrosoft.com"; depth:33; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253946/; classtype:trojan-activity;sid:84117046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.248.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253945/; classtype:trojan-activity;sid:84117045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.8.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253944/; classtype:trojan-activity;sid:84117044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.162.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253943/; classtype:trojan-activity;sid:84117043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.129.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253942/; classtype:trojan-activity;sid:84117042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.92.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253941/; classtype:trojan-activity;sid:84117041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.21.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253939/; classtype:trojan-activity;sid:84117039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253940/; classtype:trojan-activity;sid:84117040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.208.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253938/; classtype:trojan-activity;sid:84117038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"mjrw.house.zionanakwenze.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253937/; classtype:trojan-activity;sid:84117037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"pfwu.house.zionanakwenze.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253936/; classtype:trojan-activity;sid:84117036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253932/; classtype:trojan-activity;sid:84117032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.164.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253933/; classtype:trojan-activity;sid:84117033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.203.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253934/; classtype:trojan-activity;sid:84117034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.83.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253935/; classtype:trojan-activity;sid:84117035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.246.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253931/; classtype:trojan-activity;sid:84117031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.148.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253930/; classtype:trojan-activity;sid:84117030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.214.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253929/; classtype:trojan-activity;sid:84117029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.15.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253928/; classtype:trojan-activity;sid:84117028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.7.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253927/; classtype:trojan-activity;sid:84117027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.88.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253926/; classtype:trojan-activity;sid:84117026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.9.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253925/; classtype:trojan-activity;sid:84117025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.251.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253924/; classtype:trojan-activity;sid:84117024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.46.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253923/; classtype:trojan-activity;sid:84117023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.52.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253921/; classtype:trojan-activity;sid:84117021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.139.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253922/; classtype:trojan-activity;sid:84117022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.62.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253920/; classtype:trojan-activity;sid:84117020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.162.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253919/; classtype:trojan-activity;sid:84117019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.26.224.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253918/; classtype:trojan-activity;sid:84117018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.158.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253917/; classtype:trojan-activity;sid:84117017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.89.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253915/; classtype:trojan-activity;sid:84117015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.69.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253916/; classtype:trojan-activity;sid:84117016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.88.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253914/; classtype:trojan-activity;sid:84117014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.37.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253912/; classtype:trojan-activity;sid:84117012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.251.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253913/; classtype:trojan-activity;sid:84117013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.236.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253908/; classtype:trojan-activity;sid:84117008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.86.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253909/; classtype:trojan-activity;sid:84117009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.115.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253910/; classtype:trojan-activity;sid:84117010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.238.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253911/; classtype:trojan-activity;sid:84117011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.129.103.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253907/; classtype:trojan-activity;sid:84117007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.65.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253906/; classtype:trojan-activity;sid:84117006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.117.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253905/; classtype:trojan-activity;sid:84117005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253904/; classtype:trojan-activity;sid:84117004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.sh"; depth:10; endswith; nocase; http.host; content:"103.77.246.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253902/; classtype:trojan-activity;sid:84117002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.208.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253903/; classtype:trojan-activity;sid:84117003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.28.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253901/; classtype:trojan-activity;sid:84117001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253900/; classtype:trojan-activity;sid:84117000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.168.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253899/; classtype:trojan-activity;sid:84116999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.153.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253897/; classtype:trojan-activity;sid:84116997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.131.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253898/; classtype:trojan-activity;sid:84116998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.224.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253896/; classtype:trojan-activity;sid:84116996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.214.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253893/; classtype:trojan-activity;sid:84116993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.10.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253894/; classtype:trojan-activity;sid:84116994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.99.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253895/; classtype:trojan-activity;sid:84116995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.21.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253891/; classtype:trojan-activity;sid:84116991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.245.15.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253892/; classtype:trojan-activity;sid:84116992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.74.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253889/; classtype:trojan-activity;sid:84116989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.9.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253890/; classtype:trojan-activity;sid:84116990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253888/; classtype:trojan-activity;sid:84116988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.122.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253887/; classtype:trojan-activity;sid:84116987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.108.6.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253886/; classtype:trojan-activity;sid:84116986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.235.239.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253885/; classtype:trojan-activity;sid:84116985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.218.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253884/; classtype:trojan-activity;sid:84116984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.60.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253883/; classtype:trojan-activity;sid:84116983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253882/; classtype:trojan-activity;sid:84116982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253881/; classtype:trojan-activity;sid:84116981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.4.165"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253880/; classtype:trojan-activity;sid:84116980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.61.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253879/; classtype:trojan-activity;sid:84116979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253878/; classtype:trojan-activity;sid:84116978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.3.40"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253877/; classtype:trojan-activity;sid:84116977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253876/; classtype:trojan-activity;sid:84116976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.24.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253875/; classtype:trojan-activity;sid:84116975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253874/; classtype:trojan-activity;sid:84116974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.114.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253873/; classtype:trojan-activity;sid:84116973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.255.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253872/; classtype:trojan-activity;sid:84116972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253871/; classtype:trojan-activity;sid:84116971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253870/; classtype:trojan-activity;sid:84116970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.112.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253869/; classtype:trojan-activity;sid:84116969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.74.202"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253867/; classtype:trojan-activity;sid:84116967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.224.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253868/; classtype:trojan-activity;sid:84116968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.122.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253865/; classtype:trojan-activity;sid:84116965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253866/; classtype:trojan-activity;sid:84116966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.216.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253864/; classtype:trojan-activity;sid:84116964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253863/; classtype:trojan-activity;sid:84116963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.175.25.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253862/; classtype:trojan-activity;sid:84116962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253861/; classtype:trojan-activity;sid:84116961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.150.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253860/; classtype:trojan-activity;sid:84116960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.4.165"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253859/; classtype:trojan-activity;sid:84116959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.206.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253858/; classtype:trojan-activity;sid:84116958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.52.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253857/; classtype:trojan-activity;sid:84116957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.202.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253856/; classtype:trojan-activity;sid:84116956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.101.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253855/; classtype:trojan-activity;sid:84116955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.15.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253853/; classtype:trojan-activity;sid:84116953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253854/; classtype:trojan-activity;sid:84116954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.105.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253852/; classtype:trojan-activity;sid:84116952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253851/; classtype:trojan-activity;sid:84116951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.92.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253850/; classtype:trojan-activity;sid:84116950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.255.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253849/; classtype:trojan-activity;sid:84116949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.3.40"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253848/; classtype:trojan-activity;sid:84116948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.5.79.254"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253847/; classtype:trojan-activity;sid:84116947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253846/; classtype:trojan-activity;sid:84116946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253845/; classtype:trojan-activity;sid:84116945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.71.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253844/; classtype:trojan-activity;sid:84116944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253840/; classtype:trojan-activity;sid:84116940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253841/; classtype:trojan-activity;sid:84116941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253842/; classtype:trojan-activity;sid:84116942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.64.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253843/; classtype:trojan-activity;sid:84116943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253839/; classtype:trojan-activity;sid:84116939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.15.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253838/; classtype:trojan-activity;sid:84116938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253837/; classtype:trojan-activity;sid:84116937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.2.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253836/; classtype:trojan-activity;sid:84116936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.244.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253835/; classtype:trojan-activity;sid:84116935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253832/; classtype:trojan-activity;sid:84116932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253833/; classtype:trojan-activity;sid:84116933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253834/; classtype:trojan-activity;sid:84116934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253831/; classtype:trojan-activity;sid:84116931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.247.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253830/; classtype:trojan-activity;sid:84116930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253827/; classtype:trojan-activity;sid:84116927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253828/; classtype:trojan-activity;sid:84116928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253829/; classtype:trojan-activity;sid:84116929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253826/; classtype:trojan-activity;sid:84116926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.54.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253825/; classtype:trojan-activity;sid:84116925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.13.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253824/; classtype:trojan-activity;sid:84116924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.5.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253823/; classtype:trojan-activity;sid:84116923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.53.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253821/; classtype:trojan-activity;sid:84116921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.184.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253822/; classtype:trojan-activity;sid:84116922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.197.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253820/; classtype:trojan-activity;sid:84116920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.13.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253819/; classtype:trojan-activity;sid:84116919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253817/; classtype:trojan-activity;sid:84116917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253818/; classtype:trojan-activity;sid:84116918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253816/; classtype:trojan-activity;sid:84116916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253815/; classtype:trojan-activity;sid:84116915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.210.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253812/; classtype:trojan-activity;sid:84116912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.218.160.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253813/; classtype:trojan-activity;sid:84116913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"154.216.18.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253814/; classtype:trojan-activity;sid:84116914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253810/; classtype:trojan-activity;sid:84116910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253811/; classtype:trojan-activity;sid:84116911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253808/; classtype:trojan-activity;sid:84116908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253809/; classtype:trojan-activity;sid:84116909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.202.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253807/; classtype:trojan-activity;sid:84116907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.105.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253806/; classtype:trojan-activity;sid:84116906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253804/; classtype:trojan-activity;sid:84116904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.18.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253805/; classtype:trojan-activity;sid:84116905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253800/; classtype:trojan-activity;sid:84116900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253801/; classtype:trojan-activity;sid:84116901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253802/; classtype:trojan-activity;sid:84116902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253803/; classtype:trojan-activity;sid:84116903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.15.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253799/; classtype:trojan-activity;sid:84116899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.2.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253798/; classtype:trojan-activity;sid:84116898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253793/; classtype:trojan-activity;sid:84116893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253794/; classtype:trojan-activity;sid:84116894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253795/; classtype:trojan-activity;sid:84116895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253796/; classtype:trojan-activity;sid:84116896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"154.216.20.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253797/; classtype:trojan-activity;sid:84116897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253792/; classtype:trojan-activity;sid:84116892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.45.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253791/; classtype:trojan-activity;sid:84116891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253790/; classtype:trojan-activity;sid:84116890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253787/; classtype:trojan-activity;sid:84116887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253788/; classtype:trojan-activity;sid:84116888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253789/; classtype:trojan-activity;sid:84116889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"154.216.20.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253786/; classtype:trojan-activity;sid:84116886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253782/; classtype:trojan-activity;sid:84116882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253783/; classtype:trojan-activity;sid:84116883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253784/; classtype:trojan-activity;sid:84116884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253785/; classtype:trojan-activity;sid:84116885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"154.216.20.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253781/; classtype:trojan-activity;sid:84116881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253780/; classtype:trojan-activity;sid:84116880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.13.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253779/; classtype:trojan-activity;sid:84116879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.80.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253778/; classtype:trojan-activity;sid:84116878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.184.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253777/; classtype:trojan-activity;sid:84116877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.225.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253775/; classtype:trojan-activity;sid:84116875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.118.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253776/; classtype:trojan-activity;sid:84116876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.103.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253774/; classtype:trojan-activity;sid:84116874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253773/; classtype:trojan-activity;sid:84116873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.4.200"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253772/; classtype:trojan-activity;sid:84116872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.247.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253771/; classtype:trojan-activity;sid:84116871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.171.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253770/; classtype:trojan-activity;sid:84116870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.9.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253769/; classtype:trojan-activity;sid:84116869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.80.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253768/; classtype:trojan-activity;sid:84116868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.215.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253767/; classtype:trojan-activity;sid:84116867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.108.90.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253766/; classtype:trojan-activity;sid:84116866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.197.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253764/; classtype:trojan-activity;sid:84116864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.5.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253765/; classtype:trojan-activity;sid:84116865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.99.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253763/; classtype:trojan-activity;sid:84116863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"chxjx.house.zionanakwenze.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253762/; classtype:trojan-activity;sid:84116862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.53.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253761/; classtype:trojan-activity;sid:84116861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.18.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253760/; classtype:trojan-activity;sid:84116860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.13.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253759/; classtype:trojan-activity;sid:84116859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.246.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253758/; classtype:trojan-activity;sid:84116858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.107.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253757/; classtype:trojan-activity;sid:84116857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.9.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253756/; classtype:trojan-activity;sid:84116856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.99.102"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253755/; classtype:trojan-activity;sid:84116855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.199.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253753/; classtype:trojan-activity;sid:84116853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253754/; classtype:trojan-activity;sid:84116854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.9.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253752/; classtype:trojan-activity;sid:84116852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.80.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253751/; classtype:trojan-activity;sid:84116851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.184.59.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253750/; classtype:trojan-activity;sid:84116850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.18.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253749/; classtype:trojan-activity;sid:84116849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.118.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253748/; classtype:trojan-activity;sid:84116848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.158.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253746/; classtype:trojan-activity;sid:84116846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253747/; classtype:trojan-activity;sid:84116847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.218.160.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253745/; classtype:trojan-activity;sid:84116845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.248.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253744/; classtype:trojan-activity;sid:84116844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.254.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253743/; classtype:trojan-activity;sid:84116843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.45.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253742/; classtype:trojan-activity;sid:84116842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.114.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253741/; classtype:trojan-activity;sid:84116841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.172.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253740/; classtype:trojan-activity;sid:84116840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.107.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253739/; classtype:trojan-activity;sid:84116839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.94.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253738/; classtype:trojan-activity;sid:84116838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.75.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253737/; classtype:trojan-activity;sid:84116837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.27.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253736/; classtype:trojan-activity;sid:84116836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.215.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253735/; classtype:trojan-activity;sid:84116835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.115.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253734/; classtype:trojan-activity;sid:84116834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.171.52"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253733/; classtype:trojan-activity;sid:84116833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253732/; classtype:trojan-activity;sid:84116832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.99.102"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253731/; classtype:trojan-activity;sid:84116831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.158.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253730/; classtype:trojan-activity;sid:84116830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.53.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253729/; classtype:trojan-activity;sid:84116829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.96.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253728/; classtype:trojan-activity;sid:84116828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.45.135"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253727/; classtype:trojan-activity;sid:84116827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.114.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253726/; classtype:trojan-activity;sid:84116826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.115.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253725/; classtype:trojan-activity;sid:84116825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253724/; classtype:trojan-activity;sid:84116824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.56.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253723/; classtype:trojan-activity;sid:84116823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.28.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253722/; classtype:trojan-activity;sid:84116822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253721/; classtype:trojan-activity;sid:84116821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.95.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253720/; classtype:trojan-activity;sid:84116820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.114.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253719/; classtype:trojan-activity;sid:84116819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.60.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253717/; classtype:trojan-activity;sid:84116817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.73.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253718/; classtype:trojan-activity;sid:84116818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.194.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253716/; classtype:trojan-activity;sid:84116816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.195.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253715/; classtype:trojan-activity;sid:84116815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.238.164.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253714/; classtype:trojan-activity;sid:84116814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.201.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253713/; classtype:trojan-activity;sid:84116813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.45.205"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253712/; classtype:trojan-activity;sid:84116812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.102.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253711/; classtype:trojan-activity;sid:84116811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.35.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253710/; classtype:trojan-activity;sid:84116810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253709/; classtype:trojan-activity;sid:84116809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.14.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253708/; classtype:trojan-activity;sid:84116808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.56.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253707/; classtype:trojan-activity;sid:84116807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.12.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253706/; classtype:trojan-activity;sid:84116806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.99.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253705/; classtype:trojan-activity;sid:84116805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.65.69.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253704/; classtype:trojan-activity;sid:84116804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.115.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253703/; classtype:trojan-activity;sid:84116803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.206.103.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253701/; classtype:trojan-activity;sid:84116801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.35.12.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253702/; classtype:trojan-activity;sid:84116802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.112.100.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253700/; classtype:trojan-activity;sid:84116800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.243.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253699/; classtype:trojan-activity;sid:84116799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253698/; classtype:trojan-activity;sid:84116798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253697/; classtype:trojan-activity;sid:84116797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.199.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253696/; classtype:trojan-activity;sid:84116796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.49.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253695/; classtype:trojan-activity;sid:84116795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.35.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253694/; classtype:trojan-activity;sid:84116794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.138.139.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253693/; classtype:trojan-activity;sid:84116793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.177.166.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253692/; classtype:trojan-activity;sid:84116792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.115.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253691/; classtype:trojan-activity;sid:84116791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253689/; classtype:trojan-activity;sid:84116789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.101.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253690/; classtype:trojan-activity;sid:84116790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.111.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3253688/; classtype:trojan-activity;sid:84116788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.122.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253687/; classtype:trojan-activity;sid:84116787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.49.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253686/; classtype:trojan-activity;sid:84116786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.224.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253685/; classtype:trojan-activity;sid:84116785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.61.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253684/; classtype:trojan-activity;sid:84116784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.243.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253683/; classtype:trojan-activity;sid:84116783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.177.166.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253682/; classtype:trojan-activity;sid:84116782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253681/; classtype:trojan-activity;sid:84116781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.188.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253679/; classtype:trojan-activity;sid:84116779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.154.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253680/; classtype:trojan-activity;sid:84116780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.102.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253678/; classtype:trojan-activity;sid:84116778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.172.68.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253677/; classtype:trojan-activity;sid:84116777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253676/; classtype:trojan-activity;sid:84116776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.101.221"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253675/; classtype:trojan-activity;sid:84116775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.207.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253674/; classtype:trojan-activity;sid:84116774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.209.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253673/; classtype:trojan-activity;sid:84116773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.244.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253671/; classtype:trojan-activity;sid:84116771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.111.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253672/; classtype:trojan-activity;sid:84116772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.61.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253670/; classtype:trojan-activity;sid:84116770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.94.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253669/; classtype:trojan-activity;sid:84116769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.29.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253668/; classtype:trojan-activity;sid:84116768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.49.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253667/; classtype:trojan-activity;sid:84116767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253666/; classtype:trojan-activity;sid:84116766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.98.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253665/; classtype:trojan-activity;sid:84116765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253664/; classtype:trojan-activity;sid:84116764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.249.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253663/; classtype:trojan-activity;sid:84116763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.246.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253662/; classtype:trojan-activity;sid:84116762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253661/; classtype:trojan-activity;sid:84116761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.154.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253660/; classtype:trojan-activity;sid:84116760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.14.169"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253659/; classtype:trojan-activity;sid:84116759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.187.82.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253658/; classtype:trojan-activity;sid:84116758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.181.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253656/; classtype:trojan-activity;sid:84116756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.103.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253657/; classtype:trojan-activity;sid:84116757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.238.171.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253655/; classtype:trojan-activity;sid:84116755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.24.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253654/; classtype:trojan-activity;sid:84116754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.94.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253653/; classtype:trojan-activity;sid:84116753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.244.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253652/; classtype:trojan-activity;sid:84116752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.209.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253651/; classtype:trojan-activity;sid:84116751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.103.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253650/; classtype:trojan-activity;sid:84116750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.234.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253649/; classtype:trojan-activity;sid:84116749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.29.163"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253648/; classtype:trojan-activity;sid:84116748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253647/; classtype:trojan-activity;sid:84116747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.4.165"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253646/; classtype:trojan-activity;sid:84116746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.163.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253645/; classtype:trojan-activity;sid:84116745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.98.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253644/; classtype:trojan-activity;sid:84116744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.120.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253643/; classtype:trojan-activity;sid:84116743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.152.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253642/; classtype:trojan-activity;sid:84116742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.141.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253641/; classtype:trojan-activity;sid:84116741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.82.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253640/; classtype:trojan-activity;sid:84116740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.238.171.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253639/; classtype:trojan-activity;sid:84116739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.42.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253638/; classtype:trojan-activity;sid:84116738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.181.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253636/; classtype:trojan-activity;sid:84116736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.234.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253637/; classtype:trojan-activity;sid:84116737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.29.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253635/; classtype:trojan-activity;sid:84116735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.105.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253634/; classtype:trojan-activity;sid:84116734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.185.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253633/; classtype:trojan-activity;sid:84116733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.139.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253632/; classtype:trojan-activity;sid:84116732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253631/; classtype:trojan-activity;sid:84116731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.11.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253630/; classtype:trojan-activity;sid:84116730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.24.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253629/; classtype:trojan-activity;sid:84116729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.99.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253628/; classtype:trojan-activity;sid:84116728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.22.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253627/; classtype:trojan-activity;sid:84116727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.50.70.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253626/; classtype:trojan-activity;sid:84116726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.120.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253625/; classtype:trojan-activity;sid:84116725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.141.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253624/; classtype:trojan-activity;sid:84116724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.163.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253623/; classtype:trojan-activity;sid:84116723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253622/; classtype:trojan-activity;sid:84116722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.25.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253621/; classtype:trojan-activity;sid:84116721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.99.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253620/; classtype:trojan-activity;sid:84116720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.15.94"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253619/; classtype:trojan-activity;sid:84116719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.47.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253618/; classtype:trojan-activity;sid:84116718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.61.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253617/; classtype:trojan-activity;sid:84116717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.79.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253616/; classtype:trojan-activity;sid:84116716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.98.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253615/; classtype:trojan-activity;sid:84116715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.133.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253614/; classtype:trojan-activity;sid:84116714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.253.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253613/; classtype:trojan-activity;sid:84116713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.125.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253612/; classtype:trojan-activity;sid:84116712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.165.69.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253611/; classtype:trojan-activity;sid:84116711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.162.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253610/; classtype:trojan-activity;sid:84116710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.233.19.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253609/; classtype:trojan-activity;sid:84116709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.79.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253607/; classtype:trojan-activity;sid:84116707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.191.131.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253608/; classtype:trojan-activity;sid:84116708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.204.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253606/; classtype:trojan-activity;sid:84116706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.85.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253605/; classtype:trojan-activity;sid:84116705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.113.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253604/; classtype:trojan-activity;sid:84116704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.12.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253603/; classtype:trojan-activity;sid:84116703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.10.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253602/; classtype:trojan-activity;sid:84116702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.114.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253600/; classtype:trojan-activity;sid:84116700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.25.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253601/; classtype:trojan-activity;sid:84116701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253599/; classtype:trojan-activity;sid:84116699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.4.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253598/; classtype:trojan-activity;sid:84116698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.47.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253597/; classtype:trojan-activity;sid:84116697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.123.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253596/; classtype:trojan-activity;sid:84116696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.81.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253595/; classtype:trojan-activity;sid:84116695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.91.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253593/; classtype:trojan-activity;sid:84116693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.55.98.253"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253594/; classtype:trojan-activity;sid:84116694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253592/; classtype:trojan-activity;sid:84116692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.202.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253591/; classtype:trojan-activity;sid:84116691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.247.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253589/; classtype:trojan-activity;sid:84116689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.76.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253590/; classtype:trojan-activity;sid:84116690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.138.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253588/; classtype:trojan-activity;sid:84116688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.79.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253587/; classtype:trojan-activity;sid:84116687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.133.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253586/; classtype:trojan-activity;sid:84116686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.98.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253585/; classtype:trojan-activity;sid:84116685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.162.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253584/; classtype:trojan-activity;sid:84116684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.90.192"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253583/; classtype:trojan-activity;sid:84116683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.151.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253581/; classtype:trojan-activity;sid:84116681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.23.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253582/; classtype:trojan-activity;sid:84116682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.240.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253580/; classtype:trojan-activity;sid:84116680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253579/; classtype:trojan-activity;sid:84116679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.12.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253578/; classtype:trojan-activity;sid:84116678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.56.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253577/; classtype:trojan-activity;sid:84116677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.253.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253576/; classtype:trojan-activity;sid:84116676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.139.134.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253575/; classtype:trojan-activity;sid:84116675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.244.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253574/; classtype:trojan-activity;sid:84116674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.38.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253573/; classtype:trojan-activity;sid:84116673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.247.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253572/; classtype:trojan-activity;sid:84116672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.76.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253571/; classtype:trojan-activity;sid:84116671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.123.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253570/; classtype:trojan-activity;sid:84116670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.28.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253569/; classtype:trojan-activity;sid:84116669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.211.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253568/; classtype:trojan-activity;sid:84116668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.196.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253567/; classtype:trojan-activity;sid:84116667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.102.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253566/; classtype:trojan-activity;sid:84116666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.0.238.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253565/; classtype:trojan-activity;sid:84116665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.192.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253564/; classtype:trojan-activity;sid:84116664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.253.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253563/; classtype:trojan-activity;sid:84116663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253562/; classtype:trojan-activity;sid:84116662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.185.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253561/; classtype:trojan-activity;sid:84116661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253560/; classtype:trojan-activity;sid:84116660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.238.189.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253559/; classtype:trojan-activity;sid:84116659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.23.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253558/; classtype:trojan-activity;sid:84116658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.139.134.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253557/; classtype:trojan-activity;sid:84116657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.9.113"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253556/; classtype:trojan-activity;sid:84116656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.193.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253555/; classtype:trojan-activity;sid:84116655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253554/; classtype:trojan-activity;sid:84116654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.115.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253553/; classtype:trojan-activity;sid:84116653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253552/; classtype:trojan-activity;sid:84116652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.152.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253550/; classtype:trojan-activity;sid:84116650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.56.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253551/; classtype:trojan-activity;sid:84116651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253549/; classtype:trojan-activity;sid:84116649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253548/; classtype:trojan-activity;sid:84116648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.244.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253546/; classtype:trojan-activity;sid:84116646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.59.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253547/; classtype:trojan-activity;sid:84116647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.227.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253545/; classtype:trojan-activity;sid:84116645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.28.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253544/; classtype:trojan-activity;sid:84116644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.192.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253543/; classtype:trojan-activity;sid:84116643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.91.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253542/; classtype:trojan-activity;sid:84116642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.149.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253541/; classtype:trojan-activity;sid:84116641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.213.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253540/; classtype:trojan-activity;sid:84116640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.44.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253539/; classtype:trojan-activity;sid:84116639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.190.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253538/; classtype:trojan-activity;sid:84116638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.189.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253536/; classtype:trojan-activity;sid:84116636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.18.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253537/; classtype:trojan-activity;sid:84116637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.253.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253535/; classtype:trojan-activity;sid:84116635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.128.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253534/; classtype:trojan-activity;sid:84116634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.193.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253533/; classtype:trojan-activity;sid:84116633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.185.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253532/; classtype:trojan-activity;sid:84116632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.59.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253531/; classtype:trojan-activity;sid:84116631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.152.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253530/; classtype:trojan-activity;sid:84116630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.163.251.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253529/; classtype:trojan-activity;sid:84116629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.127.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253528/; classtype:trojan-activity;sid:84116628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.13.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253527/; classtype:trojan-activity;sid:84116627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.250.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253526/; classtype:trojan-activity;sid:84116626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.241.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253525/; classtype:trojan-activity;sid:84116625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.149.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253524/; classtype:trojan-activity;sid:84116624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.28.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253523/; classtype:trojan-activity;sid:84116623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.128.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253522/; classtype:trojan-activity;sid:84116622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.84.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253521/; classtype:trojan-activity;sid:84116621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.69.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253520/; classtype:trojan-activity;sid:84116620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.30.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253519/; classtype:trojan-activity;sid:84116619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253518/; classtype:trojan-activity;sid:84116618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.193.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253517/; classtype:trojan-activity;sid:84116617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.156.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253516/; classtype:trojan-activity;sid:84116616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.11.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253515/; classtype:trojan-activity;sid:84116615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.215.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253514/; classtype:trojan-activity;sid:84116614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.203.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253513/; classtype:trojan-activity;sid:84116613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.105.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253512/; classtype:trojan-activity;sid:84116612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253511/; classtype:trojan-activity;sid:84116611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.164.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253510/; classtype:trojan-activity;sid:84116610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.51.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253509/; classtype:trojan-activity;sid:84116609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.151.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253508/; classtype:trojan-activity;sid:84116608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.99.236"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253507/; classtype:trojan-activity;sid:84116607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"191.240.39.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253506/; classtype:trojan-activity;sid:84116606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.122.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253505/; classtype:trojan-activity;sid:84116605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.209.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253504/; classtype:trojan-activity;sid:84116604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.87.37.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253503/; classtype:trojan-activity;sid:84116603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.21.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253502/; classtype:trojan-activity;sid:84116602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.43.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253501/; classtype:trojan-activity;sid:84116601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.76.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253500/; classtype:trojan-activity;sid:84116600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.164.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253499/; classtype:trojan-activity;sid:84116599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.224.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253498/; classtype:trojan-activity;sid:84116598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.69.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253497/; classtype:trojan-activity;sid:84116597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.95.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253496/; classtype:trojan-activity;sid:84116596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253495/; classtype:trojan-activity;sid:84116595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.93.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253494/; classtype:trojan-activity;sid:84116594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.27.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253493/; classtype:trojan-activity;sid:84116593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253492/; classtype:trojan-activity;sid:84116592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.31.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253491/; classtype:trojan-activity;sid:84116591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.51.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253490/; classtype:trojan-activity;sid:84116590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253489/; classtype:trojan-activity;sid:84116589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.6.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253488/; classtype:trojan-activity;sid:84116588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253487/; classtype:trojan-activity;sid:84116587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253486/; classtype:trojan-activity;sid:84116586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253485/; classtype:trojan-activity;sid:84116585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.194.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253484/; classtype:trojan-activity;sid:84116584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253483/; classtype:trojan-activity;sid:84116583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.35.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253482/; classtype:trojan-activity;sid:84116582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.125.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253481/; classtype:trojan-activity;sid:84116581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.76.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253480/; classtype:trojan-activity;sid:84116580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.208.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253479/; classtype:trojan-activity;sid:84116579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.42.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253478/; classtype:trojan-activity;sid:84116578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.202.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253477/; classtype:trojan-activity;sid:84116577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.4.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253475/; classtype:trojan-activity;sid:84116575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.208.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253476/; classtype:trojan-activity;sid:84116576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.144.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253474/; classtype:trojan-activity;sid:84116574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.178.40.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253473/; classtype:trojan-activity;sid:84116573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.196.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253472/; classtype:trojan-activity;sid:84116572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.31.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253471/; classtype:trojan-activity;sid:84116571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.164.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253470/; classtype:trojan-activity;sid:84116570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.42.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253469/; classtype:trojan-activity;sid:84116569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.74.229"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253468/; classtype:trojan-activity;sid:84116568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.194.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253467/; classtype:trojan-activity;sid:84116567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.2.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253466/; classtype:trojan-activity;sid:84116566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.1.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253465/; classtype:trojan-activity;sid:84116565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253464/; classtype:trojan-activity;sid:84116564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.207.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253463/; classtype:trojan-activity;sid:84116563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.179.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253462/; classtype:trojan-activity;sid:84116562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.146.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253461/; classtype:trojan-activity;sid:84116561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.202.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253460/; classtype:trojan-activity;sid:84116560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.164.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253459/; classtype:trojan-activity;sid:84116559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.144.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253458/; classtype:trojan-activity;sid:84116558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.4.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253457/; classtype:trojan-activity;sid:84116557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.58.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253456/; classtype:trojan-activity;sid:84116556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.176.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253455/; classtype:trojan-activity;sid:84116555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253454/; classtype:trojan-activity;sid:84116554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mpsl"; depth:12; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253453/; classtype:trojan-activity;sid:84116553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.sh4"; depth:11; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253450/; classtype:trojan-activity;sid:84116550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm"; depth:11; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253451/; classtype:trojan-activity;sid:84116551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm5"; depth:12; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253452/; classtype:trojan-activity;sid:84116552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.149.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253449/; classtype:trojan-activity;sid:84116549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.spc"; depth:11; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253448/; classtype:trojan-activity;sid:84116548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm7"; depth:12; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253447/; classtype:trojan-activity;sid:84116547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mips"; depth:12; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253446/; classtype:trojan-activity;sid:84116546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.m68k"; depth:12; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253445/; classtype:trojan-activity;sid:84116545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm6"; depth:12; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253443/; classtype:trojan-activity;sid:84116543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.x86"; depth:11; endswith; nocase; http.host; content:"91.208.184.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253444/; classtype:trojan-activity;sid:84116544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.93.44.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253442/; classtype:trojan-activity;sid:84116542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.74.229"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253441/; classtype:trojan-activity;sid:84116541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.111.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253440/; classtype:trojan-activity;sid:84116540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.58.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253439/; classtype:trojan-activity;sid:84116539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.101.3.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253438/; classtype:trojan-activity;sid:84116538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253437/; classtype:trojan-activity;sid:84116537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.220.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253436/; classtype:trojan-activity;sid:84116536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253435/; classtype:trojan-activity;sid:84116535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253434/; classtype:trojan-activity;sid:84116534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.60.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253433/; classtype:trojan-activity;sid:84116533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253432/; classtype:trojan-activity;sid:84116532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.80.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253431/; classtype:trojan-activity;sid:84116531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.212.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253430/; classtype:trojan-activity;sid:84116530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.111.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253429/; classtype:trojan-activity;sid:84116529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.193.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253428/; classtype:trojan-activity;sid:84116528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1tsnt8xbrs5tzaye7appikoh65ydvy-yn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253427/; classtype:trojan-activity;sid:84116527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1drx-4-s5-42ec55vnfookcnrwq_xpf4e"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253424/; classtype:trojan-activity;sid:84116524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yyudyoq84ujptazopayjm7jcp45rmdyz"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253425/; classtype:trojan-activity;sid:84116525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1aevqxw2zssem_bu9bakrj9c-opihrxzh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253426/; classtype:trojan-activity;sid:84116526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.17.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253423/; classtype:trojan-activity;sid:84116523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/903e65da79c0ad0a/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.241.61.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253422/; classtype:trojan-activity;sid:84116522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patchar/12.exe"; depth:15; endswith; nocase; http.host; content:"rivenconquer.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253421/; classtype:trojan-activity;sid:84116521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253420/; classtype:trojan-activity;sid:84116520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253419/; classtype:trojan-activity;sid:84116519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrigdaemon"; depth:12; endswith; nocase; http.host; content:"45.202.35.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253417/; classtype:trojan-activity;sid:84116517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrigminer"; depth:11; endswith; nocase; http.host; content:"45.202.35.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253418/; classtype:trojan-activity;sid:84116518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.80.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253416/; classtype:trojan-activity;sid:84116516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.222.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253415/; classtype:trojan-activity;sid:84116515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253413/; classtype:trojan-activity;sid:84116513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.121.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253414/; classtype:trojan-activity;sid:84116514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.197.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253412/; classtype:trojan-activity;sid:84116512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.249.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253410/; classtype:trojan-activity;sid:84116510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.188.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253411/; classtype:trojan-activity;sid:84116511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.193.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253409/; classtype:trojan-activity;sid:84116509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.17.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253408/; classtype:trojan-activity;sid:84116508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.119.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253407/; classtype:trojan-activity;sid:84116507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.149.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253406/; classtype:trojan-activity;sid:84116506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.1.92.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253405/; classtype:trojan-activity;sid:84116505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.121.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253404/; classtype:trojan-activity;sid:84116504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.185.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253403/; classtype:trojan-activity;sid:84116503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.184.135.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253401/; classtype:trojan-activity;sid:84116501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.174.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253402/; classtype:trojan-activity;sid:84116502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.244.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253400/; classtype:trojan-activity;sid:84116500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.249.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253399/; classtype:trojan-activity;sid:84116499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.124.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253398/; classtype:trojan-activity;sid:84116498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.156.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253397/; classtype:trojan-activity;sid:84116497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.222.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253396/; classtype:trojan-activity;sid:84116496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.197.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253395/; classtype:trojan-activity;sid:84116495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.188.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253393/; classtype:trojan-activity;sid:84116493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.126.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253394/; classtype:trojan-activity;sid:84116494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.249.236.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253392/; classtype:trojan-activity;sid:84116492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/6emtkcbmpn18s95s0tpm6/vrm0193920034.zip"; depth:47; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253390/; classtype:trojan-activity;sid:84116490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/bestellung-dkm00392pdf.lnk"; depth:30; endswith; nocase; http.host; content:"theme-crack-emissions-perspectives.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253389/; classtype:trojan-activity;sid:84116489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tue.bat"; depth:8; endswith; nocase; http.host; content:"theme-crack-emissions-perspectives.trycloudflare.com"; depth:52; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253387/; classtype:trojan-activity;sid:84116487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.bat"; depth:11; endswith; nocase; http.host; content:"retailer-indicators-resume-key.trycloudflare.com"; depth:48; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253388/; classtype:trojan-activity;sid:84116488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.bat"; depth:11; endswith; nocase; http.host; content:"michael-scanned-motherboard-reforms.trycloudflare.com"; depth:53; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253385/; classtype:trojan-activity;sid:84116485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto.zip"; depth:9; endswith; nocase; http.host; content:"michael-scanned-motherboard-reforms.trycloudflare.com"; depth:53; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253386/; classtype:trojan-activity;sid:84116486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253384/; classtype:trojan-activity;sid:84116484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253383/; classtype:trojan-activity;sid:84116483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.255"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253382/; classtype:trojan-activity;sid:84116482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.77.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253381/; classtype:trojan-activity;sid:84116481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.167.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253380/; classtype:trojan-activity;sid:84116480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.244.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253379/; classtype:trojan-activity;sid:84116479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.251.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253378/; classtype:trojan-activity;sid:84116478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.236.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253377/; classtype:trojan-activity;sid:84116477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.249.236.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253376/; classtype:trojan-activity;sid:84116476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253375/; classtype:trojan-activity;sid:84116475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.249.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253374/; classtype:trojan-activity;sid:84116474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.92.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253373/; classtype:trojan-activity;sid:84116473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253372/; classtype:trojan-activity;sid:84116472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.167.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253371/; classtype:trojan-activity;sid:84116471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/random.exe"; depth:17; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253370/; classtype:trojan-activity;sid:84116470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.0.236.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253369/; classtype:trojan-activity;sid:84116469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/tesst.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253368/; classtype:trojan-activity;sid:84116468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.116.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253367/; classtype:trojan-activity;sid:84116467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.65.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253365/; classtype:trojan-activity;sid:84116465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.122.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253366/; classtype:trojan-activity;sid:84116466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.241.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253364/; classtype:trojan-activity;sid:84116464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.8.218"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253363/; classtype:trojan-activity;sid:84116463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.150.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253362/; classtype:trojan-activity;sid:84116462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.236.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253361/; classtype:trojan-activity;sid:84116461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.99.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253359/; classtype:trojan-activity;sid:84116459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253360/; classtype:trojan-activity;sid:84116460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.20.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253358/; classtype:trojan-activity;sid:84116458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253357/; classtype:trojan-activity;sid:84116457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adapt/cabbage"; depth:14; endswith; nocase; http.host; content:"javierlopez.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253356/; classtype:trojan-activity;sid:84116456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.27.195"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253355/; classtype:trojan-activity;sid:84116455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adapt/kingdom"; depth:14; endswith; nocase; http.host; content:"javierlopez.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253354/; classtype:trojan-activity;sid:84116454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.65.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253353/; classtype:trojan-activity;sid:84116453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.86.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253352/; classtype:trojan-activity;sid:84116452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.107.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253351/; classtype:trojan-activity;sid:84116451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.20.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253350/; classtype:trojan-activity;sid:84116450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.99.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253349/; classtype:trojan-activity;sid:84116449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253348/; classtype:trojan-activity;sid:84116448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.120.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253346/; classtype:trojan-activity;sid:84116446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/tesst.exe"; depth:15; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253347/; classtype:trojan-activity;sid:84116447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.147.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253344/; classtype:trojan-activity;sid:84116444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.37.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253345/; classtype:trojan-activity;sid:84116445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.193.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253343/; classtype:trojan-activity;sid:84116443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.115.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253342/; classtype:trojan-activity;sid:84116442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.150.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253341/; classtype:trojan-activity;sid:84116441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.147.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253340/; classtype:trojan-activity;sid:84116440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.98.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253339/; classtype:trojan-activity;sid:84116439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.184.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253338/; classtype:trojan-activity;sid:84116438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.31.106.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253337/; classtype:trojan-activity;sid:84116437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.94.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253336/; classtype:trojan-activity;sid:84116436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.8.218"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253335/; classtype:trojan-activity;sid:84116435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253334/; classtype:trojan-activity;sid:84116434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.106.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253333/; classtype:trojan-activity;sid:84116433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.30.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253332/; classtype:trojan-activity;sid:84116432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253331/; classtype:trojan-activity;sid:84116431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.73.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253330/; classtype:trojan-activity;sid:84116430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.147.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253329/; classtype:trojan-activity;sid:84116429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.193.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253328/; classtype:trojan-activity;sid:84116428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.199.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253327/; classtype:trojan-activity;sid:84116427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.238.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253326/; classtype:trojan-activity;sid:84116426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.5.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253325/; classtype:trojan-activity;sid:84116425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.97.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253323/; classtype:trojan-activity;sid:84116423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.157.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253324/; classtype:trojan-activity;sid:84116424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.45.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253321/; classtype:trojan-activity;sid:84116421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.198.14.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253322/; classtype:trojan-activity;sid:84116422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.60.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253319/; classtype:trojan-activity;sid:84116419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.238.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253320/; classtype:trojan-activity;sid:84116420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253318/; classtype:trojan-activity;sid:84116418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.73.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253317/; classtype:trojan-activity;sid:84116417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.92.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253316/; classtype:trojan-activity;sid:84116416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.37.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253315/; classtype:trojan-activity;sid:84116415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.84.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253314/; classtype:trojan-activity;sid:84116414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.115.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253313/; classtype:trojan-activity;sid:84116413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.207.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253312/; classtype:trojan-activity;sid:84116412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.184.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253311/; classtype:trojan-activity;sid:84116411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.30.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253309/; classtype:trojan-activity;sid:84116409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.190.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253310/; classtype:trojan-activity;sid:84116410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.154.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253308/; classtype:trojan-activity;sid:84116408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.151.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253307/; classtype:trojan-activity;sid:84116407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.238.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253306/; classtype:trojan-activity;sid:84116406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.84.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253305/; classtype:trojan-activity;sid:84116405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.108.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253304/; classtype:trojan-activity;sid:84116404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.15.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253303/; classtype:trojan-activity;sid:84116403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.151.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253302/; classtype:trojan-activity;sid:84116402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.45.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253301/; classtype:trojan-activity;sid:84116401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.76.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253300/; classtype:trojan-activity;sid:84116400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.29.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253299/; classtype:trojan-activity;sid:84116399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.22.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253298/; classtype:trojan-activity;sid:84116398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.198.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253297/; classtype:trojan-activity;sid:84116397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.138.139.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253296/; classtype:trojan-activity;sid:84116396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.57.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253295/; classtype:trojan-activity;sid:84116395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.8.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253294/; classtype:trojan-activity;sid:84116394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.69.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253293/; classtype:trojan-activity;sid:84116393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.244.183"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253292/; classtype:trojan-activity;sid:84116392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.196.171.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253291/; classtype:trojan-activity;sid:84116391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.190.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253290/; classtype:trojan-activity;sid:84116390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.161.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253289/; classtype:trojan-activity;sid:84116389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.233.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253288/; classtype:trojan-activity;sid:84116388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.254.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253287/; classtype:trojan-activity;sid:84116387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.234.200.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253286/; classtype:trojan-activity;sid:84116386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.81.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253285/; classtype:trojan-activity;sid:84116385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.8.89"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253284/; classtype:trojan-activity;sid:84116384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.26.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253283/; classtype:trojan-activity;sid:84116383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.108.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253282/; classtype:trojan-activity;sid:84116382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.57.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253281/; classtype:trojan-activity;sid:84116381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.77.4.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253280/; classtype:trojan-activity;sid:84116380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253279/; classtype:trojan-activity;sid:84116379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.94.164.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253277/; classtype:trojan-activity;sid:84116377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.169.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253278/; classtype:trojan-activity;sid:84116378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.151.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253276/; classtype:trojan-activity;sid:84116376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.14.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253275/; classtype:trojan-activity;sid:84116375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.191.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253274/; classtype:trojan-activity;sid:84116374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.169.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253273/; classtype:trojan-activity;sid:84116373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xgtf0tz1"; depth:13; endswith; nocase; http.host; content:"bitbin.it"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253272/; classtype:trojan-activity;sid:84116372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.116.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253271/; classtype:trojan-activity;sid:84116371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.221.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253270/; classtype:trojan-activity;sid:84116370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.87.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253269/; classtype:trojan-activity;sid:84116369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.135.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253268/; classtype:trojan-activity;sid:84116368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.174.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253267/; classtype:trojan-activity;sid:84116367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.213.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253265/; classtype:trojan-activity;sid:84116365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.81.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253266/; classtype:trojan-activity;sid:84116366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"118.248.36.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253264/; classtype:trojan-activity;sid:84116364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.10.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253263/; classtype:trojan-activity;sid:84116363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.45.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253262/; classtype:trojan-activity;sid:84116362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.235.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253260/; classtype:trojan-activity;sid:84116360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.191.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253261/; classtype:trojan-activity;sid:84116361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.2.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253259/; classtype:trojan-activity;sid:84116359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.3.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253258/; classtype:trojan-activity;sid:84116358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.77.4.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253257/; classtype:trojan-activity;sid:84116357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.38.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253255/; classtype:trojan-activity;sid:84116355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253256/; classtype:trojan-activity;sid:84116356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.45.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253254/; classtype:trojan-activity;sid:84116354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.11.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253253/; classtype:trojan-activity;sid:84116353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.59.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253252/; classtype:trojan-activity;sid:84116352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.151.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253251/; classtype:trojan-activity;sid:84116351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.246.108.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253250/; classtype:trojan-activity;sid:84116350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.27.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253248/; classtype:trojan-activity;sid:84116348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.61.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253249/; classtype:trojan-activity;sid:84116349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.195.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253247/; classtype:trojan-activity;sid:84116347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.142.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253246/; classtype:trojan-activity;sid:84116346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.214.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253244/; classtype:trojan-activity;sid:84116344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253245/; classtype:trojan-activity;sid:84116345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253243/; classtype:trojan-activity;sid:84116343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.59.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253242/; classtype:trojan-activity;sid:84116342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.88.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253241/; classtype:trojan-activity;sid:84116341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.24.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253239/; classtype:trojan-activity;sid:84116339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.154.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253240/; classtype:trojan-activity;sid:84116340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.26.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253237/; classtype:trojan-activity;sid:84116337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.26.53.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253238/; classtype:trojan-activity;sid:84116338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm7"; depth:18; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253236/; classtype:trojan-activity;sid:84116336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.117.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253235/; classtype:trojan-activity;sid:84116335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253234/; classtype:trojan-activity;sid:84116334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm6"; depth:18; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253226/; classtype:trojan-activity;sid:84116326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm5"; depth:18; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253227/; classtype:trojan-activity;sid:84116327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.x86"; depth:17; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253228/; classtype:trojan-activity;sid:84116328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.ppc"; depth:17; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253229/; classtype:trojan-activity;sid:84116329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.mpsl"; depth:18; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253230/; classtype:trojan-activity;sid:84116330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.sh4"; depth:17; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253231/; classtype:trojan-activity;sid:84116331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm"; depth:17; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253232/; classtype:trojan-activity;sid:84116332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.m68k"; depth:18; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253233/; classtype:trojan-activity;sid:84116333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.mips"; depth:18; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253224/; classtype:trojan-activity;sid:84116324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.spc"; depth:17; endswith; nocase; http.host; content:"udp.ovhkulu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253225/; classtype:trojan-activity;sid:84116325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.218.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253223/; classtype:trojan-activity;sid:84116323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253222/; classtype:trojan-activity;sid:84116322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.103.58.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253221/; classtype:trojan-activity;sid:84116321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253219/; classtype:trojan-activity;sid:84116319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253220/; classtype:trojan-activity;sid:84116320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253209/; classtype:trojan-activity;sid:84116309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253210/; classtype:trojan-activity;sid:84116310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253211/; classtype:trojan-activity;sid:84116311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253212/; classtype:trojan-activity;sid:84116312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253213/; classtype:trojan-activity;sid:84116313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253214/; classtype:trojan-activity;sid:84116314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253215/; classtype:trojan-activity;sid:84116315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253216/; classtype:trojan-activity;sid:84116316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253217/; classtype:trojan-activity;sid:84116317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"1.0x004.top"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253218/; classtype:trojan-activity;sid:84116318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253204/; classtype:trojan-activity;sid:84116304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253205/; classtype:trojan-activity;sid:84116305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253206/; classtype:trojan-activity;sid:84116306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253207/; classtype:trojan-activity;sid:84116307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253208/; classtype:trojan-activity;sid:84116308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253202/; classtype:trojan-activity;sid:84116302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253203/; classtype:trojan-activity;sid:84116303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"82.118.16.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253201/; classtype:trojan-activity;sid:84116301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.214.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253200/; classtype:trojan-activity;sid:84116300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253199/; classtype:trojan-activity;sid:84116299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.8.79"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253197/; classtype:trojan-activity;sid:84116297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.117.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253198/; classtype:trojan-activity;sid:84116298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.4.207"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253196/; classtype:trojan-activity;sid:84116296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.84.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253195/; classtype:trojan-activity;sid:84116295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253194/; classtype:trojan-activity;sid:84116294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253193/; classtype:trojan-activity;sid:84116293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253191/; classtype:trojan-activity;sid:84116291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253192/; classtype:trojan-activity;sid:84116292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253185/; classtype:trojan-activity;sid:84116285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253186/; classtype:trojan-activity;sid:84116286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.88.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253187/; classtype:trojan-activity;sid:84116287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253188/; classtype:trojan-activity;sid:84116288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253189/; classtype:trojan-activity;sid:84116289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"houzi.firehxh.top"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253190/; classtype:trojan-activity;sid:84116290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.42.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253180/; classtype:trojan-activity;sid:84116280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253179/; classtype:trojan-activity;sid:84116279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.117.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253178/; classtype:trojan-activity;sid:84116278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253177/; classtype:trojan-activity;sid:84116277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253176/; classtype:trojan-activity;sid:84116276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253173/; classtype:trojan-activity;sid:84116273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253174/; classtype:trojan-activity;sid:84116274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253175/; classtype:trojan-activity;sid:84116275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253172/; classtype:trojan-activity;sid:84116272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253166/; classtype:trojan-activity;sid:84116266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253167/; classtype:trojan-activity;sid:84116267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253168/; classtype:trojan-activity;sid:84116268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253169/; classtype:trojan-activity;sid:84116269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253170/; classtype:trojan-activity;sid:84116270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"dyg34.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253171/; classtype:trojan-activity;sid:84116271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253165/; classtype:trojan-activity;sid:84116265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253163/; classtype:trojan-activity;sid:84116263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253164/; classtype:trojan-activity;sid:84116264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253161/; classtype:trojan-activity;sid:84116261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253162/; classtype:trojan-activity;sid:84116262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253156/; classtype:trojan-activity;sid:84116256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253157/; classtype:trojan-activity;sid:84116257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253158/; classtype:trojan-activity;sid:84116258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253159/; classtype:trojan-activity;sid:84116259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253160/; classtype:trojan-activity;sid:84116260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253147/; classtype:trojan-activity;sid:84116247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253148/; classtype:trojan-activity;sid:84116248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253149/; classtype:trojan-activity;sid:84116249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253150/; classtype:trojan-activity;sid:84116250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253151/; classtype:trojan-activity;sid:84116251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253152/; classtype:trojan-activity;sid:84116252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253153/; classtype:trojan-activity;sid:84116253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253154/; classtype:trojan-activity;sid:84116254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253155/; classtype:trojan-activity;sid:84116255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253146/; classtype:trojan-activity;sid:84116246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253138/; classtype:trojan-activity;sid:84116238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253139/; classtype:trojan-activity;sid:84116239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253140/; classtype:trojan-activity;sid:84116240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253141/; classtype:trojan-activity;sid:84116241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253142/; classtype:trojan-activity;sid:84116242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253143/; classtype:trojan-activity;sid:84116243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253144/; classtype:trojan-activity;sid:84116244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253145/; classtype:trojan-activity;sid:84116245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.59.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253135/; classtype:trojan-activity;sid:84116235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253136/; classtype:trojan-activity;sid:84116236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253137/; classtype:trojan-activity;sid:84116237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"botnet.abcyxz.lol"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253134/; classtype:trojan-activity;sid:84116234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.107.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253132/; classtype:trojan-activity;sid:84116232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.193.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253133/; classtype:trojan-activity;sid:84116233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"159.100.18.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253131/; classtype:trojan-activity;sid:84116231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"162.245.221.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253130/; classtype:trojan-activity;sid:84116230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.96.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253129/; classtype:trojan-activity;sid:84116229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.218.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253128/; classtype:trojan-activity;sid:84116228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.ppc"; depth:14; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253121/; classtype:trojan-activity;sid:84116221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.m68k"; depth:15; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253122/; classtype:trojan-activity;sid:84116222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mpsl"; depth:15; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253123/; classtype:trojan-activity;sid:84116223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86_64"; depth:17; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253124/; classtype:trojan-activity;sid:84116224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm5"; depth:15; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253125/; classtype:trojan-activity;sid:84116225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.sh4"; depth:14; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253126/; classtype:trojan-activity;sid:84116226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm6"; depth:15; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253127/; classtype:trojan-activity;sid:84116227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86"; depth:14; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253117/; classtype:trojan-activity;sid:84116217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mips"; depth:15; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253118/; classtype:trojan-activity;sid:84116218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm"; depth:14; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253119/; classtype:trojan-activity;sid:84116219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm7"; depth:15; endswith; nocase; http.host; content:"91.218.67.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253120/; classtype:trojan-activity;sid:84116220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86"; depth:14; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253115/; classtype:trojan-activity;sid:84116215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mips"; depth:15; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253116/; classtype:trojan-activity;sid:84116216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm7"; depth:15; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253106/; classtype:trojan-activity;sid:84116206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.m68k"; depth:15; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253107/; classtype:trojan-activity;sid:84116207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.mpsl"; depth:15; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253108/; classtype:trojan-activity;sid:84116208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.ppc"; depth:14; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253109/; classtype:trojan-activity;sid:84116209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.x86_64"; depth:17; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253110/; classtype:trojan-activity;sid:84116210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.sh4"; depth:14; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253111/; classtype:trojan-activity;sid:84116211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm5"; depth:15; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253112/; classtype:trojan-activity;sid:84116212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm"; depth:14; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253113/; classtype:trojan-activity;sid:84116213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/condi/bot.arm6"; depth:15; endswith; nocase; http.host; content:"niggakid.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253114/; classtype:trojan-activity;sid:84116214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.59.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253105/; classtype:trojan-activity;sid:84116205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/paleochorologyma.exe"; depth:28; endswith; nocase; http.host; content:"217.195.153.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253104/; classtype:trojan-activity;sid:84116204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/sd2.ps1"; depth:15; endswith; nocase; http.host; content:"217.195.153.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253101/; classtype:trojan-activity;sid:84116201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.84.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253100/; classtype:trojan-activity;sid:84116200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.30.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253099/; classtype:trojan-activity;sid:84116199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.9.205"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253098/; classtype:trojan-activity;sid:84116198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253096/; classtype:trojan-activity;sid:84116196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.165.69.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253097/; classtype:trojan-activity;sid:84116197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.96.63"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253095/; classtype:trojan-activity;sid:84116195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.121.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253094/; classtype:trojan-activity;sid:84116194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rexborne-20241019t111028z-001.zip"; depth:34; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253093/; classtype:trojan-activity;sid:84116193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp-windows-x64-8.2.12-0-vs16-installer.exe"; depth:46; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253092/; classtype:trojan-activity;sid:84116192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/python-3.8.6.exe"; depth:17; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253091/; classtype:trojan-activity;sid:84116191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donut12f.rar"; depth:13; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253090/; classtype:trojan-activity;sid:84116190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngrok-v3-stable-windows-386.zip"; depth:32; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253088/; classtype:trojan-activity;sid:84116188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sublime_text_build_4180_x64_setup.exe"; depth:38; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253089/; classtype:trojan-activity;sid:84116189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rexborne.rar"; depth:13; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253087/; classtype:trojan-activity;sid:84116187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winrar-x64-701.exe"; depth:19; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253086/; classtype:trojan-activity;sid:84116186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/legon.exe"; depth:10; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253085/; classtype:trojan-activity;sid:84116185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uio.exe"; depth:8; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253080/; classtype:trojan-activity;sid:84116180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.bin"; depth:11; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253081/; classtype:trojan-activity;sid:84116181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cipher.bin"; depth:11; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253082/; classtype:trojan-activity;sid:84116182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/legit.exe"; depth:10; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253083/; classtype:trojan-activity;sid:84116183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253084/; classtype:trojan-activity;sid:84116184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/key.bin"; depth:8; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253079/; classtype:trojan-activity;sid:84116179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/read_it.txt"; depth:12; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253077/; classtype:trojan-activity;sid:84116177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desktop.ini"; depth:12; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253078/; classtype:trojan-activity;sid:84116178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asyncclient.exe"; depth:16; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253076/; classtype:trojan-activity;sid:84116176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asnclient.exe"; depth:14; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253075/; classtype:trojan-activity;sid:84116175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/async.exe"; depth:10; endswith; nocase; http.host; content:"172.236.29.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253074/; classtype:trojan-activity;sid:84116174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.107.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253073/; classtype:trojan-activity;sid:84116173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.117.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253072/; classtype:trojan-activity;sid:84116172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.61.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253071/; classtype:trojan-activity;sid:84116171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.218.35.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253069/; classtype:trojan-activity;sid:84116169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.114.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253070/; classtype:trojan-activity;sid:84116170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app.exe"; depth:8; endswith; nocase; http.host; content:"5.42.66.119"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253068/; classtype:trojan-activity;sid:84116168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"5.42.66.119"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253067/; classtype:trojan-activity;sid:84116167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.189.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253066/; classtype:trojan-activity;sid:84116166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/espsemhvci.exe"; depth:15; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253065/; classtype:trojan-activity;sid:84116165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esphvci.exe"; depth:12; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253064/; classtype:trojan-activity;sid:84116164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plushvci.exe"; depth:13; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253063/; classtype:trojan-activity;sid:84116163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aimhvci.exe"; depth:12; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253062/; classtype:trojan-activity;sid:84116162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.173.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253061/; classtype:trojan-activity;sid:84116161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.107.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253060/; classtype:trojan-activity;sid:84116160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.206.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253059/; classtype:trojan-activity;sid:84116159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253058/; classtype:trojan-activity;sid:84116158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.249.236.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253057/; classtype:trojan-activity;sid:84116157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.98.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253056/; classtype:trojan-activity;sid:84116156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.35.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253055/; classtype:trojan-activity;sid:84116155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/903e65da79c0ad0a/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.241.61.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253050/; classtype:trojan-activity;sid:84116150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/903e65da79c0ad0a/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.241.61.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253051/; classtype:trojan-activity;sid:84116151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/903e65da79c0ad0a/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.241.61.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253052/; classtype:trojan-activity;sid:84116152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/903e65da79c0ad0a/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.241.61.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253053/; classtype:trojan-activity;sid:84116153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/903e65da79c0ad0a/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.241.61.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253054/; classtype:trojan-activity;sid:84116154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setupit/genericpayloads/payloadsetup-0507.exe"; depth:46; endswith; nocase; http.host; content:"vold.pcspeedcat.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253049/; classtype:trojan-activity;sid:84116149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/903e65da79c0ad0a/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.241.61.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253048/; classtype:trojan-activity;sid:84116148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.70.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253047/; classtype:trojan-activity;sid:84116147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253046/; classtype:trojan-activity;sid:84116146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.165.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253045/; classtype:trojan-activity;sid:84116145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.122.47.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253044/; classtype:trojan-activity;sid:84116144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.89.116.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253043/; classtype:trojan-activity;sid:84116143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253042/; classtype:trojan-activity;sid:84116142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.120.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253041/; classtype:trojan-activity;sid:84116141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.87.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253040/; classtype:trojan-activity;sid:84116140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.99.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253039/; classtype:trojan-activity;sid:84116139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.107.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253038/; classtype:trojan-activity;sid:84116138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.215.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253037/; classtype:trojan-activity;sid:84116137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.125.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253036/; classtype:trojan-activity;sid:84116136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.98.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253035/; classtype:trojan-activity;sid:84116135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.28.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253034/; classtype:trojan-activity;sid:84116134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253033/; classtype:trojan-activity;sid:84116133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.110.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253032/; classtype:trojan-activity;sid:84116132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253031/; classtype:trojan-activity;sid:84116131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.35.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253030/; classtype:trojan-activity;sid:84116130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.132.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253029/; classtype:trojan-activity;sid:84116129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.143.136.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253028/; classtype:trojan-activity;sid:84116128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.87.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253026/; classtype:trojan-activity;sid:84116126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.234.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253027/; classtype:trojan-activity;sid:84116127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.145.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253025/; classtype:trojan-activity;sid:84116125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.191.75.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253024/; classtype:trojan-activity;sid:84116124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.40.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253022/; classtype:trojan-activity;sid:84116122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.83.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253023/; classtype:trojan-activity;sid:84116123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.110.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253021/; classtype:trojan-activity;sid:84116121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253020/; classtype:trojan-activity;sid:84116120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.113.210.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253019/; classtype:trojan-activity;sid:84116119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.252.245.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253017/; classtype:trojan-activity;sid:84116117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newofff.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253018/; classtype:trojan-activity;sid:84116118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.12.13.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253015/; classtype:trojan-activity;sid:84116115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.145.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253016/; classtype:trojan-activity;sid:84116116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.83.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253014/; classtype:trojan-activity;sid:84116114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.137.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253013/; classtype:trojan-activity;sid:84116113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.75.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253012/; classtype:trojan-activity;sid:84116112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.234.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253011/; classtype:trojan-activity;sid:84116111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.80.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253010/; classtype:trojan-activity;sid:84116110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.241.176.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253009/; classtype:trojan-activity;sid:84116109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253008/; classtype:trojan-activity;sid:84116108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253007/; classtype:trojan-activity;sid:84116107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.40.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253006/; classtype:trojan-activity;sid:84116106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253005/; classtype:trojan-activity;sid:84116105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.115.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253004/; classtype:trojan-activity;sid:84116104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.191.75.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253003/; classtype:trojan-activity;sid:84116103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.78.201.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253002/; classtype:trojan-activity;sid:84116102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.12.13.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253001/; classtype:trojan-activity;sid:84116101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.146.200.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253000/; classtype:trojan-activity;sid:84116100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.105.8.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252999/; classtype:trojan-activity;sid:84116099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.194.184.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252998/; classtype:trojan-activity;sid:84116098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.37.41.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252997/; classtype:trojan-activity;sid:84116097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.43.33.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252996/; classtype:trojan-activity;sid:84116096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.222.132.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252981/; classtype:trojan-activity;sid:84116081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"34.27.142.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252982/; classtype:trojan-activity;sid:84116082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.37.41.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252983/; classtype:trojan-activity;sid:84116083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"112.124.71.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252984/; classtype:trojan-activity;sid:84116084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"150.158.36.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252985/; classtype:trojan-activity;sid:84116085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.159.60.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252986/; classtype:trojan-activity;sid:84116086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"49.235.108.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252987/; classtype:trojan-activity;sid:84116087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.127.125.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252988/; classtype:trojan-activity;sid:84116088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"103.37.41.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252989/; classtype:trojan-activity;sid:84116089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"113.113.98.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252990/; classtype:trojan-activity;sid:84116090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.100.63.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252991/; classtype:trojan-activity;sid:84116091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.107.250.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252992/; classtype:trojan-activity;sid:84116092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"122.51.180.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252993/; classtype:trojan-activity;sid:84116093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.159.251.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252994/; classtype:trojan-activity;sid:84116094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.36.111.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252995/; classtype:trojan-activity;sid:84116095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.43.59.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252976/; classtype:trojan-activity;sid:84116076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.137.76.34"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252977/; classtype:trojan-activity;sid:84116077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252978/; classtype:trojan-activity;sid:84116078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.108.112.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252979/; classtype:trojan-activity;sid:84116079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"168.235.72.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252980/; classtype:trojan-activity;sid:84116080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.14.104.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252975/; classtype:trojan-activity;sid:84116075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"54.83.86.59"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252974/; classtype:trojan-activity;sid:84116074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"112.74.184.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252968/; classtype:trojan-activity;sid:84116068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.103.218.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252969/; classtype:trojan-activity;sid:84116069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.210.236.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252970/; classtype:trojan-activity;sid:84116070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"206.237.4.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252971/; classtype:trojan-activity;sid:84116071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"154.9.227.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252972/; classtype:trojan-activity;sid:84116072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"38.147.172.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252973/; classtype:trojan-activity;sid:84116073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.5.69.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252963/; classtype:trojan-activity;sid:84116063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.138.20.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252964/; classtype:trojan-activity;sid:84116064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.42.4.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252965/; classtype:trojan-activity;sid:84116065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.54.46.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252966/; classtype:trojan-activity;sid:84116066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.54.46.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252967/; classtype:trojan-activity;sid:84116067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"46.17.43.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252962/; classtype:trojan-activity;sid:84116062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.213.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252961/; classtype:trojan-activity;sid:84116061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.26.8"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252960/; classtype:trojan-activity;sid:84116060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.187.35"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252959/; classtype:trojan-activity;sid:84116059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.185.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252958/; classtype:trojan-activity;sid:84116058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.55.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252957/; classtype:trojan-activity;sid:84116057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.173.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252955/; classtype:trojan-activity;sid:84116055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.38.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252956/; classtype:trojan-activity;sid:84116056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.244.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252954/; classtype:trojan-activity;sid:84116054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.85.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252953/; classtype:trojan-activity;sid:84116053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.157.136.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252952/; classtype:trojan-activity;sid:84116052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lknet.exe"; depth:10; endswith; nocase; http.host; content:"91.202.233.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252951/; classtype:trojan-activity;sid:84116051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.34.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252950/; classtype:trojan-activity;sid:84116050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.122.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252948/; classtype:trojan-activity;sid:84116048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.91.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252949/; classtype:trojan-activity;sid:84116049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.14.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252946/; classtype:trojan-activity;sid:84116046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.100.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252947/; classtype:trojan-activity;sid:84116047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.10.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252944/; classtype:trojan-activity;sid:84116044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.115.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252945/; classtype:trojan-activity;sid:84116045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.139.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252943/; classtype:trojan-activity;sid:84116043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252942/; classtype:trojan-activity;sid:84116042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.63.227.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252941/; classtype:trojan-activity;sid:84116041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.10.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252940/; classtype:trojan-activity;sid:84116040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.178.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252939/; classtype:trojan-activity;sid:84116039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.55.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252938/; classtype:trojan-activity;sid:84116038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.152.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252937/; classtype:trojan-activity;sid:84116037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.207"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252936/; classtype:trojan-activity;sid:84116036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.213.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252935/; classtype:trojan-activity;sid:84116035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.5.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252934/; classtype:trojan-activity;sid:84116034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.174.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252933/; classtype:trojan-activity;sid:84116033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.117.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252932/; classtype:trojan-activity;sid:84116032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.12.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252931/; classtype:trojan-activity;sid:84116031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.189.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252929/; classtype:trojan-activity;sid:84116029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.225.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252930/; classtype:trojan-activity;sid:84116030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.122.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252928/; classtype:trojan-activity;sid:84116028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.34.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252927/; classtype:trojan-activity;sid:84116027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.219.171.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252926/; classtype:trojan-activity;sid:84116026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.41.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252925/; classtype:trojan-activity;sid:84116025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.195.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252924/; classtype:trojan-activity;sid:84116024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.47.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252923/; classtype:trojan-activity;sid:84116023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.125.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252922/; classtype:trojan-activity;sid:84116022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.178.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252921/; classtype:trojan-activity;sid:84116021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.245.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252920/; classtype:trojan-activity;sid:84116020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.112.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252919/; classtype:trojan-activity;sid:84116019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.14.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252918/; classtype:trojan-activity;sid:84116018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.28.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252917/; classtype:trojan-activity;sid:84116017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.150.42.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252916/; classtype:trojan-activity;sid:84116016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.22.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252915/; classtype:trojan-activity;sid:84116015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.219.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252914/; classtype:trojan-activity;sid:84116014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252913/; classtype:trojan-activity;sid:84116013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.201.57.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252912/; classtype:trojan-activity;sid:84116012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.173.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252911/; classtype:trojan-activity;sid:84116011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.136.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252910/; classtype:trojan-activity;sid:84116010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.81.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252909/; classtype:trojan-activity;sid:84116009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.150.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252908/; classtype:trojan-activity;sid:84116008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.241.51.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252907/; classtype:trojan-activity;sid:84116007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252906/; classtype:trojan-activity;sid:84116006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.113.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252905/; classtype:trojan-activity;sid:84116005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.1.232"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252904/; classtype:trojan-activity;sid:84116004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.27.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252903/; classtype:trojan-activity;sid:84116003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.112.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252902/; classtype:trojan-activity;sid:84116002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.48.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252901/; classtype:trojan-activity;sid:84116001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.239.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252900/; classtype:trojan-activity;sid:84116000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.150.42.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252898/; classtype:trojan-activity;sid:84115998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.252.245.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252899/; classtype:trojan-activity;sid:84115999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.113.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252897/; classtype:trojan-activity;sid:84115997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252896/; classtype:trojan-activity;sid:84115996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.129.146.243"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252895/; classtype:trojan-activity;sid:84115995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.147.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252894/; classtype:trojan-activity;sid:84115994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.77.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252893/; classtype:trojan-activity;sid:84115993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.113.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252892/; classtype:trojan-activity;sid:84115992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.215.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252891/; classtype:trojan-activity;sid:84115991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.8.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252890/; classtype:trojan-activity;sid:84115990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.93.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252889/; classtype:trojan-activity;sid:84115989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.98.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252888/; classtype:trojan-activity;sid:84115988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.51.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252887/; classtype:trojan-activity;sid:84115987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.115.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252886/; classtype:trojan-activity;sid:84115986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.19.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252885/; classtype:trojan-activity;sid:84115985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.34.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252884/; classtype:trojan-activity;sid:84115984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252883/; classtype:trojan-activity;sid:84115983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.161.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252881/; classtype:trojan-activity;sid:84115981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252882/; classtype:trojan-activity;sid:84115982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.142.203"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252880/; classtype:trojan-activity;sid:84115980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.98.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252879/; classtype:trojan-activity;sid:84115979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252878/; classtype:trojan-activity;sid:84115978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.129.102.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252875/; classtype:trojan-activity;sid:84115975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"64.66.18.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252876/; classtype:trojan-activity;sid:84115976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.33.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252877/; classtype:trojan-activity;sid:84115977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.239.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252874/; classtype:trojan-activity;sid:84115974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.5.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252873/; classtype:trojan-activity;sid:84115973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic5.jpg"; depth:27; endswith; nocase; http.host; content:"samzafood.com.my"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252871/; classtype:trojan-activity;sid:84115971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.126.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252872/; classtype:trojan-activity;sid:84115972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.225.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252870/; classtype:trojan-activity;sid:84115970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.132.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252869/; classtype:trojan-activity;sid:84115969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.60.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252868/; classtype:trojan-activity;sid:84115968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/images/pic6.jpg"; depth:27; endswith; nocase; http.host; content:"samzafood.com.my"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252867/; classtype:trojan-activity;sid:84115967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.238.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252865/; classtype:trojan-activity;sid:84115965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252866/; classtype:trojan-activity;sid:84115966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41/smplrtt.txt"; depth:15; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252864/; classtype:trojan-activity;sid:84115964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.118.15.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252863/; classtype:trojan-activity;sid:84115963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.147.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252862/; classtype:trojan-activity;sid:84115962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.238.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252861/; classtype:trojan-activity;sid:84115961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.191.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252860/; classtype:trojan-activity;sid:84115960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.55.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252859/; classtype:trojan-activity;sid:84115959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.93.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252858/; classtype:trojan-activity;sid:84115958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.84.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252857/; classtype:trojan-activity;sid:84115957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252856/; classtype:trojan-activity;sid:84115956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.40.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252855/; classtype:trojan-activity;sid:84115955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.116.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252854/; classtype:trojan-activity;sid:84115954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.232.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252853/; classtype:trojan-activity;sid:84115953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.111.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252852/; classtype:trojan-activity;sid:84115952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.229.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252851/; classtype:trojan-activity;sid:84115951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.113.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252850/; classtype:trojan-activity;sid:84115950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.98.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252849/; classtype:trojan-activity;sid:84115949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.46.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252848/; classtype:trojan-activity;sid:84115948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.9.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252847/; classtype:trojan-activity;sid:84115947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.140.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252846/; classtype:trojan-activity;sid:84115946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.255.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252845/; classtype:trojan-activity;sid:84115945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252844/; classtype:trojan-activity;sid:84115944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252843/; classtype:trojan-activity;sid:84115943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.88.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252842/; classtype:trojan-activity;sid:84115942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.243.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252841/; classtype:trojan-activity;sid:84115941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.60.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252840/; classtype:trojan-activity;sid:84115940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.181.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252838/; classtype:trojan-activity;sid:84115938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.148.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252839/; classtype:trojan-activity;sid:84115939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.147.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252837/; classtype:trojan-activity;sid:84115937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.164.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252836/; classtype:trojan-activity;sid:84115936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.191.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252835/; classtype:trojan-activity;sid:84115935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.239.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252834/; classtype:trojan-activity;sid:84115934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.66.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252833/; classtype:trojan-activity;sid:84115933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42/ug/seethebestthingsevermeetwithgreatthingstobegood.hta"; depth:58; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252828/; classtype:trojan-activity;sid:84115928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta"; depth:55; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252829/; classtype:trojan-activity;sid:84115929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36/bv/seethebestthingstobegoodwithhislifebestthigns.hta"; depth:56; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252830/; classtype:trojan-activity;sid:84115930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42/loglki.txt"; depth:14; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252831/; classtype:trojan-activity;sid:84115931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36/logs%20loki.txt"; depth:19; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252832/; classtype:trojan-activity;sid:84115932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36/goodthingswithgreatcomebackwithgreatthigns.tif"; depth:50; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252827/; classtype:trojan-activity;sid:84115927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41/simplethingswithgreatthignsgivenmebestthings.tif"; depth:52; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252825/; classtype:trojan-activity;sid:84115925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42/logisticthingswithgoodthingsgivenbest.tif"; depth:45; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252826/; classtype:trojan-activity;sid:84115926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252824/; classtype:trojan-activity;sid:84115924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.225.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252821/; classtype:trojan-activity;sid:84115921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.27.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252822/; classtype:trojan-activity;sid:84115922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.81.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252823/; classtype:trojan-activity;sid:84115923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.48.28.57"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252820/; classtype:trojan-activity;sid:84115920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.204.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252819/; classtype:trojan-activity;sid:84115919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.94.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252818/; classtype:trojan-activity;sid:84115918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.113.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252817/; classtype:trojan-activity;sid:84115917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.59.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252816/; classtype:trojan-activity;sid:84115916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.114.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252814/; classtype:trojan-activity;sid:84115914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.0.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252815/; classtype:trojan-activity;sid:84115915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/smlperr.txt"; depth:15; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252813/; classtype:trojan-activity;sid:84115913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibrugtagelses.pcx"; depth:18; endswith; nocase; http.host; content:"bruta.pl"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252811/; classtype:trojan-activity;sid:84115911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwvtkopkcdl194.bin"; depth:19; endswith; nocase; http.host; content:"bruta.pl"; depth:8; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252812/; classtype:trojan-activity;sid:84115912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/educationalthingswithgreatattitudeonhere.tif"; depth:48; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252810/; classtype:trojan-activity;sid:84115910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.81.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252809/; classtype:trojan-activity;sid:84115909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252807/; classtype:trojan-activity;sid:84115907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.24.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252808/; classtype:trojan-activity;sid:84115908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.9.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252806/; classtype:trojan-activity;sid:84115906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.46.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252805/; classtype:trojan-activity;sid:84115905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.27.199.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252804/; classtype:trojan-activity;sid:84115904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.61.231.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252803/; classtype:trojan-activity;sid:84115903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.247.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252802/; classtype:trojan-activity;sid:84115902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.148.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252801/; classtype:trojan-activity;sid:84115901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.177.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252800/; classtype:trojan-activity;sid:84115900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.239.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252799/; classtype:trojan-activity;sid:84115899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.214.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252798/; classtype:trojan-activity;sid:84115898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.140.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252797/; classtype:trojan-activity;sid:84115897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.252.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252796/; classtype:trojan-activity;sid:84115896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.121.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252795/; classtype:trojan-activity;sid:84115895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.238.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252794/; classtype:trojan-activity;sid:84115894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.21.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252793/; classtype:trojan-activity;sid:84115893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.27.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252790/; classtype:trojan-activity;sid:84115890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.105.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252791/; classtype:trojan-activity;sid:84115891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.132.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252792/; classtype:trojan-activity;sid:84115892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fresh7.zip"; depth:11; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252789/; classtype:trojan-activity;sid:84115889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.pdf"; depth:6; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252788/; classtype:trojan-activity;sid:84115888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bas.bat"; depth:8; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252787/; classtype:trojan-activity;sid:84115887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.11.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252784/; classtype:trojan-activity;sid:84115884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yak.cmd"; depth:8; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252785/; classtype:trojan-activity;sid:84115885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q.pdf"; depth:6; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252786/; classtype:trojan-activity;sid:84115886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invoi_pdf.lnk"; depth:14; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252783/; classtype:trojan-activity;sid:84115883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pop.bat"; depth:8; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252781/; classtype:trojan-activity;sid:84115881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desktop.ini"; depth:12; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252782/; classtype:trojan-activity;sid:84115882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252780/; classtype:trojan-activity;sid:84115880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"37.60.252.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252779/; classtype:trojan-activity;sid:84115879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.153.175.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252778/; classtype:trojan-activity;sid:84115878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.102.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252776/; classtype:trojan-activity;sid:84115876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.234.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252777/; classtype:trojan-activity;sid:84115877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxjs.zip"; depth:9; endswith; nocase; http.host; content:"51.89.201.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252775/; classtype:trojan-activity;sid:84115875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.bat"; depth:8; endswith; nocase; http.host; content:"51.89.201.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252774/; classtype:trojan-activity;sid:84115874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/startuppp.bat"; depth:14; endswith; nocase; http.host; content:"51.89.201.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252773/; classtype:trojan-activity;sid:84115873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftsp.zip"; depth:9; endswith; nocase; http.host; content:"51.89.201.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252772/; classtype:trojan-activity;sid:84115872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ygvhfv_shoptyvas/ygvhfv_shoptyvas_bpay673yhf.lnk"; depth:49; endswith; nocase; http.host; content:"51.89.201.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252770/; classtype:trojan-activity;sid:84115870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kryg_paysca/kryg_paysca_7bkhsaugfsa.lnk"; depth:40; endswith; nocase; http.host; content:"51.89.201.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252771/; classtype:trojan-activity;sid:84115871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.119.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252769/; classtype:trojan-activity;sid:84115869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.mpsl"; depth:18; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252766/; classtype:trojan-activity;sid:84115866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.108.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252767/; classtype:trojan-activity;sid:84115867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.90.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252768/; classtype:trojan-activity;sid:84115868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.spc"; depth:17; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252765/; classtype:trojan-activity;sid:84115865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252764/; classtype:trojan-activity;sid:84115864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.139.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252763/; classtype:trojan-activity;sid:84115863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.113.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252762/; classtype:trojan-activity;sid:84115862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.61.231.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252761/; classtype:trojan-activity;sid:84115861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.25.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252760/; classtype:trojan-activity;sid:84115860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.225.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252759/; classtype:trojan-activity;sid:84115859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.252.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252758/; classtype:trojan-activity;sid:84115858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.124.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252757/; classtype:trojan-activity;sid:84115857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.248.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252756/; classtype:trojan-activity;sid:84115856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.113.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252755/; classtype:trojan-activity;sid:84115855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.102.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252754/; classtype:trojan-activity;sid:84115854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.201.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252753/; classtype:trojan-activity;sid:84115853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.119.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252752/; classtype:trojan-activity;sid:84115852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.42.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252751/; classtype:trojan-activity;sid:84115851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.153.175.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252750/; classtype:trojan-activity;sid:84115850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252749/; classtype:trojan-activity;sid:84115849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.76.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252747/; classtype:trojan-activity;sid:84115847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.8.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252748/; classtype:trojan-activity;sid:84115848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.66.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252745/; classtype:trojan-activity;sid:84115845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252746/; classtype:trojan-activity;sid:84115846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.41.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252744/; classtype:trojan-activity;sid:84115844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"8.217.62.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252743/; classtype:trojan-activity;sid:84115843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"8.217.62.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252742/; classtype:trojan-activity;sid:84115842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"154.91.227.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252741/; classtype:trojan-activity;sid:84115841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.234.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252740/; classtype:trojan-activity;sid:84115840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"8.212.102.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252724/; classtype:trojan-activity;sid:84115824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"154.91.227.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252725/; classtype:trojan-activity;sid:84115825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"8.212.101.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252726/; classtype:trojan-activity;sid:84115826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"8.212.101.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252727/; classtype:trojan-activity;sid:84115827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"154.91.227.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252728/; classtype:trojan-activity;sid:84115828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"8.212.101.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252729/; classtype:trojan-activity;sid:84115829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"8.212.100.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252730/; classtype:trojan-activity;sid:84115830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"8.212.101.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252731/; classtype:trojan-activity;sid:84115831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"8.212.102.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252732/; classtype:trojan-activity;sid:84115832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"8.212.101.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252733/; classtype:trojan-activity;sid:84115833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"8.212.101.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252734/; classtype:trojan-activity;sid:84115834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"8.212.100.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252735/; classtype:trojan-activity;sid:84115835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"129.226.124.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252736/; classtype:trojan-activity;sid:84115836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"154.215.0.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252737/; classtype:trojan-activity;sid:84115837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"154.91.227.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252738/; classtype:trojan-activity;sid:84115838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomemb.exe"; depth:11; endswith; nocase; http.host; content:"129.226.124.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252739/; classtype:trojan-activity;sid:84115839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tom.ox"; depth:7; endswith; nocase; http.host; content:"154.215.0.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252723/; classtype:trojan-activity;sid:84115823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.11.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252722/; classtype:trojan-activity;sid:84115822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.25.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252721/; classtype:trojan-activity;sid:84115821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.173.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252720/; classtype:trojan-activity;sid:84115820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"154.91.227.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252710/; classtype:trojan-activity;sid:84115810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"8.212.101.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252711/; classtype:trojan-activity;sid:84115811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"154.91.227.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252712/; classtype:trojan-activity;sid:84115812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"8.212.102.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252713/; classtype:trojan-activity;sid:84115813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"129.226.124.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252714/; classtype:trojan-activity;sid:84115814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"8.212.101.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252715/; classtype:trojan-activity;sid:84115815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"154.215.0.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252716/; classtype:trojan-activity;sid:84115816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"8.217.62.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252717/; classtype:trojan-activity;sid:84115817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"8.212.101.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252718/; classtype:trojan-activity;sid:84115818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pootdigitsix.bin"; depth:17; endswith; nocase; http.host; content:"8.212.100.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252719/; classtype:trojan-activity;sid:84115819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"8.217.62.104"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252709/; classtype:trojan-activity;sid:84115809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"129.226.124.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252701/; classtype:trojan-activity;sid:84115801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"8.212.101.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252702/; classtype:trojan-activity;sid:84115802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"8.212.101.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252703/; classtype:trojan-activity;sid:84115803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"154.215.0.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252704/; classtype:trojan-activity;sid:84115804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"8.212.101.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252705/; classtype:trojan-activity;sid:84115805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"154.91.227.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252706/; classtype:trojan-activity;sid:84115806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"154.91.227.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252707/; classtype:trojan-activity;sid:84115807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"8.212.102.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252708/; classtype:trojan-activity;sid:84115808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libemb.dll"; depth:11; endswith; nocase; http.host; content:"8.212.100.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252700/; classtype:trojan-activity;sid:84115800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.184.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252699/; classtype:trojan-activity;sid:84115799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.115.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252698/; classtype:trojan-activity;sid:84115798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.131.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252697/; classtype:trojan-activity;sid:84115797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.61.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252696/; classtype:trojan-activity;sid:84115796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.235.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252695/; classtype:trojan-activity;sid:84115795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.225.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252694/; classtype:trojan-activity;sid:84115794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.90.241"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252693/; classtype:trojan-activity;sid:84115793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.204.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252692/; classtype:trojan-activity;sid:84115792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.111.130.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252690/; classtype:trojan-activity;sid:84115790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.113.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252691/; classtype:trojan-activity;sid:84115791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.28.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252689/; classtype:trojan-activity;sid:84115789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.60.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252688/; classtype:trojan-activity;sid:84115788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.201.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252687/; classtype:trojan-activity;sid:84115787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.86.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252686/; classtype:trojan-activity;sid:84115786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.120.230.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252685/; classtype:trojan-activity;sid:84115785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.178.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252684/; classtype:trojan-activity;sid:84115784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.138.139.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252683/; classtype:trojan-activity;sid:84115783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.166.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252682/; classtype:trojan-activity;sid:84115782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.80.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252681/; classtype:trojan-activity;sid:84115781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.213.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252680/; classtype:trojan-activity;sid:84115780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.168.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252679/; classtype:trojan-activity;sid:84115779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gnxpwiba234.bin"; depth:16; endswith; nocase; http.host; content:"204.10.160.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252677/; classtype:trojan-activity;sid:84115777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lftlvieo72.bin"; depth:15; endswith; nocase; http.host; content:"204.10.160.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252678/; classtype:trojan-activity;sid:84115778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.176.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252676/; classtype:trojan-activity;sid:84115776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.bin"; depth:9; endswith; nocase; http.host; content:"188.166.177.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252672/; classtype:trojan-activity;sid:84115772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkrlkb173.bin"; depth:14; endswith; nocase; http.host; content:"204.10.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252673/; classtype:trojan-activity;sid:84115773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lrqtrcqpiavnhhuq130.bin"; depth:24; endswith; nocase; http.host; content:"204.10.160.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252674/; classtype:trojan-activity;sid:84115774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gvfzuiqnlhsbczfjcoghq145.bin"; depth:29; endswith; nocase; http.host; content:"204.10.160.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252675/; classtype:trojan-activity;sid:84115775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm"; depth:17; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252671/; classtype:trojan-activity;sid:84115771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rntypkljlday72.bin"; depth:19; endswith; nocase; http.host; content:"204.10.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252669/; classtype:trojan-activity;sid:84115769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lqmkpbylspjprapwotngn194.bin"; depth:29; endswith; nocase; http.host; content:"204.10.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252670/; classtype:trojan-activity;sid:84115770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.41.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252668/; classtype:trojan-activity;sid:84115768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.23.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252665/; classtype:trojan-activity;sid:84115765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.sh4"; depth:17; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252666/; classtype:trojan-activity;sid:84115766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.ppc"; depth:17; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252667/; classtype:trojan-activity;sid:84115767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.41.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252664/; classtype:trojan-activity;sid:84115764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnhalshaiebldbzordfx236.bin"; depth:28; endswith; nocase; http.host; content:"212.162.149.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252660/; classtype:trojan-activity;sid:84115760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ehkpqksxoqlyeyus150.bin"; depth:24; endswith; nocase; http.host; content:"212.162.149.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252661/; classtype:trojan-activity;sid:84115761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wqglhgglobiclmle41.bin"; depth:23; endswith; nocase; http.host; content:"212.162.149.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252662/; classtype:trojan-activity;sid:84115762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iucdtqcfsohdbv73.bin"; depth:21; endswith; nocase; http.host; content:"212.162.149.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252663/; classtype:trojan-activity;sid:84115763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.m68k"; depth:18; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252657/; classtype:trojan-activity;sid:84115757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm6"; depth:18; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252658/; classtype:trojan-activity;sid:84115758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.mips"; depth:18; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252659/; classtype:trojan-activity;sid:84115759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm5"; depth:18; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252656/; classtype:trojan-activity;sid:84115756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.180.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252655/; classtype:trojan-activity;sid:84115755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.100.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252653/; classtype:trojan-activity;sid:84115753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.102.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252654/; classtype:trojan-activity;sid:84115754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.bin"; depth:9; endswith; nocase; http.host; content:"185.196.10.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252651/; classtype:trojan-activity;sid:84115751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.bin"; depth:11; endswith; nocase; http.host; content:"185.196.10.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252652/; classtype:trojan-activity;sid:84115752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/xbot64.bin"; depth:15; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252649/; classtype:trojan-activity;sid:84115749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/xstealer.bin"; depth:17; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252650/; classtype:trojan-activity;sid:84115750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/xloader.bin"; depth:16; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252648/; classtype:trojan-activity;sid:84115748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.64.50.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252647/; classtype:trojan-activity;sid:84115747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.43"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252646/; classtype:trojan-activity;sid:84115746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joojo.exe"; depth:10; endswith; nocase; http.host; content:"212.192.213.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252644/; classtype:trojan-activity;sid:84115744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staged.exe"; depth:11; endswith; nocase; http.host; content:"13.77.91.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252645/; classtype:trojan-activity;sid:84115745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.0.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252643/; classtype:trojan-activity;sid:84115743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phantompeek/ps/refs/heads/main/ps.bin"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252640/; classtype:trojan-activity;sid:84115740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uf/shellcode64_20241017145531146.bin"; depth:37; endswith; nocase; http.host; content:"fud-coder.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252641/; classtype:trojan-activity;sid:84115741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uf/shellcode32_20241016101952727.bin"; depth:37; endswith; nocase; http.host; content:"fud-coder.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252642/; classtype:trojan-activity;sid:84115742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razidvb/myfiles/refs/heads/main/loader.bin"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252637/; classtype:trojan-activity;sid:84115737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashutoshtipanis/jgjy/refs/heads/main/mee.bin"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252638/; classtype:trojan-activity;sid:84115738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zefordk/ikeya/refs/heads/main/shellcodeany.bin"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252639/; classtype:trojan-activity;sid:84115739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/halloween_night_out_details_ardare_manor_signup.exe"; depth:59; endswith; nocase; http.host; content:"35.205.185.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252636/; classtype:trojan-activity;sid:84115736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phantompeek/ps/raw/refs/heads/main/ps.bin"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252635/; classtype:trojan-activity;sid:84115735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32.bin"; depth:7; endswith; nocase; http.host; content:"154.201.71.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252631/; classtype:trojan-activity;sid:84115731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zefordk/ikeya/raw/refs/heads/main/shellcodeany.bin"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252632/; classtype:trojan-activity;sid:84115732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashutoshtipanis/jgjy/raw/refs/heads/main/mee.bin"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252633/; classtype:trojan-activity;sid:84115733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razidvb/myfiles/raw/refs/heads/main/loader.bin"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252634/; classtype:trojan-activity;sid:84115734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/17267811/stm.txt"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.28.4"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252629/; classtype:trojan-activity;sid:84115729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.60.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252628/; classtype:trojan-activity;sid:84115728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.100.32"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252627/; classtype:trojan-activity;sid:84115727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.232.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252626/; classtype:trojan-activity;sid:84115726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdd9f91a4e5c67b6/nss3.dll"; depth:26; endswith; nocase; http.host; content:"212.162.150.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252623/; classtype:trojan-activity;sid:84115723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqlite3.dll"; depth:12; endswith; nocase; http.host; content:"18.183.94.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252624/; classtype:trojan-activity;sid:84115724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cbff507d3fb9f0d/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"5.188.87.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252625/; classtype:trojan-activity;sid:84115725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdd9f91a4e5c67b6/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"212.162.150.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252615/; classtype:trojan-activity;sid:84115715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdd9f91a4e5c67b6/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"212.162.150.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252616/; classtype:trojan-activity;sid:84115716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cbff507d3fb9f0d/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"5.188.87.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252617/; classtype:trojan-activity;sid:84115717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdd9f91a4e5c67b6/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"212.162.150.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252618/; classtype:trojan-activity;sid:84115718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdd9f91a4e5c67b6/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"212.162.150.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252619/; classtype:trojan-activity;sid:84115719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cbff507d3fb9f0d/nss3.dll"; depth:26; endswith; nocase; http.host; content:"5.188.87.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252620/; classtype:trojan-activity;sid:84115720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdd9f91a4e5c67b6/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"212.162.150.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252621/; classtype:trojan-activity;sid:84115721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdd9f91a4e5c67b6/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"212.162.150.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252622/; classtype:trojan-activity;sid:84115722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cbff507d3fb9f0d/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"5.188.87.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252612/; classtype:trojan-activity;sid:84115712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cbff507d3fb9f0d/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"5.188.87.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252613/; classtype:trojan-activity;sid:84115713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cbff507d3fb9f0d/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"5.188.87.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252614/; classtype:trojan-activity;sid:84115714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.18.49.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252611/; classtype:trojan-activity;sid:84115711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252610/; classtype:trojan-activity;sid:84115710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.24.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252608/; classtype:trojan-activity;sid:84115708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.37.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252609/; classtype:trojan-activity;sid:84115709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8de798a7/embedit.exe"; depth:21; endswith; nocase; http.host; content:"sgp1.vultrobjects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252606/; classtype:trojan-activity;sid:84115706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.235.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252604/; classtype:trojan-activity;sid:84115704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8de798a7/sheilexperiencehost.exe"; depth:33; endswith; nocase; http.host; content:"sgp1.vultrobjects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252605/; classtype:trojan-activity;sid:84115705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8de798a7/googlecrashhandler.exe"; depth:32; endswith; nocase; http.host; content:"sgp1.vultrobjects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252603/; classtype:trojan-activity;sid:84115703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.100.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252602/; classtype:trojan-activity;sid:84115702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/74bc575e584e922c/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"109.107.157.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252601/; classtype:trojan-activity;sid:84115701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/74bc575e584e922c/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"109.107.157.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252600/; classtype:trojan-activity;sid:84115700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/74bc575e584e922c/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"109.107.157.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252597/; classtype:trojan-activity;sid:84115697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/74bc575e584e922c/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"109.107.157.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252598/; classtype:trojan-activity;sid:84115698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/74bc575e584e922c/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"109.107.157.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252599/; classtype:trojan-activity;sid:84115699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/74bc575e584e922c/nss3.dll"; depth:26; endswith; nocase; http.host; content:"109.107.157.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252596/; classtype:trojan-activity;sid:84115696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.11.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252595/; classtype:trojan-activity;sid:84115695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8de798a7/bravecrashhandler64.exe"; depth:33; endswith; nocase; http.host; content:"sgp1.vultrobjects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252594/; classtype:trojan-activity;sid:84115694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.64.50.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252593/; classtype:trojan-activity;sid:84115693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igoralaf/creds/main/marsel.exe"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252592/; classtype:trojan-activity;sid:84115692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.253.55.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252591/; classtype:trojan-activity;sid:84115691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.222"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252590/; classtype:trojan-activity;sid:84115690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.207.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252589/; classtype:trojan-activity;sid:84115689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.247.138.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252588/; classtype:trojan-activity;sid:84115688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm6"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252585/; classtype:trojan-activity;sid:84115685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.arm7"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252586/; classtype:trojan-activity;sid:84115686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.x86"; depth:17; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252587/; classtype:trojan-activity;sid:84115687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakuza.i686"; depth:12; endswith; nocase; http.host; content:"87.10.220.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252584/; classtype:trojan-activity;sid:84115684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm6"; depth:15; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252581/; classtype:trojan-activity;sid:84115681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.m68k"; depth:15; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252582/; classtype:trojan-activity;sid:84115682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c0r0n4x.arm7"; depth:18; endswith; nocase; http.host; content:"198.50.207.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252583/; classtype:trojan-activity;sid:84115683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.53.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252580/; classtype:trojan-activity;sid:84115680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.60.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252579/; classtype:trojan-activity;sid:84115679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.140.81.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252578/; classtype:trojan-activity;sid:84115678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.233.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252577/; classtype:trojan-activity;sid:84115677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.52.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252576/; classtype:trojan-activity;sid:84115676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.190.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252575/; classtype:trojan-activity;sid:84115675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.86.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252574/; classtype:trojan-activity;sid:84115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.172.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252572/; classtype:trojan-activity;sid:84115672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.24.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252573/; classtype:trojan-activity;sid:84115673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fortpriv5.exe"; depth:14; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252571/; classtype:trojan-activity;sid:84115671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252570/; classtype:trojan-activity;sid:84115670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.198.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252569/; classtype:trojan-activity;sid:84115669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.248.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252568/; classtype:trojan-activity;sid:84115668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252567/; classtype:trojan-activity;sid:84115667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.60.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252566/; classtype:trojan-activity;sid:84115666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252565/; classtype:trojan-activity;sid:84115665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252564/; classtype:trojan-activity;sid:84115664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.141.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252563/; classtype:trojan-activity;sid:84115663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.140.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252561/; classtype:trojan-activity;sid:84115661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.76.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252562/; classtype:trojan-activity;sid:84115662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.219.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252559/; classtype:trojan-activity;sid:84115659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.121.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252560/; classtype:trojan-activity;sid:84115660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.15.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252557/; classtype:trojan-activity;sid:84115657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.116.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252558/; classtype:trojan-activity;sid:84115658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252555/; classtype:trojan-activity;sid:84115655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.201.45.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252556/; classtype:trojan-activity;sid:84115656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.124.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252554/; classtype:trojan-activity;sid:84115654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.46.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252553/; classtype:trojan-activity;sid:84115653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.37.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252552/; classtype:trojan-activity;sid:84115652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.186.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252551/; classtype:trojan-activity;sid:84115651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.80.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252550/; classtype:trojan-activity;sid:84115650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.207.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252549/; classtype:trojan-activity;sid:84115649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.99.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252548/; classtype:trojan-activity;sid:84115648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252547/; classtype:trojan-activity;sid:84115647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.151.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252546/; classtype:trojan-activity;sid:84115646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.168.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252545/; classtype:trojan-activity;sid:84115645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.125.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252544/; classtype:trojan-activity;sid:84115644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.224.187"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252543/; classtype:trojan-activity;sid:84115643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.170.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252540/; classtype:trojan-activity;sid:84115640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.42.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252541/; classtype:trojan-activity;sid:84115641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.112.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252542/; classtype:trojan-activity;sid:84115642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.53.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252538/; classtype:trojan-activity;sid:84115638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.237.233.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252539/; classtype:trojan-activity;sid:84115639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.172.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252537/; classtype:trojan-activity;sid:84115637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.190.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252536/; classtype:trojan-activity;sid:84115636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.116.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252535/; classtype:trojan-activity;sid:84115635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252533/; classtype:trojan-activity;sid:84115633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.33.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252534/; classtype:trojan-activity;sid:84115634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"141.195.51.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252532/; classtype:trojan-activity;sid:84115632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.46.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252531/; classtype:trojan-activity;sid:84115631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.116.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252530/; classtype:trojan-activity;sid:84115630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.11.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252529/; classtype:trojan-activity;sid:84115629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.61.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252528/; classtype:trojan-activity;sid:84115628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.226.245.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252527/; classtype:trojan-activity;sid:84115627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.255.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252525/; classtype:trojan-activity;sid:84115625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"149.100.164.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252526/; classtype:trojan-activity;sid:84115626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.244.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252524/; classtype:trojan-activity;sid:84115624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252523/; classtype:trojan-activity;sid:84115623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.151.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252521/; classtype:trojan-activity;sid:84115621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.170.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252522/; classtype:trojan-activity;sid:84115622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.2.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252520/; classtype:trojan-activity;sid:84115620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.31.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252518/; classtype:trojan-activity;sid:84115618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.53.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252519/; classtype:trojan-activity;sid:84115619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252517/; classtype:trojan-activity;sid:84115617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.99.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252516/; classtype:trojan-activity;sid:84115616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.186.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252515/; classtype:trojan-activity;sid:84115615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.219.104.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252514/; classtype:trojan-activity;sid:84115614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.191.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252513/; classtype:trojan-activity;sid:84115613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.42.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252512/; classtype:trojan-activity;sid:84115612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252511/; classtype:trojan-activity;sid:84115611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.179.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252510/; classtype:trojan-activity;sid:84115610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.217.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252509/; classtype:trojan-activity;sid:84115609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.255.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252508/; classtype:trojan-activity;sid:84115608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.253.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252507/; classtype:trojan-activity;sid:84115607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.51.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252506/; classtype:trojan-activity;sid:84115606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.26.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252505/; classtype:trojan-activity;sid:84115605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.235.157.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252504/; classtype:trojan-activity;sid:84115604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.114.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252503/; classtype:trojan-activity;sid:84115603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.146.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252502/; classtype:trojan-activity;sid:84115602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252501/; classtype:trojan-activity;sid:84115601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"141.195.51.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252500/; classtype:trojan-activity;sid:84115600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.2.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252499/; classtype:trojan-activity;sid:84115599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252498/; classtype:trojan-activity;sid:84115598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.219.104.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252497/; classtype:trojan-activity;sid:84115597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.174.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252496/; classtype:trojan-activity;sid:84115596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.91.8.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252495/; classtype:trojan-activity;sid:84115595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.252.245.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252494/; classtype:trojan-activity;sid:84115594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.31.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252493/; classtype:trojan-activity;sid:84115593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.243.135.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252492/; classtype:trojan-activity;sid:84115592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.9.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252491/; classtype:trojan-activity;sid:84115591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.82.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252490/; classtype:trojan-activity;sid:84115590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.87.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252489/; classtype:trojan-activity;sid:84115589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/ksdeuf/refs/heads/main/mipsel"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252488/; classtype:trojan-activity;sid:84115588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/ksdeuf/refs/heads/main/mips"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252485/; classtype:trojan-activity;sid:84115585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/dhjif/refs/heads/main/armv7l"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252486/; classtype:trojan-activity;sid:84115586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/ksdeuf/refs/heads/main/animma.sh"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252487/; classtype:trojan-activity;sid:84115587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.10.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252484/; classtype:trojan-activity;sid:84115584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252482/; classtype:trojan-activity;sid:84115582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.123.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252483/; classtype:trojan-activity;sid:84115583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.168.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252481/; classtype:trojan-activity;sid:84115581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252478/; classtype:trojan-activity;sid:84115578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.50.96"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252479/; classtype:trojan-activity;sid:84115579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.200.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252480/; classtype:trojan-activity;sid:84115580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.114.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252476/; classtype:trojan-activity;sid:84115576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.11.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252477/; classtype:trojan-activity;sid:84115577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.22.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252475/; classtype:trojan-activity;sid:84115575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.146.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252474/; classtype:trojan-activity;sid:84115574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252473/; classtype:trojan-activity;sid:84115573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.191.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252472/; classtype:trojan-activity;sid:84115572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.200.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252471/; classtype:trojan-activity;sid:84115571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.121.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252470/; classtype:trojan-activity;sid:84115570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.235.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252469/; classtype:trojan-activity;sid:84115569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.123.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252468/; classtype:trojan-activity;sid:84115568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.34.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252466/; classtype:trojan-activity;sid:84115566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.87.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252467/; classtype:trojan-activity;sid:84115567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.10.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252465/; classtype:trojan-activity;sid:84115565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252464/; classtype:trojan-activity;sid:84115564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"69.117.23.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252462/; classtype:trojan-activity;sid:84115562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.249.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252463/; classtype:trojan-activity;sid:84115563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.225.204.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252461/; classtype:trojan-activity;sid:84115561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.168.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252460/; classtype:trojan-activity;sid:84115560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252459/; classtype:trojan-activity;sid:84115559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.243.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252458/; classtype:trojan-activity;sid:84115558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.123.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252457/; classtype:trojan-activity;sid:84115557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.80.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252456/; classtype:trojan-activity;sid:84115556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.11.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252455/; classtype:trojan-activity;sid:84115555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.211.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252454/; classtype:trojan-activity;sid:84115554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.50.96"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252453/; classtype:trojan-activity;sid:84115553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.130.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252451/; classtype:trojan-activity;sid:84115551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.93.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252452/; classtype:trojan-activity;sid:84115552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.227.75.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252450/; classtype:trojan-activity;sid:84115550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.91.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252449/; classtype:trojan-activity;sid:84115549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252448/; classtype:trojan-activity;sid:84115548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.191.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252447/; classtype:trojan-activity;sid:84115547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.235.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252446/; classtype:trojan-activity;sid:84115546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.34.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252445/; classtype:trojan-activity;sid:84115545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.97.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252443/; classtype:trojan-activity;sid:84115543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252444/; classtype:trojan-activity;sid:84115544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252442/; classtype:trojan-activity;sid:84115542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.123.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252441/; classtype:trojan-activity;sid:84115541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.45.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252440/; classtype:trojan-activity;sid:84115540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.59.168.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252439/; classtype:trojan-activity;sid:84115539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.63.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252438/; classtype:trojan-activity;sid:84115538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.211.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252437/; classtype:trojan-activity;sid:84115537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.181.9.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252436/; classtype:trojan-activity;sid:84115536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.12.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252435/; classtype:trojan-activity;sid:84115535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.78.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252433/; classtype:trojan-activity;sid:84115533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.147.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252434/; classtype:trojan-activity;sid:84115534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.130.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252432/; classtype:trojan-activity;sid:84115532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.242.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252431/; classtype:trojan-activity;sid:84115531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.6.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252430/; classtype:trojan-activity;sid:84115530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.146.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252429/; classtype:trojan-activity;sid:84115529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.37.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252428/; classtype:trojan-activity;sid:84115528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.227.75.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252427/; classtype:trojan-activity;sid:84115527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.136.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252426/; classtype:trojan-activity;sid:84115526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252425/; classtype:trojan-activity;sid:84115525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.93.87"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252424/; classtype:trojan-activity;sid:84115524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.170.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252423/; classtype:trojan-activity;sid:84115523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.165.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252422/; classtype:trojan-activity;sid:84115522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.7.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252421/; classtype:trojan-activity;sid:84115521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252420/; classtype:trojan-activity;sid:84115520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252419/; classtype:trojan-activity;sid:84115519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.7.207.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252418/; classtype:trojan-activity;sid:84115518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.188.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252417/; classtype:trojan-activity;sid:84115517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.33.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252416/; classtype:trojan-activity;sid:84115516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.6.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252414/; classtype:trojan-activity;sid:84115514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252415/; classtype:trojan-activity;sid:84115515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.157.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252413/; classtype:trojan-activity;sid:84115513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.35.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252412/; classtype:trojan-activity;sid:84115512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.68.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252411/; classtype:trojan-activity;sid:84115511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252410/; classtype:trojan-activity;sid:84115510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.97.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252409/; classtype:trojan-activity;sid:84115509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.233.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252408/; classtype:trojan-activity;sid:84115508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.136.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252407/; classtype:trojan-activity;sid:84115507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.52.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252406/; classtype:trojan-activity;sid:84115506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252405/; classtype:trojan-activity;sid:84115505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.67.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252404/; classtype:trojan-activity;sid:84115504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.29.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252403/; classtype:trojan-activity;sid:84115503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.108.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252402/; classtype:trojan-activity;sid:84115502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.146.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252401/; classtype:trojan-activity;sid:84115501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.215.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252400/; classtype:trojan-activity;sid:84115500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.100.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252399/; classtype:trojan-activity;sid:84115499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252398/; classtype:trojan-activity;sid:84115498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.213.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252397/; classtype:trojan-activity;sid:84115497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.163.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252396/; classtype:trojan-activity;sid:84115496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.181.65.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252395/; classtype:trojan-activity;sid:84115495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.108.234.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252394/; classtype:trojan-activity;sid:84115494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.7.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252392/; classtype:trojan-activity;sid:84115492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.6.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252393/; classtype:trojan-activity;sid:84115493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.40.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252391/; classtype:trojan-activity;sid:84115491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252390/; classtype:trojan-activity;sid:84115490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.12.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252389/; classtype:trojan-activity;sid:84115489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.45.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252388/; classtype:trojan-activity;sid:84115488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.29.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252387/; classtype:trojan-activity;sid:84115487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252386/; classtype:trojan-activity;sid:84115486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.144.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252385/; classtype:trojan-activity;sid:84115485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.8.46.114"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252384/; classtype:trojan-activity;sid:84115484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.124.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252383/; classtype:trojan-activity;sid:84115483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.16.19.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252382/; classtype:trojan-activity;sid:84115482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.206.103.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252379/; classtype:trojan-activity;sid:84115479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252380/; classtype:trojan-activity;sid:84115480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252381/; classtype:trojan-activity;sid:84115481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.124.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252378/; classtype:trojan-activity;sid:84115478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.240.67"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252377/; classtype:trojan-activity;sid:84115477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.234.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252376/; classtype:trojan-activity;sid:84115476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.0.10.123"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252374/; classtype:trojan-activity;sid:84115474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.142.115.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252375/; classtype:trojan-activity;sid:84115475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.239.97.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252372/; classtype:trojan-activity;sid:84115472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.163.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252373/; classtype:trojan-activity;sid:84115473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.19.154.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252371/; classtype:trojan-activity;sid:84115471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252370/; classtype:trojan-activity;sid:84115470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.224.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252368/; classtype:trojan-activity;sid:84115468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.197.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252369/; classtype:trojan-activity;sid:84115469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.7.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252366/; classtype:trojan-activity;sid:84115466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.78.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252367/; classtype:trojan-activity;sid:84115467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252365/; classtype:trojan-activity;sid:84115465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"45.149.241.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252364/; classtype:trojan-activity;sid:84115464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.69.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252363/; classtype:trojan-activity;sid:84115463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.245.2.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252362/; classtype:trojan-activity;sid:84115462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.172.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252361/; classtype:trojan-activity;sid:84115461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.114.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252360/; classtype:trojan-activity;sid:84115460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252359/; classtype:trojan-activity;sid:84115459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.203.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252358/; classtype:trojan-activity;sid:84115458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.178.222.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252356/; classtype:trojan-activity;sid:84115456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.165.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252357/; classtype:trojan-activity;sid:84115457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.165.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252355/; classtype:trojan-activity;sid:84115455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.38.106.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252354/; classtype:trojan-activity;sid:84115454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.hta"; depth:63; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252353/; classtype:trojan-activity;sid:84115453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.102.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252352/; classtype:trojan-activity;sid:84115452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.137.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252351/; classtype:trojan-activity;sid:84115451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.108.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252350/; classtype:trojan-activity;sid:84115450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/njgrzpystazegmluvxdixg63.bin"; depth:29; endswith; nocase; http.host; content:"204.10.160.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252349/; classtype:trojan-activity;sid:84115449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twvjdbmcomv166.bin"; depth:19; endswith; nocase; http.host; content:"212.162.149.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252348/; classtype:trojan-activity;sid:84115448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.67.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252347/; classtype:trojan-activity;sid:84115447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.25.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252346/; classtype:trojan-activity;sid:84115446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.108.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252345/; classtype:trojan-activity;sid:84115445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.124.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252343/; classtype:trojan-activity;sid:84115443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.242.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252344/; classtype:trojan-activity;sid:84115444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.217.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252342/; classtype:trojan-activity;sid:84115442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.69.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252341/; classtype:trojan-activity;sid:84115441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.203.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252340/; classtype:trojan-activity;sid:84115440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252339/; classtype:trojan-activity;sid:84115439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.117.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252337/; classtype:trojan-activity;sid:84115437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.90.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252338/; classtype:trojan-activity;sid:84115438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/t/u17296973057724srrje56b919a0b2duf"; depth:40; endswith; nocase; http.host; content:"ydray.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252335/; classtype:trojan-activity;sid:84115435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252336/; classtype:trojan-activity;sid:84115436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/t/u17297082277942llvz99ed31f68eabfm"; depth:40; endswith; nocase; http.host; content:"ydray.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252334/; classtype:trojan-activity;sid:84115434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.131.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252333/; classtype:trojan-activity;sid:84115433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.46.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252332/; classtype:trojan-activity;sid:84115432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.20.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252330/; classtype:trojan-activity;sid:84115430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.163.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252331/; classtype:trojan-activity;sid:84115431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.115.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252329/; classtype:trojan-activity;sid:84115429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.81.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252328/; classtype:trojan-activity;sid:84115428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.114.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252327/; classtype:trojan-activity;sid:84115427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.170.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252325/; classtype:trojan-activity;sid:84115425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.198.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252326/; classtype:trojan-activity;sid:84115426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.26.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252324/; classtype:trojan-activity;sid:84115424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.185.205.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252323/; classtype:trojan-activity;sid:84115423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.24.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252322/; classtype:trojan-activity;sid:84115422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.108.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252321/; classtype:trojan-activity;sid:84115421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.65.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252320/; classtype:trojan-activity;sid:84115420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252319/; classtype:trojan-activity;sid:84115419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.214.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252318/; classtype:trojan-activity;sid:84115418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.112.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252317/; classtype:trojan-activity;sid:84115417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.173.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252316/; classtype:trojan-activity;sid:84115416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.25.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252315/; classtype:trojan-activity;sid:84115415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.206.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252314/; classtype:trojan-activity;sid:84115414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.67.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252313/; classtype:trojan-activity;sid:84115413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.139.255.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252312/; classtype:trojan-activity;sid:84115412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252311/; classtype:trojan-activity;sid:84115411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.106.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252310/; classtype:trojan-activity;sid:84115410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.90.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252309/; classtype:trojan-activity;sid:84115409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.112.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252308/; classtype:trojan-activity;sid:84115408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.59.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252307/; classtype:trojan-activity;sid:84115407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.46.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252306/; classtype:trojan-activity;sid:84115406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252305/; classtype:trojan-activity;sid:84115405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.164.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252304/; classtype:trojan-activity;sid:84115404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.124.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252303/; classtype:trojan-activity;sid:84115403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.20.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252302/; classtype:trojan-activity;sid:84115402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.115.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252300/; classtype:trojan-activity;sid:84115400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.92.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252301/; classtype:trojan-activity;sid:84115401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.117.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252299/; classtype:trojan-activity;sid:84115399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.225.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252298/; classtype:trojan-activity;sid:84115398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.203.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252296/; classtype:trojan-activity;sid:84115396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252297/; classtype:trojan-activity;sid:84115397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.77.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252295/; classtype:trojan-activity;sid:84115395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.79.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252294/; classtype:trojan-activity;sid:84115394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.217.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252293/; classtype:trojan-activity;sid:84115393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.26.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252292/; classtype:trojan-activity;sid:84115392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.24.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252290/; classtype:trojan-activity;sid:84115390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.81.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252291/; classtype:trojan-activity;sid:84115391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.8.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252289/; classtype:trojan-activity;sid:84115389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.76.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252288/; classtype:trojan-activity;sid:84115388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.19.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252287/; classtype:trojan-activity;sid:84115387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.218.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252286/; classtype:trojan-activity;sid:84115386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.137.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252285/; classtype:trojan-activity;sid:84115385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.96.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252284/; classtype:trojan-activity;sid:84115384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.207.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252283/; classtype:trojan-activity;sid:84115383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.112.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252282/; classtype:trojan-activity;sid:84115382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.7.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252281/; classtype:trojan-activity;sid:84115381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.175.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252280/; classtype:trojan-activity;sid:84115380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.214.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252279/; classtype:trojan-activity;sid:84115379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.67.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252278/; classtype:trojan-activity;sid:84115378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.79.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252277/; classtype:trojan-activity;sid:84115377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.59.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252273/; classtype:trojan-activity;sid:84115373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.117.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252274/; classtype:trojan-activity;sid:84115374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252275/; classtype:trojan-activity;sid:84115375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.210.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252276/; classtype:trojan-activity;sid:84115376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252272/; classtype:trojan-activity;sid:84115372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.203.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252271/; classtype:trojan-activity;sid:84115371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.184.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252270/; classtype:trojan-activity;sid:84115370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.248.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252268/; classtype:trojan-activity;sid:84115368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.139.255.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252269/; classtype:trojan-activity;sid:84115369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252267/; classtype:trojan-activity;sid:84115367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.118.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252266/; classtype:trojan-activity;sid:84115366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252265/; classtype:trojan-activity;sid:84115365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.48.10.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252263/; classtype:trojan-activity;sid:84115363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.206.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252264/; classtype:trojan-activity;sid:84115364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.8.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252262/; classtype:trojan-activity;sid:84115362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.64.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252261/; classtype:trojan-activity;sid:84115361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.34.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252260/; classtype:trojan-activity;sid:84115360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.150.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252258/; classtype:trojan-activity;sid:84115358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.93.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252259/; classtype:trojan-activity;sid:84115359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.210.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252257/; classtype:trojan-activity;sid:84115357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"32.217.230.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252256/; classtype:trojan-activity;sid:84115356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.119.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252255/; classtype:trojan-activity;sid:84115355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.183.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252252/; classtype:trojan-activity;sid:84115352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.207.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252253/; classtype:trojan-activity;sid:84115353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.152.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252254/; classtype:trojan-activity;sid:84115354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.253.219.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252251/; classtype:trojan-activity;sid:84115351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.75.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252250/; classtype:trojan-activity;sid:84115350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.229.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252249/; classtype:trojan-activity;sid:84115349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.59.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252248/; classtype:trojan-activity;sid:84115348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.132.158.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252246/; classtype:trojan-activity;sid:84115346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.202.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252247/; classtype:trojan-activity;sid:84115347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252245/; classtype:trojan-activity;sid:84115345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.167.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252244/; classtype:trojan-activity;sid:84115344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.175.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252243/; classtype:trojan-activity;sid:84115343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.245.1.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252242/; classtype:trojan-activity;sid:84115342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.223.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252241/; classtype:trojan-activity;sid:84115341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252240/; classtype:trojan-activity;sid:84115340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.117.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252239/; classtype:trojan-activity;sid:84115339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.2.248"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252238/; classtype:trojan-activity;sid:84115338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.84.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252237/; classtype:trojan-activity;sid:84115337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.93.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252236/; classtype:trojan-activity;sid:84115336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252235/; classtype:trojan-activity;sid:84115335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.127.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252234/; classtype:trojan-activity;sid:84115334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.152.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252233/; classtype:trojan-activity;sid:84115333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.10.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252232/; classtype:trojan-activity;sid:84115332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.65.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252231/; classtype:trojan-activity;sid:84115331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.251.133"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252230/; classtype:trojan-activity;sid:84115330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.217.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252229/; classtype:trojan-activity;sid:84115329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.124.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252228/; classtype:trojan-activity;sid:84115328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.208.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252227/; classtype:trojan-activity;sid:84115327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.232.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252226/; classtype:trojan-activity;sid:84115326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.204.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252225/; classtype:trojan-activity;sid:84115325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.132.158.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252224/; classtype:trojan-activity;sid:84115324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.150.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252223/; classtype:trojan-activity;sid:84115323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.81.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252222/; classtype:trojan-activity;sid:84115322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.53.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252221/; classtype:trojan-activity;sid:84115321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.196.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252220/; classtype:trojan-activity;sid:84115320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.47.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252219/; classtype:trojan-activity;sid:84115319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.100.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252217/; classtype:trojan-activity;sid:84115317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.148.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252218/; classtype:trojan-activity;sid:84115318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.141.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252216/; classtype:trojan-activity;sid:84115316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.84.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252215/; classtype:trojan-activity;sid:84115315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.133.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252214/; classtype:trojan-activity;sid:84115314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.158.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252213/; classtype:trojan-activity;sid:84115313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.154.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252212/; classtype:trojan-activity;sid:84115312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.87.112.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252211/; classtype:trojan-activity;sid:84115311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.96.160.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252210/; classtype:trojan-activity;sid:84115310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.195.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252208/; classtype:trojan-activity;sid:84115308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.195.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252209/; classtype:trojan-activity;sid:84115309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252206/; classtype:trojan-activity;sid:84115306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.96.93"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252207/; classtype:trojan-activity;sid:84115307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.125.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252205/; classtype:trojan-activity;sid:84115305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.158.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252204/; classtype:trojan-activity;sid:84115304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.127.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252203/; classtype:trojan-activity;sid:84115303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.24.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252202/; classtype:trojan-activity;sid:84115302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252201/; classtype:trojan-activity;sid:84115301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.53.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252198/; classtype:trojan-activity;sid:84115298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.9.247.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252199/; classtype:trojan-activity;sid:84115299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.87.112.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252200/; classtype:trojan-activity;sid:84115300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.89.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252194/; classtype:trojan-activity;sid:84115294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.2.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252195/; classtype:trojan-activity;sid:84115295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.125.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252196/; classtype:trojan-activity;sid:84115296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.193.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252197/; classtype:trojan-activity;sid:84115297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.208.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252193/; classtype:trojan-activity;sid:84115293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.81.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252192/; classtype:trojan-activity;sid:84115292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.148.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252184/; classtype:trojan-activity;sid:84115284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.234.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252185/; classtype:trojan-activity;sid:84115285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.103.58.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252186/; classtype:trojan-activity;sid:84115286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.62.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252187/; classtype:trojan-activity;sid:84115287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.62.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252188/; classtype:trojan-activity;sid:84115288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.100.208"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252189/; classtype:trojan-activity;sid:84115289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.225.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252190/; classtype:trojan-activity;sid:84115290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"vgtgq.house.zionanakwenze.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252191/; classtype:trojan-activity;sid:84115291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.125.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252183/; classtype:trojan-activity;sid:84115283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.224.173.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252182/; classtype:trojan-activity;sid:84115282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"91.80.154.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252181/; classtype:trojan-activity;sid:84115281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252180/; classtype:trojan-activity;sid:84115280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.243.205.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252179/; classtype:trojan-activity;sid:84115279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.59.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252178/; classtype:trojan-activity;sid:84115278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.83.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252177/; classtype:trojan-activity;sid:84115277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.153.132.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252176/; classtype:trojan-activity;sid:84115276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252175/; classtype:trojan-activity;sid:84115275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.204.227.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252174/; classtype:trojan-activity;sid:84115274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.31.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252173/; classtype:trojan-activity;sid:84115273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.127.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252172/; classtype:trojan-activity;sid:84115272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.213.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252171/; classtype:trojan-activity;sid:84115271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.65.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252167/; classtype:trojan-activity;sid:84115267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.172.68.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252168/; classtype:trojan-activity;sid:84115268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.102.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252169/; classtype:trojan-activity;sid:84115269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.235.173.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252170/; classtype:trojan-activity;sid:84115270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252166/; classtype:trojan-activity;sid:84115266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.251.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252165/; classtype:trojan-activity;sid:84115265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.8.39"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252164/; classtype:trojan-activity;sid:84115264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.168.0.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252163/; classtype:trojan-activity;sid:84115263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.179.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252162/; classtype:trojan-activity;sid:84115262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.233.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252161/; classtype:trojan-activity;sid:84115261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.249.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252160/; classtype:trojan-activity;sid:84115260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.2.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252159/; classtype:trojan-activity;sid:84115259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.207.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252158/; classtype:trojan-activity;sid:84115258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.44.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252157/; classtype:trojan-activity;sid:84115257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.90.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252156/; classtype:trojan-activity;sid:84115256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252155/; classtype:trojan-activity;sid:84115255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.233.126.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252154/; classtype:trojan-activity;sid:84115254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.234.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252153/; classtype:trojan-activity;sid:84115253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.240.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252152/; classtype:trojan-activity;sid:84115252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.125.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252151/; classtype:trojan-activity;sid:84115251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.224.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252150/; classtype:trojan-activity;sid:84115250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.216.154.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252149/; classtype:trojan-activity;sid:84115249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252148/; classtype:trojan-activity;sid:84115248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.20.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252147/; classtype:trojan-activity;sid:84115247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.218.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252146/; classtype:trojan-activity;sid:84115246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.147.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252145/; classtype:trojan-activity;sid:84115245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.243.205.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252144/; classtype:trojan-activity;sid:84115244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.147.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252143/; classtype:trojan-activity;sid:84115243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.147.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252142/; classtype:trojan-activity;sid:84115242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.17.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252141/; classtype:trojan-activity;sid:84115241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.255.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252140/; classtype:trojan-activity;sid:84115240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.168.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252139/; classtype:trojan-activity;sid:84115239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.44.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252138/; classtype:trojan-activity;sid:84115238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.27.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252136/; classtype:trojan-activity;sid:84115236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.22.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252137/; classtype:trojan-activity;sid:84115237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.242.87.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252135/; classtype:trojan-activity;sid:84115235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.207.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252134/; classtype:trojan-activity;sid:84115234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.22.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252133/; classtype:trojan-activity;sid:84115233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252132/; classtype:trojan-activity;sid:84115232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.14.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252131/; classtype:trojan-activity;sid:84115231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.63.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252130/; classtype:trojan-activity;sid:84115230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.240.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252129/; classtype:trojan-activity;sid:84115229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.71.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252128/; classtype:trojan-activity;sid:84115228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.62.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252127/; classtype:trojan-activity;sid:84115227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.3.142.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252126/; classtype:trojan-activity;sid:84115226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.69.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252124/; classtype:trojan-activity;sid:84115224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.240.39.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252125/; classtype:trojan-activity;sid:84115225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.147.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252123/; classtype:trojan-activity;sid:84115223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252122/; classtype:trojan-activity;sid:84115222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.97.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252121/; classtype:trojan-activity;sid:84115221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.203.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252120/; classtype:trojan-activity;sid:84115220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.27.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252119/; classtype:trojan-activity;sid:84115219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.51.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252118/; classtype:trojan-activity;sid:84115218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.147.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252117/; classtype:trojan-activity;sid:84115217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.4.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252116/; classtype:trojan-activity;sid:84115216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.255.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252115/; classtype:trojan-activity;sid:84115215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252114/; classtype:trojan-activity;sid:84115214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.79.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252113/; classtype:trojan-activity;sid:84115213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.110.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252112/; classtype:trojan-activity;sid:84115212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.89.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252111/; classtype:trojan-activity;sid:84115211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.163.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252109/; classtype:trojan-activity;sid:84115209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.22.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252110/; classtype:trojan-activity;sid:84115210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.228.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252108/; classtype:trojan-activity;sid:84115208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.0.70"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252106/; classtype:trojan-activity;sid:84115206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.242.87.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252107/; classtype:trojan-activity;sid:84115207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.0.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252105/; classtype:trojan-activity;sid:84115205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252104/; classtype:trojan-activity;sid:84115204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252103/; classtype:trojan-activity;sid:84115203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.14.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252102/; classtype:trojan-activity;sid:84115202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.168.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252101/; classtype:trojan-activity;sid:84115201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.111.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252099/; classtype:trojan-activity;sid:84115199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252100/; classtype:trojan-activity;sid:84115200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.99.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252098/; classtype:trojan-activity;sid:84115198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.103.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252097/; classtype:trojan-activity;sid:84115197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.184.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252096/; classtype:trojan-activity;sid:84115196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.203.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252095/; classtype:trojan-activity;sid:84115195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252094/; classtype:trojan-activity;sid:84115194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.64.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252093/; classtype:trojan-activity;sid:84115193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252092/; classtype:trojan-activity;sid:84115192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252091/; classtype:trojan-activity;sid:84115191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.22.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252090/; classtype:trojan-activity;sid:84115190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.163.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252089/; classtype:trojan-activity;sid:84115189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.109.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252088/; classtype:trojan-activity;sid:84115188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.4.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252087/; classtype:trojan-activity;sid:84115187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.177.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252086/; classtype:trojan-activity;sid:84115186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.235.170.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252085/; classtype:trojan-activity;sid:84115185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.71.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252084/; classtype:trojan-activity;sid:84115184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.12.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252083/; classtype:trojan-activity;sid:84115183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.203.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252082/; classtype:trojan-activity;sid:84115182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252081/; classtype:trojan-activity;sid:84115181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.136.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252080/; classtype:trojan-activity;sid:84115180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.230.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252079/; classtype:trojan-activity;sid:84115179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252077/; classtype:trojan-activity;sid:84115177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.142.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252078/; classtype:trojan-activity;sid:84115178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.64.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252076/; classtype:trojan-activity;sid:84115176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.118.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252074/; classtype:trojan-activity;sid:84115174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.24.66.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252075/; classtype:trojan-activity;sid:84115175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.36.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252073/; classtype:trojan-activity;sid:84115173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.22.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252072/; classtype:trojan-activity;sid:84115172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.177.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252071/; classtype:trojan-activity;sid:84115171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.48.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252070/; classtype:trojan-activity;sid:84115170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.187.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252069/; classtype:trojan-activity;sid:84115169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.60.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252068/; classtype:trojan-activity;sid:84115168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.60.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252067/; classtype:trojan-activity;sid:84115167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.244.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252066/; classtype:trojan-activity;sid:84115166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.59.168.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252065/; classtype:trojan-activity;sid:84115165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.239.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252064/; classtype:trojan-activity;sid:84115164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252063/; classtype:trojan-activity;sid:84115163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.64.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252061/; classtype:trojan-activity;sid:84115161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.209.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252062/; classtype:trojan-activity;sid:84115162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.140.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252060/; classtype:trojan-activity;sid:84115160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.14.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252059/; classtype:trojan-activity;sid:84115159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.193.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252058/; classtype:trojan-activity;sid:84115158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.1.48"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252057/; classtype:trojan-activity;sid:84115157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.89.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252056/; classtype:trojan-activity;sid:84115156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.91.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252055/; classtype:trojan-activity;sid:84115155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.43.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252054/; classtype:trojan-activity;sid:84115154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.96.93"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252053/; classtype:trojan-activity;sid:84115153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.126.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252052/; classtype:trojan-activity;sid:84115152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.238.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252051/; classtype:trojan-activity;sid:84115151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.218.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252050/; classtype:trojan-activity;sid:84115150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.92.92.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252048/; classtype:trojan-activity;sid:84115148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.151.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252049/; classtype:trojan-activity;sid:84115149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.60.69"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252047/; classtype:trojan-activity;sid:84115147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.29.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252046/; classtype:trojan-activity;sid:84115146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252045/; classtype:trojan-activity;sid:84115145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.113.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252044/; classtype:trojan-activity;sid:84115144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.209.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252043/; classtype:trojan-activity;sid:84115143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.138.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252042/; classtype:trojan-activity;sid:84115142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.193.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252041/; classtype:trojan-activity;sid:84115141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.96.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252040/; classtype:trojan-activity;sid:84115140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.153.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252039/; classtype:trojan-activity;sid:84115139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252038/; classtype:trojan-activity;sid:84115138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.140.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252037/; classtype:trojan-activity;sid:84115137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.157.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252036/; classtype:trojan-activity;sid:84115136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.197.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252035/; classtype:trojan-activity;sid:84115135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.43.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252034/; classtype:trojan-activity;sid:84115134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.58.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252033/; classtype:trojan-activity;sid:84115133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.67.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252032/; classtype:trojan-activity;sid:84115132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.107.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252031/; classtype:trojan-activity;sid:84115131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.161.2.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252029/; classtype:trojan-activity;sid:84115129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.113.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252030/; classtype:trojan-activity;sid:84115130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.36.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252028/; classtype:trojan-activity;sid:84115128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.85.1.98"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252027/; classtype:trojan-activity;sid:84115127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.21.160.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252026/; classtype:trojan-activity;sid:84115126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.86.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252025/; classtype:trojan-activity;sid:84115125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.122.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252024/; classtype:trojan-activity;sid:84115124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.238.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252022/; classtype:trojan-activity;sid:84115122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252023/; classtype:trojan-activity;sid:84115123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.69.153.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252021/; classtype:trojan-activity;sid:84115121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.8.202.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252020/; classtype:trojan-activity;sid:84115120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.246.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252018/; classtype:trojan-activity;sid:84115118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.23.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252019/; classtype:trojan-activity;sid:84115119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.115.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252016/; classtype:trojan-activity;sid:84115116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.59.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252017/; classtype:trojan-activity;sid:84115117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.106.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252015/; classtype:trojan-activity;sid:84115115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.113.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252014/; classtype:trojan-activity;sid:84115114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.138.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252013/; classtype:trojan-activity;sid:84115113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.82.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252012/; classtype:trojan-activity;sid:84115112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.9.181"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252011/; classtype:trojan-activity;sid:84115111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.68.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252010/; classtype:trojan-activity;sid:84115110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252009/; classtype:trojan-activity;sid:84115109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.58.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252008/; classtype:trojan-activity;sid:84115108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.163.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252007/; classtype:trojan-activity;sid:84115107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"98.96.40.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252006/; classtype:trojan-activity;sid:84115106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.234.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252005/; classtype:trojan-activity;sid:84115105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.12.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252004/; classtype:trojan-activity;sid:84115104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.142.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252003/; classtype:trojan-activity;sid:84115103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.42.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252002/; classtype:trojan-activity;sid:84115102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.163.251.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252001/; classtype:trojan-activity;sid:84115101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.9.181"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3252000/; classtype:trojan-activity;sid:84115100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.29.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251999/; classtype:trojan-activity;sid:84115099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.81.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251998/; classtype:trojan-activity;sid:84115098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.191.189.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251997/; classtype:trojan-activity;sid:84115097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.188.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251996/; classtype:trojan-activity;sid:84115096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251995/; classtype:trojan-activity;sid:84115095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.233.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251994/; classtype:trojan-activity;sid:84115094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.51.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251993/; classtype:trojan-activity;sid:84115093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.89.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251991/; classtype:trojan-activity;sid:84115091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.124"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251992/; classtype:trojan-activity;sid:84115092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.251.163.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251990/; classtype:trojan-activity;sid:84115090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.205.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251989/; classtype:trojan-activity;sid:84115089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251988/; classtype:trojan-activity;sid:84115088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.142.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251987/; classtype:trojan-activity;sid:84115087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.218.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251986/; classtype:trojan-activity;sid:84115086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.170.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251985/; classtype:trojan-activity;sid:84115085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.97.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251984/; classtype:trojan-activity;sid:84115084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"fubp.house.zionanakwenze.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251983/; classtype:trojan-activity;sid:84115083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"98.96.40.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251982/; classtype:trojan-activity;sid:84115082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.214.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251979/; classtype:trojan-activity;sid:84115079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.172.80.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251980/; classtype:trojan-activity;sid:84115080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.163.251.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251981/; classtype:trojan-activity;sid:84115081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.186.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251978/; classtype:trojan-activity;sid:84115078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.90.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251977/; classtype:trojan-activity;sid:84115077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.203.247"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251976/; classtype:trojan-activity;sid:84115076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.30.113.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251975/; classtype:trojan-activity;sid:84115075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.87.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251974/; classtype:trojan-activity;sid:84115074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.218.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251973/; classtype:trojan-activity;sid:84115073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.68.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251972/; classtype:trojan-activity;sid:84115072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.42.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251971/; classtype:trojan-activity;sid:84115071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251970/; classtype:trojan-activity;sid:84115070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251969/; classtype:trojan-activity;sid:84115069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.3.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251967/; classtype:trojan-activity;sid:84115067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.218.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251968/; classtype:trojan-activity;sid:84115068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.86.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251965/; classtype:trojan-activity;sid:84115065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.186.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251966/; classtype:trojan-activity;sid:84115066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.24.32.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251964/; classtype:trojan-activity;sid:84115064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.78.201.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251963/; classtype:trojan-activity;sid:84115063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251962/; classtype:trojan-activity;sid:84115062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.89.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251961/; classtype:trojan-activity;sid:84115061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251960/; classtype:trojan-activity;sid:84115060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.110.198.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251959/; classtype:trojan-activity;sid:84115059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.8.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251958/; classtype:trojan-activity;sid:84115058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.180.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251957/; classtype:trojan-activity;sid:84115057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.240.39.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251955/; classtype:trojan-activity;sid:84115055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.2.228"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251956/; classtype:trojan-activity;sid:84115056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.48.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251954/; classtype:trojan-activity;sid:84115054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.87.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251953/; classtype:trojan-activity;sid:84115053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.46.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251952/; classtype:trojan-activity;sid:84115052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.25.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251951/; classtype:trojan-activity;sid:84115051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.182.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251950/; classtype:trojan-activity;sid:84115050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.90.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251949/; classtype:trojan-activity;sid:84115049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.155.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251948/; classtype:trojan-activity;sid:84115048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.170.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251947/; classtype:trojan-activity;sid:84115047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.218.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251946/; classtype:trojan-activity;sid:84115046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.219.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251944/; classtype:trojan-activity;sid:84115044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.110.198.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251945/; classtype:trojan-activity;sid:84115045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.180.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251943/; classtype:trojan-activity;sid:84115043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.211.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251942/; classtype:trojan-activity;sid:84115042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.73.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251941/; classtype:trojan-activity;sid:84115041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.68.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251940/; classtype:trojan-activity;sid:84115040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.98.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251939/; classtype:trojan-activity;sid:84115039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.194.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251938/; classtype:trojan-activity;sid:84115038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.6.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251937/; classtype:trojan-activity;sid:84115037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.3.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251936/; classtype:trojan-activity;sid:84115036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.12.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251935/; classtype:trojan-activity;sid:84115035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.33.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251934/; classtype:trojan-activity;sid:84115034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.225.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251933/; classtype:trojan-activity;sid:84115033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251932/; classtype:trojan-activity;sid:84115032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.167.31.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251931/; classtype:trojan-activity;sid:84115031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251930/; classtype:trojan-activity;sid:84115030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.6.223"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251929/; classtype:trojan-activity;sid:84115029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.96.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251928/; classtype:trojan-activity;sid:84115028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251927/; classtype:trojan-activity;sid:84115027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.99.17.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251926/; classtype:trojan-activity;sid:84115026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251925/; classtype:trojan-activity;sid:84115025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"191.240.39.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251924/; classtype:trojan-activity;sid:84115024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.86.251.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251923/; classtype:trojan-activity;sid:84115023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.207.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251922/; classtype:trojan-activity;sid:84115022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.22.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251921/; classtype:trojan-activity;sid:84115021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.10.49.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251920/; classtype:trojan-activity;sid:84115020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.69.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251919/; classtype:trojan-activity;sid:84115019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.48.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251918/; classtype:trojan-activity;sid:84115018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.145.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251917/; classtype:trojan-activity;sid:84115017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.106"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251915/; classtype:trojan-activity;sid:84115015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.204.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251916/; classtype:trojan-activity;sid:84115016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.4.172"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251914/; classtype:trojan-activity;sid:84115014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.86.251.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251913/; classtype:trojan-activity;sid:84115013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.219.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251912/; classtype:trojan-activity;sid:84115012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.47.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251911/; classtype:trojan-activity;sid:84115011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.33.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251910/; classtype:trojan-activity;sid:84115010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.68.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251909/; classtype:trojan-activity;sid:84115009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.46.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251907/; classtype:trojan-activity;sid:84115007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.73.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251908/; classtype:trojan-activity;sid:84115008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.39.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251906/; classtype:trojan-activity;sid:84115006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.6.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251905/; classtype:trojan-activity;sid:84115005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.6.223"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251904/; classtype:trojan-activity;sid:84115004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.42.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251903/; classtype:trojan-activity;sid:84115003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251902/; classtype:trojan-activity;sid:84115002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.53.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251901/; classtype:trojan-activity;sid:84115001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.24.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251900/; classtype:trojan-activity;sid:84115000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.189.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251899/; classtype:trojan-activity;sid:84114999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251898/; classtype:trojan-activity;sid:84114998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.2.228"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251897/; classtype:trojan-activity;sid:84114997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.69.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251896/; classtype:trojan-activity;sid:84114996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.94.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251895/; classtype:trojan-activity;sid:84114995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.116.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251894/; classtype:trojan-activity;sid:84114994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.190.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251893/; classtype:trojan-activity;sid:84114993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.22.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251891/; classtype:trojan-activity;sid:84114991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.27.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251892/; classtype:trojan-activity;sid:84114992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.204.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251890/; classtype:trojan-activity;sid:84114990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.101.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251889/; classtype:trojan-activity;sid:84114989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.237.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251888/; classtype:trojan-activity;sid:84114988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.4.194"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251887/; classtype:trojan-activity;sid:84114987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.9.5.116"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251886/; classtype:trojan-activity;sid:84114986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.201.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251885/; classtype:trojan-activity;sid:84114985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.217.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251884/; classtype:trojan-activity;sid:84114984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.117.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251883/; classtype:trojan-activity;sid:84114983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251882/; classtype:trojan-activity;sid:84114982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.189.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251881/; classtype:trojan-activity;sid:84114981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.42.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251880/; classtype:trojan-activity;sid:84114980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.24.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251879/; classtype:trojan-activity;sid:84114979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.3.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251878/; classtype:trojan-activity;sid:84114978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.85.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251877/; classtype:trojan-activity;sid:84114977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.191.154.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251876/; classtype:trojan-activity;sid:84114976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.56.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251875/; classtype:trojan-activity;sid:84114975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.250.25.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251874/; classtype:trojan-activity;sid:84114974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.113.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251873/; classtype:trojan-activity;sid:84114973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.10.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251872/; classtype:trojan-activity;sid:84114972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.190.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251871/; classtype:trojan-activity;sid:84114971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.27.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251870/; classtype:trojan-activity;sid:84114970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.237.99"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251869/; classtype:trojan-activity;sid:84114969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.30.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251868/; classtype:trojan-activity;sid:84114968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.72.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251866/; classtype:trojan-activity;sid:84114966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.23.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251867/; classtype:trojan-activity;sid:84114967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251865/; classtype:trojan-activity;sid:84114965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.99.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251864/; classtype:trojan-activity;sid:84114964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"yjm.house.zionanakwenze.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251863/; classtype:trojan-activity;sid:84114963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.127.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251862/; classtype:trojan-activity;sid:84114962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.48.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251861/; classtype:trojan-activity;sid:84114961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.148.199.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251860/; classtype:trojan-activity;sid:84114960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.3.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251859/; classtype:trojan-activity;sid:84114959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.78.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251858/; classtype:trojan-activity;sid:84114958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.29.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251857/; classtype:trojan-activity;sid:84114957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.233.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251856/; classtype:trojan-activity;sid:84114956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251855/; classtype:trojan-activity;sid:84114955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.201.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251854/; classtype:trojan-activity;sid:84114954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.131.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251853/; classtype:trojan-activity;sid:84114953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.234.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251852/; classtype:trojan-activity;sid:84114952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.180.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251851/; classtype:trojan-activity;sid:84114951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.39.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251850/; classtype:trojan-activity;sid:84114950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.33.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251849/; classtype:trojan-activity;sid:84114949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.59.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251848/; classtype:trojan-activity;sid:84114948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.111.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251847/; classtype:trojan-activity;sid:84114947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.250.25.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251846/; classtype:trojan-activity;sid:84114946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwkjebwi686"; depth:12; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251845/; classtype:trojan-activity;sid:84114945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqkjf64"; depth:8; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251836/; classtype:trojan-activity;sid:84114936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251837/; classtype:trojan-activity;sid:84114937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251838/; classtype:trojan-activity;sid:84114938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsbeps"; depth:7; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251839/; classtype:trojan-activity;sid:84114939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251840/; classtype:trojan-activity;sid:84114940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251841/; classtype:trojan-activity;sid:84114941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251842/; classtype:trojan-activity;sid:84114942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251843/; classtype:trojan-activity;sid:84114943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"server1.eye-network.ru"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251844/; classtype:trojan-activity;sid:84114944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251835/; classtype:trojan-activity;sid:84114935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251834/; classtype:trojan-activity;sid:84114934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.72.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251833/; classtype:trojan-activity;sid:84114933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251832/; classtype:trojan-activity;sid:84114932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.154.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251831/; classtype:trojan-activity;sid:84114931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.8.165"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251830/; classtype:trojan-activity;sid:84114930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.29.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251829/; classtype:trojan-activity;sid:84114929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/internet_adapter_module.zip"; depth:28; endswith; nocase; http.host; content:"185.203.241.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251828/; classtype:trojan-activity;sid:84114928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.99.207.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251827/; classtype:trojan-activity;sid:84114927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.163.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251826/; classtype:trojan-activity;sid:84114926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/internet_adapter_module.txt"; depth:28; endswith; nocase; http.host; content:"185.203.241.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251825/; classtype:trojan-activity;sid:84114925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.249.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251824/; classtype:trojan-activity;sid:84114924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngrok.zip"; depth:10; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251823/; classtype:trojan-activity;sid:84114923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp.zip"; depth:14; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251821/; classtype:trojan-activity;sid:84114921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngrok.zip"; depth:10; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251822/; classtype:trojan-activity;sid:84114922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp.zip"; depth:14; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251820/; classtype:trojan-activity;sid:84114920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auto-install-hrdp.bat"; depth:22; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251815/; classtype:trojan-activity;sid:84114915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/update.zip"; depth:16; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251816/; classtype:trojan-activity;sid:84114916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/autoupdate.zip"; depth:20; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251817/; classtype:trojan-activity;sid:84114917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auto-install-hrdp.bat"; depth:22; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251818/; classtype:trojan-activity;sid:84114918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/update.zip"; depth:16; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251819/; classtype:trojan-activity;sid:84114919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/autoupdate.zip"; depth:20; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251814/; classtype:trojan-activity;sid:84114914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/rdpwinst.exe"; depth:23; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251813/; classtype:trojan-activity;sid:84114913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/rdpwinst.exe"; depth:23; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251808/; classtype:trojan-activity;sid:84114908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/rdpcheck.exe"; depth:23; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251809/; classtype:trojan-activity;sid:84114909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/rdpcheck.exe"; depth:23; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251810/; classtype:trojan-activity;sid:84114910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/rdpconf.exe"; depth:22; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251811/; classtype:trojan-activity;sid:84114911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/rdpconf.exe"; depth:22; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251812/; classtype:trojan-activity;sid:84114912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/update.bat"; depth:21; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251803/; classtype:trojan-activity;sid:84114903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/uninstall.bat"; depth:24; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251804/; classtype:trojan-activity;sid:84114904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/install.bat"; depth:22; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251805/; classtype:trojan-activity;sid:84114905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/install.bat"; depth:22; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251806/; classtype:trojan-activity;sid:84114906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/update.bat"; depth:21; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251807/; classtype:trojan-activity;sid:84114907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrdp/hrdp/uninstall.bat"; depth:24; endswith; nocase; http.host; content:"45.139.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251801/; classtype:trojan-activity;sid:84114901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x222.jpg"; depth:9; endswith; nocase; http.host; content:"152.89.239.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251799/; classtype:trojan-activity;sid:84114899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x222.jpg"; depth:9; endswith; nocase; http.host; content:"152.89.239.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251798/; classtype:trojan-activity;sid:84114898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.201.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251797/; classtype:trojan-activity;sid:84114897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.36.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251796/; classtype:trojan-activity;sid:84114896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.52.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251795/; classtype:trojan-activity;sid:84114895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.249.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251794/; classtype:trojan-activity;sid:84114894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.71.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251793/; classtype:trojan-activity;sid:84114893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.134.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251792/; classtype:trojan-activity;sid:84114892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.143"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251791/; classtype:trojan-activity;sid:84114891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.83.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251790/; classtype:trojan-activity;sid:84114890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.88.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251789/; classtype:trojan-activity;sid:84114889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.169.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251788/; classtype:trojan-activity;sid:84114888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.105.3.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251787/; classtype:trojan-activity;sid:84114887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.197.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251786/; classtype:trojan-activity;sid:84114886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.161.61.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251785/; classtype:trojan-activity;sid:84114885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.118.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251784/; classtype:trojan-activity;sid:84114884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.121.216.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251783/; classtype:trojan-activity;sid:84114883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251782/; classtype:trojan-activity;sid:84114882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.185.109.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251781/; classtype:trojan-activity;sid:84114881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.36.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251780/; classtype:trojan-activity;sid:84114880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.88.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251779/; classtype:trojan-activity;sid:84114879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.134.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251778/; classtype:trojan-activity;sid:84114878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.248.235.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251777/; classtype:trojan-activity;sid:84114877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.67.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251776/; classtype:trojan-activity;sid:84114876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.253.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251775/; classtype:trojan-activity;sid:84114875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.237.38.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251773/; classtype:trojan-activity;sid:84114873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.110.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251774/; classtype:trojan-activity;sid:84114874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.123.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251772/; classtype:trojan-activity;sid:84114872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.177.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251771/; classtype:trojan-activity;sid:84114871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.106.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251770/; classtype:trojan-activity;sid:84114870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.244.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251769/; classtype:trojan-activity;sid:84114869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.213.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251768/; classtype:trojan-activity;sid:84114868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.169.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251767/; classtype:trojan-activity;sid:84114867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.189.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251766/; classtype:trojan-activity;sid:84114866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.198.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251765/; classtype:trojan-activity;sid:84114865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.5.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251764/; classtype:trojan-activity;sid:84114864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.239.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251763/; classtype:trojan-activity;sid:84114863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.129.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251762/; classtype:trojan-activity;sid:84114862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.251.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251761/; classtype:trojan-activity;sid:84114861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.216.97.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251760/; classtype:trojan-activity;sid:84114860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.177.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251758/; classtype:trojan-activity;sid:84114858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/t/u1729697424183slws5d074ca2323fbt"; depth:39; endswith; nocase; http.host; content:"ydray.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251759/; classtype:trojan-activity;sid:84114859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.116.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251757/; classtype:trojan-activity;sid:84114857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.93.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251756/; classtype:trojan-activity;sid:84114856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.213.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251755/; classtype:trojan-activity;sid:84114855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.205.182.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251753/; classtype:trojan-activity;sid:84114853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.199.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251754/; classtype:trojan-activity;sid:84114854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1tzawouuxpmtaxygtnkvatmzpki7qfpkq"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251752/; classtype:trojan-activity;sid:84114852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.123.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251751/; classtype:trojan-activity;sid:84114851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.5.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251750/; classtype:trojan-activity;sid:84114850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.244.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251749/; classtype:trojan-activity;sid:84114849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.77.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251748/; classtype:trojan-activity;sid:84114848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.28.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251747/; classtype:trojan-activity;sid:84114847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.251.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251746/; classtype:trojan-activity;sid:84114846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251745/; classtype:trojan-activity;sid:84114845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.218.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251744/; classtype:trojan-activity;sid:84114844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.14.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251743/; classtype:trojan-activity;sid:84114843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.239.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251742/; classtype:trojan-activity;sid:84114842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.42.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251741/; classtype:trojan-activity;sid:84114841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.83.151"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251740/; classtype:trojan-activity;sid:84114840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.163.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251739/; classtype:trojan-activity;sid:84114839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251738/; classtype:trojan-activity;sid:84114838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251737/; classtype:trojan-activity;sid:84114837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.170.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251736/; classtype:trojan-activity;sid:84114836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251735/; classtype:trojan-activity;sid:84114835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.69.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251734/; classtype:trojan-activity;sid:84114834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.10.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251733/; classtype:trojan-activity;sid:84114833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.95.190.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251732/; classtype:trojan-activity;sid:84114832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.44.150.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251731/; classtype:trojan-activity;sid:84114831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.211.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251730/; classtype:trojan-activity;sid:84114830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251729/; classtype:trojan-activity;sid:84114829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.161.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251728/; classtype:trojan-activity;sid:84114828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.107.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251727/; classtype:trojan-activity;sid:84114827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.113.56.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251726/; classtype:trojan-activity;sid:84114826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.171.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251725/; classtype:trojan-activity;sid:84114825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.99.220.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251724/; classtype:trojan-activity;sid:84114824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.69.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251723/; classtype:trojan-activity;sid:84114823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.0.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251722/; classtype:trojan-activity;sid:84114822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.59.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251721/; classtype:trojan-activity;sid:84114821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.243.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251720/; classtype:trojan-activity;sid:84114820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.248.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251719/; classtype:trojan-activity;sid:84114819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.184.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251718/; classtype:trojan-activity;sid:84114818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.153.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251717/; classtype:trojan-activity;sid:84114817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.120.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251716/; classtype:trojan-activity;sid:84114816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.167.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251715/; classtype:trojan-activity;sid:84114815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.105.3.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251714/; classtype:trojan-activity;sid:84114814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.244.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251713/; classtype:trojan-activity;sid:84114813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.220.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251712/; classtype:trojan-activity;sid:84114812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.165.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251711/; classtype:trojan-activity;sid:84114811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.250.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251710/; classtype:trojan-activity;sid:84114810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.128.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251708/; classtype:trojan-activity;sid:84114808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.89.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251709/; classtype:trojan-activity;sid:84114809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.1.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251707/; classtype:trojan-activity;sid:84114807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.214.111.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251706/; classtype:trojan-activity;sid:84114806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.8.22"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251705/; classtype:trojan-activity;sid:84114805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.112.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251704/; classtype:trojan-activity;sid:84114804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.161.0.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251703/; classtype:trojan-activity;sid:84114803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.252.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251702/; classtype:trojan-activity;sid:84114802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.120.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251701/; classtype:trojan-activity;sid:84114801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.244.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251700/; classtype:trojan-activity;sid:84114800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.243.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251699/; classtype:trojan-activity;sid:84114799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.24.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251698/; classtype:trojan-activity;sid:84114798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251697/; classtype:trojan-activity;sid:84114797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.8.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251696/; classtype:trojan-activity;sid:84114796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.93.1"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251695/; classtype:trojan-activity;sid:84114795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.81.190.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251693/; classtype:trojan-activity;sid:84114793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.91.60.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251694/; classtype:trojan-activity;sid:84114794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.198.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251692/; classtype:trojan-activity;sid:84114792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.123.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251691/; classtype:trojan-activity;sid:84114791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251690/; classtype:trojan-activity;sid:84114790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.198.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251689/; classtype:trojan-activity;sid:84114789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.224.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251688/; classtype:trojan-activity;sid:84114788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.7.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251687/; classtype:trojan-activity;sid:84114787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.57.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251686/; classtype:trojan-activity;sid:84114786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.167.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251685/; classtype:trojan-activity;sid:84114785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.55.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251684/; classtype:trojan-activity;sid:84114784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.220.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251683/; classtype:trojan-activity;sid:84114783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.196.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251682/; classtype:trojan-activity;sid:84114782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.252.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251681/; classtype:trojan-activity;sid:84114781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.69.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251680/; classtype:trojan-activity;sid:84114780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.7.247"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251679/; classtype:trojan-activity;sid:84114779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.35.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251678/; classtype:trojan-activity;sid:84114778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.153.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251677/; classtype:trojan-activity;sid:84114777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251676/; classtype:trojan-activity;sid:84114776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.226.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251675/; classtype:trojan-activity;sid:84114775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.52.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251674/; classtype:trojan-activity;sid:84114774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.63.81.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251673/; classtype:trojan-activity;sid:84114773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.86.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251672/; classtype:trojan-activity;sid:84114772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.231.30.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251671/; classtype:trojan-activity;sid:84114771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.165.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251670/; classtype:trojan-activity;sid:84114770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.92.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251669/; classtype:trojan-activity;sid:84114769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.147.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251668/; classtype:trojan-activity;sid:84114768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.11.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251667/; classtype:trojan-activity;sid:84114767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.127.220.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251666/; classtype:trojan-activity;sid:84114766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.57.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251665/; classtype:trojan-activity;sid:84114765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.7.247"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251664/; classtype:trojan-activity;sid:84114764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.153.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251663/; classtype:trojan-activity;sid:84114763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.162.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251661/; classtype:trojan-activity;sid:84114761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.85.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251662/; classtype:trojan-activity;sid:84114762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.252.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251660/; classtype:trojan-activity;sid:84114760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.35.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251659/; classtype:trojan-activity;sid:84114759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.221.247.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251658/; classtype:trojan-activity;sid:84114758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.221.247.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251657/; classtype:trojan-activity;sid:84114757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.215.188.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251656/; classtype:trojan-activity;sid:84114756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.231.30.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251655/; classtype:trojan-activity;sid:84114755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.159.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251654/; classtype:trojan-activity;sid:84114754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251653/; classtype:trojan-activity;sid:84114753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.10.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251652/; classtype:trojan-activity;sid:84114752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.81.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251651/; classtype:trojan-activity;sid:84114751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.84.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251650/; classtype:trojan-activity;sid:84114750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.113.38.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251649/; classtype:trojan-activity;sid:84114749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.125.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251648/; classtype:trojan-activity;sid:84114748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.34.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251647/; classtype:trojan-activity;sid:84114747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.248.235.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251646/; classtype:trojan-activity;sid:84114746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251645/; classtype:trojan-activity;sid:84114745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.117.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251644/; classtype:trojan-activity;sid:84114744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251642/; classtype:trojan-activity;sid:84114742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.162.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251643/; classtype:trojan-activity;sid:84114743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.119.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251641/; classtype:trojan-activity;sid:84114741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkjqpc"; depth:7; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251639/; classtype:trojan-activity;sid:84114739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjsusa6"; depth:8; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251640/; classtype:trojan-activity;sid:84114740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwkjebwi686"; depth:12; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251638/; classtype:trojan-activity;sid:84114738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqsjh4"; depth:7; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251631/; classtype:trojan-activity;sid:84114731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvwkja7"; depth:8; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251632/; classtype:trojan-activity;sid:84114732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwwofba5"; depth:9; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251633/; classtype:trojan-activity;sid:84114733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251634/; classtype:trojan-activity;sid:84114734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqkjf64"; depth:8; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251635/; classtype:trojan-activity;sid:84114735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheiuwa4"; depth:9; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251636/; classtype:trojan-activity;sid:84114736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkehusl"; depth:8; endswith; nocase; http.host; content:"server.eye-network.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251637/; classtype:trojan-activity;sid:84114737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.11.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251630/; classtype:trojan-activity;sid:84114730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.209.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251629/; classtype:trojan-activity;sid:84114729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.132.160.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251628/; classtype:trojan-activity;sid:84114728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251627/; classtype:trojan-activity;sid:84114727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.19.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251626/; classtype:trojan-activity;sid:84114726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.223.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251625/; classtype:trojan-activity;sid:84114725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251623/; classtype:trojan-activity;sid:84114723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.41.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251624/; classtype:trojan-activity;sid:84114724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.119.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251622/; classtype:trojan-activity;sid:84114722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.15.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251621/; classtype:trojan-activity;sid:84114721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.31.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251620/; classtype:trojan-activity;sid:84114720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.16.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251619/; classtype:trojan-activity;sid:84114719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.29.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251618/; classtype:trojan-activity;sid:84114718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.180.12.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251617/; classtype:trojan-activity;sid:84114717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.149.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251616/; classtype:trojan-activity;sid:84114716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.44.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251615/; classtype:trojan-activity;sid:84114715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.70.96.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251614/; classtype:trojan-activity;sid:84114714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.232.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251613/; classtype:trojan-activity;sid:84114713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.41.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251612/; classtype:trojan-activity;sid:84114712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.55.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251611/; classtype:trojan-activity;sid:84114711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.198.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251610/; classtype:trojan-activity;sid:84114710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.78.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251609/; classtype:trojan-activity;sid:84114709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.55.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251608/; classtype:trojan-activity;sid:84114708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.225.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251607/; classtype:trojan-activity;sid:84114707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.196.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251605/; classtype:trojan-activity;sid:84114705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.198.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251606/; classtype:trojan-activity;sid:84114706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.254.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251604/; classtype:trojan-activity;sid:84114704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.122.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251603/; classtype:trojan-activity;sid:84114703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.46.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251602/; classtype:trojan-activity;sid:84114702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.124.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251601/; classtype:trojan-activity;sid:84114701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.229.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251600/; classtype:trojan-activity;sid:84114700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251599/; classtype:trojan-activity;sid:84114699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251598/; classtype:trojan-activity;sid:84114698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.26.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251597/; classtype:trojan-activity;sid:84114697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251596/; classtype:trojan-activity;sid:84114696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.137.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251595/; classtype:trojan-activity;sid:84114695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.232.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251594/; classtype:trojan-activity;sid:84114694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.78.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251593/; classtype:trojan-activity;sid:84114693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.255.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251592/; classtype:trojan-activity;sid:84114692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.162.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251590/; classtype:trojan-activity;sid:84114690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.46.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251591/; classtype:trojan-activity;sid:84114691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.243.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251589/; classtype:trojan-activity;sid:84114689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.224.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251588/; classtype:trojan-activity;sid:84114688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.185.109.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251587/; classtype:trojan-activity;sid:84114687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.156.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251586/; classtype:trojan-activity;sid:84114686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.61.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251585/; classtype:trojan-activity;sid:84114685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251583/; classtype:trojan-activity;sid:84114683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.246.126.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251584/; classtype:trojan-activity;sid:84114684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.191.31.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251581/; classtype:trojan-activity;sid:84114681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.43.50.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251582/; classtype:trojan-activity;sid:84114682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.52.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251580/; classtype:trojan-activity;sid:84114680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.102.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251579/; classtype:trojan-activity;sid:84114679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251577/; classtype:trojan-activity;sid:84114677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.45.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251578/; classtype:trojan-activity;sid:84114678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.31.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251576/; classtype:trojan-activity;sid:84114676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.200.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251575/; classtype:trojan-activity;sid:84114675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"154.216.19.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251574/; classtype:trojan-activity;sid:84114674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.241.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251573/; classtype:trojan-activity;sid:84114673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.46.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251572/; classtype:trojan-activity;sid:84114672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.229.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251571/; classtype:trojan-activity;sid:84114671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.122.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251570/; classtype:trojan-activity;sid:84114670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.162.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251569/; classtype:trojan-activity;sid:84114669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.81.190.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251568/; classtype:trojan-activity;sid:84114668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.127.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251567/; classtype:trojan-activity;sid:84114667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.161.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251566/; classtype:trojan-activity;sid:84114666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.131.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251565/; classtype:trojan-activity;sid:84114665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.161.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251564/; classtype:trojan-activity;sid:84114664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.75.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251563/; classtype:trojan-activity;sid:84114663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251562/; classtype:trojan-activity;sid:84114662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.70.83"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251560/; classtype:trojan-activity;sid:84114660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.88.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251561/; classtype:trojan-activity;sid:84114661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.49.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251559/; classtype:trojan-activity;sid:84114659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.36.160"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251558/; classtype:trojan-activity;sid:84114658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.118.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251556/; classtype:trojan-activity;sid:84114656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"179.42.74.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251557/; classtype:trojan-activity;sid:84114657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.71.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251555/; classtype:trojan-activity;sid:84114655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.203.61.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251554/; classtype:trojan-activity;sid:84114654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.36.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251553/; classtype:trojan-activity;sid:84114653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251552/; classtype:trojan-activity;sid:84114652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.111.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251551/; classtype:trojan-activity;sid:84114651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.145.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251550/; classtype:trojan-activity;sid:84114650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.46.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251549/; classtype:trojan-activity;sid:84114649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.81.190.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251548/; classtype:trojan-activity;sid:84114648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.131.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251547/; classtype:trojan-activity;sid:84114647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.69.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251546/; classtype:trojan-activity;sid:84114646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.221.89.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251545/; classtype:trojan-activity;sid:84114645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.188.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251543/; classtype:trojan-activity;sid:84114643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.245.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251544/; classtype:trojan-activity;sid:84114644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.114.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251542/; classtype:trojan-activity;sid:84114642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.138.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251541/; classtype:trojan-activity;sid:84114641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.21.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251540/; classtype:trojan-activity;sid:84114640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.118.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251539/; classtype:trojan-activity;sid:84114639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.2.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251538/; classtype:trojan-activity;sid:84114638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.44.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251536/; classtype:trojan-activity;sid:84114636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.140.109.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251537/; classtype:trojan-activity;sid:84114637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.150.45.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251535/; classtype:trojan-activity;sid:84114635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.20.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251533/; classtype:trojan-activity;sid:84114633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.20.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251534/; classtype:trojan-activity;sid:84114634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.220.145.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251532/; classtype:trojan-activity;sid:84114632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.111.176"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251531/; classtype:trojan-activity;sid:84114631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.exe"; depth:6; endswith; nocase; http.host; content:"bitwelly.design"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251530/; classtype:trojan-activity;sid:84114630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"bitwelly.design"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251529/; classtype:trojan-activity;sid:84114629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.48.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251527/; classtype:trojan-activity;sid:84114627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.55.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251528/; classtype:trojan-activity;sid:84114628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.21.239"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251526/; classtype:trojan-activity;sid:84114626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.119.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251525/; classtype:trojan-activity;sid:84114625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.68.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251524/; classtype:trojan-activity;sid:84114624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.115.213.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251523/; classtype:trojan-activity;sid:84114623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.238.169.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251522/; classtype:trojan-activity;sid:84114622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.167.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251521/; classtype:trojan-activity;sid:84114621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.55.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251520/; classtype:trojan-activity;sid:84114620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.129.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251519/; classtype:trojan-activity;sid:84114619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.95.174.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251518/; classtype:trojan-activity;sid:84114618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.26.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251517/; classtype:trojan-activity;sid:84114617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.59.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251516/; classtype:trojan-activity;sid:84114616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.48.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251515/; classtype:trojan-activity;sid:84114615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.122.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251514/; classtype:trojan-activity;sid:84114614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.44.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251513/; classtype:trojan-activity;sid:84114613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.0.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251512/; classtype:trojan-activity;sid:84114612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.119.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251511/; classtype:trojan-activity;sid:84114611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.157.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251510/; classtype:trojan-activity;sid:84114610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.193.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251509/; classtype:trojan-activity;sid:84114609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.148.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251508/; classtype:trojan-activity;sid:84114608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.124.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251507/; classtype:trojan-activity;sid:84114607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251506/; classtype:trojan-activity;sid:84114606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251505/; classtype:trojan-activity;sid:84114605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.186.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251504/; classtype:trojan-activity;sid:84114604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.238.169.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251503/; classtype:trojan-activity;sid:84114603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.40.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251502/; classtype:trojan-activity;sid:84114602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.123.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251501/; classtype:trojan-activity;sid:84114601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.26.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251500/; classtype:trojan-activity;sid:84114600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.9.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251499/; classtype:trojan-activity;sid:84114599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.107.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251498/; classtype:trojan-activity;sid:84114598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.59.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251497/; classtype:trojan-activity;sid:84114597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.109.95.87"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251496/; classtype:trojan-activity;sid:84114596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.36.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251494/; classtype:trojan-activity;sid:84114594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.160.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251495/; classtype:trojan-activity;sid:84114595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.186.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251492/; classtype:trojan-activity;sid:84114592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.48.155"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251493/; classtype:trojan-activity;sid:84114593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.179.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251491/; classtype:trojan-activity;sid:84114591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.123.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251490/; classtype:trojan-activity;sid:84114590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.193.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251489/; classtype:trojan-activity;sid:84114589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.189.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251488/; classtype:trojan-activity;sid:84114588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.91.60.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251487/; classtype:trojan-activity;sid:84114587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.163.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251486/; classtype:trojan-activity;sid:84114586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.99.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251485/; classtype:trojan-activity;sid:84114585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.84.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251484/; classtype:trojan-activity;sid:84114584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.64.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251483/; classtype:trojan-activity;sid:84114583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.148.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251482/; classtype:trojan-activity;sid:84114582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.148.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251481/; classtype:trojan-activity;sid:84114581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.122.115.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251480/; classtype:trojan-activity;sid:84114580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.216.220.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251479/; classtype:trojan-activity;sid:84114579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.253.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251478/; classtype:trojan-activity;sid:84114578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251477/; classtype:trojan-activity;sid:84114577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251476/; classtype:trojan-activity;sid:84114576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.248.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251475/; classtype:trojan-activity;sid:84114575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251474/; classtype:trojan-activity;sid:84114574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.170.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251473/; classtype:trojan-activity;sid:84114573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.163.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251472/; classtype:trojan-activity;sid:84114572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.48.155"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251471/; classtype:trojan-activity;sid:84114571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.mpsl"; depth:15; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251469/; classtype:trojan-activity;sid:84114569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.spc"; depth:14; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251470/; classtype:trojan-activity;sid:84114570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.203.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251468/; classtype:trojan-activity;sid:84114568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.113.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251465/; classtype:trojan-activity;sid:84114565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.209.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251466/; classtype:trojan-activity;sid:84114566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.134.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251467/; classtype:trojan-activity;sid:84114567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.189.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251464/; classtype:trojan-activity;sid:84114564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.132.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251462/; classtype:trojan-activity;sid:84114562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251463/; classtype:trojan-activity;sid:84114563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/292/wlanext.exe"; depth:16; endswith; nocase; http.host; content:"172.245.123.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251461/; classtype:trojan-activity;sid:84114561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.111.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251460/; classtype:trojan-activity;sid:84114560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.105.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251459/; classtype:trojan-activity;sid:84114559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.148.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251458/; classtype:trojan-activity;sid:84114558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.14.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251457/; classtype:trojan-activity;sid:84114557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.64.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251456/; classtype:trojan-activity;sid:84114556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251455/; classtype:trojan-activity;sid:84114555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.125.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251454/; classtype:trojan-activity;sid:84114554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251453/; classtype:trojan-activity;sid:84114553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.92.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251452/; classtype:trojan-activity;sid:84114552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.209.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251451/; classtype:trojan-activity;sid:84114551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.230.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251450/; classtype:trojan-activity;sid:84114550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251449/; classtype:trojan-activity;sid:84114549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.170.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251448/; classtype:trojan-activity;sid:84114548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.226.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251447/; classtype:trojan-activity;sid:84114547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.24.72"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251446/; classtype:trojan-activity;sid:84114546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251445/; classtype:trojan-activity;sid:84114545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.157.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251444/; classtype:trojan-activity;sid:84114544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.48.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251443/; classtype:trojan-activity;sid:84114543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.5.147.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251442/; classtype:trojan-activity;sid:84114542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251441/; classtype:trojan-activity;sid:84114541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.249.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251439/; classtype:trojan-activity;sid:84114539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.243.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251440/; classtype:trojan-activity;sid:84114540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.59.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251438/; classtype:trojan-activity;sid:84114538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251437/; classtype:trojan-activity;sid:84114537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.115.177.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251436/; classtype:trojan-activity;sid:84114536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.92.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251435/; classtype:trojan-activity;sid:84114535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.20.132"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251434/; classtype:trojan-activity;sid:84114534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.162.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251433/; classtype:trojan-activity;sid:84114533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.115.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251431/; classtype:trojan-activity;sid:84114531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.70.137.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251432/; classtype:trojan-activity;sid:84114532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.202.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251428/; classtype:trojan-activity;sid:84114528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.15.17.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251429/; classtype:trojan-activity;sid:84114529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.240.10.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251430/; classtype:trojan-activity;sid:84114530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.115.230.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251427/; classtype:trojan-activity;sid:84114527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.233.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251426/; classtype:trojan-activity;sid:84114526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.176.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251425/; classtype:trojan-activity;sid:84114525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.7.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251424/; classtype:trojan-activity;sid:84114524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251423/; classtype:trojan-activity;sid:84114523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.153.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251422/; classtype:trojan-activity;sid:84114522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.14.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251421/; classtype:trojan-activity;sid:84114521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.111.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251420/; classtype:trojan-activity;sid:84114520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251419/; classtype:trojan-activity;sid:84114519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251417/; classtype:trojan-activity;sid:84114517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.108.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251418/; classtype:trojan-activity;sid:84114518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.57.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251416/; classtype:trojan-activity;sid:84114516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.140.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251415/; classtype:trojan-activity;sid:84114515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251414/; classtype:trojan-activity;sid:84114514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.ppc"; depth:14; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251412/; classtype:trojan-activity;sid:84114512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm6"; depth:15; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251413/; classtype:trojan-activity;sid:84114513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.42.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251411/; classtype:trojan-activity;sid:84114511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.m68k"; depth:15; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251409/; classtype:trojan-activity;sid:84114509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm7"; depth:15; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251410/; classtype:trojan-activity;sid:84114510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.sh4"; depth:14; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251406/; classtype:trojan-activity;sid:84114506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.mips"; depth:15; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251407/; classtype:trojan-activity;sid:84114507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm"; depth:14; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251408/; classtype:trojan-activity;sid:84114508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm5"; depth:15; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251405/; classtype:trojan-activity;sid:84114505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.209.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251404/; classtype:trojan-activity;sid:84114504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.116.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251403/; classtype:trojan-activity;sid:84114503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.253.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251402/; classtype:trojan-activity;sid:84114502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.226.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251401/; classtype:trojan-activity;sid:84114501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.189.198.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251397/; classtype:trojan-activity;sid:84114497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.90.142"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251398/; classtype:trojan-activity;sid:84114498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.107.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251399/; classtype:trojan-activity;sid:84114499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.218.214.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251400/; classtype:trojan-activity;sid:84114500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251396/; classtype:trojan-activity;sid:84114496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.108.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251395/; classtype:trojan-activity;sid:84114495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.226.228"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251394/; classtype:trojan-activity;sid:84114494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.87.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251393/; classtype:trojan-activity;sid:84114493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.168.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251392/; classtype:trojan-activity;sid:84114492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.153.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251391/; classtype:trojan-activity;sid:84114491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.97.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251390/; classtype:trojan-activity;sid:84114490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.59.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251389/; classtype:trojan-activity;sid:84114489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"146.158.64.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251388/; classtype:trojan-activity;sid:84114488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.43.50.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251387/; classtype:trojan-activity;sid:84114487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.86.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251386/; classtype:trojan-activity;sid:84114486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.230.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251385/; classtype:trojan-activity;sid:84114485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.160.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251384/; classtype:trojan-activity;sid:84114484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.151.3.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251383/; classtype:trojan-activity;sid:84114483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.87.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251382/; classtype:trojan-activity;sid:84114482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.x86"; depth:14; endswith; nocase; http.host; content:"5.59.248.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251380/; classtype:trojan-activity;sid:84114480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.48.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251381/; classtype:trojan-activity;sid:84114481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.222.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251379/; classtype:trojan-activity;sid:84114479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.89.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251378/; classtype:trojan-activity;sid:84114478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.108.57.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251377/; classtype:trojan-activity;sid:84114477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.111.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251376/; classtype:trojan-activity;sid:84114476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.33.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251375/; classtype:trojan-activity;sid:84114475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.spc"; depth:16; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251374/; classtype:trojan-activity;sid:84114474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251373/; classtype:trojan-activity;sid:84114473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251372/; classtype:trojan-activity;sid:84114472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.181.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251371/; classtype:trojan-activity;sid:84114471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.86.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251370/; classtype:trojan-activity;sid:84114470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.12.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251369/; classtype:trojan-activity;sid:84114469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.230.66.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251368/; classtype:trojan-activity;sid:84114468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.42.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251367/; classtype:trojan-activity;sid:84114467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.230.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251366/; classtype:trojan-activity;sid:84114466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.168.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251365/; classtype:trojan-activity;sid:84114465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.139.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251364/; classtype:trojan-activity;sid:84114464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251363/; classtype:trojan-activity;sid:84114463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.102.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251362/; classtype:trojan-activity;sid:84114462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.250.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251361/; classtype:trojan-activity;sid:84114461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.88.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251360/; classtype:trojan-activity;sid:84114460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.47.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251358/; classtype:trojan-activity;sid:84114458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.160.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251359/; classtype:trojan-activity;sid:84114459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.222.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251357/; classtype:trojan-activity;sid:84114457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.121.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251356/; classtype:trojan-activity;sid:84114456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.33.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251355/; classtype:trojan-activity;sid:84114455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.243.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251354/; classtype:trojan-activity;sid:84114454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.181.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251353/; classtype:trojan-activity;sid:84114453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.97.46.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251352/; classtype:trojan-activity;sid:84114452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.107.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251351/; classtype:trojan-activity;sid:84114451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.245.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251350/; classtype:trojan-activity;sid:84114450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.189.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251349/; classtype:trojan-activity;sid:84114449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.240.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251348/; classtype:trojan-activity;sid:84114448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.216.154.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251347/; classtype:trojan-activity;sid:84114447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.86.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251346/; classtype:trojan-activity;sid:84114446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.46.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251345/; classtype:trojan-activity;sid:84114445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.47.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251344/; classtype:trojan-activity;sid:84114444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.183.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251343/; classtype:trojan-activity;sid:84114443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.226.19.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251342/; classtype:trojan-activity;sid:84114442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.230.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251341/; classtype:trojan-activity;sid:84114441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.69.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251340/; classtype:trojan-activity;sid:84114440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.160.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251339/; classtype:trojan-activity;sid:84114439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.86.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251338/; classtype:trojan-activity;sid:84114438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251337/; classtype:trojan-activity;sid:84114437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251336/; classtype:trojan-activity;sid:84114436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251335/; classtype:trojan-activity;sid:84114435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251333/; classtype:trojan-activity;sid:84114433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251334/; classtype:trojan-activity;sid:84114434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251331/; classtype:trojan-activity;sid:84114431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251332/; classtype:trojan-activity;sid:84114432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251330/; classtype:trojan-activity;sid:84114430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251328/; classtype:trojan-activity;sid:84114428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251329/; classtype:trojan-activity;sid:84114429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i5"; depth:3; endswith; nocase; http.host; content:"95.214.27.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251327/; classtype:trojan-activity;sid:84114427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251326/; classtype:trojan-activity;sid:84114426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251325/; classtype:trojan-activity;sid:84114425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251324/; classtype:trojan-activity;sid:84114424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251315/; classtype:trojan-activity;sid:84114415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrarm7"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251316/; classtype:trojan-activity;sid:84114416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251317/; classtype:trojan-activity;sid:84114417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251318/; classtype:trojan-activity;sid:84114418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251319/; classtype:trojan-activity;sid:84114419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251320/; classtype:trojan-activity;sid:84114420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.powerpc"; depth:15; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251321/; classtype:trojan-activity;sid:84114421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251322/; classtype:trojan-activity;sid:84114422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251323/; classtype:trojan-activity;sid:84114423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251311/; classtype:trojan-activity;sid:84114411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"192.210.187.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251312/; classtype:trojan-activity;sid:84114412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251313/; classtype:trojan-activity;sid:84114413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251314/; classtype:trojan-activity;sid:84114414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251307/; classtype:trojan-activity;sid:84114407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrmips"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251308/; classtype:trojan-activity;sid:84114408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251309/; classtype:trojan-activity;sid:84114409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251310/; classtype:trojan-activity;sid:84114410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrsh4"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251299/; classtype:trojan-activity;sid:84114399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251300/; classtype:trojan-activity;sid:84114400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.x86"; depth:15; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251301/; classtype:trojan-activity;sid:84114401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251302/; classtype:trojan-activity;sid:84114402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251303/; classtype:trojan-activity;sid:84114403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251304/; classtype:trojan-activity;sid:84114404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"87.120.117.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251305/; classtype:trojan-activity;sid:84114405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"192.210.187.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251306/; classtype:trojan-activity;sid:84114406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.120.117.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251293/; classtype:trojan-activity;sid:84114393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251294/; classtype:trojan-activity;sid:84114394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arc"; depth:11; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251295/; classtype:trojan-activity;sid:84114395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251296/; classtype:trojan-activity;sid:84114396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251297/; classtype:trojan-activity;sid:84114397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mips"; depth:16; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251298/; classtype:trojan-activity;sid:84114398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251292/; classtype:trojan-activity;sid:84114392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251289/; classtype:trojan-activity;sid:84114389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251290/; classtype:trojan-activity;sid:84114390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251291/; classtype:trojan-activity;sid:84114391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251285/; classtype:trojan-activity;sid:84114385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251286/; classtype:trojan-activity;sid:84114386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/grgbcm8u8ogtthk8kae2va5dt0sthvfrcu"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251287/; classtype:trojan-activity;sid:84114387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"87.120.117.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251288/; classtype:trojan-activity;sid:84114388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251282/; classtype:trojan-activity;sid:84114382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251283/; classtype:trojan-activity;sid:84114383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251284/; classtype:trojan-activity;sid:84114384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251279/; classtype:trojan-activity;sid:84114379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mesr6m93pojgpzhf60ujwkw7ioexspwt2m"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251280/; classtype:trojan-activity;sid:84114380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251281/; classtype:trojan-activity;sid:84114381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251276/; classtype:trojan-activity;sid:84114376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251277/; classtype:trojan-activity;sid:84114377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251278/; classtype:trojan-activity;sid:84114378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251268/; classtype:trojan-activity;sid:84114368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ktv8t5ztu7qivqrc8uhiema3tofetug0wj"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251269/; classtype:trojan-activity;sid:84114369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251270/; classtype:trojan-activity;sid:84114370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251271/; classtype:trojan-activity;sid:84114371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm6"; depth:6; endswith; nocase; http.host; content:"154.216.19.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251272/; classtype:trojan-activity;sid:84114372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.ppc"; depth:15; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251273/; classtype:trojan-activity;sid:84114373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/miphwydmgw3dhsuapjrrsvwg91qqu2p76k"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251274/; classtype:trojan-activity;sid:84114374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251275/; classtype:trojan-activity;sid:84114375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcjdj0xuqtanepmptfyel5k0eonghadujd"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251261/; classtype:trojan-activity;sid:84114361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.mpsl"; depth:16; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251262/; classtype:trojan-activity;sid:84114362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3enewps6k8ujntlntjblrzjhj1unq1n5bb"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251263/; classtype:trojan-activity;sid:84114363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/a6beiib3sha9bgwbloqakywjldbf8lhfli"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251264/; classtype:trojan-activity;sid:84114364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251265/; classtype:trojan-activity;sid:84114365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251266/; classtype:trojan-activity;sid:84114366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251267/; classtype:trojan-activity;sid:84114367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/b4wf76xpm7ssmborgigf47hmqi1e4apyfd"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251255/; classtype:trojan-activity;sid:84114355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251256/; classtype:trojan-activity;sid:84114356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"204.13.232.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251257/; classtype:trojan-activity;sid:84114357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/va9kf6eitxvm5mlgc40e86ydzotvbypxq9"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251258/; classtype:trojan-activity;sid:84114358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/t6ttl9m7ncw8xqlchdybsmrhg6flylsy9o"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251259/; classtype:trojan-activity;sid:84114359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251260/; classtype:trojan-activity;sid:84114360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251246/; classtype:trojan-activity;sid:84114346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/armv6l"; depth:10; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251247/; classtype:trojan-activity;sid:84114347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251248/; classtype:trojan-activity;sid:84114348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251249/; classtype:trojan-activity;sid:84114349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251250/; classtype:trojan-activity;sid:84114350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251251/; classtype:trojan-activity;sid:84114351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm7"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251252/; classtype:trojan-activity;sid:84114352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251253/; classtype:trojan-activity;sid:84114353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm5"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251254/; classtype:trojan-activity;sid:84114354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm5"; depth:16; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251240/; classtype:trojan-activity;sid:84114340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251241/; classtype:trojan-activity;sid:84114341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/armv5l"; depth:10; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251242/; classtype:trojan-activity;sid:84114342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251243/; classtype:trojan-activity;sid:84114343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mips"; depth:12; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251244/; classtype:trojan-activity;sid:84114344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251245/; classtype:trojan-activity;sid:84114345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251238/; classtype:trojan-activity;sid:84114338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.m68k"; depth:12; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251239/; classtype:trojan-activity;sid:84114339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; nocase; http.host; content:"192.210.187.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251235/; classtype:trojan-activity;sid:84114335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"204.13.232.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251236/; classtype:trojan-activity;sid:84114336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251237/; classtype:trojan-activity;sid:84114337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ixu4nkim69ghfvwnry8twqfd0wcsfwl2pc"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251234/; classtype:trojan-activity;sid:84114334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.mipsel"; depth:14; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251232/; classtype:trojan-activity;sid:84114332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251233/; classtype:trojan-activity;sid:84114333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mips"; depth:12; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251227/; classtype:trojan-activity;sid:84114327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm"; depth:11; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251228/; classtype:trojan-activity;sid:84114328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251229/; classtype:trojan-activity;sid:84114329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251230/; classtype:trojan-activity;sid:84114330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/armv7l"; depth:10; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251231/; classtype:trojan-activity;sid:84114331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251223/; classtype:trojan-activity;sid:84114323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251224/; classtype:trojan-activity;sid:84114324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251225/; classtype:trojan-activity;sid:84114325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251226/; classtype:trojan-activity;sid:84114326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"212.224.93.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251213/; classtype:trojan-activity;sid:84114313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251214/; classtype:trojan-activity;sid:84114314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251215/; classtype:trojan-activity;sid:84114315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251216/; classtype:trojan-activity;sid:84114316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251217/; classtype:trojan-activity;sid:84114317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"204.13.232.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251218/; classtype:trojan-activity;sid:84114318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"204.13.232.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251219/; classtype:trojan-activity;sid:84114319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251220/; classtype:trojan-activity;sid:84114320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251221/; classtype:trojan-activity;sid:84114321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"87.120.117.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251222/; classtype:trojan-activity;sid:84114322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251207/; classtype:trojan-activity;sid:84114307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251208/; classtype:trojan-activity;sid:84114308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251209/; classtype:trojan-activity;sid:84114309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"93.123.85.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251210/; classtype:trojan-activity;sid:84114310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/viudztxpdso7amu9caid5huc2i1m4mdkh9"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251211/; classtype:trojan-activity;sid:84114311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.134.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251212/; classtype:trojan-activity;sid:84114312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"95.214.27.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251203/; classtype:trojan-activity;sid:84114303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251204/; classtype:trojan-activity;sid:84114304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gppc"; depth:5; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251205/; classtype:trojan-activity;sid:84114305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gompsl"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251206/; classtype:trojan-activity;sid:84114306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251202/; classtype:trojan-activity;sid:84114302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/uhyscq5qgbcslk3bkkzk2e3cxtsjhg5ddq"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251198/; classtype:trojan-activity;sid:84114298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/eidn1fwa483jbcysowg96ltxfqibnzthpm"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251199/; classtype:trojan-activity;sid:84114299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251200/; classtype:trojan-activity;sid:84114300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rr60catab3m8kv1aqcfhdtoajijdbxhvlw"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251201/; classtype:trojan-activity;sid:84114301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm"; depth:5; endswith; nocase; http.host; content:"154.216.19.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251192/; classtype:trojan-activity;sid:84114292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251193/; classtype:trojan-activity;sid:84114293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251194/; classtype:trojan-activity;sid:84114294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/iihtd7iqyecvku1zbjph8kig73ynkfqv97"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251195/; classtype:trojan-activity;sid:84114295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251196/; classtype:trojan-activity;sid:84114296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251197/; classtype:trojan-activity;sid:84114297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gkywnicojn86wbfrffbxcd3ee3bcmaf32b"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251185/; classtype:trojan-activity;sid:84114285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251186/; classtype:trojan-activity;sid:84114286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kutztfcrbgoakp7mmhchnxxpjyblz1qjzl"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251187/; classtype:trojan-activity;sid:84114287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.m68k"; depth:12; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251188/; classtype:trojan-activity;sid:84114288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmips"; depth:6; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251189/; classtype:trojan-activity;sid:84114289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7.nn"; depth:8; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251190/; classtype:trojan-activity;sid:84114290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm5"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251191/; classtype:trojan-activity;sid:84114291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-p.a-k.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251181/; classtype:trojan-activity;sid:84114281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251182/; classtype:trojan-activity;sid:84114282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251183/; classtype:trojan-activity;sid:84114283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm4"; depth:16; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251184/; classtype:trojan-activity;sid:84114284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251175/; classtype:trojan-activity;sid:84114275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251176/; classtype:trojan-activity;sid:84114276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sjyjmgflw0egcp8d0nmwvbxadrq7dfawtm"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251177/; classtype:trojan-activity;sid:84114277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251178/; classtype:trojan-activity;sid:84114278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251179/; classtype:trojan-activity;sid:84114279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251180/; classtype:trojan-activity;sid:84114280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251169/; classtype:trojan-activity;sid:84114269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm7"; depth:12; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251170/; classtype:trojan-activity;sid:84114270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251171/; classtype:trojan-activity;sid:84114271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251172/; classtype:trojan-activity;sid:84114272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm6"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251173/; classtype:trojan-activity;sid:84114273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251174/; classtype:trojan-activity;sid:84114274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251165/; classtype:trojan-activity;sid:84114265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/armv4eb"; depth:11; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251166/; classtype:trojan-activity;sid:84114266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/v7o2vu9vosyr9rfaaxfn58alzy9zcadzkg"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251167/; classtype:trojan-activity;sid:84114267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251168/; classtype:trojan-activity;sid:84114268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm5"; depth:12; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251161/; classtype:trojan-activity;sid:84114261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251162/; classtype:trojan-activity;sid:84114262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrppc"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251163/; classtype:trojan-activity;sid:84114263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.sparc"; depth:17; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251164/; classtype:trojan-activity;sid:84114264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm7"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251157/; classtype:trojan-activity;sid:84114257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251158/; classtype:trojan-activity;sid:84114258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm7"; depth:6; endswith; nocase; http.host; content:"154.216.19.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251159/; classtype:trojan-activity;sid:84114259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251160/; classtype:trojan-activity;sid:84114260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251149/; classtype:trojan-activity;sid:84114249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riscv32"; depth:8; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251150/; classtype:trojan-activity;sid:84114250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251151/; classtype:trojan-activity;sid:84114251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251152/; classtype:trojan-activity;sid:84114252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251153/; classtype:trojan-activity;sid:84114253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251154/; classtype:trojan-activity;sid:84114254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251155/; classtype:trojan-activity;sid:84114255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sh4"; depth:11; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251156/; classtype:trojan-activity;sid:84114256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.mpsl"; depth:12; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251143/; classtype:trojan-activity;sid:84114243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"154.216.19.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251144/; classtype:trojan-activity;sid:84114244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm"; depth:5; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251145/; classtype:trojan-activity;sid:84114245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarm5"; depth:6; endswith; nocase; http.host; content:"154.216.19.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251146/; classtype:trojan-activity;sid:84114246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/q8by6b3gmmnw2fqzokcod3dstjogu7sm1h"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251147/; classtype:trojan-activity;sid:84114247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251148/; classtype:trojan-activity;sid:84114248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tcykxdnsrd1bj8tqxspilfuob7um3esuat"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251138/; classtype:trojan-activity;sid:84114238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3ansf0bpemyulycnwferzlnh5c7utsihth"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251139/; classtype:trojan-activity;sid:84114239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251140/; classtype:trojan-activity;sid:84114240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251141/; classtype:trojan-activity;sid:84114241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251142/; classtype:trojan-activity;sid:84114242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmips"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251137/; classtype:trojan-activity;sid:84114237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251128/; classtype:trojan-activity;sid:84114228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251129/; classtype:trojan-activity;sid:84114229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"192.210.187.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251130/; classtype:trojan-activity;sid:84114230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"103.80.87.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251131/; classtype:trojan-activity;sid:84114231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251132/; classtype:trojan-activity;sid:84114232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251133/; classtype:trojan-activity;sid:84114233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251134/; classtype:trojan-activity;sid:84114234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss/armv4l"; depth:10; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251135/; classtype:trojan-activity;sid:84114235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251136/; classtype:trojan-activity;sid:84114236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251124/; classtype:trojan-activity;sid:84114224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251125/; classtype:trojan-activity;sid:84114225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251126/; classtype:trojan-activity;sid:84114226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"103.80.87.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251127/; classtype:trojan-activity;sid:84114227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goarm"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251118/; classtype:trojan-activity;sid:84114218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xsivrhgstlkdcnrywwxzgdlarzzssz0n7d"; depth:40; endswith; nocase; http.host; content:"87.120.126.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251119/; classtype:trojan-activity;sid:84114219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/evhdgszj8xafwyywc9uhsmevlr7kcvp0pi"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251120/; classtype:trojan-activity;sid:84114220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/gnuqi1zjsq4wvdxdxdjvubxur67j04muzg"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251121/; classtype:trojan-activity;sid:84114221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/idrs9nbdhnzd8p101yno4k0zpppop7hroy"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251122/; classtype:trojan-activity;sid:84114222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xrxfeumikspl2gpswygka4guviwmdvapf5"; depth:40; endswith; nocase; http.host; content:"87.120.84.230"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251123/; classtype:trojan-activity;sid:84114223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smips"; depth:6; endswith; nocase; http.host; content:"154.216.19.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251098/; classtype:trojan-activity;sid:84114198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251099/; classtype:trojan-activity;sid:84114199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm7"; depth:12; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251100/; classtype:trojan-activity;sid:84114200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smpsl"; depth:6; endswith; nocase; http.host; content:"154.216.19.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251101/; classtype:trojan-activity;sid:84114201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251102/; classtype:trojan-activity;sid:84114202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.spc"; depth:11; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251103/; classtype:trojan-activity;sid:84114203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251104/; classtype:trojan-activity;sid:84114204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.sh4"; depth:11; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251105/; classtype:trojan-activity;sid:84114205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251106/; classtype:trojan-activity;sid:84114206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"178.215.238.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251107/; classtype:trojan-activity;sid:84114207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32.nn"; depth:10; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251108/; classtype:trojan-activity;sid:84114208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garm6"; depth:6; endswith; nocase; http.host; content:"154.216.19.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251109/; classtype:trojan-activity;sid:84114209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"194.110.247.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251110/; classtype:trojan-activity;sid:84114210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251111/; classtype:trojan-activity;sid:84114211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"156.238.253.51"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251112/; classtype:trojan-activity;sid:84114212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm5"; depth:12; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251113/; classtype:trojan-activity;sid:84114213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botnet.arm6"; depth:12; endswith; nocase; http.host; content:"178.215.238.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251114/; classtype:trojan-activity;sid:84114214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.arm6"; depth:12; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251115/; classtype:trojan-activity;sid:84114215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.bot.sparc"; depth:13; endswith; nocase; http.host; content:"156.244.7.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251116/; classtype:trojan-activity;sid:84114216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidakibest.arm6"; depth:16; endswith; nocase; http.host; content:"94.159.101.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251117/; classtype:trojan-activity;sid:84114217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251097/; classtype:trojan-activity;sid:84114197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251094/; classtype:trojan-activity;sid:84114194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-6.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251095/; classtype:trojan-activity;sid:84114195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"93.123.85.205"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251096/; classtype:trojan-activity;sid:84114196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.177.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251093/; classtype:trojan-activity;sid:84114193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.101.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251092/; classtype:trojan-activity;sid:84114192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.78.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251091/; classtype:trojan-activity;sid:84114191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.168.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251090/; classtype:trojan-activity;sid:84114190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.129.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251088/; classtype:trojan-activity;sid:84114188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251089/; classtype:trojan-activity;sid:84114189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.243.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251087/; classtype:trojan-activity;sid:84114187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.189.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251086/; classtype:trojan-activity;sid:84114186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.91.43"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251085/; classtype:trojan-activity;sid:84114185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.107.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251084/; classtype:trojan-activity;sid:84114184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251083/; classtype:trojan-activity;sid:84114183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firewallpe.exe"; depth:15; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251080/; classtype:trojan-activity;sid:84114180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firewallpi.exe"; depth:15; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251081/; classtype:trojan-activity;sid:84114181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.226.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251082/; classtype:trojan-activity;sid:84114182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firewallpk.exe"; depth:15; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251075/; classtype:trojan-activity;sid:84114175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firewallpr.exe"; depth:15; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251076/; classtype:trojan-activity;sid:84114176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.134.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251077/; classtype:trojan-activity;sid:84114177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firewallprote.exe"; depth:18; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251078/; classtype:trojan-activity;sid:84114178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firewallprot.exe"; depth:17; endswith; nocase; http.host; content:"185.101.104.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251079/; classtype:trojan-activity;sid:84114179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.84.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251074/; classtype:trojan-activity;sid:84114174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.178.33.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251073/; classtype:trojan-activity;sid:84114173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.209.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251072/; classtype:trojan-activity;sid:84114172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.59.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251071/; classtype:trojan-activity;sid:84114171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.33.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251069/; classtype:trojan-activity;sid:84114169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.96.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251070/; classtype:trojan-activity;sid:84114170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.197.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251068/; classtype:trojan-activity;sid:84114168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.149.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251067/; classtype:trojan-activity;sid:84114167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.34.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251066/; classtype:trojan-activity;sid:84114166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.112.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251065/; classtype:trojan-activity;sid:84114165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251064/; classtype:trojan-activity;sid:84114164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.153.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251063/; classtype:trojan-activity;sid:84114163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.101.251"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251062/; classtype:trojan-activity;sid:84114162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.20.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251061/; classtype:trojan-activity;sid:84114161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.116.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251060/; classtype:trojan-activity;sid:84114160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.68.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251059/; classtype:trojan-activity;sid:84114159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.1.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251058/; classtype:trojan-activity;sid:84114158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ufq7iekizcvbh3mhn7rsn9jkgyqrumuy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251056/; classtype:trojan-activity;sid:84114156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1oucvakucyfgsyle0-ru3uzknde2almjp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251057/; classtype:trojan-activity;sid:84114157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.219.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251055/; classtype:trojan-activity;sid:84114155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.181.83.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251054/; classtype:trojan-activity;sid:84114154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251053/; classtype:trojan-activity;sid:84114153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.87.71.238"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251052/; classtype:trojan-activity;sid:84114152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.194.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251050/; classtype:trojan-activity;sid:84114150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.127.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251051/; classtype:trojan-activity;sid:84114151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.194.113"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251049/; classtype:trojan-activity;sid:84114149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.103.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251048/; classtype:trojan-activity;sid:84114148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.226.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251047/; classtype:trojan-activity;sid:84114147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.97.46.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251046/; classtype:trojan-activity;sid:84114146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.127.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251045/; classtype:trojan-activity;sid:84114145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.107.187"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251044/; classtype:trojan-activity;sid:84114144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.69.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251043/; classtype:trojan-activity;sid:84114143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.59.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251042/; classtype:trojan-activity;sid:84114142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.129.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251041/; classtype:trojan-activity;sid:84114141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.34.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251040/; classtype:trojan-activity;sid:84114140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.106.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251039/; classtype:trojan-activity;sid:84114139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.197.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251038/; classtype:trojan-activity;sid:84114138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2210/v"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251037/; classtype:trojan-activity;sid:84114137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2210/s"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251025/; classtype:trojan-activity;sid:84114125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2210/bjcaj8aorkdqbsqqyrda.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251026/; classtype:trojan-activity;sid:84114126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2210/r"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251027/; classtype:trojan-activity;sid:84114127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1210/v"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251028/; classtype:trojan-activity;sid:84114128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1210/yntfjbwnfbowg4ulufdq.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251029/; classtype:trojan-activity;sid:84114129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1210/s"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251030/; classtype:trojan-activity;sid:84114130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2210/wgznfv2hoqz7kuuj2w9v.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251031/; classtype:trojan-activity;sid:84114131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1210/file"; depth:10; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251032/; classtype:trojan-activity;sid:84114132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1210/r"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251033/; classtype:trojan-activity;sid:84114133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2210/file"; depth:10; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251034/; classtype:trojan-activity;sid:84114134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1210/b9uoaokmpdan1gmmrxuo.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251035/; classtype:trojan-activity;sid:84114135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.68.56.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251036/; classtype:trojan-activity;sid:84114136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251023/; classtype:trojan-activity;sid:84114123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.128.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251024/; classtype:trojan-activity;sid:84114124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.155.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251022/; classtype:trojan-activity;sid:84114122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.54.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251021/; classtype:trojan-activity;sid:84114121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"119.183.32.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251020/; classtype:trojan-activity;sid:84114120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.18.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251018/; classtype:trojan-activity;sid:84114118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.70.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251019/; classtype:trojan-activity;sid:84114119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.68.142.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251017/; classtype:trojan-activity;sid:84114117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.24.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251016/; classtype:trojan-activity;sid:84114116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/d1vu0qdayrnwnafvyj67k/incidente-de-desacato-judicial-fallo-tutela-no-2110-24.tar|3f|rlkey=qvpcht198ouf5wp4x7g5dbgoj|7c|26|7c|st=a9fqtwpl|7c|26|7c|dl=1"; depth:158; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251015/; classtype:trojan-activity;sid:84114115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.204.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251014/; classtype:trojan-activity;sid:84114114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.arm5"; depth:10; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250997/; classtype:trojan-activity;sid:84114097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.arm6"; depth:10; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250998/; classtype:trojan-activity;sid:84114098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.ppc"; depth:9; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250999/; classtype:trojan-activity;sid:84114099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.sh4"; depth:9; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251000/; classtype:trojan-activity;sid:84114100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.arm7"; depth:10; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251001/; classtype:trojan-activity;sid:84114101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.mpsl"; depth:10; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251002/; classtype:trojan-activity;sid:84114102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.arm"; depth:9; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251003/; classtype:trojan-activity;sid:84114103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.m68k"; depth:10; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251004/; classtype:trojan-activity;sid:84114104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.mips"; depth:10; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251005/; classtype:trojan-activity;sid:84114105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.x86_64"; depth:12; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251006/; classtype:trojan-activity;sid:84114106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.arc"; depth:9; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251007/; classtype:trojan-activity;sid:84114107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.arm64"; depth:11; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251008/; classtype:trojan-activity;sid:84114108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.spc"; depth:9; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251009/; classtype:trojan-activity;sid:84114109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.ppc440fp"; depth:14; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251010/; classtype:trojan-activity;sid:84114110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novo.x86"; depth:9; endswith; nocase; http.host; content:"141.98.10.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251011/; classtype:trojan-activity;sid:84114111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/t/u17296395283148yifnaad6e7290179if"; depth:40; endswith; nocase; http.host; content:"ydray.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251012/; classtype:trojan-activity;sid:84114112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/t/u17296429169844egxwc532b4f9c2bfnk"; depth:40; endswith; nocase; http.host; content:"ydray.com"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251013/; classtype:trojan-activity;sid:84114113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.209.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250996/; classtype:trojan-activity;sid:84114096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.1.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250995/; classtype:trojan-activity;sid:84114095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.250.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250994/; classtype:trojan-activity;sid:84114094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.128.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250993/; classtype:trojan-activity;sid:84114093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.219.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250992/; classtype:trojan-activity;sid:84114092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250991/; classtype:trojan-activity;sid:84114091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250990/; classtype:trojan-activity;sid:84114090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.140.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250989/; classtype:trojan-activity;sid:84114089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.36.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250988/; classtype:trojan-activity;sid:84114088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.69.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250987/; classtype:trojan-activity;sid:84114087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"ssn.house.zionanakwenze.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250986/; classtype:trojan-activity;sid:84114086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250985/; classtype:trojan-activity;sid:84114085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.98.163.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250984/; classtype:trojan-activity;sid:84114084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.191.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250983/; classtype:trojan-activity;sid:84114083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.95.233"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250982/; classtype:trojan-activity;sid:84114082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.128.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250981/; classtype:trojan-activity;sid:84114081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.96.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250980/; classtype:trojan-activity;sid:84114080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.205.96"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250979/; classtype:trojan-activity;sid:84114079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.151.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250978/; classtype:trojan-activity;sid:84114078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.167.175.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250977/; classtype:trojan-activity;sid:84114077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.153.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250976/; classtype:trojan-activity;sid:84114076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.21.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250975/; classtype:trojan-activity;sid:84114075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.18.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250974/; classtype:trojan-activity;sid:84114074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.117.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250973/; classtype:trojan-activity;sid:84114073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.211.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250972/; classtype:trojan-activity;sid:84114072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.102.189.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250970/; classtype:trojan-activity;sid:84114070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.3.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250971/; classtype:trojan-activity;sid:84114071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.38.0.143"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250968/; classtype:trojan-activity;sid:84114068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.129.103.198"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250969/; classtype:trojan-activity;sid:84114069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250966/; classtype:trojan-activity;sid:84114066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.254.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250967/; classtype:trojan-activity;sid:84114067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.208.230.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250965/; classtype:trojan-activity;sid:84114065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.196.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250964/; classtype:trojan-activity;sid:84114064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.40.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250963/; classtype:trojan-activity;sid:84114063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.197.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250962/; classtype:trojan-activity;sid:84114062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.84.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250961/; classtype:trojan-activity;sid:84114061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.24.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250960/; classtype:trojan-activity;sid:84114060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.36.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250959/; classtype:trojan-activity;sid:84114059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.128.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250958/; classtype:trojan-activity;sid:84114058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.249.236.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250956/; classtype:trojan-activity;sid:84114056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.212.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250957/; classtype:trojan-activity;sid:84114057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.199.135.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250955/; classtype:trojan-activity;sid:84114055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.151.250"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250954/; classtype:trojan-activity;sid:84114054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.120.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250953/; classtype:trojan-activity;sid:84114053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.24.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250952/; classtype:trojan-activity;sid:84114052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.117.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250950/; classtype:trojan-activity;sid:84114050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.50.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250951/; classtype:trojan-activity;sid:84114051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.30.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250949/; classtype:trojan-activity;sid:84114049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.140.165"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250948/; classtype:trojan-activity;sid:84114048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.75.248"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250947/; classtype:trojan-activity;sid:84114047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.47.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250946/; classtype:trojan-activity;sid:84114046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.162.4.245"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250945/; classtype:trojan-activity;sid:84114045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.160.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250942/; classtype:trojan-activity;sid:84114042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.198.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250943/; classtype:trojan-activity;sid:84114043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.201.134.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250944/; classtype:trojan-activity;sid:84114044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.38.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250941/; classtype:trojan-activity;sid:84114041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.173.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250940/; classtype:trojan-activity;sid:84114040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.61.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250939/; classtype:trojan-activity;sid:84114039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.26.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250937/; classtype:trojan-activity;sid:84114037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.223.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250938/; classtype:trojan-activity;sid:84114038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.230.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250936/; classtype:trojan-activity;sid:84114036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.249.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250935/; classtype:trojan-activity;sid:84114035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.21.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250934/; classtype:trojan-activity;sid:84114034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.0.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250932/; classtype:trojan-activity;sid:84114032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.51.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250933/; classtype:trojan-activity;sid:84114033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.30.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250931/; classtype:trojan-activity;sid:84114031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.20.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250930/; classtype:trojan-activity;sid:84114030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.239.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250929/; classtype:trojan-activity;sid:84114029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.29.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250928/; classtype:trojan-activity;sid:84114028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.132.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250927/; classtype:trojan-activity;sid:84114027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.63.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250926/; classtype:trojan-activity;sid:84114026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.89.101"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250924/; classtype:trojan-activity;sid:84114024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/uyikxzbgrrplkjh.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250925/; classtype:trojan-activity;sid:84114025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.39.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250923/; classtype:trojan-activity;sid:84114023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.243.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250922/; classtype:trojan-activity;sid:84114022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.205.62.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250921/; classtype:trojan-activity;sid:84114021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.4.75"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250920/; classtype:trojan-activity;sid:84114020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.51.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250919/; classtype:trojan-activity;sid:84114019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.78.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250917/; classtype:trojan-activity;sid:84114017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.66.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250918/; classtype:trojan-activity;sid:84114018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.24.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250916/; classtype:trojan-activity;sid:84114016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250915/; classtype:trojan-activity;sid:84114015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.123.61"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250914/; classtype:trojan-activity;sid:84114014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.205.62.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250912/; classtype:trojan-activity;sid:84114012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250913/; classtype:trojan-activity;sid:84114013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.73.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250911/; classtype:trojan-activity;sid:84114011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.185.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250910/; classtype:trojan-activity;sid:84114010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.164.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250909/; classtype:trojan-activity;sid:84114009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250907/; classtype:trojan-activity;sid:84114007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.159.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250908/; classtype:trojan-activity;sid:84114008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.111.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250906/; classtype:trojan-activity;sid:84114006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.242.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250905/; classtype:trojan-activity;sid:84114005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.239.163"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250904/; classtype:trojan-activity;sid:84114004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.0.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250902/; classtype:trojan-activity;sid:84114002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.247.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250903/; classtype:trojan-activity;sid:84114003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.128.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250901/; classtype:trojan-activity;sid:84114001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.198.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250900/; classtype:trojan-activity;sid:84114000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.82.0.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250899/; classtype:trojan-activity;sid:84113999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.231.30.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250898/; classtype:trojan-activity;sid:84113998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250897/; classtype:trojan-activity;sid:84113997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.25.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250896/; classtype:trojan-activity;sid:84113996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.4.75"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250895/; classtype:trojan-activity;sid:84113995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.228.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250894/; classtype:trojan-activity;sid:84113994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250893/; classtype:trojan-activity;sid:84113993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.174.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250892/; classtype:trojan-activity;sid:84113992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250890/; classtype:trojan-activity;sid:84113990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peass-ng/peass-ng/releases/latest/download/linpeas.sh"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250891/; classtype:trojan-activity;sid:84113991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.73.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250889/; classtype:trojan-activity;sid:84113989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.66.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250888/; classtype:trojan-activity;sid:84113988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.154.44.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250887/; classtype:trojan-activity;sid:84113987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.119.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250886/; classtype:trojan-activity;sid:84113986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.60.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250885/; classtype:trojan-activity;sid:84113985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250884/; classtype:trojan-activity;sid:84113984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.154.44.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250883/; classtype:trojan-activity;sid:84113983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250882/; classtype:trojan-activity;sid:84113982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250881/; classtype:trojan-activity;sid:84113981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250875/; classtype:trojan-activity;sid:84113975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250876/; classtype:trojan-activity;sid:84113976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250877/; classtype:trojan-activity;sid:84113977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250878/; classtype:trojan-activity;sid:84113978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250879/; classtype:trojan-activity;sid:84113979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250880/; classtype:trojan-activity;sid:84113980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.111.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250874/; classtype:trojan-activity;sid:84113974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.50.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250873/; classtype:trojan-activity;sid:84113973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250872/; classtype:trojan-activity;sid:84113972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.77.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250870/; classtype:trojan-activity;sid:84113970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.109.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250871/; classtype:trojan-activity;sid:84113971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.185.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250869/; classtype:trojan-activity;sid:84113969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.166.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250868/; classtype:trojan-activity;sid:84113968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.205.62.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250867/; classtype:trojan-activity;sid:84113967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250866/; classtype:trojan-activity;sid:84113966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250865/; classtype:trojan-activity;sid:84113965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"79.133.46.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250864/; classtype:trojan-activity;sid:84113964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250863/; classtype:trojan-activity;sid:84113963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.244.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250862/; classtype:trojan-activity;sid:84113962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.198.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250861/; classtype:trojan-activity;sid:84113961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250860/; classtype:trojan-activity;sid:84113960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.118.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250859/; classtype:trojan-activity;sid:84113959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.107.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250858/; classtype:trojan-activity;sid:84113958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.190.239"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250857/; classtype:trojan-activity;sid:84113957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.82.0.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250856/; classtype:trojan-activity;sid:84113956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.82.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250855/; classtype:trojan-activity;sid:84113955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.40.153.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250854/; classtype:trojan-activity;sid:84113954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.149.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250851/; classtype:trojan-activity;sid:84113951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.154.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250852/; classtype:trojan-activity;sid:84113952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.82.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250853/; classtype:trojan-activity;sid:84113953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.248.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250850/; classtype:trojan-activity;sid:84113950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.16.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250849/; classtype:trojan-activity;sid:84113949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.174.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250848/; classtype:trojan-activity;sid:84113948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.77.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250847/; classtype:trojan-activity;sid:84113947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.244.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250846/; classtype:trojan-activity;sid:84113946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250845/; classtype:trojan-activity;sid:84113945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.166.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250844/; classtype:trojan-activity;sid:84113944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250843/; classtype:trojan-activity;sid:84113943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.109.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250842/; classtype:trojan-activity;sid:84113942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.93.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250841/; classtype:trojan-activity;sid:84113941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.92.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250840/; classtype:trojan-activity;sid:84113940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.109.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250838/; classtype:trojan-activity;sid:84113938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.94.46.123"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250839/; classtype:trojan-activity;sid:84113939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.235.13.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250837/; classtype:trojan-activity;sid:84113937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.29.107"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250836/; classtype:trojan-activity;sid:84113936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.118.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250835/; classtype:trojan-activity;sid:84113935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.108.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250834/; classtype:trojan-activity;sid:84113934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.113.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250833/; classtype:trojan-activity;sid:84113933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.63.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250832/; classtype:trojan-activity;sid:84113932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.13.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250831/; classtype:trojan-activity;sid:84113931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250830/; classtype:trojan-activity;sid:84113930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.82.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250829/; classtype:trojan-activity;sid:84113929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.203.47.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250828/; classtype:trojan-activity;sid:84113928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.136.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250827/; classtype:trojan-activity;sid:84113927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.191.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250826/; classtype:trojan-activity;sid:84113926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.16.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250825/; classtype:trojan-activity;sid:84113925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.173.122.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250824/; classtype:trojan-activity;sid:84113924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.78.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250823/; classtype:trojan-activity;sid:84113923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250822/; classtype:trojan-activity;sid:84113922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.92.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250821/; classtype:trojan-activity;sid:84113921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.100.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250820/; classtype:trojan-activity;sid:84113920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.52.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250819/; classtype:trojan-activity;sid:84113919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.195.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250818/; classtype:trojan-activity;sid:84113918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250817/; classtype:trojan-activity;sid:84113917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.254.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250816/; classtype:trojan-activity;sid:84113916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/ttuygt18rb5jzcr.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250815/; classtype:trojan-activity;sid:84113915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.194.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250814/; classtype:trojan-activity;sid:84113914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.235.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250813/; classtype:trojan-activity;sid:84113913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.172.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250812/; classtype:trojan-activity;sid:84113912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.95.81.78"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250811/; classtype:trojan-activity;sid:84113911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.50.57.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250810/; classtype:trojan-activity;sid:84113910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.95.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250808/; classtype:trojan-activity;sid:84113908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.9.255.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250809/; classtype:trojan-activity;sid:84113909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.13.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250807/; classtype:trojan-activity;sid:84113907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.172.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250806/; classtype:trojan-activity;sid:84113906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.113.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250805/; classtype:trojan-activity;sid:84113905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.231.165.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250804/; classtype:trojan-activity;sid:84113904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.29.107"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250802/; classtype:trojan-activity;sid:84113902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"125.105.3.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250803/; classtype:trojan-activity;sid:84113903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.111.130.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250801/; classtype:trojan-activity;sid:84113901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.203.47.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250800/; classtype:trojan-activity;sid:84113900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250799/; classtype:trojan-activity;sid:84113899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.24.36.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250798/; classtype:trojan-activity;sid:84113898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.52.93"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250797/; classtype:trojan-activity;sid:84113897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.161.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250796/; classtype:trojan-activity;sid:84113896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.87.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250795/; classtype:trojan-activity;sid:84113895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.235.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250794/; classtype:trojan-activity;sid:84113894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.114.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250792/; classtype:trojan-activity;sid:84113892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.34.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250793/; classtype:trojan-activity;sid:84113893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250791/; classtype:trojan-activity;sid:84113891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.146.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250789/; classtype:trojan-activity;sid:84113889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.166.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250790/; classtype:trojan-activity;sid:84113890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.126.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250788/; classtype:trojan-activity;sid:84113888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.19.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250787/; classtype:trojan-activity;sid:84113887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.166.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250786/; classtype:trojan-activity;sid:84113886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.195.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250785/; classtype:trojan-activity;sid:84113885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.242.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250784/; classtype:trojan-activity;sid:84113884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.92.191"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250783/; classtype:trojan-activity;sid:84113883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.120.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250782/; classtype:trojan-activity;sid:84113882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.22.21.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250781/; classtype:trojan-activity;sid:84113881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"vmad.house.zionanakwenze.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250779/; classtype:trojan-activity;sid:84113879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"qqx.house.zionanakwenze.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250780/; classtype:trojan-activity;sid:84113880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.102.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250778/; classtype:trojan-activity;sid:84113878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.151.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250777/; classtype:trojan-activity;sid:84113877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250776/; classtype:trojan-activity;sid:84113876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.247.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250775/; classtype:trojan-activity;sid:84113875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.24.36.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250774/; classtype:trojan-activity;sid:84113874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/off/def.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250773/; classtype:trojan-activity;sid:84113873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.72.188.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250772/; classtype:trojan-activity;sid:84113872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.10.65.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250771/; classtype:trojan-activity;sid:84113871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.194.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250770/; classtype:trojan-activity;sid:84113870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.69.22.153"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250769/; classtype:trojan-activity;sid:84113869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250768/; classtype:trojan-activity;sid:84113868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.240.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250767/; classtype:trojan-activity;sid:84113867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.243.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250765/; classtype:trojan-activity;sid:84113865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250766/; classtype:trojan-activity;sid:84113866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250764/; classtype:trojan-activity;sid:84113864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.139.110.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250763/; classtype:trojan-activity;sid:84113863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"204.157.208.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250760/; classtype:trojan-activity;sid:84113860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.53.31.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250761/; classtype:trojan-activity;sid:84113861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.239.24.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250762/; classtype:trojan-activity;sid:84113862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.214.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250757/; classtype:trojan-activity;sid:84113857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.242.106.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250758/; classtype:trojan-activity;sid:84113858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.121.83.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250759/; classtype:trojan-activity;sid:84113859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.5.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250756/; classtype:trojan-activity;sid:84113856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.155.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250755/; classtype:trojan-activity;sid:84113855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.174.93.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250754/; classtype:trojan-activity;sid:84113854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.198.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250753/; classtype:trojan-activity;sid:84113853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.76.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250752/; classtype:trojan-activity;sid:84113852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.146.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250751/; classtype:trojan-activity;sid:84113851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250749/; classtype:trojan-activity;sid:84113849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.217.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250750/; classtype:trojan-activity;sid:84113850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.19.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250748/; classtype:trojan-activity;sid:84113848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.105.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250747/; classtype:trojan-activity;sid:84113847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250746/; classtype:trojan-activity;sid:84113846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.9.255.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250745/; classtype:trojan-activity;sid:84113845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.77.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250741/; classtype:trojan-activity;sid:84113841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.210.182.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250742/; classtype:trojan-activity;sid:84113842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.88.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250743/; classtype:trojan-activity;sid:84113843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.174.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250744/; classtype:trojan-activity;sid:84113844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.103.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250739/; classtype:trojan-activity;sid:84113839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.161.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250740/; classtype:trojan-activity;sid:84113840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.191.131.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250738/; classtype:trojan-activity;sid:84113838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.163.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250737/; classtype:trojan-activity;sid:84113837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.32.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250736/; classtype:trojan-activity;sid:84113836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.33.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250735/; classtype:trojan-activity;sid:84113835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.102.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250734/; classtype:trojan-activity;sid:84113834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.235.13.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250733/; classtype:trojan-activity;sid:84113833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.81.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250732/; classtype:trojan-activity;sid:84113832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.8.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250731/; classtype:trojan-activity;sid:84113831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.125.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250730/; classtype:trojan-activity;sid:84113830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.151.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250729/; classtype:trojan-activity;sid:84113829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.109.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250728/; classtype:trojan-activity;sid:84113828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.151.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250727/; classtype:trojan-activity;sid:84113827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250725/; classtype:trojan-activity;sid:84113825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.26.8"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250726/; classtype:trojan-activity;sid:84113826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.41.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250724/; classtype:trojan-activity;sid:84113824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.95.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250723/; classtype:trojan-activity;sid:84113823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.139.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250722/; classtype:trojan-activity;sid:84113822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.30.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250721/; classtype:trojan-activity;sid:84113821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.215.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250720/; classtype:trojan-activity;sid:84113820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.143.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250719/; classtype:trojan-activity;sid:84113819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.78.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250717/; classtype:trojan-activity;sid:84113817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.223.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250718/; classtype:trojan-activity;sid:84113818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.230.128"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250716/; classtype:trojan-activity;sid:84113816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.217.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250715/; classtype:trojan-activity;sid:84113815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.124.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250714/; classtype:trojan-activity;sid:84113814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.123.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250713/; classtype:trojan-activity;sid:84113813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250710/; classtype:trojan-activity;sid:84113810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.176.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250711/; classtype:trojan-activity;sid:84113811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.234.157.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250712/; classtype:trojan-activity;sid:84113812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250709/; classtype:trojan-activity;sid:84113809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250708/; classtype:trojan-activity;sid:84113808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.159.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250706/; classtype:trojan-activity;sid:84113806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.184.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250707/; classtype:trojan-activity;sid:84113807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.0.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250705/; classtype:trojan-activity;sid:84113805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250704/; classtype:trojan-activity;sid:84113804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.255.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250703/; classtype:trojan-activity;sid:84113803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250702/; classtype:trojan-activity;sid:84113802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.206.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250701/; classtype:trojan-activity;sid:84113801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.235.13.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250700/; classtype:trojan-activity;sid:84113800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250699/; classtype:trojan-activity;sid:84113799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.139.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250698/; classtype:trojan-activity;sid:84113798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.243.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250697/; classtype:trojan-activity;sid:84113797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.11.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250696/; classtype:trojan-activity;sid:84113796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.11.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250695/; classtype:trojan-activity;sid:84113795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.98.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250694/; classtype:trojan-activity;sid:84113794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.41.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250693/; classtype:trojan-activity;sid:84113793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.159.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250692/; classtype:trojan-activity;sid:84113792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.139.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250690/; classtype:trojan-activity;sid:84113790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.16.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250691/; classtype:trojan-activity;sid:84113791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.124.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250689/; classtype:trojan-activity;sid:84113789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.223.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250688/; classtype:trojan-activity;sid:84113788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.182.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250687/; classtype:trojan-activity;sid:84113787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.176.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250686/; classtype:trojan-activity;sid:84113786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.50.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250685/; classtype:trojan-activity;sid:84113785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.197.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250684/; classtype:trojan-activity;sid:84113784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.206.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250683/; classtype:trojan-activity;sid:84113783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.122.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250682/; classtype:trojan-activity;sid:84113782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.232.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250681/; classtype:trojan-activity;sid:84113781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.204.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250680/; classtype:trojan-activity;sid:84113780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.28.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250679/; classtype:trojan-activity;sid:84113779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.120.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250678/; classtype:trojan-activity;sid:84113778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.167.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250677/; classtype:trojan-activity;sid:84113777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.168.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250676/; classtype:trojan-activity;sid:84113776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.64.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250675/; classtype:trojan-activity;sid:84113775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.151.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250674/; classtype:trojan-activity;sid:84113774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.188.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250673/; classtype:trojan-activity;sid:84113773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.55.140"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250672/; classtype:trojan-activity;sid:84113772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.123.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250671/; classtype:trojan-activity;sid:84113771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.139.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250670/; classtype:trojan-activity;sid:84113770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.98.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250668/; classtype:trojan-activity;sid:84113768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.142.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250669/; classtype:trojan-activity;sid:84113769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.253.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250667/; classtype:trojan-activity;sid:84113767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250666/; classtype:trojan-activity;sid:84113766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.37.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250665/; classtype:trojan-activity;sid:84113765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.107.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250663/; classtype:trojan-activity;sid:84113763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.28.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250664/; classtype:trojan-activity;sid:84113764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.53.95.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250662/; classtype:trojan-activity;sid:84113762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.247.159.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250658/; classtype:trojan-activity;sid:84113758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.87.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250659/; classtype:trojan-activity;sid:84113759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250660/; classtype:trojan-activity;sid:84113760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.160.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250661/; classtype:trojan-activity;sid:84113761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.78.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250656/; classtype:trojan-activity;sid:84113756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.232.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250657/; classtype:trojan-activity;sid:84113757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.32.199.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250655/; classtype:trojan-activity;sid:84113755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.16.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250654/; classtype:trojan-activity;sid:84113754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.136.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250653/; classtype:trojan-activity;sid:84113753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.112.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250652/; classtype:trojan-activity;sid:84113752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.204.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250651/; classtype:trojan-activity;sid:84113751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.254.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250650/; classtype:trojan-activity;sid:84113750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250649/; classtype:trojan-activity;sid:84113749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.74.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250648/; classtype:trojan-activity;sid:84113748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.99.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250647/; classtype:trojan-activity;sid:84113747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.188.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250646/; classtype:trojan-activity;sid:84113746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.197.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250645/; classtype:trojan-activity;sid:84113745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.143.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250644/; classtype:trojan-activity;sid:84113744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.145.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250643/; classtype:trojan-activity;sid:84113743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.86.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250642/; classtype:trojan-activity;sid:84113742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.28.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250639/; classtype:trojan-activity;sid:84113739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.169.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250640/; classtype:trojan-activity;sid:84113740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.216.154.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250641/; classtype:trojan-activity;sid:84113741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250638/; classtype:trojan-activity;sid:84113738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.39.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250637/; classtype:trojan-activity;sid:84113737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.123.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250636/; classtype:trojan-activity;sid:84113736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250635/; classtype:trojan-activity;sid:84113735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.28.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250634/; classtype:trojan-activity;sid:84113734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.107.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250633/; classtype:trojan-activity;sid:84113733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.137.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250632/; classtype:trojan-activity;sid:84113732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.152.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250631/; classtype:trojan-activity;sid:84113731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.46.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250630/; classtype:trojan-activity;sid:84113730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.151.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250629/; classtype:trojan-activity;sid:84113729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.85.54.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250628/; classtype:trojan-activity;sid:84113728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.182.225.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250626/; classtype:trojan-activity;sid:84113726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.160.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250627/; classtype:trojan-activity;sid:84113727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.121.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250625/; classtype:trojan-activity;sid:84113725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.98.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250624/; classtype:trojan-activity;sid:84113724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.47.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250623/; classtype:trojan-activity;sid:84113723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.109.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250622/; classtype:trojan-activity;sid:84113722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.38.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250621/; classtype:trojan-activity;sid:84113721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.95.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250620/; classtype:trojan-activity;sid:84113720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250619/; classtype:trojan-activity;sid:84113719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.74.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250618/; classtype:trojan-activity;sid:84113718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.99.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250617/; classtype:trojan-activity;sid:84113717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.191.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250616/; classtype:trojan-activity;sid:84113716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.73.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250615/; classtype:trojan-activity;sid:84113715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250614/; classtype:trojan-activity;sid:84113714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.1.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250613/; classtype:trojan-activity;sid:84113713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.119.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250612/; classtype:trojan-activity;sid:84113712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.181.52"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250611/; classtype:trojan-activity;sid:84113711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.10.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250610/; classtype:trojan-activity;sid:84113710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.185.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250609/; classtype:trojan-activity;sid:84113709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.29.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250608/; classtype:trojan-activity;sid:84113708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.160.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250607/; classtype:trojan-activity;sid:84113707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.137.157"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250606/; classtype:trojan-activity;sid:84113706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.208.104.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250605/; classtype:trojan-activity;sid:84113705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.95.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250604/; classtype:trojan-activity;sid:84113704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.93.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250603/; classtype:trojan-activity;sid:84113703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.193.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250602/; classtype:trojan-activity;sid:84113702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.177.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250600/; classtype:trojan-activity;sid:84113700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250601/; classtype:trojan-activity;sid:84113701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250599/; classtype:trojan-activity;sid:84113699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.59.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250598/; classtype:trojan-activity;sid:84113698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.85.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250597/; classtype:trojan-activity;sid:84113697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.73.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250596/; classtype:trojan-activity;sid:84113696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.202.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250595/; classtype:trojan-activity;sid:84113695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.10.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250594/; classtype:trojan-activity;sid:84113694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.225.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250593/; classtype:trojan-activity;sid:84113693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.1.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250592/; classtype:trojan-activity;sid:84113692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250591/; classtype:trojan-activity;sid:84113691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.242.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250590/; classtype:trojan-activity;sid:84113690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.200.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250589/; classtype:trojan-activity;sid:84113689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.11.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250588/; classtype:trojan-activity;sid:84113688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.36.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250587/; classtype:trojan-activity;sid:84113687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250586/; classtype:trojan-activity;sid:84113686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.123.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250585/; classtype:trojan-activity;sid:84113685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.144.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250584/; classtype:trojan-activity;sid:84113684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.140.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250583/; classtype:trojan-activity;sid:84113683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.239.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250582/; classtype:trojan-activity;sid:84113682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.70.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250581/; classtype:trojan-activity;sid:84113681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.226.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250580/; classtype:trojan-activity;sid:84113680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.147.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250579/; classtype:trojan-activity;sid:84113679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.144.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250578/; classtype:trojan-activity;sid:84113678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.146.153.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250577/; classtype:trojan-activity;sid:84113677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.42.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250576/; classtype:trojan-activity;sid:84113676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.208.104.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250575/; classtype:trojan-activity;sid:84113675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.59.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250574/; classtype:trojan-activity;sid:84113674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250573/; classtype:trojan-activity;sid:84113673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.178.75"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250572/; classtype:trojan-activity;sid:84113672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.144.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250571/; classtype:trojan-activity;sid:84113671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.244.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250570/; classtype:trojan-activity;sid:84113670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.2.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250569/; classtype:trojan-activity;sid:84113669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.84.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250568/; classtype:trojan-activity;sid:84113668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.210.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250567/; classtype:trojan-activity;sid:84113667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.22.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250565/; classtype:trojan-activity;sid:84113665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.225.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250566/; classtype:trojan-activity;sid:84113666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.112.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250564/; classtype:trojan-activity;sid:84113664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.91.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250563/; classtype:trojan-activity;sid:84113663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.3.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250562/; classtype:trojan-activity;sid:84113662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.129.143.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250561/; classtype:trojan-activity;sid:84113661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.152.49.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250560/; classtype:trojan-activity;sid:84113660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.3.161"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250559/; classtype:trojan-activity;sid:84113659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.247.61.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250558/; classtype:trojan-activity;sid:84113658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.118.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250557/; classtype:trojan-activity;sid:84113657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.160.30.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250556/; classtype:trojan-activity;sid:84113656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250555/; classtype:trojan-activity;sid:84113655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250554/; classtype:trojan-activity;sid:84113654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.123.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250553/; classtype:trojan-activity;sid:84113653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.11.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250552/; classtype:trojan-activity;sid:84113652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.145.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250549/; classtype:trojan-activity;sid:84113649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.238.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250550/; classtype:trojan-activity;sid:84113650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.130.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250551/; classtype:trojan-activity;sid:84113651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.1.249"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250548/; classtype:trojan-activity;sid:84113648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.255.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250547/; classtype:trojan-activity;sid:84113647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.70.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250546/; classtype:trojan-activity;sid:84113646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.147.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250545/; classtype:trojan-activity;sid:84113645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250544/; classtype:trojan-activity;sid:84113644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.47"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250543/; classtype:trojan-activity;sid:84113643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.153.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250542/; classtype:trojan-activity;sid:84113642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.1.140.89"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250541/; classtype:trojan-activity;sid:84113641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.202.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250540/; classtype:trojan-activity;sid:84113640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.46.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250539/; classtype:trojan-activity;sid:84113639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.244.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250538/; classtype:trojan-activity;sid:84113638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.109.188.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250537/; classtype:trojan-activity;sid:84113637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250536/; classtype:trojan-activity;sid:84113636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.220.145.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250535/; classtype:trojan-activity;sid:84113635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.78.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250534/; classtype:trojan-activity;sid:84113634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.215.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250533/; classtype:trojan-activity;sid:84113633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.123.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250532/; classtype:trojan-activity;sid:84113632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.124.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250531/; classtype:trojan-activity;sid:84113631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.238.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250530/; classtype:trojan-activity;sid:84113630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.245.2.25"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250528/; classtype:trojan-activity;sid:84113628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.255.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250529/; classtype:trojan-activity;sid:84113629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.130.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250527/; classtype:trojan-activity;sid:84113627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.91.175.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250526/; classtype:trojan-activity;sid:84113626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250525/; classtype:trojan-activity;sid:84113625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250524/; classtype:trojan-activity;sid:84113624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.83.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250523/; classtype:trojan-activity;sid:84113623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.128.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250522/; classtype:trojan-activity;sid:84113622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250521/; classtype:trojan-activity;sid:84113621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.243.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250520/; classtype:trojan-activity;sid:84113620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.26.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250519/; classtype:trojan-activity;sid:84113619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.35.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250518/; classtype:trojan-activity;sid:84113618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.234.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250517/; classtype:trojan-activity;sid:84113617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.1.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250516/; classtype:trojan-activity;sid:84113616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.232.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250515/; classtype:trojan-activity;sid:84113615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.118.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250514/; classtype:trojan-activity;sid:84113614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.249.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250513/; classtype:trojan-activity;sid:84113613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.183.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250511/; classtype:trojan-activity;sid:84113611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250512/; classtype:trojan-activity;sid:84113612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250510/; classtype:trojan-activity;sid:84113610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.247.189.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250509/; classtype:trojan-activity;sid:84113609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.147.154"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250508/; classtype:trojan-activity;sid:84113608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.151.255.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250507/; classtype:trojan-activity;sid:84113607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.57.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250506/; classtype:trojan-activity;sid:84113606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.156.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250505/; classtype:trojan-activity;sid:84113605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.91.175.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250504/; classtype:trojan-activity;sid:84113604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.153.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250503/; classtype:trojan-activity;sid:84113603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.83.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250502/; classtype:trojan-activity;sid:84113602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.83.53"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250501/; classtype:trojan-activity;sid:84113601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.248.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250500/; classtype:trojan-activity;sid:84113600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250499/; classtype:trojan-activity;sid:84113599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.156.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250498/; classtype:trojan-activity;sid:84113598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.26.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250497/; classtype:trojan-activity;sid:84113597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250496/; classtype:trojan-activity;sid:84113596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.245.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250495/; classtype:trojan-activity;sid:84113595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250494/; classtype:trojan-activity;sid:84113594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.118.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250493/; classtype:trojan-activity;sid:84113593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.78.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250492/; classtype:trojan-activity;sid:84113592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250491/; classtype:trojan-activity;sid:84113591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.153.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250490/; classtype:trojan-activity;sid:84113590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.211.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250489/; classtype:trojan-activity;sid:84113589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.21.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250487/; classtype:trojan-activity;sid:84113587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.186.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250488/; classtype:trojan-activity;sid:84113588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.57.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250486/; classtype:trojan-activity;sid:84113586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.29.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250485/; classtype:trojan-activity;sid:84113585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.31.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250484/; classtype:trojan-activity;sid:84113584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.155.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250483/; classtype:trojan-activity;sid:84113583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.63.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250482/; classtype:trojan-activity;sid:84113582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.181.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250479/; classtype:trojan-activity;sid:84113579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.143.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250480/; classtype:trojan-activity;sid:84113580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.50.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250481/; classtype:trojan-activity;sid:84113581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.248.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250478/; classtype:trojan-activity;sid:84113578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.35.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250477/; classtype:trojan-activity;sid:84113577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.31.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250476/; classtype:trojan-activity;sid:84113576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.203.229.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250475/; classtype:trojan-activity;sid:84113575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.195.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250474/; classtype:trojan-activity;sid:84113574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.183.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250473/; classtype:trojan-activity;sid:84113573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.146.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250472/; classtype:trojan-activity;sid:84113572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.137.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250471/; classtype:trojan-activity;sid:84113571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.245.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250470/; classtype:trojan-activity;sid:84113570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.155.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250469/; classtype:trojan-activity;sid:84113569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.168.236.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250468/; classtype:trojan-activity;sid:84113568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.236.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250467/; classtype:trojan-activity;sid:84113567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.85.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250466/; classtype:trojan-activity;sid:84113566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.99.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250465/; classtype:trojan-activity;sid:84113565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.29.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250464/; classtype:trojan-activity;sid:84113564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.137.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250463/; classtype:trojan-activity;sid:84113563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.52.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250462/; classtype:trojan-activity;sid:84113562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.143.135"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250461/; classtype:trojan-activity;sid:84113561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.181.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250460/; classtype:trojan-activity;sid:84113560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.102.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250459/; classtype:trojan-activity;sid:84113559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.203.229.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250458/; classtype:trojan-activity;sid:84113558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.172.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250457/; classtype:trojan-activity;sid:84113557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.50.85"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250456/; classtype:trojan-activity;sid:84113556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.182.204.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250455/; classtype:trojan-activity;sid:84113555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.195.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250454/; classtype:trojan-activity;sid:84113554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.137.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250453/; classtype:trojan-activity;sid:84113553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.160.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250452/; classtype:trojan-activity;sid:84113552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.168.236.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250451/; classtype:trojan-activity;sid:84113551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.4.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250449/; classtype:trojan-activity;sid:84113549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.114.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250450/; classtype:trojan-activity;sid:84113550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.105.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250448/; classtype:trojan-activity;sid:84113548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250447/; classtype:trojan-activity;sid:84113547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.172.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250446/; classtype:trojan-activity;sid:84113546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.85.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250445/; classtype:trojan-activity;sid:84113545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.156.79"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250444/; classtype:trojan-activity;sid:84113544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.160.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250443/; classtype:trojan-activity;sid:84113543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.189.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250442/; classtype:trojan-activity;sid:84113542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.215.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250441/; classtype:trojan-activity;sid:84113541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.219.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250440/; classtype:trojan-activity;sid:84113540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.102.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250439/; classtype:trojan-activity;sid:84113539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250438/; classtype:trojan-activity;sid:84113538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.134.9.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250437/; classtype:trojan-activity;sid:84113537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.10.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250436/; classtype:trojan-activity;sid:84113536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.147.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250435/; classtype:trojan-activity;sid:84113535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250434/; classtype:trojan-activity;sid:84113534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.242.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250433/; classtype:trojan-activity;sid:84113533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.42.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250432/; classtype:trojan-activity;sid:84113532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.60.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250431/; classtype:trojan-activity;sid:84113531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.186.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250430/; classtype:trojan-activity;sid:84113530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.35.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250429/; classtype:trojan-activity;sid:84113529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.188.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250428/; classtype:trojan-activity;sid:84113528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.160.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250427/; classtype:trojan-activity;sid:84113527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.107.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250426/; classtype:trojan-activity;sid:84113526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.77.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250423/; classtype:trojan-activity;sid:84113523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.70.127.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250424/; classtype:trojan-activity;sid:84113524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.232.139.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250425/; classtype:trojan-activity;sid:84113525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.41.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250422/; classtype:trojan-activity;sid:84113522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.137.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250421/; classtype:trojan-activity;sid:84113521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.242.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250420/; classtype:trojan-activity;sid:84113520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.160.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250419/; classtype:trojan-activity;sid:84113519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.69.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250418/; classtype:trojan-activity;sid:84113518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.196.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250417/; classtype:trojan-activity;sid:84113517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.124.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250416/; classtype:trojan-activity;sid:84113516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"104.193.59.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250415/; classtype:trojan-activity;sid:84113515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.190.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250414/; classtype:trojan-activity;sid:84113514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.72.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250413/; classtype:trojan-activity;sid:84113513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.22.21.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250412/; classtype:trojan-activity;sid:84113512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.60.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250411/; classtype:trojan-activity;sid:84113511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.203.165.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250410/; classtype:trojan-activity;sid:84113510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.90.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250408/; classtype:trojan-activity;sid:84113508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.154.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250409/; classtype:trojan-activity;sid:84113509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.63.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250407/; classtype:trojan-activity;sid:84113507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.225.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250406/; classtype:trojan-activity;sid:84113506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.107.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250405/; classtype:trojan-activity;sid:84113505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.188.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250404/; classtype:trojan-activity;sid:84113504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.175.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250403/; classtype:trojan-activity;sid:84113503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.174.111.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250402/; classtype:trojan-activity;sid:84113502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.94.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250401/; classtype:trojan-activity;sid:84113501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.244.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250400/; classtype:trojan-activity;sid:84113500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.242.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250399/; classtype:trojan-activity;sid:84113499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250398/; classtype:trojan-activity;sid:84113498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.175.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250397/; classtype:trojan-activity;sid:84113497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.212.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250395/; classtype:trojan-activity;sid:84113495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.149.11.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250396/; classtype:trojan-activity;sid:84113496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.72.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250394/; classtype:trojan-activity;sid:84113494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.165.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250393/; classtype:trojan-activity;sid:84113493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.10.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250392/; classtype:trojan-activity;sid:84113492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.196.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250391/; classtype:trojan-activity;sid:84113491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.89.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250390/; classtype:trojan-activity;sid:84113490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.98.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250389/; classtype:trojan-activity;sid:84113489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.170.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250388/; classtype:trojan-activity;sid:84113488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250387/; classtype:trojan-activity;sid:84113487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.237.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250386/; classtype:trojan-activity;sid:84113486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.11.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250385/; classtype:trojan-activity;sid:84113485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.201.134.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250384/; classtype:trojan-activity;sid:84113484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.90.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250383/; classtype:trojan-activity;sid:84113483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.63.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250382/; classtype:trojan-activity;sid:84113482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.166.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250381/; classtype:trojan-activity;sid:84113481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.115.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250380/; classtype:trojan-activity;sid:84113480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.108.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250379/; classtype:trojan-activity;sid:84113479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.241.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250378/; classtype:trojan-activity;sid:84113478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.149.11.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250377/; classtype:trojan-activity;sid:84113477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.53.235"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250376/; classtype:trojan-activity;sid:84113476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"141.195.51.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250375/; classtype:trojan-activity;sid:84113475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.80.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250374/; classtype:trojan-activity;sid:84113474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.212.151"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250373/; classtype:trojan-activity;sid:84113473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.182.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250372/; classtype:trojan-activity;sid:84113472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.221.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250371/; classtype:trojan-activity;sid:84113471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.89.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250370/; classtype:trojan-activity;sid:84113470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250369/; classtype:trojan-activity;sid:84113469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.152.24"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250368/; classtype:trojan-activity;sid:84113468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.80.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250367/; classtype:trojan-activity;sid:84113467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.18.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250366/; classtype:trojan-activity;sid:84113466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250365/; classtype:trojan-activity;sid:84113465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.166.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250364/; classtype:trojan-activity;sid:84113464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.221.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250362/; classtype:trojan-activity;sid:84113462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.201.40.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250363/; classtype:trojan-activity;sid:84113463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.250.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250361/; classtype:trojan-activity;sid:84113461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.235.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250360/; classtype:trojan-activity;sid:84113460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.76.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250359/; classtype:trojan-activity;sid:84113459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.33.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250358/; classtype:trojan-activity;sid:84113458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250357/; classtype:trojan-activity;sid:84113457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.73.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250356/; classtype:trojan-activity;sid:84113456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.92.92.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250355/; classtype:trojan-activity;sid:84113455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.105.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250354/; classtype:trojan-activity;sid:84113454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.154.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250353/; classtype:trojan-activity;sid:84113453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.158.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250352/; classtype:trojan-activity;sid:84113452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250351/; classtype:trojan-activity;sid:84113451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.69.225"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250350/; classtype:trojan-activity;sid:84113450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.76.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250349/; classtype:trojan-activity;sid:84113449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.93.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250348/; classtype:trojan-activity;sid:84113448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/580/wlanext.exe"; depth:16; endswith; nocase; http.host; content:"172.245.123.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250347/; classtype:trojan-activity;sid:84113447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250346/; classtype:trojan-activity;sid:84113446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"67.214.245.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250345/; classtype:trojan-activity;sid:84113445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.155.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250344/; classtype:trojan-activity;sid:84113444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.127.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250343/; classtype:trojan-activity;sid:84113443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.148.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250342/; classtype:trojan-activity;sid:84113442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.194.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250341/; classtype:trojan-activity;sid:84113441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.158.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250340/; classtype:trojan-activity;sid:84113440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.159.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250339/; classtype:trojan-activity;sid:84113439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.77.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250338/; classtype:trojan-activity;sid:84113438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.165.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250337/; classtype:trojan-activity;sid:84113437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.59.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250336/; classtype:trojan-activity;sid:84113436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.4.213"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250335/; classtype:trojan-activity;sid:84113435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.93.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250334/; classtype:trojan-activity;sid:84113434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.42.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250333/; classtype:trojan-activity;sid:84113433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.112.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250332/; classtype:trojan-activity;sid:84113432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.174.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250331/; classtype:trojan-activity;sid:84113431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.159.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250330/; classtype:trojan-activity;sid:84113430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.45.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250329/; classtype:trojan-activity;sid:84113429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.63.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250328/; classtype:trojan-activity;sid:84113428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.4.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250327/; classtype:trojan-activity;sid:84113427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.80.58.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250326/; classtype:trojan-activity;sid:84113426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.80.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250325/; classtype:trojan-activity;sid:84113425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.243.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250324/; classtype:trojan-activity;sid:84113424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.148.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250322/; classtype:trojan-activity;sid:84113422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.106.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250323/; classtype:trojan-activity;sid:84113423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.154.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250321/; classtype:trojan-activity;sid:84113421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.42.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250320/; classtype:trojan-activity;sid:84113420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.59.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250319/; classtype:trojan-activity;sid:84113419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.92.92.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250318/; classtype:trojan-activity;sid:84113418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.253.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250317/; classtype:trojan-activity;sid:84113417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.215.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250316/; classtype:trojan-activity;sid:84113416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k4q.exe"; depth:8; endswith; nocase; http.host; content:"botnet.app"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250315/; classtype:trojan-activity;sid:84113415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.253.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250314/; classtype:trojan-activity;sid:84113414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.150.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250313/; classtype:trojan-activity;sid:84113413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.225.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250312/; classtype:trojan-activity;sid:84113412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.10.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250311/; classtype:trojan-activity;sid:84113411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250310/; classtype:trojan-activity;sid:84113410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.72.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250309/; classtype:trojan-activity;sid:84113409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.180.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250308/; classtype:trojan-activity;sid:84113408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.188.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250306/; classtype:trojan-activity;sid:84113406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.106.241.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250307/; classtype:trojan-activity;sid:84113407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.1.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250305/; classtype:trojan-activity;sid:84113405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.165.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250304/; classtype:trojan-activity;sid:84113404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.45.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250303/; classtype:trojan-activity;sid:84113403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.81.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250302/; classtype:trojan-activity;sid:84113402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.47.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250301/; classtype:trojan-activity;sid:84113401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.225.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250300/; classtype:trojan-activity;sid:84113400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.133.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250298/; classtype:trojan-activity;sid:84113398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.195.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250299/; classtype:trojan-activity;sid:84113399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.98.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250293/; classtype:trojan-activity;sid:84113393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.126.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250294/; classtype:trojan-activity;sid:84113394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.194.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250295/; classtype:trojan-activity;sid:84113395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.193.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250296/; classtype:trojan-activity;sid:84113396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.184.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250297/; classtype:trojan-activity;sid:84113397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.130.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250292/; classtype:trojan-activity;sid:84113392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.35.12.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250290/; classtype:trojan-activity;sid:84113390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.176.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250291/; classtype:trojan-activity;sid:84113391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.192.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250289/; classtype:trojan-activity;sid:84113389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250288/; classtype:trojan-activity;sid:84113388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.91.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250286/; classtype:trojan-activity;sid:84113386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250287/; classtype:trojan-activity;sid:84113387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.226.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250285/; classtype:trojan-activity;sid:84113385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.58.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250284/; classtype:trojan-activity;sid:84113384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.122.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250282/; classtype:trojan-activity;sid:84113382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.113.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250283/; classtype:trojan-activity;sid:84113383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250281/; classtype:trojan-activity;sid:84113381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.214.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250279/; classtype:trojan-activity;sid:84113379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.106.156.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250280/; classtype:trojan-activity;sid:84113380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250278/; classtype:trojan-activity;sid:84113378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.141.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250277/; classtype:trojan-activity;sid:84113377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.208.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250276/; classtype:trojan-activity;sid:84113376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.67.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250275/; classtype:trojan-activity;sid:84113375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.224.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250274/; classtype:trojan-activity;sid:84113374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.69.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250273/; classtype:trojan-activity;sid:84113373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.47.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250271/; classtype:trojan-activity;sid:84113371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.92.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250272/; classtype:trojan-activity;sid:84113372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.219"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250270/; classtype:trojan-activity;sid:84113370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.6.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250269/; classtype:trojan-activity;sid:84113369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.67.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250268/; classtype:trojan-activity;sid:84113368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.234.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250267/; classtype:trojan-activity;sid:84113367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.169.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250266/; classtype:trojan-activity;sid:84113366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250265/; classtype:trojan-activity;sid:84113365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm7"; depth:15; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250264/; classtype:trojan-activity;sid:84113364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.88.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250263/; classtype:trojan-activity;sid:84113363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.144.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250261/; classtype:trojan-activity;sid:84113361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.105.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250262/; classtype:trojan-activity;sid:84113362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.25.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250260/; classtype:trojan-activity;sid:84113360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.208.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250259/; classtype:trojan-activity;sid:84113359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.61.110.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250258/; classtype:trojan-activity;sid:84113358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.150.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250257/; classtype:trojan-activity;sid:84113357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.224.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250256/; classtype:trojan-activity;sid:84113356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.174.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250255/; classtype:trojan-activity;sid:84113355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.92.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250254/; classtype:trojan-activity;sid:84113354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.68.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250253/; classtype:trojan-activity;sid:84113353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1fep7eye4r3vfbvbwgscliglfr0sopo95|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250250/; classtype:trojan-activity;sid:84113350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yr6unlnsaobhup82upu-heizdccyplx7"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250251/; classtype:trojan-activity;sid:84113351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=17xtfqjal_gnlwbht0iz-oubjhpx8hl9r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250252/; classtype:trojan-activity;sid:84113352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.107.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250249/; classtype:trojan-activity;sid:84113349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.180.161.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250248/; classtype:trojan-activity;sid:84113348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1mrsw2u_kzyvmmp5zjfbpt28xuu4dbb6m|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250247/; classtype:trojan-activity;sid:84113347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.6.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250245/; classtype:trojan-activity;sid:84113345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.176.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250246/; classtype:trojan-activity;sid:84113346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.234.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250244/; classtype:trojan-activity;sid:84113344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.56.174.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250243/; classtype:trojan-activity;sid:84113343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.68.28.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250242/; classtype:trojan-activity;sid:84113342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.60.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250241/; classtype:trojan-activity;sid:84113341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.25.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250240/; classtype:trojan-activity;sid:84113340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.150.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250239/; classtype:trojan-activity;sid:84113339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.154.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250238/; classtype:trojan-activity;sid:84113338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.8.23"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250237/; classtype:trojan-activity;sid:84113337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.61.110.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250236/; classtype:trojan-activity;sid:84113336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.nn"; depth:8; endswith; nocase; http.host; content:"193.143.1.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250235/; classtype:trojan-activity;sid:84113335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.165.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250234/; classtype:trojan-activity;sid:84113334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/setup.exe"; depth:16; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250233/; classtype:trojan-activity;sid:84113333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.243.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250232/; classtype:trojan-activity;sid:84113332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.68.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250231/; classtype:trojan-activity;sid:84113331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.86.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250230/; classtype:trojan-activity;sid:84113330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.238.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250229/; classtype:trojan-activity;sid:84113329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.183.48.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250228/; classtype:trojan-activity;sid:84113328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.117.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250227/; classtype:trojan-activity;sid:84113327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.140.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250226/; classtype:trojan-activity;sid:84113326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.176.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250225/; classtype:trojan-activity;sid:84113325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.140.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250224/; classtype:trojan-activity;sid:84113324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.228.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250223/; classtype:trojan-activity;sid:84113323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.253.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250222/; classtype:trojan-activity;sid:84113322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.107.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250221/; classtype:trojan-activity;sid:84113321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.204.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250220/; classtype:trojan-activity;sid:84113320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.61.231.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250219/; classtype:trojan-activity;sid:84113319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.185.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250217/; classtype:trojan-activity;sid:84113317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.211.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250218/; classtype:trojan-activity;sid:84113318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.231.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250216/; classtype:trojan-activity;sid:84113316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.183.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250215/; classtype:trojan-activity;sid:84113315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.153.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250214/; classtype:trojan-activity;sid:84113314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.48.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250212/; classtype:trojan-activity;sid:84113312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.55.2.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250213/; classtype:trojan-activity;sid:84113313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.231.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250211/; classtype:trojan-activity;sid:84113311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.70.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250210/; classtype:trojan-activity;sid:84113310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.8.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250209/; classtype:trojan-activity;sid:84113309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.96.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250206/; classtype:trojan-activity;sid:84113306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250207/; classtype:trojan-activity;sid:84113307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.185.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250208/; classtype:trojan-activity;sid:84113308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.113.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250205/; classtype:trojan-activity;sid:84113305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.217.42.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250204/; classtype:trojan-activity;sid:84113304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.183.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250203/; classtype:trojan-activity;sid:84113303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.139.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250202/; classtype:trojan-activity;sid:84113302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.12.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250201/; classtype:trojan-activity;sid:84113301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.90.3.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250200/; classtype:trojan-activity;sid:84113300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.211.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250199/; classtype:trojan-activity;sid:84113299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"87.14.136.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250198/; classtype:trojan-activity;sid:84113298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.139.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250197/; classtype:trojan-activity;sid:84113297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.111.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250196/; classtype:trojan-activity;sid:84113296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.8.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250195/; classtype:trojan-activity;sid:84113295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"49.86.251.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250194/; classtype:trojan-activity;sid:84113294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.21.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250193/; classtype:trojan-activity;sid:84113293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.135.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250192/; classtype:trojan-activity;sid:84113292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.12.154.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250191/; classtype:trojan-activity;sid:84113291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.90.3.228"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250190/; classtype:trojan-activity;sid:84113290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.45.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250189/; classtype:trojan-activity;sid:84113289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.85.148.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250188/; classtype:trojan-activity;sid:84113288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.81.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250187/; classtype:trojan-activity;sid:84113287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.45.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250186/; classtype:trojan-activity;sid:84113286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.123.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250185/; classtype:trojan-activity;sid:84113285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.166.20.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250184/; classtype:trojan-activity;sid:84113284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.104.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250183/; classtype:trojan-activity;sid:84113283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.135.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250182/; classtype:trojan-activity;sid:84113282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12mwqecdk8xb_x0qopbapea6uxwalxo8b"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250181/; classtype:trojan-activity;sid:84113281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1q2sn6d6sfcoeexg19wanlkwatt4x_kcy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250180/; classtype:trojan-activity;sid:84113280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.104.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250179/; classtype:trojan-activity;sid:84113279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.172.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250178/; classtype:trojan-activity;sid:84113278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250177/; classtype:trojan-activity;sid:84113277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.81.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250176/; classtype:trojan-activity;sid:84113276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.2.176.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250175/; classtype:trojan-activity;sid:84113275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.171.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250174/; classtype:trojan-activity;sid:84113274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.31.105.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250173/; classtype:trojan-activity;sid:84113273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.250.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250172/; classtype:trojan-activity;sid:84113272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.213.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250171/; classtype:trojan-activity;sid:84113271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.7.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250170/; classtype:trojan-activity;sid:84113270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250169/; classtype:trojan-activity;sid:84113269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.174.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250168/; classtype:trojan-activity;sid:84113268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.85.148.48"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250167/; classtype:trojan-activity;sid:84113267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_ydjpwcerjr4kigewkwnr7nohew8rt22"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250166/; classtype:trojan-activity;sid:84113266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=153xvo4jrnfv6gkdyz0hl4c4xiqktsxjb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250163/; classtype:trojan-activity;sid:84113263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ta1gppntimjr_vhkoz8wpm1vcppcz82q"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250164/; classtype:trojan-activity;sid:84113264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1tws702s0lv2upmhru5pbqpgv2iuvwami"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250165/; classtype:trojan-activity;sid:84113265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.68.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250162/; classtype:trojan-activity;sid:84113262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.11.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250161/; classtype:trojan-activity;sid:84113261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1eyv468h8oxmab6pshodxcnsgg9n2uwdd|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250160/; classtype:trojan-activity;sid:84113260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.11.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250159/; classtype:trojan-activity;sid:84113259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.196.118.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250157/; classtype:trojan-activity;sid:84113257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.24.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250158/; classtype:trojan-activity;sid:84113258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.213.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250156/; classtype:trojan-activity;sid:84113256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pyqsw82.bin"; depth:12; endswith; nocase; http.host; content:"crstvda.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250155/; classtype:trojan-activity;sid:84113255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.168.236.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250154/; classtype:trojan-activity;sid:84113254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.31.0"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250153/; classtype:trojan-activity;sid:84113253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.119.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250152/; classtype:trojan-activity;sid:84113252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.184.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250150/; classtype:trojan-activity;sid:84113250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.104.126.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250151/; classtype:trojan-activity;sid:84113251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.24.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250149/; classtype:trojan-activity;sid:84113249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.101.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250147/; classtype:trojan-activity;sid:84113247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.68.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250148/; classtype:trojan-activity;sid:84113248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.29.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250145/; classtype:trojan-activity;sid:84113245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.133.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250146/; classtype:trojan-activity;sid:84113246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae8005641/s1/-/raw/main/t3.zip"; depth:31; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250144/; classtype:trojan-activity;sid:84113244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae8005641/s1/-/raw/main/t1.zip"; depth:31; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250143/; classtype:trojan-activity;sid:84113243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae8005641/s1/-/raw/main/t2.zip"; depth:31; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250142/; classtype:trojan-activity;sid:84113242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occ-m/allud/zip/refs/heads/main"; depth:32; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250141/; classtype:trojan-activity;sid:84113241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae8005641/ea/-/archive/main/ea-main.zip"; depth:40; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250140/; classtype:trojan-activity;sid:84113240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.31.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250139/; classtype:trojan-activity;sid:84113239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.2.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250138/; classtype:trojan-activity;sid:84113238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.11.182"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250137/; classtype:trojan-activity;sid:84113237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.11.91.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250136/; classtype:trojan-activity;sid:84113236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.250.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250135/; classtype:trojan-activity;sid:84113235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.66.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250134/; classtype:trojan-activity;sid:84113234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.233.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250133/; classtype:trojan-activity;sid:84113233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.118.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250132/; classtype:trojan-activity;sid:84113232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.90.229"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250131/; classtype:trojan-activity;sid:84113231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.7.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250130/; classtype:trojan-activity;sid:84113230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.118.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250129/; classtype:trojan-activity;sid:84113229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.214.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250128/; classtype:trojan-activity;sid:84113228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.29.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250127/; classtype:trojan-activity;sid:84113227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250126/; classtype:trojan-activity;sid:84113226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.11.91.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250125/; classtype:trojan-activity;sid:84113225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.223.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250124/; classtype:trojan-activity;sid:84113224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.172.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250123/; classtype:trojan-activity;sid:84113223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.2.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250122/; classtype:trojan-activity;sid:84113222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.66.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250120/; classtype:trojan-activity;sid:84113220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.77.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250121/; classtype:trojan-activity;sid:84113221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.250.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250119/; classtype:trojan-activity;sid:84113219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.44.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250118/; classtype:trojan-activity;sid:84113218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.18.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250117/; classtype:trojan-activity;sid:84113217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.82.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250116/; classtype:trojan-activity;sid:84113216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.140.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250115/; classtype:trojan-activity;sid:84113215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.118.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250114/; classtype:trojan-activity;sid:84113214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.233.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250113/; classtype:trojan-activity;sid:84113213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.77.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250112/; classtype:trojan-activity;sid:84113212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.122.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250111/; classtype:trojan-activity;sid:84113211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.137.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250109/; classtype:trojan-activity;sid:84113209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.150.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250110/; classtype:trojan-activity;sid:84113210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.77.146.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250108/; classtype:trojan-activity;sid:84113208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.220.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250107/; classtype:trojan-activity;sid:84113207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.38.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250106/; classtype:trojan-activity;sid:84113206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.240.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250105/; classtype:trojan-activity;sid:84113205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.250.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250104/; classtype:trojan-activity;sid:84113204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.13.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250103/; classtype:trojan-activity;sid:84113203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.44.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250102/; classtype:trojan-activity;sid:84113202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.18.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250101/; classtype:trojan-activity;sid:84113201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.122.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250100/; classtype:trojan-activity;sid:84113200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.154.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250099/; classtype:trojan-activity;sid:84113199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250097/; classtype:trojan-activity;sid:84113197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250098/; classtype:trojan-activity;sid:84113198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.98.69.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250096/; classtype:trojan-activity;sid:84113196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.206.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250095/; classtype:trojan-activity;sid:84113195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.150.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250094/; classtype:trojan-activity;sid:84113194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.46.89"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250093/; classtype:trojan-activity;sid:84113193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.86.161.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250091/; classtype:trojan-activity;sid:84113191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.25.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250092/; classtype:trojan-activity;sid:84113192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.172.97.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250090/; classtype:trojan-activity;sid:84113190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.29.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250089/; classtype:trojan-activity;sid:84113189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.152.104"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250088/; classtype:trojan-activity;sid:84113188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.230.66.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250087/; classtype:trojan-activity;sid:84113187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"187.144.157.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250086/; classtype:trojan-activity;sid:84113186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.230.66.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250085/; classtype:trojan-activity;sid:84113185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250083/; classtype:trojan-activity;sid:84113183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"154.216.20.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250084/; classtype:trojan-activity;sid:84113184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.166"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250082/; classtype:trojan-activity;sid:84113182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.154.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250081/; classtype:trojan-activity;sid:84113181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.122.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250080/; classtype:trojan-activity;sid:84113180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.239.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250079/; classtype:trojan-activity;sid:84113179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.98.69.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250078/; classtype:trojan-activity;sid:84113178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.89.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250077/; classtype:trojan-activity;sid:84113177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250076/; classtype:trojan-activity;sid:84113176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.31.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250075/; classtype:trojan-activity;sid:84113175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.103.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250073/; classtype:trojan-activity;sid:84113173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250074/; classtype:trojan-activity;sid:84113174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"112.86.12.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250072/; classtype:trojan-activity;sid:84113172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250071/; classtype:trojan-activity;sid:84113171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm6"; depth:15; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250070/; classtype:trojan-activity;sid:84113170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.178.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250069/; classtype:trojan-activity;sid:84113169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.ppc"; depth:14; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250066/; classtype:trojan-activity;sid:84113166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.sh4"; depth:14; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250067/; classtype:trojan-activity;sid:84113167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.m68k"; depth:15; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250068/; classtype:trojan-activity;sid:84113168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.spc"; depth:14; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250065/; classtype:trojan-activity;sid:84113165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.254.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250064/; classtype:trojan-activity;sid:84113164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.18.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250063/; classtype:trojan-activity;sid:84113163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250062/; classtype:trojan-activity;sid:84113162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.160.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250061/; classtype:trojan-activity;sid:84113161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.206.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250060/; classtype:trojan-activity;sid:84113160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.121.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250059/; classtype:trojan-activity;sid:84113159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.89.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250056/; classtype:trojan-activity;sid:84113156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.102.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250057/; classtype:trojan-activity;sid:84113157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.183.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250058/; classtype:trojan-activity;sid:84113158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.24.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250055/; classtype:trojan-activity;sid:84113155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.19.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250052/; classtype:trojan-activity;sid:84113152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250053/; classtype:trojan-activity;sid:84113153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.187.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250054/; classtype:trojan-activity;sid:84113154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.192.23"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250051/; classtype:trojan-activity;sid:84113151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_93.exe"; depth:14; endswith; nocase; http.host; content:"sirault.be"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250050/; classtype:trojan-activity;sid:84113150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250049/; classtype:trojan-activity;sid:84113149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.31.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250048/; classtype:trojan-activity;sid:84113148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.75.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250047/; classtype:trojan-activity;sid:84113147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.40.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250046/; classtype:trojan-activity;sid:84113146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.198.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250045/; classtype:trojan-activity;sid:84113145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250044/; classtype:trojan-activity;sid:84113144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.109.146.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250043/; classtype:trojan-activity;sid:84113143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.82.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250042/; classtype:trojan-activity;sid:84113142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.237.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250041/; classtype:trojan-activity;sid:84113141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.23.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250040/; classtype:trojan-activity;sid:84113140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.254.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250039/; classtype:trojan-activity;sid:84113139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.82.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250038/; classtype:trojan-activity;sid:84113138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.202.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250037/; classtype:trojan-activity;sid:84113137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.208.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250036/; classtype:trojan-activity;sid:84113136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.129.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250035/; classtype:trojan-activity;sid:84113135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.118.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250034/; classtype:trojan-activity;sid:84113134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.119.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250033/; classtype:trojan-activity;sid:84113133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.128.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250032/; classtype:trojan-activity;sid:84113132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.95.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250031/; classtype:trojan-activity;sid:84113131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"154.216.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250030/; classtype:trojan-activity;sid:84113130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"154.216.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250029/; classtype:trojan-activity;sid:84113129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"154.216.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250025/; classtype:trojan-activity;sid:84113125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"154.216.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250026/; classtype:trojan-activity;sid:84113126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"154.216.20.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250027/; classtype:trojan-activity;sid:84113127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.175.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250028/; classtype:trojan-activity;sid:84113128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.1.215"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250024/; classtype:trojan-activity;sid:84113124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.237.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250022/; classtype:trojan-activity;sid:84113122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250023/; classtype:trojan-activity;sid:84113123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250021/; classtype:trojan-activity;sid:84113121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250019/; classtype:trojan-activity;sid:84113119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250020/; classtype:trojan-activity;sid:84113120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.47.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250018/; classtype:trojan-activity;sid:84113118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.239.77.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250016/; classtype:trojan-activity;sid:84113116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250017/; classtype:trojan-activity;sid:84113117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.203.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250015/; classtype:trojan-activity;sid:84113115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"154.216.19.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250014/; classtype:trojan-activity;sid:84113114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.104.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250013/; classtype:trojan-activity;sid:84113113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.nn"; depth:8; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250012/; classtype:trojan-activity;sid:84113112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel.nn"; depth:10; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250010/; classtype:trojan-activity;sid:84113110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250011/; classtype:trojan-activity;sid:84113111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm.nn"; depth:7; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250008/; classtype:trojan-activity;sid:84113108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.nn"; depth:10; endswith; nocase; http.host; content:"154.216.19.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250009/; classtype:trojan-activity;sid:84113109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"154.216.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250006/; classtype:trojan-activity;sid:84113106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"154.216.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250007/; classtype:trojan-activity;sid:84113107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250003/; classtype:trojan-activity;sid:84113103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"154.216.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250004/; classtype:trojan-activity;sid:84113104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"154.216.19.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250005/; classtype:trojan-activity;sid:84113105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"154.216.19.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249997/; classtype:trojan-activity;sid:84113097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"154.216.19.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249998/; classtype:trojan-activity;sid:84113098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"154.216.19.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249999/; classtype:trojan-activity;sid:84113099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"154.216.19.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250000/; classtype:trojan-activity;sid:84113100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"154.216.19.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250001/; classtype:trojan-activity;sid:84113101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"154.216.19.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250002/; classtype:trojan-activity;sid:84113102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mpsl"; depth:15; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249992/; classtype:trojan-activity;sid:84113092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.mips"; depth:15; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249993/; classtype:trojan-activity;sid:84113093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm"; depth:14; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249994/; classtype:trojan-activity;sid:84113094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.x86"; depth:14; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249995/; classtype:trojan-activity;sid:84113095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/byte.arm5"; depth:15; endswith; nocase; http.host; content:"154.216.18.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249996/; classtype:trojan-activity;sid:84113096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.75.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249991/; classtype:trojan-activity;sid:84113091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.242.87.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249990/; classtype:trojan-activity;sid:84113090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249989/; classtype:trojan-activity;sid:84113089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.23.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249988/; classtype:trojan-activity;sid:84113088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.113.128.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249987/; classtype:trojan-activity;sid:84113087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.232.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249986/; classtype:trojan-activity;sid:84113086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.208.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249985/; classtype:trojan-activity;sid:84113085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.120.26.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249984/; classtype:trojan-activity;sid:84113084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/550/wlanext.exe"; depth:16; endswith; nocase; http.host; content:"192.3.101.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249983/; classtype:trojan-activity;sid:84113083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.82.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249982/; classtype:trojan-activity;sid:84113082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca3e53dd7686524d/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.201.252.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249981/; classtype:trojan-activity;sid:84113081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca3e53dd7686524d/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.201.252.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249978/; classtype:trojan-activity;sid:84113078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca3e53dd7686524d/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.201.252.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249979/; classtype:trojan-activity;sid:84113079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca3e53dd7686524d/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.201.252.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249980/; classtype:trojan-activity;sid:84113080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca3e53dd7686524d/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.201.252.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249975/; classtype:trojan-activity;sid:84113075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca3e53dd7686524d/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.201.252.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249976/; classtype:trojan-activity;sid:84113076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca3e53dd7686524d/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.201.252.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249977/; classtype:trojan-activity;sid:84113077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.203.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249974/; classtype:trojan-activity;sid:84113074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.160.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249973/; classtype:trojan-activity;sid:84113073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.175.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249972/; classtype:trojan-activity;sid:84113072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.128.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249971/; classtype:trojan-activity;sid:84113071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.104.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249970/; classtype:trojan-activity;sid:84113070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.111.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249969/; classtype:trojan-activity;sid:84113069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249968/; classtype:trojan-activity;sid:84113068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.74.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249967/; classtype:trojan-activity;sid:84113067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrigminer"; depth:11; endswith; nocase; http.host; content:"45.202.35.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249966/; classtype:trojan-activity;sid:84113066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249964/; classtype:trojan-activity;sid:84113064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrigdaemon"; depth:12; endswith; nocase; http.host; content:"45.202.35.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249965/; classtype:trojan-activity;sid:84113065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.248.9.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249963/; classtype:trojan-activity;sid:84113063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249961/; classtype:trojan-activity;sid:84113061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249962/; classtype:trojan-activity;sid:84113062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249960/; classtype:trojan-activity;sid:84113060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.28.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249959/; classtype:trojan-activity;sid:84113059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.123.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249958/; classtype:trojan-activity;sid:84113058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.185.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249957/; classtype:trojan-activity;sid:84113057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.94.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249956/; classtype:trojan-activity;sid:84113056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.187.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249955/; classtype:trojan-activity;sid:84113055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.120.26.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249954/; classtype:trojan-activity;sid:84113054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249952/; classtype:trojan-activity;sid:84113052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249953/; classtype:trojan-activity;sid:84113053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249951/; classtype:trojan-activity;sid:84113051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249950/; classtype:trojan-activity;sid:84113050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249949/; classtype:trojan-activity;sid:84113049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249947/; classtype:trojan-activity;sid:84113047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249948/; classtype:trojan-activity;sid:84113048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.202.35.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249946/; classtype:trojan-activity;sid:84113046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drghr3hgt3564y45/setup3.exe"; depth:28; endswith; nocase; http.host; content:"innovura.in"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249945/; classtype:trojan-activity;sid:84113045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.9.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249944/; classtype:trojan-activity;sid:84113044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.248.9.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249943/; classtype:trojan-activity;sid:84113043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.92.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249942/; classtype:trojan-activity;sid:84113042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249941/; classtype:trojan-activity;sid:84113041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.8.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249940/; classtype:trojan-activity;sid:84113040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.76.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249939/; classtype:trojan-activity;sid:84113039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.74.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249938/; classtype:trojan-activity;sid:84113038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.232.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249937/; classtype:trojan-activity;sid:84113037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.147.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249936/; classtype:trojan-activity;sid:84113036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.128.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249935/; classtype:trojan-activity;sid:84113035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.21.172"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249934/; classtype:trojan-activity;sid:84113034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.248.216.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249933/; classtype:trojan-activity;sid:84113033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.225.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249932/; classtype:trojan-activity;sid:84113032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249931/; classtype:trojan-activity;sid:84113031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249930/; classtype:trojan-activity;sid:84113030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.149.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249929/; classtype:trojan-activity;sid:84113029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.250.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249928/; classtype:trojan-activity;sid:84113028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.208.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249927/; classtype:trojan-activity;sid:84113027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.42.0"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249926/; classtype:trojan-activity;sid:84113026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249925/; classtype:trojan-activity;sid:84113025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.236.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249923/; classtype:trojan-activity;sid:84113023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.250.216"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249924/; classtype:trojan-activity;sid:84113024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.8.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249922/; classtype:trojan-activity;sid:84113022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.46.123.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249921/; classtype:trojan-activity;sid:84113021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.127.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249920/; classtype:trojan-activity;sid:84113020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.179.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249919/; classtype:trojan-activity;sid:84113019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.129.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249918/; classtype:trojan-activity;sid:84113018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.147.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249917/; classtype:trojan-activity;sid:84113017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249916/; classtype:trojan-activity;sid:84113016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.128.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249915/; classtype:trojan-activity;sid:84113015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.46.123.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249914/; classtype:trojan-activity;sid:84113014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.90.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249913/; classtype:trojan-activity;sid:84113013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.37.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249912/; classtype:trojan-activity;sid:84113012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.3.121"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249911/; classtype:trojan-activity;sid:84113011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.129.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249910/; classtype:trojan-activity;sid:84113010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249909/; classtype:trojan-activity;sid:84113009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.11.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249908/; classtype:trojan-activity;sid:84113008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.195.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249907/; classtype:trojan-activity;sid:84113007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.248.216.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249906/; classtype:trojan-activity;sid:84113006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.112.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249905/; classtype:trojan-activity;sid:84113005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.219.246"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249903/; classtype:trojan-activity;sid:84113003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.195.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249904/; classtype:trojan-activity;sid:84113004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.0.244"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249902/; classtype:trojan-activity;sid:84113002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.236.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249901/; classtype:trojan-activity;sid:84113001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.73.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249900/; classtype:trojan-activity;sid:84113000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.103.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249898/; classtype:trojan-activity;sid:84112998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.220.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249899/; classtype:trojan-activity;sid:84112999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249897/; classtype:trojan-activity;sid:84112997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/ktbstw9f03g3qbw.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249896/; classtype:trojan-activity;sid:84112996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.37.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249895/; classtype:trojan-activity;sid:84112995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249894/; classtype:trojan-activity;sid:84112994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.25.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249893/; classtype:trojan-activity;sid:84112993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249892/; classtype:trojan-activity;sid:84112992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.211.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249891/; classtype:trojan-activity;sid:84112991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.90.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249890/; classtype:trojan-activity;sid:84112990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.105.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249888/; classtype:trojan-activity;sid:84112988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.25.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249889/; classtype:trojan-activity;sid:84112989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.163.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249886/; classtype:trojan-activity;sid:84112986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.129.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249887/; classtype:trojan-activity;sid:84112987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.119.116.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249885/; classtype:trojan-activity;sid:84112985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.205.253.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249884/; classtype:trojan-activity;sid:84112984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.167.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249883/; classtype:trojan-activity;sid:84112983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.0.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249882/; classtype:trojan-activity;sid:84112982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.138.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249881/; classtype:trojan-activity;sid:84112981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a810d57f6b3e0b9/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"92.119.114.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249880/; classtype:trojan-activity;sid:84112980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a810d57f6b3e0b9/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"92.119.114.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249875/; classtype:trojan-activity;sid:84112975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a810d57f6b3e0b9/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"92.119.114.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249876/; classtype:trojan-activity;sid:84112976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a810d57f6b3e0b9/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"92.119.114.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249877/; classtype:trojan-activity;sid:84112977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a810d57f6b3e0b9/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"92.119.114.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249878/; classtype:trojan-activity;sid:84112978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a810d57f6b3e0b9/nss3.dll"; depth:26; endswith; nocase; http.host; content:"92.119.114.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249879/; classtype:trojan-activity;sid:84112979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.149.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249874/; classtype:trojan-activity;sid:84112974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.136.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249873/; classtype:trojan-activity;sid:84112973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249871/; classtype:trojan-activity;sid:84112971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.114.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249872/; classtype:trojan-activity;sid:84112972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249870/; classtype:trojan-activity;sid:84112970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.236.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249868/; classtype:trojan-activity;sid:84112968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.220.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249869/; classtype:trojan-activity;sid:84112969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249867/; classtype:trojan-activity;sid:84112967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.117.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249866/; classtype:trojan-activity;sid:84112966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.73.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249865/; classtype:trojan-activity;sid:84112965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.201.40.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249864/; classtype:trojan-activity;sid:84112964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jvfsptgrylkaxfwwd87.bin"; depth:24; endswith; nocase; http.host; content:"www.groupriam.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249861/; classtype:trojan-activity;sid:84112961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilowhyme177.bin"; depth:16; endswith; nocase; http.host; content:"www.groupriam.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249862/; classtype:trojan-activity;sid:84112962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curbers251.xtp"; depth:15; endswith; nocase; http.host; content:"www.groupriam.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249863/; classtype:trojan-activity;sid:84112963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeistijjvnwbxj136.bin"; depth:22; endswith; nocase; http.host; content:"www.groupriam.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249860/; classtype:trojan-activity;sid:84112960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.202.77.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249859/; classtype:trojan-activity;sid:84112959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1210/theh4uq3nf0rszgpsynf.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249858/; classtype:trojan-activity;sid:84112958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.2.80"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249857/; classtype:trojan-activity;sid:84112957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wt2jjdjs-n2z4z3hx1ibm_kxspuolrhy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249856/; classtype:trojan-activity;sid:84112956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gdgkib9hku0xbmkhca4b1abhyos8iuzf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249855/; classtype:trojan-activity;sid:84112955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zkwqtjp58.bin"; depth:14; endswith; nocase; http.host; content:"www.groupriam.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249853/; classtype:trojan-activity;sid:84112953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koalitioner.prx"; depth:16; endswith; nocase; http.host; content:"www.groupriam.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249854/; classtype:trojan-activity;sid:84112954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.138.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249852/; classtype:trojan-activity;sid:84112952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gcrppso9fj63ajzhjojfbjwhytqwagwv"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249850/; classtype:trojan-activity;sid:84112950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kpk0frhgv0jv9_07ndshupj-nrqoip7a"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249851/; classtype:trojan-activity;sid:84112951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.98.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249849/; classtype:trojan-activity;sid:84112949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.122.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249848/; classtype:trojan-activity;sid:84112948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.167.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249847/; classtype:trojan-activity;sid:84112947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.34.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249846/; classtype:trojan-activity;sid:84112946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.52.48"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249845/; classtype:trojan-activity;sid:84112945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.46.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249844/; classtype:trojan-activity;sid:84112944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.190.91"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249843/; classtype:trojan-activity;sid:84112943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.117.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249840/; classtype:trojan-activity;sid:84112940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.174.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249841/; classtype:trojan-activity;sid:84112941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.255.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249842/; classtype:trojan-activity;sid:84112942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.168.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249838/; classtype:trojan-activity;sid:84112938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.178.224.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249839/; classtype:trojan-activity;sid:84112939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.160.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249835/; classtype:trojan-activity;sid:84112935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.192.237.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249836/; classtype:trojan-activity;sid:84112936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.58.175.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249837/; classtype:trojan-activity;sid:84112937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.86.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249833/; classtype:trojan-activity;sid:84112933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.116.239.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249834/; classtype:trojan-activity;sid:84112934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/455/kukkufuckyesbharathammayiwithgreatkinna.tif"; depth:48; endswith; nocase; http.host; content:"192.3.179.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249832/; classtype:trojan-activity;sid:84112932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.81.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249831/; classtype:trojan-activity;sid:84112931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.242.69.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249830/; classtype:trojan-activity;sid:84112930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.205.253.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249829/; classtype:trojan-activity;sid:84112929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.24.162.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249828/; classtype:trojan-activity;sid:84112928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.89.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249827/; classtype:trojan-activity;sid:84112927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249826/; classtype:trojan-activity;sid:84112926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.196.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249825/; classtype:trojan-activity;sid:84112925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/680/newbetterthingscometobeonlinewithnewthings.tif"; depth:51; endswith; nocase; http.host; content:"192.210.215.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249824/; classtype:trojan-activity;sid:84112924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1aivgjjjv1f6vs4suoybnh-sdvuhbywur"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249823/; classtype:trojan-activity;sid:84112923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.163.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249822/; classtype:trojan-activity;sid:84112922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/xx/233_raajjbqsmyz"; depth:23; endswith; nocase; http.host; content:"103.161.133.169"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249821/; classtype:trojan-activity;sid:84112921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89/wlanext.exe"; depth:15; endswith; nocase; http.host; content:"107.175.229.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249820/; classtype:trojan-activity;sid:84112920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.13.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249819/; classtype:trojan-activity;sid:84112919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/600/seethebestthingsentiretimewithgreatthignstoebe.tif"; depth:55; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249818/; classtype:trojan-activity;sid:84112918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.4.15"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249817/; classtype:trojan-activity;sid:84112917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.136.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249816/; classtype:trojan-activity;sid:84112916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.0.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249815/; classtype:trojan-activity;sid:84112915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.149.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249814/; classtype:trojan-activity;sid:84112914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.70.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249813/; classtype:trojan-activity;sid:84112913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.55.140"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249812/; classtype:trojan-activity;sid:84112912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249811/; classtype:trojan-activity;sid:84112911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.183.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249810/; classtype:trojan-activity;sid:84112910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.234"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249809/; classtype:trojan-activity;sid:84112909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249808/; classtype:trojan-activity;sid:84112908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"96.245.232.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249807/; classtype:trojan-activity;sid:84112907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.15.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249806/; classtype:trojan-activity;sid:84112906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.24.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249805/; classtype:trojan-activity;sid:84112905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.40.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249804/; classtype:trojan-activity;sid:84112904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.44.150.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249803/; classtype:trojan-activity;sid:84112903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249802/; classtype:trojan-activity;sid:84112902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.196.182"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249800/; classtype:trojan-activity;sid:84112900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.105.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249801/; classtype:trojan-activity;sid:84112901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.10.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249799/; classtype:trojan-activity;sid:84112899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249798/; classtype:trojan-activity;sid:84112898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.212.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249797/; classtype:trojan-activity;sid:84112897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.42.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249796/; classtype:trojan-activity;sid:84112896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.13.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249795/; classtype:trojan-activity;sid:84112895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.232.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249794/; classtype:trojan-activity;sid:84112894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.154.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249793/; classtype:trojan-activity;sid:84112893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249792/; classtype:trojan-activity;sid:84112892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.51.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249791/; classtype:trojan-activity;sid:84112891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.211.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249790/; classtype:trojan-activity;sid:84112890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.201.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249789/; classtype:trojan-activity;sid:84112889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.33.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249788/; classtype:trojan-activity;sid:84112888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.24.162.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249787/; classtype:trojan-activity;sid:84112887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.95.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249785/; classtype:trojan-activity;sid:84112885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.15.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249786/; classtype:trojan-activity;sid:84112886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.160.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249784/; classtype:trojan-activity;sid:84112884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.174.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249783/; classtype:trojan-activity;sid:84112883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.70.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249782/; classtype:trojan-activity;sid:84112882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.127.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249781/; classtype:trojan-activity;sid:84112881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.156.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249780/; classtype:trojan-activity;sid:84112880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.227.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249779/; classtype:trojan-activity;sid:84112879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.202.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249778/; classtype:trojan-activity;sid:84112878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.142.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249777/; classtype:trojan-activity;sid:84112877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.10.49.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249776/; classtype:trojan-activity;sid:84112876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.121.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249775/; classtype:trojan-activity;sid:84112875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/midco_agreement.exe"; depth:26; endswith; nocase; http.host; content:"31.41.244.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249774/; classtype:trojan-activity;sid:84112874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.232.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249773/; classtype:trojan-activity;sid:84112873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.51.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249772/; classtype:trojan-activity;sid:84112872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249771/; classtype:trojan-activity;sid:84112871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249770/; classtype:trojan-activity;sid:84112870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.1.232.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249769/; classtype:trojan-activity;sid:84112869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.173.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249768/; classtype:trojan-activity;sid:84112868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.201.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249766/; classtype:trojan-activity;sid:84112866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.31.105.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249767/; classtype:trojan-activity;sid:84112867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.118.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249765/; classtype:trojan-activity;sid:84112865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.156.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249763/; classtype:trojan-activity;sid:84112863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.159.244.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249764/; classtype:trojan-activity;sid:84112864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.50.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249762/; classtype:trojan-activity;sid:84112862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flippingbeans/zyxboostraper/refs/heads/main/zyx%e2%80%8e.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249761/; classtype:trojan-activity;sid:84112861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.166.12.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249760/; classtype:trojan-activity;sid:84112860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.35.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249759/; classtype:trojan-activity;sid:84112859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249758/; classtype:trojan-activity;sid:84112858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys.exe"; depth:8; endswith; nocase; http.host; content:"45.95.214.119"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249757/; classtype:trojan-activity;sid:84112857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flippingbeans/zyxboostraper/raw/refs/heads/main/zyx%e2%80%8e.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249756/; classtype:trojan-activity;sid:84112856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/langla.exe"; depth:11; endswith; nocase; http.host; content:"103.77.173.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249755/; classtype:trojan-activity;sid:84112855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.208.180"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249754/; classtype:trojan-activity;sid:84112854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249753/; classtype:trojan-activity;sid:84112853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.81.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249752/; classtype:trojan-activity;sid:84112852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.exe"; depth:6; endswith; nocase; http.host; content:"bafybeihxqop3q2g3f6dd6ermzqn3xg7jbtz762papo5eye2nermqothtie.ipfs.nftstorage.link"; depth:80; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249750/; classtype:trojan-activity;sid:84112850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.182.117.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249751/; classtype:trojan-activity;sid:84112851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.164.118.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249749/; classtype:trojan-activity;sid:84112849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.172.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249748/; classtype:trojan-activity;sid:84112848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.227.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249747/; classtype:trojan-activity;sid:84112847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.59.84.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249746/; classtype:trojan-activity;sid:84112846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.205.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249745/; classtype:trojan-activity;sid:84112845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.74.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249744/; classtype:trojan-activity;sid:84112844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.207.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249743/; classtype:trojan-activity;sid:84112843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.154.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249742/; classtype:trojan-activity;sid:84112842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sysutility.exe"; depth:15; endswith; nocase; http.host; content:"154.216.19.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249741/; classtype:trojan-activity;sid:84112841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.113"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249740/; classtype:trojan-activity;sid:84112840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_up/shop_pds/nicehana/client.exe"; depth:36; endswith; nocase; http.host; content:"www.xn--on3b15m2lco2u.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ozujig.rar"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249738/; classtype:trojan-activity;sid:84112838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/pump.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249737/; classtype:trojan-activity;sid:84112837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.159.244.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249736/; classtype:trojan-activity;sid:84112836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"119.193.158.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.31.105.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249734/; classtype:trojan-activity;sid:84112834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.144.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249733/; classtype:trojan-activity;sid:84112833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-data/hexabot%20-gambl%c4%b0ngv2.0.exe"; depth:41; endswith; nocase; http.host; content:"bangla-love-sms.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249732/; classtype:trojan-activity;sid:84112832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.88"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249731/; classtype:trojan-activity;sid:84112831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.166.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249730/; classtype:trojan-activity;sid:84112830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.81.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249729/; classtype:trojan-activity;sid:84112829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.154.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249728/; classtype:trojan-activity;sid:84112828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.12.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249727/; classtype:trojan-activity;sid:84112827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/pictureanalystspro.zip"; depth:29; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249724/; classtype:trojan-activity;sid:84112824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod03/productionreplacepro.zip"; depth:31; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249725/; classtype:trojan-activity;sid:84112825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod01/butlatestpro.zip"; depth:23; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249723/; classtype:trojan-activity;sid:84112823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod05/radiocreatepro.zip"; depth:25; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249722/; classtype:trojan-activity;sid:84112822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod04/militaryrespondpro.zip"; depth:29; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249721/; classtype:trojan-activity;sid:84112821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod03/losscommunicationpro.zip"; depth:31; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249720/; classtype:trojan-activity;sid:84112820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod03/sameconcentrate.exe"; depth:26; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249718/; classtype:trojan-activity;sid:84112818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod01/rqmubzf.mp4"; depth:18; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249719/; classtype:trojan-activity;sid:84112819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/focustaskpro.exe"; depth:23; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249716/; classtype:trojan-activity;sid:84112816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/pxgpblia.pdf"; depth:19; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249717/; classtype:trojan-activity;sid:84112817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/sameconcentrate.exe"; depth:26; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249711/; classtype:trojan-activity;sid:84112811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/skgxmws.pdf"; depth:18; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249712/; classtype:trojan-activity;sid:84112812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/ldjjevsqbjq.vdf"; depth:22; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249713/; classtype:trojan-activity;sid:84112813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod05/slwjwxzaat.vdf"; depth:21; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249714/; classtype:trojan-activity;sid:84112814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/rmsghzvgo.pdf"; depth:20; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249715/; classtype:trojan-activity;sid:84112815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/sameconcentratepro.zip"; depth:29; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249710/; classtype:trojan-activity;sid:84112810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod05/zeofi.wav"; depth:16; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249708/; classtype:trojan-activity;sid:84112808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod02/seniorcommunicatepro.exe"; depth:31; endswith; nocase; http.host; content:"31.15.17.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249709/; classtype:trojan-activity;sid:84112809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.107.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249707/; classtype:trojan-activity;sid:84112807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.122.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249706/; classtype:trojan-activity;sid:84112806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.44.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249705/; classtype:trojan-activity;sid:84112805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.228.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249704/; classtype:trojan-activity;sid:84112804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.84.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249703/; classtype:trojan-activity;sid:84112803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.44.128"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249702/; classtype:trojan-activity;sid:84112802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.190.142.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249701/; classtype:trojan-activity;sid:84112801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.184.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249700/; classtype:trojan-activity;sid:84112800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igoralaf/creds/raw/main/marsel.exe"; depth:35; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249698/; classtype:trojan-activity;sid:84112798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-secure/build.exe"; depth:20; endswith; nocase; http.host; content:"lawyer.webstylze.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249699/; classtype:trojan-activity;sid:84112799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.117.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249697/; classtype:trojan-activity;sid:84112797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.134.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249696/; classtype:trojan-activity;sid:84112796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.171.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249695/; classtype:trojan-activity;sid:84112795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deamon01/centralproductpro.zip"; depth:31; endswith; nocase; http.host; content:"91.229.239.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249694/; classtype:trojan-activity;sid:84112794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deamon01/muudwq.dat"; depth:20; endswith; nocase; http.host; content:"91.229.239.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249693/; classtype:trojan-activity;sid:84112793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deamon01/svjmgnl.mp3"; depth:21; endswith; nocase; http.host; content:"91.229.239.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249692/; classtype:trojan-activity;sid:84112792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deamon01/cnwxvwskab.mp3"; depth:24; endswith; nocase; http.host; content:"91.229.239.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249691/; classtype:trojan-activity;sid:84112791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249690/; classtype:trojan-activity;sid:84112790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.218.35.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249689/; classtype:trojan-activity;sid:84112789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.235.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249688/; classtype:trojan-activity;sid:84112788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.181.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249687/; classtype:trojan-activity;sid:84112787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.2.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249686/; classtype:trojan-activity;sid:84112786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.122.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249685/; classtype:trojan-activity;sid:84112785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.15.122"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249684/; classtype:trojan-activity;sid:84112784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.178.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249683/; classtype:trojan-activity;sid:84112783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.132.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249682/; classtype:trojan-activity;sid:84112782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"haha-git-main-grimmhubmoments-projects.vercel.app"; depth:49; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249681/; classtype:trojan-activity;sid:84112781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"thelenogaxxxpro.site"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249680/; classtype:trojan-activity;sid:84112780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vxtqdv.bin"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249678/; classtype:trojan-activity;sid:84112778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blazedbottle/rat/main/client-built.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249679/; classtype:trojan-activity;sid:84112779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonam93/1/refs/heads/main/runtimebroker.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249677/; classtype:trojan-activity;sid:84112777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.144.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249676/; classtype:trojan-activity;sid:84112776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonam93/1/raw/refs/heads/main/runtimebroker.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249672/; classtype:trojan-activity;sid:84112772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blazedbottle/rat/raw/main/client-built.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249673/; classtype:trojan-activity;sid:84112773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samllea1/gorebox-modmenu/raw/refs/heads/main/gorebox%20modmenu%201.2.0.exe"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249674/; classtype:trojan-activity;sid:84112774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kami32x/osiris/raw/refs/heads/main/2klz.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249671/; classtype:trojan-activity;sid:84112771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonam93/1/raw/refs/heads/main/discord.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249670/; classtype:trojan-activity;sid:84112770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xerussploit/neverlose-loader/raw/refs/heads/main/neverlose%20loader.exe"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249669/; classtype:trojan-activity;sid:84112769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/client-built.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249667/; classtype:trojan-activity;sid:84112767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonam93/fud-batch/raw/main/discord.zip"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249668/; classtype:trojan-activity;sid:84112768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.74.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249666/; classtype:trojan-activity;sid:84112766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"haha-git-main-grimmhubmoments-projects.vercel.app"; depth:49; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249664/; classtype:trojan-activity;sid:84112764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"thelenogaxxxpro.site"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249665/; classtype:trojan-activity;sid:84112765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.55.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249663/; classtype:trojan-activity;sid:84112763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/4cfbcdc164b50d3bfb3d11ba7b0b40ef/"; depth:38; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249658/; classtype:trojan-activity;sid:84112758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/c721006ea29c92996d3b7789790c2006/"; depth:38; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249659/; classtype:trojan-activity;sid:84112759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/3f932be23c4a50e8203facedecc98c84/"; depth:38; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249660/; classtype:trojan-activity;sid:84112760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/d63aebd14d49fc2d70310f521d884d2b/"; depth:38; endswith; nocase; http.host; content:"loader.oxy.st"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249661/; classtype:trojan-activity;sid:84112761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alnyak/test/raw/main/testingg.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249656/; classtype:trojan-activity;sid:84112756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.84.247"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249657/; classtype:trojan-activity;sid:84112757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ki1erz/k1l-v2/raw/refs/heads/main/v2/v2.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249655/; classtype:trojan-activity;sid:84112755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.179.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249654/; classtype:trojan-activity;sid:84112754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.109.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249653/; classtype:trojan-activity;sid:84112753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.184.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249652/; classtype:trojan-activity;sid:84112752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.19.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249651/; classtype:trojan-activity;sid:84112751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.35.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249650/; classtype:trojan-activity;sid:84112750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.205.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249649/; classtype:trojan-activity;sid:84112749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f7d783430f2a8b5/nss3.dll"; depth:26; endswith; nocase; http.host; content:"94.181.203.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249648/; classtype:trojan-activity;sid:84112748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a810d57f6b3e0b9/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"92.119.114.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249641/; classtype:trojan-activity;sid:84112741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f7d783430f2a8b5/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"94.181.203.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249642/; classtype:trojan-activity;sid:84112742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f7d783430f2a8b5/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"94.181.203.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249643/; classtype:trojan-activity;sid:84112743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f7d783430f2a8b5/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"94.181.203.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249644/; classtype:trojan-activity;sid:84112744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f7d783430f2a8b5/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"94.181.203.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249645/; classtype:trojan-activity;sid:84112745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f7d783430f2a8b5/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"94.181.203.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249646/; classtype:trojan-activity;sid:84112746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f7d783430f2a8b5/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"94.181.203.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249647/; classtype:trojan-activity;sid:84112747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.193.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249640/; classtype:trojan-activity;sid:84112740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.177.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249639/; classtype:trojan-activity;sid:84112739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.14.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249638/; classtype:trojan-activity;sid:84112738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.78.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249637/; classtype:trojan-activity;sid:84112737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.178.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249636/; classtype:trojan-activity;sid:84112736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.106.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249634/; classtype:trojan-activity;sid:84112734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.235.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249635/; classtype:trojan-activity;sid:84112735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.78.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249633/; classtype:trojan-activity;sid:84112733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.181.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249632/; classtype:trojan-activity;sid:84112732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/720/we/seethebestthingstobegetmebackwithherlove.hta"; depth:52; endswith; nocase; http.host; content:"23.94.171.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249631/; classtype:trojan-activity;sid:84112731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/401/getbackwithbestthingsforeithergoodthings.tif"; depth:49; endswith; nocase; http.host; content:"62.151.179.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249629/; classtype:trojan-activity;sid:84112729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/401/nj/hn/bestthingswithgoodnweswthcihcgivingsuchanidea_______itsreallygreatthingseverytimetounderstandbetterthingon_______betterwaywithgreatthingswhichenoughtounderstand.doc"; depth:175; endswith; nocase; http.host; content:"62.151.179.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249630/; classtype:trojan-activity;sid:84112730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/401/erfvbcc.txt"; depth:16; endswith; nocase; http.host; content:"62.151.179.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249627/; classtype:trojan-activity;sid:84112727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/remisjkfhcxzooyw.exe"; depth:25; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249628/; classtype:trojan-activity;sid:84112728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/680/nc/necgoodthingswithgreatthingsentirethingstobeinonline.hta"; depth:64; endswith; nocase; http.host; content:"23.94.171.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249625/; classtype:trojan-activity;sid:84112725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/401/nj/feelnicewithgreatthingsgreatdayscomingforgreat.hta"; depth:58; endswith; nocase; http.host; content:"62.151.179.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249626/; classtype:trojan-activity;sid:84112726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9909/nicepicturewithherlipsonthelipsticwithher.tif"; depth:51; endswith; nocase; http.host; content:"192.3.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249623/; classtype:trojan-activity;sid:84112723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/720/systemprog.vbs"; depth:19; endswith; nocase; http.host; content:"23.94.171.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249624/; classtype:trojan-activity;sid:84112724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/666/newthingsforeveryonetogetforgreatthingstobe.tif"; depth:52; endswith; nocase; http.host; content:"192.3.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249622/; classtype:trojan-activity;sid:84112722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/545/wecreatedgoodnewswithgreatworkwithnewthign.tif"; depth:51; endswith; nocase; http.host; content:"135.125.89.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249621/; classtype:trojan-activity;sid:84112721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.42.243.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249620/; classtype:trojan-activity;sid:84112720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.21.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249616/; classtype:trojan-activity;sid:84112716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.44.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249617/; classtype:trojan-activity;sid:84112717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.10.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249618/; classtype:trojan-activity;sid:84112718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.234.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249619/; classtype:trojan-activity;sid:84112719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.61.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249615/; classtype:trojan-activity;sid:84112715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.35.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249614/; classtype:trojan-activity;sid:84112714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.109.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249613/; classtype:trojan-activity;sid:84112713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.19.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249612/; classtype:trojan-activity;sid:84112712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/richie213/jayo/refs/heads/main/harfank.txt"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249611/; classtype:trojan-activity;sid:84112711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.153.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249608/; classtype:trojan-activity;sid:84112708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santomalo/audit/main/r1co.txt"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249609/; classtype:trojan-activity;sid:84112709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ijeuwaesika/skyapb/refs/heads/main/kgpmmrd.txt"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249610/; classtype:trojan-activity;sid:84112710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.39.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249606/; classtype:trojan-activity;sid:84112706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/richie213/zekrama/refs/heads/main/haeibjs.txt"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249607/; classtype:trojan-activity;sid:84112707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.220.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249605/; classtype:trojan-activity;sid:84112705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/fix/servs.txt"; depth:33; endswith; nocase; http.host; content:"parquelosencinos.cl"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249604/; classtype:trojan-activity;sid:84112704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.29.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249602/; classtype:trojan-activity;sid:84112702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rent/invoice/doc/billing-7.iso"; depth:31; endswith; nocase; http.host; content:"goodtime.ro"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249603/; classtype:trojan-activity;sid:84112703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.55.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249601/; classtype:trojan-activity;sid:84112701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=4e6f63f4c3c86180%21112|7c|26|7c|authkey=!aji85fsyq6pgubw"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249600/; classtype:trojan-activity;sid:84112700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/soda31.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249598/; classtype:trojan-activity;sid:84112698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/impagkf.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249599/; classtype:trojan-activity;sid:84112699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/envioss/agosto/downloads/03201-leer_copia_de_la_nitificacion_enviada.cab"; depth:73; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249597/; classtype:trojan-activity;sid:84112697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/nickba.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249596/; classtype:trojan-activity;sid:84112696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mc20.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249586/; classtype:trojan-activity;sid:84112686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mainron.txt"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249587/; classtype:trojan-activity;sid:84112687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/pimijcr.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249588/; classtype:trojan-activity;sid:84112688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/k9ron.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249589/; classtype:trojan-activity;sid:84112689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/f01.txt"; depth:29; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249590/; classtype:trojan-activity;sid:84112690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shp15.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249591/; classtype:trojan-activity;sid:84112691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/fehffhg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249592/; classtype:trojan-activity;sid:84112692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/kil31.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249593/; classtype:trojan-activity;sid:84112693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/kar192.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249594/; classtype:trojan-activity;sid:84112694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/neg19.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249595/; classtype:trojan-activity;sid:84112695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shavb.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249583/; classtype:trojan-activity;sid:84112683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca8.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249584/; classtype:trojan-activity;sid:84112684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/gehkndh.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249585/; classtype:trojan-activity;sid:84112685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/rock1807.txt"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249576/; classtype:trojan-activity;sid:84112676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89999999999999/acaaaaaaaaa/downloads/roditapepepep.txt"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249577/; classtype:trojan-activity;sid:84112677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mca2.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249578/; classtype:trojan-activity;sid:84112678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca3.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249579/; classtype:trojan-activity;sid:84112679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca10.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249580/; classtype:trojan-activity;sid:84112680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/lushp.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249581/; classtype:trojan-activity;sid:84112681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/nofmrio.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249582/; classtype:trojan-activity;sid:84112682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89999999999999/acaaaaaaaaa/downloads/dee6666666666666666lelelelee.txt"; depth:70; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249574/; classtype:trojan-activity;sid:84112674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/ddmc2.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249575/; classtype:trojan-activity;sid:84112675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/golfron.txt"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249573/; classtype:trojan-activity;sid:84112673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shp2.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249571/; classtype:trojan-activity;sid:84112671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/lumkar.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249572/; classtype:trojan-activity;sid:84112672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/kar19.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249570/; classtype:trojan-activity;sid:84112670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/in19.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249569/; classtype:trojan-activity;sid:84112669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/ksh21.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249568/; classtype:trojan-activity;sid:84112668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/ddmc.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249565/; classtype:trojan-activity;sid:84112665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mavlum.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249566/; classtype:trojan-activity;sid:84112666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/rrk25.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249567/; classtype:trojan-activity;sid:84112667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/neg.txt"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249561/; classtype:trojan-activity;sid:84112661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mhchnjm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249562/; classtype:trojan-activity;sid:84112662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/kar311.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249563/; classtype:trojan-activity;sid:84112663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/linkopen.txt"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249564/; classtype:trojan-activity;sid:84112664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/sqq.txt"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249553/; classtype:trojan-activity;sid:84112653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shp16.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249554/; classtype:trojan-activity;sid:84112654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/lushp2.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249555/; classtype:trojan-activity;sid:84112655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rodrigo770/macento-obligado/downloads/pechichito.txt"; depth:53; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249556/; classtype:trojan-activity;sid:84112656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/fibaoho.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249557/; classtype:trojan-activity;sid:84112657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/kar23.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249558/; classtype:trojan-activity;sid:84112658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/jgkgoam.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249559/; classtype:trojan-activity;sid:84112659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mnohiak.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249560/; classtype:trojan-activity;sid:84112660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rkmihmb.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249547/; classtype:trojan-activity;sid:84112647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/emomrei.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249548/; classtype:trojan-activity;sid:84112648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/phobo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249549/; classtype:trojan-activity;sid:84112649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/cra3.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249550/; classtype:trojan-activity;sid:84112650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/envioss/agosto/downloads/envio_copia_de_la_notificacion.cab"; depth:60; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249551/; classtype:trojan-activity;sid:84112651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/emkikmk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249552/; classtype:trojan-activity;sid:84112652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra8.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249542/; classtype:trojan-activity;sid:84112642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra4.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249543/; classtype:trojan-activity;sid:84112643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/acmfddb.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249544/; classtype:trojan-activity;sid:84112644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra3.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249545/; classtype:trojan-activity;sid:84112645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca7.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249546/; classtype:trojan-activity;sid:84112646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/dcmkkmk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249540/; classtype:trojan-activity;sid:84112640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra10.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249541/; classtype:trojan-activity;sid:84112641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cwq.txt"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249536/; classtype:trojan-activity;sid:84112636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra9.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249537/; classtype:trojan-activity;sid:84112637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rodrigo770/macento-obligado/downloads/mioooooooooooo.txt"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249538/; classtype:trojan-activity;sid:84112638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mca.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249539/; classtype:trojan-activity;sid:84112639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/envioss/agosto/downloads/soste15oct.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249535/; classtype:trojan-activity;sid:84112635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/ngiaskk.txt"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249534/; classtype:trojan-activity;sid:84112634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/dsgkfca.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249533/; classtype:trojan-activity;sid:84112633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89999999999999/acaaaaaaaaa/downloads/deeleleelelee.txt"; depth:55; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249529/; classtype:trojan-activity;sid:84112629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/rock.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249530/; classtype:trojan-activity;sid:84112630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.216.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249531/; classtype:trojan-activity;sid:84112631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/sha30.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249532/; classtype:trojan-activity;sid:84112632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/metagrx.txt"; depth:35; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249526/; classtype:trojan-activity;sid:84112626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/bde.txt"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249527/; classtype:trojan-activity;sid:84112627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/mdapemp.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249528/; classtype:trojan-activity;sid:84112628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/lcr.exe"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249520/; classtype:trojan-activity;sid:84112620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/zar2.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249521/; classtype:trojan-activity;sid:84112621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/aofncdk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249522/; classtype:trojan-activity;sid:84112622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shp20.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249523/; classtype:trojan-activity;sid:84112623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/rodaneta/downloads/deeell.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249524/; classtype:trojan-activity;sid:84112624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/gift_code2024.txt"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249525/; classtype:trojan-activity;sid:84112625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/supet.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249515/; classtype:trojan-activity;sid:84112615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kpeidai.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249516/; classtype:trojan-activity;sid:84112616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/karnew.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249517/; classtype:trojan-activity;sid:84112617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rpfdkio.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249518/; classtype:trojan-activity;sid:84112618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kpdsbma.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249519/; classtype:trojan-activity;sid:84112619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/rock20.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249509/; classtype:trojan-activity;sid:84112609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/otstea.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249510/; classtype:trojan-activity;sid:84112610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/roascpm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249511/; classtype:trojan-activity;sid:84112611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rodrigo770/macento-obligado/downloads/deeleleelchichi.txt"; depth:58; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249512/; classtype:trojan-activity;sid:84112612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/ahfmmaa.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249513/; classtype:trojan-activity;sid:84112613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/haaadfs.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249514/; classtype:trojan-activity;sid:84112614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra5.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249504/; classtype:trojan-activity;sid:84112604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/phegofo.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249505/; classtype:trojan-activity;sid:84112605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shp22.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249506/; classtype:trojan-activity;sid:84112606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/drfksof.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249507/; classtype:trojan-activity;sid:84112607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdfsfew/abbas-ksdmspaod/downloads/r28juniosost.txt"; depth:51; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249508/; classtype:trojan-activity;sid:84112608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdfsfew/abbas-ksdmspaod/downloads/respaldo10deagosto.txt"; depth:57; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249502/; classtype:trojan-activity;sid:84112602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca4.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249503/; classtype:trojan-activity;sid:84112603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mca3.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249501/; classtype:trojan-activity;sid:84112601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/rfahcff.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249500/; classtype:trojan-activity;sid:84112600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdfsfew/abbas-ksdmspaod/downloads/respaldo.txt"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249498/; classtype:trojan-activity;sid:84112598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/knmifak.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249499/; classtype:trojan-activity;sid:84112599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/ehhrhdr.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249497/; classtype:trojan-activity;sid:84112597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca5.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249496/; classtype:trojan-activity;sid:84112596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/pdf.ico"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249494/; classtype:trojan-activity;sid:84112594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/fwd.dotm"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249495/; classtype:trojan-activity;sid:84112595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca2.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249493/; classtype:trojan-activity;sid:84112593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8887778/rodaneta/downloads/ppppppeeeeeeeee.txt"; depth:47; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249490/; classtype:trojan-activity;sid:84112590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra6.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249491/; classtype:trojan-activity;sid:84112591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1tcsctgvbajyma7cfdc158wpvqkpxmkhj|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249492/; classtype:trojan-activity;sid:84112592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/iarekoe.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249488/; classtype:trojan-activity;sid:84112588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/remzar.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249489/; classtype:trojan-activity;sid:84112589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kcaigmk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249482/; classtype:trojan-activity;sid:84112582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/albot.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249483/; classtype:trojan-activity;sid:84112583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/fhboerc.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249484/; classtype:trojan-activity;sid:84112584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/sdefcda.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249485/; classtype:trojan-activity;sid:84112585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/16neg.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249486/; classtype:trojan-activity;sid:84112586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/kar312.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249487/; classtype:trojan-activity;sid:84112587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/kmpfhak.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249468/; classtype:trojan-activity;sid:84112568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/irdsroi.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249469/; classtype:trojan-activity;sid:84112569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/envioss/agosto/downloads/sosteoctubre.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249470/; classtype:trojan-activity;sid:84112570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/fjodedc.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249471/; classtype:trojan-activity;sid:84112571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/mkiiarm.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249472/; classtype:trojan-activity;sid:84112572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shani.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249473/; classtype:trojan-activity;sid:84112573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rhcr.exe"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249474/; classtype:trojan-activity;sid:84112574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/ihkndgo.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249475/; classtype:trojan-activity;sid:84112575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/buildbud.txt"; depth:36; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249476/; classtype:trojan-activity;sid:84112576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/sqm.txt"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249477/; classtype:trojan-activity;sid:84112577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/psmficj.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249478/; classtype:trojan-activity;sid:84112578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mc23.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249479/; classtype:trojan-activity;sid:84112579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/rocks.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249480/; classtype:trojan-activity;sid:84112580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/crquas.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249481/; classtype:trojan-activity;sid:84112581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/bate.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249463/; classtype:trojan-activity;sid:84112563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/avet.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249464/; classtype:trojan-activity;sid:84112564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/prof.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249465/; classtype:trojan-activity;sid:84112565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/pbodidk.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249466/; classtype:trojan-activity;sid:84112566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/rdpikkr.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249467/; classtype:trojan-activity;sid:84112567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/omrpsnn.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249457/; classtype:trojan-activity;sid:84112557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfd344/erd/downloads/efiddbi.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249458/; classtype:trojan-activity;sid:84112558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra7.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249459/; classtype:trojan-activity;sid:84112559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/shp232.txt"; depth:34; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249460/; classtype:trojan-activity;sid:84112560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/readme.txt"; depth:40; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249461/; classtype:trojan-activity;sid:84112561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca.txt"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249462/; classtype:trojan-activity;sid:84112562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/cra2.txt"; depth:38; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249454/; classtype:trojan-activity;sid:84112554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/cra.txt"; depth:37; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249455/; classtype:trojan-activity;sid:84112555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca6.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249456/; classtype:trojan-activity;sid:84112556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/mca9.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249453/; classtype:trojan-activity;sid:84112553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra.txt"; depth:31; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249452/; classtype:trojan-activity;sid:84112552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miryp/gasgqw/downloads/cra2.txt"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249451/; classtype:trojan-activity;sid:84112551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fasf24124/fdgfytrj/downloads/linkopen.txt"; depth:42; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249450/; classtype:trojan-activity;sid:84112550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.132.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249449/; classtype:trojan-activity;sid:84112549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.161.0.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249448/; classtype:trojan-activity;sid:84112548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.138.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249447/; classtype:trojan-activity;sid:84112547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.86.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249446/; classtype:trojan-activity;sid:84112546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.177.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249445/; classtype:trojan-activity;sid:84112545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.146.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249443/; classtype:trojan-activity;sid:84112543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.199.79.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249444/; classtype:trojan-activity;sid:84112544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.106.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249442/; classtype:trojan-activity;sid:84112542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.184.251.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249441/; classtype:trojan-activity;sid:84112541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.21.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249440/; classtype:trojan-activity;sid:84112540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/server.txt"; depth:18; endswith; nocase; http.host; content:"simonastolerciuc.ro"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249439/; classtype:trojan-activity;sid:84112539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/wealthy.txt"; depth:19; endswith; nocase; http.host; content:"spitalcfpascani.ro"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249438/; classtype:trojan-activity;sid:84112538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.162.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249437/; classtype:trojan-activity;sid:84112537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.65.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249436/; classtype:trojan-activity;sid:84112536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.223.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249434/; classtype:trojan-activity;sid:84112534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.97.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249435/; classtype:trojan-activity;sid:84112535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.203.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249433/; classtype:trojan-activity;sid:84112533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.153.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249432/; classtype:trojan-activity;sid:84112532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.211.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249431/; classtype:trojan-activity;sid:84112531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.102.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249429/; classtype:trojan-activity;sid:84112529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.21.0"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249430/; classtype:trojan-activity;sid:84112530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.220.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249428/; classtype:trojan-activity;sid:84112528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249427/; classtype:trojan-activity;sid:84112527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.200.86.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249426/; classtype:trojan-activity;sid:84112526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249425/; classtype:trojan-activity;sid:84112525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.73.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249424/; classtype:trojan-activity;sid:84112524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.242.87.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249423/; classtype:trojan-activity;sid:84112523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.29.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249421/; classtype:trojan-activity;sid:84112521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.61.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249422/; classtype:trojan-activity;sid:84112522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.103.0"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249418/; classtype:trojan-activity;sid:84112518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.185.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249419/; classtype:trojan-activity;sid:84112519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.90.144.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249420/; classtype:trojan-activity;sid:84112520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.61.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249417/; classtype:trojan-activity;sid:84112517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.159.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249416/; classtype:trojan-activity;sid:84112516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.137.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249415/; classtype:trojan-activity;sid:84112515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/444/rennbv.txt"; depth:15; endswith; nocase; http.host; content:"185.117.90.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249414/; classtype:trojan-activity;sid:84112514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/545/erffgf.txt"; depth:15; endswith; nocase; http.host; content:"135.125.89.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249413/; classtype:trojan-activity;sid:84112513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cv/nicethingswithgreatthingsentirethingsgoodthingsgood.hta"; depth:65; endswith; nocase; http.host; content:"185.117.90.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249410/; classtype:trojan-activity;sid:84112510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/266/rgbbvn.txt"; depth:15; endswith; nocase; http.host; content:"185.117.90.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249411/; classtype:trojan-activity;sid:84112511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/evc/seethefirstthingstobeinentirethingstobegoodfro.hta"; depth:61; endswith; nocase; http.host; content:"172.245.123.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249412/; classtype:trojan-activity;sid:84112512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/444/nc/seethebestthingshavwithgreatthingsformetoget.hta"; depth:56; endswith; nocase; http.host; content:"185.117.90.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249406/; classtype:trojan-activity;sid:84112506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/545/ws/es/wecreatedwithnewthingswithouthavingnewthings______seethebestthingswithnewthingsgreatforeverybodytogetme______seethebestthignswithgreatthignsgoodforme.doc"; depth:164; endswith; nocase; http.host; content:"135.125.89.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249407/; classtype:trojan-activity;sid:84112507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/545/ws/greatworkwithnewthingstobegreatthignswithmehave.hta"; depth:59; endswith; nocase; http.host; content:"135.125.89.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249408/; classtype:trojan-activity;sid:84112508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.44.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249409/; classtype:trojan-activity;sid:84112509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/600/cn/veryeasythingsevermadeforcreatenewthignsbetterthigns.hta"; depth:64; endswith; nocase; http.host; content:"172.245.135.166"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249400/; classtype:trojan-activity;sid:84112500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/dg/greatthingswithgreatideasgivenmerestthignstgood.hta"; depth:61; endswith; nocase; http.host; content:"172.245.123.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249401/; classtype:trojan-activity;sid:84112501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89/cf/nicworkgbeeterworkgoodthingswithgereatniceforme.hta"; depth:58; endswith; nocase; http.host; content:"107.175.229.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249402/; classtype:trojan-activity;sid:84112502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/nr/seethemagicalpersoninmylifewithherlifegoodforme.hta"; depth:61; endswith; nocase; http.host; content:"172.245.123.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249403/; classtype:trojan-activity;sid:84112503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.10.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249404/; classtype:trojan-activity;sid:84112504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/cb/creambungoodforyourchoicetogetmeback.hta"; depth:50; endswith; nocase; http.host; content:"107.175.229.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249405/; classtype:trojan-activity;sid:84112505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42/nc/greatwayforbestthignswithwhonotwanttodo.hta"; depth:50; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249397/; classtype:trojan-activity;sid:84112497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43/hs/logicalwayofgreatthingswhichcreatedwithgreatwayofgood.hta"; depth:64; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249398/; classtype:trojan-activity;sid:84112498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evil.hta"; depth:9; endswith; nocase; http.host; content:"192.3.150.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249399/; classtype:trojan-activity;sid:84112499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/680/cg/createdbestthingswithnewthingsgreatattitudewithnewthignsonherewithme.hta"; depth:80; endswith; nocase; http.host; content:"192.210.215.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249394/; classtype:trojan-activity;sid:84112494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/455/hb/seethedifferentwithhereloverandreality.hta"; depth:50; endswith; nocase; http.host; content:"192.3.179.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249395/; classtype:trojan-activity;sid:84112495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/dv/niceworkingwithgreatthingstobeonlineforgoodthing.hta"; depth:62; endswith; nocase; http.host; content:"192.3.101.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249396/; classtype:trojan-activity;sid:84112496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43/lcrddfr.txt"; depth:15; endswith; nocase; http.host; content:"192.3.176.141"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249392/; classtype:trojan-activity;sid:84112492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/680/erffdr.txt"; depth:15; endswith; nocase; http.host; content:"192.210.215.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249393/; classtype:trojan-activity;sid:84112493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/gb/ugetsharpresultsalwaysfromthegreatfileworksure.hta"; depth:60; endswith; nocase; http.host; content:"198.144.178.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249391/; classtype:trojan-activity;sid:84112491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/455/wqassw.txt"; depth:15; endswith; nocase; http.host; content:"192.3.179.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249389/; classtype:trojan-activity;sid:84112489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuesday.txt"; depth:12; endswith; nocase; http.host; content:"192.3.216.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249390/; classtype:trojan-activity;sid:84112490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9909/nh/verynicegirlneedsuperkiisingfromtheboy.hta"; depth:51; endswith; nocase; http.host; content:"192.3.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249384/; classtype:trojan-activity;sid:84112484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/666/mso/seethebestthingsformygirlshegreatfornewways.hta"; depth:56; endswith; nocase; http.host; content:"192.3.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249385/; classtype:trojan-activity;sid:84112485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xampp/no/userhergoodthingswithmeforgetbestthingsgoodforme.hta"; depth:62; endswith; nocase; http.host; content:"198.144.178.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249386/; classtype:trojan-activity;sid:84112486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/888/wf/sheisthebestcaseeveryoneknowbesththignstobegreatfor.hta"; depth:63; endswith; nocase; http.host; content:"192.3.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249387/; classtype:trojan-activity;sid:84112487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/asrt/s1.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249388/; classtype:trojan-activity;sid:84112488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/888/qweer.txt"; depth:14; endswith; nocase; http.host; content:"192.3.220.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249383/; classtype:trojan-activity;sid:84112483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rulmerurk/ertertqw/downloads/skbrdsg.txt"; depth:41; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249382/; classtype:trojan-activity;sid:84112482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.193.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249379/; classtype:trojan-activity;sid:84112479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa14/aaaa/downloads/dfkbkhk.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249380/; classtype:trojan-activity;sid:84112480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa14/aaaa/downloads/dkahfjr.txt"; depth:33; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249381/; classtype:trojan-activity;sid:84112481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.81.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249378/; classtype:trojan-activity;sid:84112478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.223.147"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249377/; classtype:trojan-activity;sid:84112477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.6.61.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249376/; classtype:trojan-activity;sid:84112476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.208.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249374/; classtype:trojan-activity;sid:84112474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.115.162.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249375/; classtype:trojan-activity;sid:84112475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.188.86.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249373/; classtype:trojan-activity;sid:84112473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.21.239"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249372/; classtype:trojan-activity;sid:84112472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.24.162.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249371/; classtype:trojan-activity;sid:84112471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.142.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249370/; classtype:trojan-activity;sid:84112470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249369/; classtype:trojan-activity;sid:84112469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.223.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249368/; classtype:trojan-activity;sid:84112468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.87.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249367/; classtype:trojan-activity;sid:84112467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.159.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249366/; classtype:trojan-activity;sid:84112466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249365/; classtype:trojan-activity;sid:84112465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.122.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249364/; classtype:trojan-activity;sid:84112464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.61.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249363/; classtype:trojan-activity;sid:84112463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.80.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249362/; classtype:trojan-activity;sid:84112462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.0.229"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249361/; classtype:trojan-activity;sid:84112461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.250.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249360/; classtype:trojan-activity;sid:84112460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1fe9zcio6mhdpnqauibisjf73gpdjpnzc|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:88; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249358/; classtype:trojan-activity;sid:84112458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1i6ht1qtdiw2bquzh2pbdjwm8d0nb9p40"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249359/; classtype:trojan-activity;sid:84112459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.114.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249357/; classtype:trojan-activity;sid:84112457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.216.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249356/; classtype:trojan-activity;sid:84112456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.86.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249355/; classtype:trojan-activity;sid:84112455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.190.163.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249354/; classtype:trojan-activity;sid:84112454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.78.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249353/; classtype:trojan-activity;sid:84112453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.37.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249352/; classtype:trojan-activity;sid:84112452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.147.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249350/; classtype:trojan-activity;sid:84112450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.25.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249351/; classtype:trojan-activity;sid:84112451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.81.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249349/; classtype:trojan-activity;sid:84112449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.188.86.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249348/; classtype:trojan-activity;sid:84112448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.254.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249347/; classtype:trojan-activity;sid:84112447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"210.6.61.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249346/; classtype:trojan-activity;sid:84112446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.180.47.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249345/; classtype:trojan-activity;sid:84112445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.238.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249344/; classtype:trojan-activity;sid:84112444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.147.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249343/; classtype:trojan-activity;sid:84112443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.27.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249342/; classtype:trojan-activity;sid:84112442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.177.149.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249341/; classtype:trojan-activity;sid:84112441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.118.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249340/; classtype:trojan-activity;sid:84112440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.25.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249339/; classtype:trojan-activity;sid:84112439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.121.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249338/; classtype:trojan-activity;sid:84112438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249337/; classtype:trojan-activity;sid:84112437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.250.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249336/; classtype:trojan-activity;sid:84112436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.217.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249335/; classtype:trojan-activity;sid:84112435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/561/wlanext.exe"; depth:16; endswith; nocase; http.host; content:"172.245.123.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249334/; classtype:trojan-activity;sid:84112434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.59.154.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249333/; classtype:trojan-activity;sid:84112433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.111.102.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249332/; classtype:trojan-activity;sid:84112432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.100.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249331/; classtype:trojan-activity;sid:84112431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.166.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249330/; classtype:trojan-activity;sid:84112430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.26.113.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249329/; classtype:trojan-activity;sid:84112429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.94.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249328/; classtype:trojan-activity;sid:84112428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.210.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249327/; classtype:trojan-activity;sid:84112427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.122.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249326/; classtype:trojan-activity;sid:84112426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.176.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249325/; classtype:trojan-activity;sid:84112425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249324/; classtype:trojan-activity;sid:84112424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wn1a0/build.exe"; depth:16; endswith; nocase; http.host; content:"giantowl.flywheelsites.com"; depth:26; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249323/; classtype:trojan-activity;sid:84112423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.31.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249322/; classtype:trojan-activity;sid:84112422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.229.128"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249321/; classtype:trojan-activity;sid:84112421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.174.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249320/; classtype:trojan-activity;sid:84112420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.209.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249319/; classtype:trojan-activity;sid:84112419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.112.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249318/; classtype:trojan-activity;sid:84112418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.20.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249317/; classtype:trojan-activity;sid:84112417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.210.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249316/; classtype:trojan-activity;sid:84112416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.254.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249315/; classtype:trojan-activity;sid:84112415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.190.163.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249314/; classtype:trojan-activity;sid:84112414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.158.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249313/; classtype:trojan-activity;sid:84112413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.30.76.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249312/; classtype:trojan-activity;sid:84112412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.30.76.212"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249311/; classtype:trojan-activity;sid:84112411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.44.150.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249310/; classtype:trojan-activity;sid:84112410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.215.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249309/; classtype:trojan-activity;sid:84112409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.160.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249308/; classtype:trojan-activity;sid:84112408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249307/; classtype:trojan-activity;sid:84112407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.140.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249306/; classtype:trojan-activity;sid:84112406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.121.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249305/; classtype:trojan-activity;sid:84112405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.68.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249304/; classtype:trojan-activity;sid:84112404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.217.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249303/; classtype:trojan-activity;sid:84112403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.139.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249302/; classtype:trojan-activity;sid:84112402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.197.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249301/; classtype:trojan-activity;sid:84112401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.84.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249300/; classtype:trojan-activity;sid:84112400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.31.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249299/; classtype:trojan-activity;sid:84112399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.202.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249298/; classtype:trojan-activity;sid:84112398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.140.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249296/; classtype:trojan-activity;sid:84112396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.19.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249297/; classtype:trojan-activity;sid:84112397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.45.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249295/; classtype:trojan-activity;sid:84112395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.48.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249294/; classtype:trojan-activity;sid:84112394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.225.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249293/; classtype:trojan-activity;sid:84112393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.87.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249292/; classtype:trojan-activity;sid:84112392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.198.225.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249291/; classtype:trojan-activity;sid:84112391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.226.223.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249290/; classtype:trojan-activity;sid:84112390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.1.201"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249289/; classtype:trojan-activity;sid:84112389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.237.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249288/; classtype:trojan-activity;sid:84112388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.118.158.25"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249287/; classtype:trojan-activity;sid:84112387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.46.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249286/; classtype:trojan-activity;sid:84112386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.141.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249285/; classtype:trojan-activity;sid:84112385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.135.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249284/; classtype:trojan-activity;sid:84112384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.113.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249283/; classtype:trojan-activity;sid:84112383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.202.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249282/; classtype:trojan-activity;sid:84112382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249280/; classtype:trojan-activity;sid:84112380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.198.13.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249281/; classtype:trojan-activity;sid:84112381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.93.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249279/; classtype:trojan-activity;sid:84112379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.19.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249278/; classtype:trojan-activity;sid:84112378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.136.232.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249277/; classtype:trojan-activity;sid:84112377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.167.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249276/; classtype:trojan-activity;sid:84112376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.68.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249275/; classtype:trojan-activity;sid:84112375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249274/; classtype:trojan-activity;sid:84112374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.177.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249273/; classtype:trojan-activity;sid:84112373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.225.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249272/; classtype:trojan-activity;sid:84112372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.198.225.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249271/; classtype:trojan-activity;sid:84112371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.218.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249268/; classtype:trojan-activity;sid:84112368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.143.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249269/; classtype:trojan-activity;sid:84112369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.107.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249270/; classtype:trojan-activity;sid:84112370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.10.49.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249267/; classtype:trojan-activity;sid:84112367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.135.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249266/; classtype:trojan-activity;sid:84112366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.125.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249265/; classtype:trojan-activity;sid:84112365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.72.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249263/; classtype:trojan-activity;sid:84112363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.159.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249264/; classtype:trojan-activity;sid:84112364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.141.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249262/; classtype:trojan-activity;sid:84112362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.17.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249261/; classtype:trojan-activity;sid:84112361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.72.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249260/; classtype:trojan-activity;sid:84112360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.114.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249259/; classtype:trojan-activity;sid:84112359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.2.108.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249258/; classtype:trojan-activity;sid:84112358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.126.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249257/; classtype:trojan-activity;sid:84112357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249256/; classtype:trojan-activity;sid:84112356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.186.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249255/; classtype:trojan-activity;sid:84112355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.225.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249254/; classtype:trojan-activity;sid:84112354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.143.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249253/; classtype:trojan-activity;sid:84112353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.0.244"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249252/; classtype:trojan-activity;sid:84112352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.139.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249250/; classtype:trojan-activity;sid:84112350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.191.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249251/; classtype:trojan-activity;sid:84112351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.107.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249249/; classtype:trojan-activity;sid:84112349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.86.171.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249248/; classtype:trojan-activity;sid:84112348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.62.253.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249247/; classtype:trojan-activity;sid:84112347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.177.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249246/; classtype:trojan-activity;sid:84112346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.139.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249245/; classtype:trojan-activity;sid:84112345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.33.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249244/; classtype:trojan-activity;sid:84112344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.2.108.24"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249243/; classtype:trojan-activity;sid:84112343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.51.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249242/; classtype:trojan-activity;sid:84112342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.66.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249241/; classtype:trojan-activity;sid:84112341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.173.85.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249240/; classtype:trojan-activity;sid:84112340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.115.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249239/; classtype:trojan-activity;sid:84112339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.91.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249238/; classtype:trojan-activity;sid:84112338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.47.17.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249237/; classtype:trojan-activity;sid:84112337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.132.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249234/; classtype:trojan-activity;sid:84112334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.223.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249235/; classtype:trojan-activity;sid:84112335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.84.136.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249236/; classtype:trojan-activity;sid:84112336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249233/; classtype:trojan-activity;sid:84112333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.179.99.40"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249232/; classtype:trojan-activity;sid:84112332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.111.75.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249231/; classtype:trojan-activity;sid:84112331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249230/; classtype:trojan-activity;sid:84112330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249229/; classtype:trojan-activity;sid:84112329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.134.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249228/; classtype:trojan-activity;sid:84112328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.253.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249227/; classtype:trojan-activity;sid:84112327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.176.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249226/; classtype:trojan-activity;sid:84112326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.109.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249225/; classtype:trojan-activity;sid:84112325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.150.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249224/; classtype:trojan-activity;sid:84112324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.210.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249223/; classtype:trojan-activity;sid:84112323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.186.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249222/; classtype:trojan-activity;sid:84112322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.119.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249221/; classtype:trojan-activity;sid:84112321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.240.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249220/; classtype:trojan-activity;sid:84112320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.225.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249219/; classtype:trojan-activity;sid:84112319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.104.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249218/; classtype:trojan-activity;sid:84112318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.166.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249217/; classtype:trojan-activity;sid:84112317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.118.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249216/; classtype:trojan-activity;sid:84112316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.203.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249215/; classtype:trojan-activity;sid:84112315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.91.168"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249214/; classtype:trojan-activity;sid:84112314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.119.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249213/; classtype:trojan-activity;sid:84112313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.122.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249212/; classtype:trojan-activity;sid:84112312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.149.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249211/; classtype:trojan-activity;sid:84112311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.225.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249210/; classtype:trojan-activity;sid:84112310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.218.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249209/; classtype:trojan-activity;sid:84112309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.33.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249208/; classtype:trojan-activity;sid:84112308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.118.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249207/; classtype:trojan-activity;sid:84112307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.210.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249206/; classtype:trojan-activity;sid:84112306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.235.108.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249205/; classtype:trojan-activity;sid:84112305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.251.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249204/; classtype:trojan-activity;sid:84112304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.104.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249203/; classtype:trojan-activity;sid:84112303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249202/; classtype:trojan-activity;sid:84112302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249201/; classtype:trojan-activity;sid:84112301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.225.209"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249200/; classtype:trojan-activity;sid:84112300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.149.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249199/; classtype:trojan-activity;sid:84112299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.187.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249197/; classtype:trojan-activity;sid:84112297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.122.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249198/; classtype:trojan-activity;sid:84112298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.240.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249196/; classtype:trojan-activity;sid:84112296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.237.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249195/; classtype:trojan-activity;sid:84112295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.247.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249194/; classtype:trojan-activity;sid:84112294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.96.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249193/; classtype:trojan-activity;sid:84112293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.163.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249192/; classtype:trojan-activity;sid:84112292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.220.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249191/; classtype:trojan-activity;sid:84112291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.215.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249190/; classtype:trojan-activity;sid:84112290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.7.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249189/; classtype:trojan-activity;sid:84112289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.122.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249188/; classtype:trojan-activity;sid:84112288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.66.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249187/; classtype:trojan-activity;sid:84112287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.82.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249186/; classtype:trojan-activity;sid:84112286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.6.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249185/; classtype:trojan-activity;sid:84112285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.254.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249184/; classtype:trojan-activity;sid:84112284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.131.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249183/; classtype:trojan-activity;sid:84112283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.80.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249182/; classtype:trojan-activity;sid:84112282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.234.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249181/; classtype:trojan-activity;sid:84112281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.175.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249180/; classtype:trojan-activity;sid:84112280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.12.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249178/; classtype:trojan-activity;sid:84112278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.21.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249179/; classtype:trojan-activity;sid:84112279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.187.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249177/; classtype:trojan-activity;sid:84112277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.118.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249176/; classtype:trojan-activity;sid:84112276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.72.125.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249174/; classtype:trojan-activity;sid:84112274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.96.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249175/; classtype:trojan-activity;sid:84112275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.251.211"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249173/; classtype:trojan-activity;sid:84112273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.70.96.64"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249172/; classtype:trojan-activity;sid:84112272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.220.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249171/; classtype:trojan-activity;sid:84112271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.29.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249170/; classtype:trojan-activity;sid:84112270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.180.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249169/; classtype:trojan-activity;sid:84112269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.254.89"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249168/; classtype:trojan-activity;sid:84112268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.128.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249167/; classtype:trojan-activity;sid:84112267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.252.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249166/; classtype:trojan-activity;sid:84112266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.73.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249165/; classtype:trojan-activity;sid:84112265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.29.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249164/; classtype:trojan-activity;sid:84112264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.254.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249162/; classtype:trojan-activity;sid:84112262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.199.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249163/; classtype:trojan-activity;sid:84112263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.78.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249161/; classtype:trojan-activity;sid:84112261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249160/; classtype:trojan-activity;sid:84112260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.183.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249159/; classtype:trojan-activity;sid:84112259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.241.49.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249158/; classtype:trojan-activity;sid:84112258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.30.200"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249157/; classtype:trojan-activity;sid:84112257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.18.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249156/; classtype:trojan-activity;sid:84112256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.138.43.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249155/; classtype:trojan-activity;sid:84112255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249154/; classtype:trojan-activity;sid:84112254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.29.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249153/; classtype:trojan-activity;sid:84112253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.92.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249151/; classtype:trojan-activity;sid:84112251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.180.86"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249152/; classtype:trojan-activity;sid:84112252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.68.28.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249150/; classtype:trojan-activity;sid:84112250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.118.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249149/; classtype:trojan-activity;sid:84112249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.100.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249147/; classtype:trojan-activity;sid:84112247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.175.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249148/; classtype:trojan-activity;sid:84112248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.80.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249146/; classtype:trojan-activity;sid:84112246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.46.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249145/; classtype:trojan-activity;sid:84112245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.72.125.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249144/; classtype:trojan-activity;sid:84112244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.140.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249143/; classtype:trojan-activity;sid:84112243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249142/; classtype:trojan-activity;sid:84112242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249141/; classtype:trojan-activity;sid:84112241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.200.185.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249140/; classtype:trojan-activity;sid:84112240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249138/; classtype:trojan-activity;sid:84112238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.195.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249139/; classtype:trojan-activity;sid:84112239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"tcy.rooms.fierceatfifty.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249137/; classtype:trojan-activity;sid:84112237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.203.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249136/; classtype:trojan-activity;sid:84112236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.252.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249135/; classtype:trojan-activity;sid:84112235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.87.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249134/; classtype:trojan-activity;sid:84112234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249133/; classtype:trojan-activity;sid:84112233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.8.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249132/; classtype:trojan-activity;sid:84112232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.241.49.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249131/; classtype:trojan-activity;sid:84112231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.78.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249130/; classtype:trojan-activity;sid:84112230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.183.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249129/; classtype:trojan-activity;sid:84112229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.21.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249128/; classtype:trojan-activity;sid:84112228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.128.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249127/; classtype:trojan-activity;sid:84112227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.249.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249126/; classtype:trojan-activity;sid:84112226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.100.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249125/; classtype:trojan-activity;sid:84112225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.131.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249124/; classtype:trojan-activity;sid:84112224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.17.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249123/; classtype:trojan-activity;sid:84112223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.8.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249122/; classtype:trojan-activity;sid:84112222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.66.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249121/; classtype:trojan-activity;sid:84112221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.247.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249120/; classtype:trojan-activity;sid:84112220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.29.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249119/; classtype:trojan-activity;sid:84112219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.231.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249118/; classtype:trojan-activity;sid:84112218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.17.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249117/; classtype:trojan-activity;sid:84112217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.118.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249116/; classtype:trojan-activity;sid:84112216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.84.232"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249114/; classtype:trojan-activity;sid:84112214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.51.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249115/; classtype:trojan-activity;sid:84112215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.195.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249113/; classtype:trojan-activity;sid:84112213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.105.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249110/; classtype:trojan-activity;sid:84112210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.116.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249111/; classtype:trojan-activity;sid:84112211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.98.97"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249112/; classtype:trojan-activity;sid:84112212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.213.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249108/; classtype:trojan-activity;sid:84112208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.177.88"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249109/; classtype:trojan-activity;sid:84112209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.9.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249107/; classtype:trojan-activity;sid:84112207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.28.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249105/; classtype:trojan-activity;sid:84112205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.163.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249106/; classtype:trojan-activity;sid:84112206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249104/; classtype:trojan-activity;sid:84112204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.69.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249103/; classtype:trojan-activity;sid:84112203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"181.191.82.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249102/; classtype:trojan-activity;sid:84112202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.167.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249101/; classtype:trojan-activity;sid:84112201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.103.58.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249100/; classtype:trojan-activity;sid:84112200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.15.122"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249099/; classtype:trojan-activity;sid:84112199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.83.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249098/; classtype:trojan-activity;sid:84112198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.176.140"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249097/; classtype:trojan-activity;sid:84112197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.80.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249096/; classtype:trojan-activity;sid:84112196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.140.81.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249095/; classtype:trojan-activity;sid:84112195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.129.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249094/; classtype:trojan-activity;sid:84112194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.5.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249092/; classtype:trojan-activity;sid:84112192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.97.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249093/; classtype:trojan-activity;sid:84112193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.232.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249091/; classtype:trojan-activity;sid:84112191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.217.82.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249090/; classtype:trojan-activity;sid:84112190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.128.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249088/; classtype:trojan-activity;sid:84112188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.109.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249089/; classtype:trojan-activity;sid:84112189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.221.247.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249087/; classtype:trojan-activity;sid:84112187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.137.197.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249086/; classtype:trojan-activity;sid:84112186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.215.213.76"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249085/; classtype:trojan-activity;sid:84112185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.32.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249084/; classtype:trojan-activity;sid:84112184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.61.1.64"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249083/; classtype:trojan-activity;sid:84112183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.231.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249082/; classtype:trojan-activity;sid:84112182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.17.28"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249081/; classtype:trojan-activity;sid:84112181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.17.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249080/; classtype:trojan-activity;sid:84112180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.80.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249079/; classtype:trojan-activity;sid:84112179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.162.72"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249078/; classtype:trojan-activity;sid:84112178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.15.122"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249077/; classtype:trojan-activity;sid:84112177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.163.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249076/; classtype:trojan-activity;sid:84112176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.169.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249075/; classtype:trojan-activity;sid:84112175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.28.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249074/; classtype:trojan-activity;sid:84112174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.129.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249073/; classtype:trojan-activity;sid:84112173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.9.13"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249072/; classtype:trojan-activity;sid:84112172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.66.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249071/; classtype:trojan-activity;sid:84112171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.151.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249070/; classtype:trojan-activity;sid:84112170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.5.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249069/; classtype:trojan-activity;sid:84112169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.232.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249068/; classtype:trojan-activity;sid:84112168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.238.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249067/; classtype:trojan-activity;sid:84112167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.109.49"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249066/; classtype:trojan-activity;sid:84112166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.97.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249065/; classtype:trojan-activity;sid:84112165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.240.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249064/; classtype:trojan-activity;sid:84112164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.75.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249063/; classtype:trojan-activity;sid:84112163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.204.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249062/; classtype:trojan-activity;sid:84112162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.1.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249061/; classtype:trojan-activity;sid:84112161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.219.38.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249060/; classtype:trojan-activity;sid:84112160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"112.161.73.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249059/; classtype:trojan-activity;sid:84112159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249058/; classtype:trojan-activity;sid:84112158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.26.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249057/; classtype:trojan-activity;sid:84112157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.40.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249056/; classtype:trojan-activity;sid:84112156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.197.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249055/; classtype:trojan-activity;sid:84112155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.66.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249054/; classtype:trojan-activity;sid:84112154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.182.189.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249053/; classtype:trojan-activity;sid:84112153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.218.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249052/; classtype:trojan-activity;sid:84112152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.115.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249051/; classtype:trojan-activity;sid:84112151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.201.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249050/; classtype:trojan-activity;sid:84112150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.237.132"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249049/; classtype:trojan-activity;sid:84112149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.61.7.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249048/; classtype:trojan-activity;sid:84112148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.217.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249047/; classtype:trojan-activity;sid:84112147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.226.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249046/; classtype:trojan-activity;sid:84112146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.53.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249045/; classtype:trojan-activity;sid:84112145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.68.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249044/; classtype:trojan-activity;sid:84112144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249043/; classtype:trojan-activity;sid:84112143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.53.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249042/; classtype:trojan-activity;sid:84112142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.75.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249041/; classtype:trojan-activity;sid:84112141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.240.129.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249040/; classtype:trojan-activity;sid:84112140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.68.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249039/; classtype:trojan-activity;sid:84112139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.243.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249037/; classtype:trojan-activity;sid:84112137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.53.31.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249038/; classtype:trojan-activity;sid:84112138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.26.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249036/; classtype:trojan-activity;sid:84112136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.40.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249034/; classtype:trojan-activity;sid:84112134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.226.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249035/; classtype:trojan-activity;sid:84112135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.84.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249033/; classtype:trojan-activity;sid:84112133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.181.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249032/; classtype:trojan-activity;sid:84112132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.189.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249031/; classtype:trojan-activity;sid:84112131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.109.188.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249030/; classtype:trojan-activity;sid:84112130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.79.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249026/; classtype:trojan-activity;sid:84112126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.218.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249027/; classtype:trojan-activity;sid:84112127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.40.153"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249028/; classtype:trojan-activity;sid:84112128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.83.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249029/; classtype:trojan-activity;sid:84112129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.166.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249025/; classtype:trojan-activity;sid:84112125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.182.204.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249024/; classtype:trojan-activity;sid:84112124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.240.129.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249023/; classtype:trojan-activity;sid:84112123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.224.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249022/; classtype:trojan-activity;sid:84112122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.181.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249021/; classtype:trojan-activity;sid:84112121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.243.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249020/; classtype:trojan-activity;sid:84112120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.240.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249019/; classtype:trojan-activity;sid:84112119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.24.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249018/; classtype:trojan-activity;sid:84112118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.60.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249017/; classtype:trojan-activity;sid:84112117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.70.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249016/; classtype:trojan-activity;sid:84112116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.24.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249015/; classtype:trojan-activity;sid:84112115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.178.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249013/; classtype:trojan-activity;sid:84112113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.224.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249014/; classtype:trojan-activity;sid:84112114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.166.11"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249012/; classtype:trojan-activity;sid:84112112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.231.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249011/; classtype:trojan-activity;sid:84112111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249010/; classtype:trojan-activity;sid:84112110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.206.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249009/; classtype:trojan-activity;sid:84112109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.30.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249008/; classtype:trojan-activity;sid:84112108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.106.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249007/; classtype:trojan-activity;sid:84112107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.29.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249006/; classtype:trojan-activity;sid:84112106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.99.17.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249005/; classtype:trojan-activity;sid:84112105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.38.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249004/; classtype:trojan-activity;sid:84112104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.84.253.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249003/; classtype:trojan-activity;sid:84112103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.143.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249002/; classtype:trojan-activity;sid:84112102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.178.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249001/; classtype:trojan-activity;sid:84112101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.25.232"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3249000/; classtype:trojan-activity;sid:84112100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.139.211"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248999/; classtype:trojan-activity;sid:84112099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.113.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248998/; classtype:trojan-activity;sid:84112098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.157.201"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248997/; classtype:trojan-activity;sid:84112097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.150.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248996/; classtype:trojan-activity;sid:84112096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.133.78.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248995/; classtype:trojan-activity;sid:84112095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.99.17.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248994/; classtype:trojan-activity;sid:84112094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.105.33.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248993/; classtype:trojan-activity;sid:84112093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248992/; classtype:trojan-activity;sid:84112092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.122.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248991/; classtype:trojan-activity;sid:84112091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.117.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248990/; classtype:trojan-activity;sid:84112090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.244.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248989/; classtype:trojan-activity;sid:84112089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.103.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248988/; classtype:trojan-activity;sid:84112088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.243.39"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248987/; classtype:trojan-activity;sid:84112087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.186.238.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248984/; classtype:trojan-activity;sid:84112084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.14.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248985/; classtype:trojan-activity;sid:84112085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.165.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248986/; classtype:trojan-activity;sid:84112086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.168.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248982/; classtype:trojan-activity;sid:84112082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.254.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248983/; classtype:trojan-activity;sid:84112083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.103.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248981/; classtype:trojan-activity;sid:84112081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.179.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248980/; classtype:trojan-activity;sid:84112080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.119.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248979/; classtype:trojan-activity;sid:84112079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.117.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248978/; classtype:trojan-activity;sid:84112078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248977/; classtype:trojan-activity;sid:84112077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.117.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248976/; classtype:trojan-activity;sid:84112076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.218.231"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248975/; classtype:trojan-activity;sid:84112075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248974/; classtype:trojan-activity;sid:84112074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.166.92"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248973/; classtype:trojan-activity;sid:84112073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.220.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248972/; classtype:trojan-activity;sid:84112072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.122.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248971/; classtype:trojan-activity;sid:84112071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.147.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248970/; classtype:trojan-activity;sid:84112070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.24.239.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248969/; classtype:trojan-activity;sid:84112069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.124.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248968/; classtype:trojan-activity;sid:84112068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.114.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248966/; classtype:trojan-activity;sid:84112066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248967/; classtype:trojan-activity;sid:84112067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.73.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248964/; classtype:trojan-activity;sid:84112064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.27.81.14"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248965/; classtype:trojan-activity;sid:84112065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.103.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248963/; classtype:trojan-activity;sid:84112063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.254.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248962/; classtype:trojan-activity;sid:84112062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.179.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248961/; classtype:trojan-activity;sid:84112061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.67.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248960/; classtype:trojan-activity;sid:84112060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.98.163.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248959/; classtype:trojan-activity;sid:84112059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248958/; classtype:trojan-activity;sid:84112058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.240.168.144"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248957/; classtype:trojan-activity;sid:84112057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.7.99.224"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248956/; classtype:trojan-activity;sid:84112056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.117.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248954/; classtype:trojan-activity;sid:84112054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.34.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248955/; classtype:trojan-activity;sid:84112055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.148.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248953/; classtype:trojan-activity;sid:84112053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.106.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248952/; classtype:trojan-activity;sid:84112052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.186.121.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248951/; classtype:trojan-activity;sid:84112051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.82.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248950/; classtype:trojan-activity;sid:84112050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.22.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248949/; classtype:trojan-activity;sid:84112049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.231.236.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248948/; classtype:trojan-activity;sid:84112048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.112.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248946/; classtype:trojan-activity;sid:84112046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.227.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248947/; classtype:trojan-activity;sid:84112047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.20.184"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248945/; classtype:trojan-activity;sid:84112045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.61.29.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248944/; classtype:trojan-activity;sid:84112044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.6.109.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248943/; classtype:trojan-activity;sid:84112043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.240.8.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248942/; classtype:trojan-activity;sid:84112042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.73.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248941/; classtype:trojan-activity;sid:84112041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.106.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248940/; classtype:trojan-activity;sid:84112040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.66.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248939/; classtype:trojan-activity;sid:84112039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.229.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248937/; classtype:trojan-activity;sid:84112037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.9.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248938/; classtype:trojan-activity;sid:84112038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.241.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248936/; classtype:trojan-activity;sid:84112036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.34.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248935/; classtype:trojan-activity;sid:84112035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.78.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248934/; classtype:trojan-activity;sid:84112034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.82.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248933/; classtype:trojan-activity;sid:84112033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.186.121.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248932/; classtype:trojan-activity;sid:84112032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.117.127"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248931/; classtype:trojan-activity;sid:84112031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.220.148.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248930/; classtype:trojan-activity;sid:84112030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.70.163.249"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248929/; classtype:trojan-activity;sid:84112029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.217.187.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248928/; classtype:trojan-activity;sid:84112028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.82.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248927/; classtype:trojan-activity;sid:84112027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.204.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248926/; classtype:trojan-activity;sid:84112026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.45.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248925/; classtype:trojan-activity;sid:84112025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.26.155.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248923/; classtype:trojan-activity;sid:84112023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248924/; classtype:trojan-activity;sid:84112024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248922/; classtype:trojan-activity;sid:84112022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.230.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248920/; classtype:trojan-activity;sid:84112020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.238.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248921/; classtype:trojan-activity;sid:84112021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.66.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248919/; classtype:trojan-activity;sid:84112019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.28.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248918/; classtype:trojan-activity;sid:84112018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.134.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248917/; classtype:trojan-activity;sid:84112017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.222.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248916/; classtype:trojan-activity;sid:84112016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.112.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248915/; classtype:trojan-activity;sid:84112015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.75.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248914/; classtype:trojan-activity;sid:84112014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248913/; classtype:trojan-activity;sid:84112013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.34.179"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248912/; classtype:trojan-activity;sid:84112012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.34.23.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248911/; classtype:trojan-activity;sid:84112011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.237.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248910/; classtype:trojan-activity;sid:84112010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.63.19"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248909/; classtype:trojan-activity;sid:84112009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.100.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248908/; classtype:trojan-activity;sid:84112008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.40.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248907/; classtype:trojan-activity;sid:84112007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.238.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248906/; classtype:trojan-activity;sid:84112006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.115.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248905/; classtype:trojan-activity;sid:84112005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"62.217.187.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248904/; classtype:trojan-activity;sid:84112004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248903/; classtype:trojan-activity;sid:84112003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.177.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248902/; classtype:trojan-activity;sid:84112002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.222.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248901/; classtype:trojan-activity;sid:84112001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.242.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248900/; classtype:trojan-activity;sid:84112000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248899/; classtype:trojan-activity;sid:84111999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.20.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248898/; classtype:trojan-activity;sid:84111998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.246.112.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248897/; classtype:trojan-activity;sid:84111997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.1.128"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248896/; classtype:trojan-activity;sid:84111996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.255.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248895/; classtype:trojan-activity;sid:84111995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.7.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248893/; classtype:trojan-activity;sid:84111993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.228.135.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248894/; classtype:trojan-activity;sid:84111994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.230.175"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248892/; classtype:trojan-activity;sid:84111992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.73.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248891/; classtype:trojan-activity;sid:84111991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.134.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248890/; classtype:trojan-activity;sid:84111990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.129.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248889/; classtype:trojan-activity;sid:84111989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.104.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248888/; classtype:trojan-activity;sid:84111988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.176.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248886/; classtype:trojan-activity;sid:84111986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.179.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248887/; classtype:trojan-activity;sid:84111987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.149.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248885/; classtype:trojan-activity;sid:84111985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.64.153.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248884/; classtype:trojan-activity;sid:84111984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.104.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248883/; classtype:trojan-activity;sid:84111983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.42.131.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248882/; classtype:trojan-activity;sid:84111982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.173.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248881/; classtype:trojan-activity;sid:84111981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.52.33.79"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248880/; classtype:trojan-activity;sid:84111980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.9.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248879/; classtype:trojan-activity;sid:84111979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.7.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248876/; classtype:trojan-activity;sid:84111976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.194.232.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248877/; classtype:trojan-activity;sid:84111977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.41.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248878/; classtype:trojan-activity;sid:84111978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.104.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248875/; classtype:trojan-activity;sid:84111975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.8.214.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248874/; classtype:trojan-activity;sid:84111974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.73.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248873/; classtype:trojan-activity;sid:84111973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.242.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248872/; classtype:trojan-activity;sid:84111972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248871/; classtype:trojan-activity;sid:84111971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.190.161.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248870/; classtype:trojan-activity;sid:84111970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.179.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248869/; classtype:trojan-activity;sid:84111969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.142.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248868/; classtype:trojan-activity;sid:84111968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.64.153.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248867/; classtype:trojan-activity;sid:84111967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.123.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248866/; classtype:trojan-activity;sid:84111966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.243.64"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248865/; classtype:trojan-activity;sid:84111965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.122.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248864/; classtype:trojan-activity;sid:84111964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.51.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248863/; classtype:trojan-activity;sid:84111963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.220.149.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248862/; classtype:trojan-activity;sid:84111962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.213.214.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248861/; classtype:trojan-activity;sid:84111961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.198.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248860/; classtype:trojan-activity;sid:84111960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.189.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248859/; classtype:trojan-activity;sid:84111959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.22.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248858/; classtype:trojan-activity;sid:84111958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.205.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248857/; classtype:trojan-activity;sid:84111957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.29.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248856/; classtype:trojan-activity;sid:84111956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.95.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248855/; classtype:trojan-activity;sid:84111955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.93.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248854/; classtype:trojan-activity;sid:84111954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.176.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248853/; classtype:trojan-activity;sid:84111953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.229.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248852/; classtype:trojan-activity;sid:84111952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248851/; classtype:trojan-activity;sid:84111951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.47.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248850/; classtype:trojan-activity;sid:84111950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248849/; classtype:trojan-activity;sid:84111949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.195.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248848/; classtype:trojan-activity;sid:84111948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.31.202.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248847/; classtype:trojan-activity;sid:84111947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.123.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248846/; classtype:trojan-activity;sid:84111946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.41.105"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248845/; classtype:trojan-activity;sid:84111945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248844/; classtype:trojan-activity;sid:84111944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.51.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248843/; classtype:trojan-activity;sid:84111943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.223.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248842/; classtype:trojan-activity;sid:84111942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.154.132.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248841/; classtype:trojan-activity;sid:84111941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.204.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248840/; classtype:trojan-activity;sid:84111940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.225.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248839/; classtype:trojan-activity;sid:84111939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.188.44"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248838/; classtype:trojan-activity;sid:84111938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.36.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248837/; classtype:trojan-activity;sid:84111937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.31.202.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248836/; classtype:trojan-activity;sid:84111936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.206.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248835/; classtype:trojan-activity;sid:84111935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.214.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248834/; classtype:trojan-activity;sid:84111934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.90.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248832/; classtype:trojan-activity;sid:84111932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.208.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248833/; classtype:trojan-activity;sid:84111933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.220.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248831/; classtype:trojan-activity;sid:84111931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.69.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248830/; classtype:trojan-activity;sid:84111930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.195.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248829/; classtype:trojan-activity;sid:84111929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.232.196.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248828/; classtype:trojan-activity;sid:84111928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.223.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248827/; classtype:trojan-activity;sid:84111927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.7.57.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248826/; classtype:trojan-activity;sid:84111926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.179.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248825/; classtype:trojan-activity;sid:84111925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.29.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248824/; classtype:trojan-activity;sid:84111924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.19.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248822/; classtype:trojan-activity;sid:84111922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.132.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248823/; classtype:trojan-activity;sid:84111923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.13.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248821/; classtype:trojan-activity;sid:84111921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.128.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248820/; classtype:trojan-activity;sid:84111920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.0.14.0"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248819/; classtype:trojan-activity;sid:84111919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.232.196.60"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248818/; classtype:trojan-activity;sid:84111918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.225.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248817/; classtype:trojan-activity;sid:84111917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.146.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248816/; classtype:trojan-activity;sid:84111916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.206.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248815/; classtype:trojan-activity;sid:84111915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.128.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248814/; classtype:trojan-activity;sid:84111914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.244.157"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248813/; classtype:trojan-activity;sid:84111913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.214.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248812/; classtype:trojan-activity;sid:84111912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.7.232.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248811/; classtype:trojan-activity;sid:84111911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.44.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248810/; classtype:trojan-activity;sid:84111910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.188.104.88"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248809/; classtype:trojan-activity;sid:84111909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.114.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248808/; classtype:trojan-activity;sid:84111908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.7.57.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248807/; classtype:trojan-activity;sid:84111907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.111.75.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248806/; classtype:trojan-activity;sid:84111906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.19.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248805/; classtype:trojan-activity;sid:84111905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.243.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248802/; classtype:trojan-activity;sid:84111902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.246.113.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248803/; classtype:trojan-activity;sid:84111903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.131.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248804/; classtype:trojan-activity;sid:84111904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.17.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248801/; classtype:trojan-activity;sid:84111901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.223.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248800/; classtype:trojan-activity;sid:84111900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.202.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248799/; classtype:trojan-activity;sid:84111899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.3.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248798/; classtype:trojan-activity;sid:84111898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.204.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248797/; classtype:trojan-activity;sid:84111897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.34.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248796/; classtype:trojan-activity;sid:84111896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248795/; classtype:trojan-activity;sid:84111895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.137.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248794/; classtype:trojan-activity;sid:84111894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.104.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248793/; classtype:trojan-activity;sid:84111893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.133.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248792/; classtype:trojan-activity;sid:84111892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.108.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248791/; classtype:trojan-activity;sid:84111891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.131.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248790/; classtype:trojan-activity;sid:84111890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.62.0"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248788/; classtype:trojan-activity;sid:84111888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.245.217.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248789/; classtype:trojan-activity;sid:84111889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.223.252"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248787/; classtype:trojan-activity;sid:84111887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.3.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248786/; classtype:trojan-activity;sid:84111886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.187.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248785/; classtype:trojan-activity;sid:84111885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.110.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248784/; classtype:trojan-activity;sid:84111884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.157.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248783/; classtype:trojan-activity;sid:84111883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.185"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248782/; classtype:trojan-activity;sid:84111882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248781/; classtype:trojan-activity;sid:84111881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"197.205.14.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248780/; classtype:trojan-activity;sid:84111880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.118.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248779/; classtype:trojan-activity;sid:84111879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.137.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248778/; classtype:trojan-activity;sid:84111878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.4.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248777/; classtype:trojan-activity;sid:84111877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.99.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248776/; classtype:trojan-activity;sid:84111876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.69.103.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248775/; classtype:trojan-activity;sid:84111875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.192.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248774/; classtype:trojan-activity;sid:84111874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.95.81.157"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248773/; classtype:trojan-activity;sid:84111873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248772/; classtype:trojan-activity;sid:84111872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"193.153.109.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248770/; classtype:trojan-activity;sid:84111870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/madamwebbbbbbbbbbase6444.txt"; depth:29; endswith; nocase; http.host; content:"198.46.178.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248771/; classtype:trojan-activity;sid:84111871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248769/; classtype:trojan-activity;sid:84111869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.110.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248768/; classtype:trojan-activity;sid:84111868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.224.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248767/; classtype:trojan-activity;sid:84111867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win78mpdw-constraints.vbs"; depth:26; endswith; nocase; http.host; content:"198.46.178.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248766/; classtype:trojan-activity;sid:84111866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.219.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248765/; classtype:trojan-activity;sid:84111865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.65.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248764/; classtype:trojan-activity;sid:84111864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.4.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248763/; classtype:trojan-activity;sid:84111863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.180.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248762/; classtype:trojan-activity;sid:84111862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.73.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248761/; classtype:trojan-activity;sid:84111861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.77.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248760/; classtype:trojan-activity;sid:84111860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.99.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248759/; classtype:trojan-activity;sid:84111859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.192.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248758/; classtype:trojan-activity;sid:84111858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.69.103.112"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248757/; classtype:trojan-activity;sid:84111857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.199.116.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248756/; classtype:trojan-activity;sid:84111856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.126.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248755/; classtype:trojan-activity;sid:84111855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.88.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248754/; classtype:trojan-activity;sid:84111854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.235.251.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248753/; classtype:trojan-activity;sid:84111853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.127.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248752/; classtype:trojan-activity;sid:84111852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.224.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248750/; classtype:trojan-activity;sid:84111850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.65.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248751/; classtype:trojan-activity;sid:84111851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.37.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248749/; classtype:trojan-activity;sid:84111849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248748/; classtype:trojan-activity;sid:84111848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.73.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248747/; classtype:trojan-activity;sid:84111847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/m68k"; depth:9; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248745/; classtype:trojan-activity;sid:84111845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/arm7"; depth:9; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248746/; classtype:trojan-activity;sid:84111846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/arm6"; depth:9; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248744/; classtype:trojan-activity;sid:84111844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/ppc"; depth:8; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248740/; classtype:trojan-activity;sid:84111840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/x86_64"; depth:11; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248741/; classtype:trojan-activity;sid:84111841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.224.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248742/; classtype:trojan-activity;sid:84111842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.185.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248743/; classtype:trojan-activity;sid:84111843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/mpsl"; depth:9; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248735/; classtype:trojan-activity;sid:84111835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/sh4"; depth:8; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248736/; classtype:trojan-activity;sid:84111836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/arm"; depth:8; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248737/; classtype:trojan-activity;sid:84111837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/x86"; depth:8; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248738/; classtype:trojan-activity;sid:84111838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btn/arm5"; depth:9; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248739/; classtype:trojan-activity;sid:84111839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.241.109"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248734/; classtype:trojan-activity;sid:84111834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.82.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248733/; classtype:trojan-activity;sid:84111833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.233.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248732/; classtype:trojan-activity;sid:84111832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.197.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248731/; classtype:trojan-activity;sid:84111831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.106.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248730/; classtype:trojan-activity;sid:84111830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.152.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248729/; classtype:trojan-activity;sid:84111829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orderreview"; depth:12; endswith; nocase; http.host; content:"lbko.rooms.fierceatfifty.com"; depth:28; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248728/; classtype:trojan-activity;sid:84111828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.37.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248727/; classtype:trojan-activity;sid:84111827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.3.102"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248726/; classtype:trojan-activity;sid:84111826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/irq2"; depth:7; endswith; nocase; http.host; content:"61.215.136.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248725/; classtype:trojan-activity;sid:84111825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/irq1"; depth:7; endswith; nocase; http.host; content:"61.215.136.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248723/; classtype:trojan-activity;sid:84111823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/irq0"; depth:7; endswith; nocase; http.host; content:"61.215.136.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248724/; classtype:trojan-activity;sid:84111824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/pty"; depth:6; endswith; nocase; http.host; content:"61.215.136.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248722/; classtype:trojan-activity;sid:84111822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay.sh"; depth:7; endswith; nocase; http.host; content:"floodernetwork111.accesscam.org"; depth:31; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248721/; classtype:trojan-activity;sid:84111821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/1sh"; depth:6; endswith; nocase; http.host; content:"61.215.136.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248720/; classtype:trojan-activity;sid:84111820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"62.60.157.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248719/; classtype:trojan-activity;sid:84111819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mexalz.sh"; depth:10; endswith; nocase; http.host; content:"154.213.192.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248718/; classtype:trojan-activity;sid:84111818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.185.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248717/; classtype:trojan-activity;sid:84111817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.25.233.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248715/; classtype:trojan-activity;sid:84111815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.102.101"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248716/; classtype:trojan-activity;sid:84111816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.224.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248713/; classtype:trojan-activity;sid:84111813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.197.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248714/; classtype:trojan-activity;sid:84111814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.68.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248712/; classtype:trojan-activity;sid:84111812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.131.55"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248711/; classtype:trojan-activity;sid:84111811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.95.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248710/; classtype:trojan-activity;sid:84111810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.106.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248709/; classtype:trojan-activity;sid:84111809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.223.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248708/; classtype:trojan-activity;sid:84111808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.185.157.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248707/; classtype:trojan-activity;sid:84111807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.197.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248706/; classtype:trojan-activity;sid:84111806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.93.125"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248705/; classtype:trojan-activity;sid:84111805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.163.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248704/; classtype:trojan-activity;sid:84111804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.3.152.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248703/; classtype:trojan-activity;sid:84111803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.25.233.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248702/; classtype:trojan-activity;sid:84111802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.83.44.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248701/; classtype:trojan-activity;sid:84111801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.129.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248700/; classtype:trojan-activity;sid:84111800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248699/; classtype:trojan-activity;sid:84111799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.246.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248698/; classtype:trojan-activity;sid:84111798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248697/; classtype:trojan-activity;sid:84111797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.235.77.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248696/; classtype:trojan-activity;sid:84111796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.112.4.188"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248693/; classtype:trojan-activity;sid:84111793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.38.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248694/; classtype:trojan-activity;sid:84111794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.1.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248695/; classtype:trojan-activity;sid:84111795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.168.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248692/; classtype:trojan-activity;sid:84111792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.64.214"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248691/; classtype:trojan-activity;sid:84111791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.236.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248690/; classtype:trojan-activity;sid:84111790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.178.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248689/; classtype:trojan-activity;sid:84111789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.68.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248688/; classtype:trojan-activity;sid:84111788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.74.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248687/; classtype:trojan-activity;sid:84111787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.166.116.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248686/; classtype:trojan-activity;sid:84111786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.214.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248685/; classtype:trojan-activity;sid:84111785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.70.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248683/; classtype:trojan-activity;sid:84111783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248684/; classtype:trojan-activity;sid:84111784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.129.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248681/; classtype:trojan-activity;sid:84111781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248682/; classtype:trojan-activity;sid:84111782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.65.211.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248680/; classtype:trojan-activity;sid:84111780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.79.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248679/; classtype:trojan-activity;sid:84111779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.246.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248678/; classtype:trojan-activity;sid:84111778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.179.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248677/; classtype:trojan-activity;sid:84111777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.214.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248676/; classtype:trojan-activity;sid:84111776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.89.2.145"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248674/; classtype:trojan-activity;sid:84111774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.185.73.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248675/; classtype:trojan-activity;sid:84111775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.28.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248673/; classtype:trojan-activity;sid:84111773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248672/; classtype:trojan-activity;sid:84111772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.7.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248671/; classtype:trojan-activity;sid:84111771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.197.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248670/; classtype:trojan-activity;sid:84111770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.11.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248669/; classtype:trojan-activity;sid:84111769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.62.253.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248668/; classtype:trojan-activity;sid:84111768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.179.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248667/; classtype:trojan-activity;sid:84111767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.70.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248666/; classtype:trojan-activity;sid:84111766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248665/; classtype:trojan-activity;sid:84111765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.84.117.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248664/; classtype:trojan-activity;sid:84111764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.124.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248663/; classtype:trojan-activity;sid:84111763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.173.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248662/; classtype:trojan-activity;sid:84111762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.236.116.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248660/; classtype:trojan-activity;sid:84111760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.95.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248661/; classtype:trojan-activity;sid:84111761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.243.9"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248659/; classtype:trojan-activity;sid:84111759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.209.70"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248658/; classtype:trojan-activity;sid:84111758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.249.113.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248657/; classtype:trojan-activity;sid:84111757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.29.253"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248656/; classtype:trojan-activity;sid:84111756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248655/; classtype:trojan-activity;sid:84111755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.74.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248654/; classtype:trojan-activity;sid:84111754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.171.168.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248653/; classtype:trojan-activity;sid:84111753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.23.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248652/; classtype:trojan-activity;sid:84111752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.27.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248650/; classtype:trojan-activity;sid:84111750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.76.192"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248651/; classtype:trojan-activity;sid:84111751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.6.114.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248649/; classtype:trojan-activity;sid:84111749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.177.180.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248648/; classtype:trojan-activity;sid:84111748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.105.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248647/; classtype:trojan-activity;sid:84111747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.79.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248646/; classtype:trojan-activity;sid:84111746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.111.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248645/; classtype:trojan-activity;sid:84111745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248644/; classtype:trojan-activity;sid:84111744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/7vbu8zw8lfi8mn5.doc"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248642/; classtype:trojan-activity;sid:84111742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txt/7vbu8zw8lfi8mn5.exe"; depth:24; endswith; nocase; http.host; content:"87.120.84.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248643/; classtype:trojan-activity;sid:84111743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.208.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248641/; classtype:trojan-activity;sid:84111741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.185.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248640/; classtype:trojan-activity;sid:84111740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.37.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248639/; classtype:trojan-activity;sid:84111739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lftlvieo72.bin"; depth:15; endswith; nocase; http.host; content:"204.10.160.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248638/; classtype:trojan-activity;sid:84111738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.23.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248637/; classtype:trojan-activity;sid:84111737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.106.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248636/; classtype:trojan-activity;sid:84111736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.13.245"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248635/; classtype:trojan-activity;sid:84111735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.111.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248634/; classtype:trojan-activity;sid:84111734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.171.168.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248633/; classtype:trojan-activity;sid:84111733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.237.0.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248631/; classtype:trojan-activity;sid:84111731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.121.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248632/; classtype:trojan-activity;sid:84111732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.225.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248630/; classtype:trojan-activity;sid:84111730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.204.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248629/; classtype:trojan-activity;sid:84111729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.208.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248628/; classtype:trojan-activity;sid:84111728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.58"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248627/; classtype:trojan-activity;sid:84111727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.185.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248626/; classtype:trojan-activity;sid:84111726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.79.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248625/; classtype:trojan-activity;sid:84111725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.59.152.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248624/; classtype:trojan-activity;sid:84111724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.57.209.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248623/; classtype:trojan-activity;sid:84111723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.141.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248622/; classtype:trojan-activity;sid:84111722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.184.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248621/; classtype:trojan-activity;sid:84111721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.24.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248620/; classtype:trojan-activity;sid:84111720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.172.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248619/; classtype:trojan-activity;sid:84111719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.145.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248618/; classtype:trojan-activity;sid:84111718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.25.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248616/; classtype:trojan-activity;sid:84111716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.96.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248617/; classtype:trojan-activity;sid:84111717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.220.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248615/; classtype:trojan-activity;sid:84111715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.92.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248614/; classtype:trojan-activity;sid:84111714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.57.209.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248613/; classtype:trojan-activity;sid:84111713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.240.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248612/; classtype:trojan-activity;sid:84111712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.113.32"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248611/; classtype:trojan-activity;sid:84111711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.72.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248610/; classtype:trojan-activity;sid:84111710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.118.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248609/; classtype:trojan-activity;sid:84111709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.71.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248608/; classtype:trojan-activity;sid:84111708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.215.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248607/; classtype:trojan-activity;sid:84111707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248606/; classtype:trojan-activity;sid:84111706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.105.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248605/; classtype:trojan-activity;sid:84111705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248604/; classtype:trojan-activity;sid:84111704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.128.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248603/; classtype:trojan-activity;sid:84111703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.17.222"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248602/; classtype:trojan-activity;sid:84111702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.85.190.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248600/; classtype:trojan-activity;sid:84111700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.21.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248601/; classtype:trojan-activity;sid:84111701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.145.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248599/; classtype:trojan-activity;sid:84111699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.96.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248598/; classtype:trojan-activity;sid:84111698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.237.108.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248596/; classtype:trojan-activity;sid:84111696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.25.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248597/; classtype:trojan-activity;sid:84111697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.173.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248595/; classtype:trojan-activity;sid:84111695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.162.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248593/; classtype:trojan-activity;sid:84111693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.248.53.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248594/; classtype:trojan-activity;sid:84111694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.105.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248592/; classtype:trojan-activity;sid:84111692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.146.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248591/; classtype:trojan-activity;sid:84111691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.183.96.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248590/; classtype:trojan-activity;sid:84111690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.162.34.215"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248589/; classtype:trojan-activity;sid:84111689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.45.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248588/; classtype:trojan-activity;sid:84111688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.157.144.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248587/; classtype:trojan-activity;sid:84111687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.61.111.161"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248585/; classtype:trojan-activity;sid:84111685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.79.108.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248586/; classtype:trojan-activity;sid:84111686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.66.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248584/; classtype:trojan-activity;sid:84111684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.9.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248583/; classtype:trojan-activity;sid:84111683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.120.230.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248582/; classtype:trojan-activity;sid:84111682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.131.163.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248581/; classtype:trojan-activity;sid:84111681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.212.104.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248580/; classtype:trojan-activity;sid:84111680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.143.201"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248579/; classtype:trojan-activity;sid:84111679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.101.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248578/; classtype:trojan-activity;sid:84111678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.242.249.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248577/; classtype:trojan-activity;sid:84111677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.139.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248576/; classtype:trojan-activity;sid:84111676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.120.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248574/; classtype:trojan-activity;sid:84111674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.119.248.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248575/; classtype:trojan-activity;sid:84111675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.27.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248573/; classtype:trojan-activity;sid:84111673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248572/; classtype:trojan-activity;sid:84111672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.10.19.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248571/; classtype:trojan-activity;sid:84111671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.103.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248570/; classtype:trojan-activity;sid:84111670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.53.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248569/; classtype:trojan-activity;sid:84111669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.162.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248568/; classtype:trojan-activity;sid:84111668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.52.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248566/; classtype:trojan-activity;sid:84111666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.205.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248567/; classtype:trojan-activity;sid:84111667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248565/; classtype:trojan-activity;sid:84111665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.90.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248563/; classtype:trojan-activity;sid:84111663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.26.196.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248564/; classtype:trojan-activity;sid:84111664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.6.35.134"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248561/; classtype:trojan-activity;sid:84111661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.215.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248562/; classtype:trojan-activity;sid:84111662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.91.204.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248560/; classtype:trojan-activity;sid:84111660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.82.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248559/; classtype:trojan-activity;sid:84111659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.86.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248558/; classtype:trojan-activity;sid:84111658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.103.72.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248557/; classtype:trojan-activity;sid:84111657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.19.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248556/; classtype:trojan-activity;sid:84111656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.212.104.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248555/; classtype:trojan-activity;sid:84111655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.103.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248554/; classtype:trojan-activity;sid:84111654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.232.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248553/; classtype:trojan-activity;sid:84111653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.101.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248552/; classtype:trojan-activity;sid:84111652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.9.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248551/; classtype:trojan-activity;sid:84111651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.221.96.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248550/; classtype:trojan-activity;sid:84111650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.9.46.62"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248549/; classtype:trojan-activity;sid:84111649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.115.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248548/; classtype:trojan-activity;sid:84111648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.115.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248547/; classtype:trojan-activity;sid:84111647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.47"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248546/; classtype:trojan-activity;sid:84111646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.8.28.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248545/; classtype:trojan-activity;sid:84111645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.200.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248544/; classtype:trojan-activity;sid:84111644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.232.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248543/; classtype:trojan-activity;sid:84111643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.142.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248542/; classtype:trojan-activity;sid:84111642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.109.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248541/; classtype:trojan-activity;sid:84111641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.90.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248540/; classtype:trojan-activity;sid:84111640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248539/; classtype:trojan-activity;sid:84111639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.86.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248538/; classtype:trojan-activity;sid:84111638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.89.232.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248537/; classtype:trojan-activity;sid:84111637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.154.44.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248536/; classtype:trojan-activity;sid:84111636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.220.162.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248535/; classtype:trojan-activity;sid:84111635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.82.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248533/; classtype:trojan-activity;sid:84111633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.102.160"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248534/; classtype:trojan-activity;sid:84111634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.7.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248532/; classtype:trojan-activity;sid:84111632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.185.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248531/; classtype:trojan-activity;sid:84111631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.242.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248530/; classtype:trojan-activity;sid:84111630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.19.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248529/; classtype:trojan-activity;sid:84111629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.94.149"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248528/; classtype:trojan-activity;sid:84111628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.200.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248527/; classtype:trojan-activity;sid:84111627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.72.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248526/; classtype:trojan-activity;sid:84111626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.64.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248525/; classtype:trojan-activity;sid:84111625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.175.153.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248524/; classtype:trojan-activity;sid:84111624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.211.31"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248522/; classtype:trojan-activity;sid:84111622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.241.48.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248523/; classtype:trojan-activity;sid:84111623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248521/; classtype:trojan-activity;sid:84111621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.126.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248520/; classtype:trojan-activity;sid:84111620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.91.223.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248519/; classtype:trojan-activity;sid:84111619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.200.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248518/; classtype:trojan-activity;sid:84111618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.118.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248517/; classtype:trojan-activity;sid:84111617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.142.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248516/; classtype:trojan-activity;sid:84111616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.64.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248515/; classtype:trojan-activity;sid:84111615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.227.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248514/; classtype:trojan-activity;sid:84111614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.53.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248512/; classtype:trojan-activity;sid:84111612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.147.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248513/; classtype:trojan-activity;sid:84111613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.100.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248511/; classtype:trojan-activity;sid:84111611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.242.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248510/; classtype:trojan-activity;sid:84111610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.231.117.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248509/; classtype:trojan-activity;sid:84111609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.87.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248508/; classtype:trojan-activity;sid:84111608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.69.47"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248507/; classtype:trojan-activity;sid:84111607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installnew.exe"; depth:15; endswith; nocase; http.host; content:"mostar-info.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248506/; classtype:trojan-activity;sid:84111606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.25.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248505/; classtype:trojan-activity;sid:84111605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.248.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248504/; classtype:trojan-activity;sid:84111604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.20.132"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248503/; classtype:trojan-activity;sid:84111603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.181.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248502/; classtype:trojan-activity;sid:84111602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.192.39.139"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248501/; classtype:trojan-activity;sid:84111601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248500/; classtype:trojan-activity;sid:84111600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.249.100.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248499/; classtype:trojan-activity;sid:84111599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.210.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248498/; classtype:trojan-activity;sid:84111598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.92.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248497/; classtype:trojan-activity;sid:84111597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.47.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248496/; classtype:trojan-activity;sid:84111596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.8.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248495/; classtype:trojan-activity;sid:84111595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.118.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248494/; classtype:trojan-activity;sid:84111594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.121.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248493/; classtype:trojan-activity;sid:84111593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.239.39.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248492/; classtype:trojan-activity;sid:84111592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.53.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248491/; classtype:trojan-activity;sid:84111591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.147.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248490/; classtype:trojan-activity;sid:84111590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.91.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248489/; classtype:trojan-activity;sid:84111589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.83.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248488/; classtype:trojan-activity;sid:84111588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.11.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248487/; classtype:trojan-activity;sid:84111587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.26.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248485/; classtype:trojan-activity;sid:84111585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.122.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248486/; classtype:trojan-activity;sid:84111586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.87.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248484/; classtype:trojan-activity;sid:84111584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248482/; classtype:trojan-activity;sid:84111582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.206.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248483/; classtype:trojan-activity;sid:84111583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.202.64.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248481/; classtype:trojan-activity;sid:84111581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.57.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248480/; classtype:trojan-activity;sid:84111580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248478/; classtype:trojan-activity;sid:84111578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.13"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248479/; classtype:trojan-activity;sid:84111579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.120.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248477/; classtype:trojan-activity;sid:84111577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.201.42.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248476/; classtype:trojan-activity;sid:84111576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.171.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248475/; classtype:trojan-activity;sid:84111575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.187.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248474/; classtype:trojan-activity;sid:84111574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.179.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248473/; classtype:trojan-activity;sid:84111573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.54.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248472/; classtype:trojan-activity;sid:84111572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.147.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248471/; classtype:trojan-activity;sid:84111571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.122.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248470/; classtype:trojan-activity;sid:84111570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.231.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248469/; classtype:trojan-activity;sid:84111569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.8.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248468/; classtype:trojan-activity;sid:84111568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.91.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248467/; classtype:trojan-activity;sid:84111567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.47.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248466/; classtype:trojan-activity;sid:84111566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.89.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248465/; classtype:trojan-activity;sid:84111565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.154.194.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248464/; classtype:trojan-activity;sid:84111564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.147.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248463/; classtype:trojan-activity;sid:84111563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.183.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248462/; classtype:trojan-activity;sid:84111562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.206.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248461/; classtype:trojan-activity;sid:84111561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.210.185.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248460/; classtype:trojan-activity;sid:84111560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.182.119.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248459/; classtype:trojan-activity;sid:84111559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.9.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248458/; classtype:trojan-activity;sid:84111558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248457/; classtype:trojan-activity;sid:84111557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.89.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248456/; classtype:trojan-activity;sid:84111556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.84.95.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248455/; classtype:trojan-activity;sid:84111555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.12.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248454/; classtype:trojan-activity;sid:84111554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.120.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248452/; classtype:trojan-activity;sid:84111552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.98.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248453/; classtype:trojan-activity;sid:84111553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.203.127.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248450/; classtype:trojan-activity;sid:84111550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.26.196.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248451/; classtype:trojan-activity;sid:84111551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.30.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248449/; classtype:trojan-activity;sid:84111549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.97.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248448/; classtype:trojan-activity;sid:84111548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.28.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248447/; classtype:trojan-activity;sid:84111547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.130.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248446/; classtype:trojan-activity;sid:84111546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.14.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248445/; classtype:trojan-activity;sid:84111545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.178.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248444/; classtype:trojan-activity;sid:84111544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.9.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248443/; classtype:trojan-activity;sid:84111543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.138.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248442/; classtype:trojan-activity;sid:84111542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.14.136.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248441/; classtype:trojan-activity;sid:84111541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.25.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248439/; classtype:trojan-activity;sid:84111539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.154.194.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248440/; classtype:trojan-activity;sid:84111540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.52.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248438/; classtype:trojan-activity;sid:84111538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.84.136.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248437/; classtype:trojan-activity;sid:84111537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.183.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248436/; classtype:trojan-activity;sid:84111536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.8.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248435/; classtype:trojan-activity;sid:84111535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.212.98.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248434/; classtype:trojan-activity;sid:84111534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.0.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248433/; classtype:trojan-activity;sid:84111533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.133.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248432/; classtype:trojan-activity;sid:84111532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.22.116.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248431/; classtype:trojan-activity;sid:84111531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.94.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248430/; classtype:trojan-activity;sid:84111530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.122.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248428/; classtype:trojan-activity;sid:84111528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.220.147.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248429/; classtype:trojan-activity;sid:84111529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.69.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248427/; classtype:trojan-activity;sid:84111527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.95.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248426/; classtype:trojan-activity;sid:84111526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.59.152.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248425/; classtype:trojan-activity;sid:84111525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.30.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248424/; classtype:trojan-activity;sid:84111524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.84.195.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248423/; classtype:trojan-activity;sid:84111523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.141.126"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248422/; classtype:trojan-activity;sid:84111522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.137.119"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248421/; classtype:trojan-activity;sid:84111521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.92.14.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248420/; classtype:trojan-activity;sid:84111520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.69.156"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248418/; classtype:trojan-activity;sid:84111518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.0.188"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248419/; classtype:trojan-activity;sid:84111519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.36.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248417/; classtype:trojan-activity;sid:84111517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.39.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248416/; classtype:trojan-activity;sid:84111516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.37.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248413/; classtype:trojan-activity;sid:84111513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.64.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248414/; classtype:trojan-activity;sid:84111514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"152.252.94.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248415/; classtype:trojan-activity;sid:84111515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248412/; classtype:trojan-activity;sid:84111512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.22.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248411/; classtype:trojan-activity;sid:84111511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.60.35.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248410/; classtype:trojan-activity;sid:84111510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.15.254.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248409/; classtype:trojan-activity;sid:84111509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.200.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248408/; classtype:trojan-activity;sid:84111508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.227.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248407/; classtype:trojan-activity;sid:84111507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.176.79"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248406/; classtype:trojan-activity;sid:84111506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.63.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248405/; classtype:trojan-activity;sid:84111505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.19.57.209"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248404/; classtype:trojan-activity;sid:84111504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.183.183"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248403/; classtype:trojan-activity;sid:84111503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.25.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248402/; classtype:trojan-activity;sid:84111502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.198"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248401/; classtype:trojan-activity;sid:84111501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.108.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248400/; classtype:trojan-activity;sid:84111500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.231.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248399/; classtype:trojan-activity;sid:84111499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.69.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248398/; classtype:trojan-activity;sid:84111498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.45.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248397/; classtype:trojan-activity;sid:84111497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.38.255"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248396/; classtype:trojan-activity;sid:84111496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.40.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248395/; classtype:trojan-activity;sid:84111495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.116.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248394/; classtype:trojan-activity;sid:84111494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.6.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248393/; classtype:trojan-activity;sid:84111493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.150.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248392/; classtype:trojan-activity;sid:84111492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.174.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248391/; classtype:trojan-activity;sid:84111491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.121.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248390/; classtype:trojan-activity;sid:84111490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.154.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248389/; classtype:trojan-activity;sid:84111489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.220.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248388/; classtype:trojan-activity;sid:84111488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.85.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248387/; classtype:trojan-activity;sid:84111487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.197.168.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248386/; classtype:trojan-activity;sid:84111486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.208.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248385/; classtype:trojan-activity;sid:84111485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.29.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248384/; classtype:trojan-activity;sid:84111484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.62.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248383/; classtype:trojan-activity;sid:84111483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.181.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248382/; classtype:trojan-activity;sid:84111482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.247.113.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248381/; classtype:trojan-activity;sid:84111481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.187.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248380/; classtype:trojan-activity;sid:84111480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.27.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248379/; classtype:trojan-activity;sid:84111479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.166.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248378/; classtype:trojan-activity;sid:84111478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.207.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248377/; classtype:trojan-activity;sid:84111477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.103.72.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248376/; classtype:trojan-activity;sid:84111476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.231.191"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248375/; classtype:trojan-activity;sid:84111475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.126.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248374/; classtype:trojan-activity;sid:84111474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248373/; classtype:trojan-activity;sid:84111473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.19.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248372/; classtype:trojan-activity;sid:84111472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.231.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248370/; classtype:trojan-activity;sid:84111470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.41.138.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248371/; classtype:trojan-activity;sid:84111471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.210.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248369/; classtype:trojan-activity;sid:84111469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.116.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248367/; classtype:trojan-activity;sid:84111467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.104.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248368/; classtype:trojan-activity;sid:84111468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.241.248"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248366/; classtype:trojan-activity;sid:84111466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.6.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248365/; classtype:trojan-activity;sid:84111465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.227.213"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248364/; classtype:trojan-activity;sid:84111464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.198.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248363/; classtype:trojan-activity;sid:84111463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.166.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248362/; classtype:trojan-activity;sid:84111462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.183.54.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248361/; classtype:trojan-activity;sid:84111461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.71.253"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248360/; classtype:trojan-activity;sid:84111460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.26.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248359/; classtype:trojan-activity;sid:84111459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.220.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248358/; classtype:trojan-activity;sid:84111458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.187.108"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248356/; classtype:trojan-activity;sid:84111456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.124.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248357/; classtype:trojan-activity;sid:84111457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.62.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248355/; classtype:trojan-activity;sid:84111455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.17.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248353/; classtype:trojan-activity;sid:84111453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.112.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248354/; classtype:trojan-activity;sid:84111454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.243.220.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248352/; classtype:trojan-activity;sid:84111452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.186.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248351/; classtype:trojan-activity;sid:84111451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.59.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248350/; classtype:trojan-activity;sid:84111450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.57.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248349/; classtype:trojan-activity;sid:84111449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.121.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248348/; classtype:trojan-activity;sid:84111448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.183.54.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248347/; classtype:trojan-activity;sid:84111447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.17.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248345/; classtype:trojan-activity;sid:84111445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.207.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248346/; classtype:trojan-activity;sid:84111446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.154.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248344/; classtype:trojan-activity;sid:84111444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.122.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248343/; classtype:trojan-activity;sid:84111443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.116.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248340/; classtype:trojan-activity;sid:84111440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.84.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248341/; classtype:trojan-activity;sid:84111441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.75.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248342/; classtype:trojan-activity;sid:84111442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.53.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248339/; classtype:trojan-activity;sid:84111439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.23.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248338/; classtype:trojan-activity;sid:84111438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.78.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248337/; classtype:trojan-activity;sid:84111437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.104.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248336/; classtype:trojan-activity;sid:84111436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.1.238.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248335/; classtype:trojan-activity;sid:84111435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.50.253.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248333/; classtype:trojan-activity;sid:84111433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.164.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248334/; classtype:trojan-activity;sid:84111434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.84.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248332/; classtype:trojan-activity;sid:84111432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.70.25.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248330/; classtype:trojan-activity;sid:84111430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.0.9.16"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248331/; classtype:trojan-activity;sid:84111431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.217.254.251"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248329/; classtype:trojan-activity;sid:84111429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.168.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248328/; classtype:trojan-activity;sid:84111428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.220.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248327/; classtype:trojan-activity;sid:84111427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.204.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248326/; classtype:trojan-activity;sid:84111426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.166.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248325/; classtype:trojan-activity;sid:84111425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.86.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248323/; classtype:trojan-activity;sid:84111423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.210.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248324/; classtype:trojan-activity;sid:84111424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.120.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248321/; classtype:trojan-activity;sid:84111421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.94.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248322/; classtype:trojan-activity;sid:84111422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.220.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248320/; classtype:trojan-activity;sid:84111420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.59.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248319/; classtype:trojan-activity;sid:84111419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.124.192"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248318/; classtype:trojan-activity;sid:84111418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.57.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248317/; classtype:trojan-activity;sid:84111417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248316/; classtype:trojan-activity;sid:84111416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.98.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248315/; classtype:trojan-activity;sid:84111415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.235.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248314/; classtype:trojan-activity;sid:84111414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.178.33.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248313/; classtype:trojan-activity;sid:84111413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.29.137.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248312/; classtype:trojan-activity;sid:84111412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.85.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248311/; classtype:trojan-activity;sid:84111411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.75.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248310/; classtype:trojan-activity;sid:84111410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.128.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248309/; classtype:trojan-activity;sid:84111409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.6.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248308/; classtype:trojan-activity;sid:84111408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.89.253"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248307/; classtype:trojan-activity;sid:84111407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248306/; classtype:trojan-activity;sid:84111406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.173.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248305/; classtype:trojan-activity;sid:84111405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.85.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248304/; classtype:trojan-activity;sid:84111404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.81.26.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248303/; classtype:trojan-activity;sid:84111403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.120.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248302/; classtype:trojan-activity;sid:84111402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.168.222.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248300/; classtype:trojan-activity;sid:84111400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.157.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248301/; classtype:trojan-activity;sid:84111401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.84.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248299/; classtype:trojan-activity;sid:84111399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.3.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248298/; classtype:trojan-activity;sid:84111398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.129.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248297/; classtype:trojan-activity;sid:84111397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.34.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248296/; classtype:trojan-activity;sid:84111396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.84.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248295/; classtype:trojan-activity;sid:84111395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.88.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248294/; classtype:trojan-activity;sid:84111394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.134.9.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248293/; classtype:trojan-activity;sid:84111393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.150.53.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248292/; classtype:trojan-activity;sid:84111392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.216.120"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248291/; classtype:trojan-activity;sid:84111391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.126.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248290/; classtype:trojan-activity;sid:84111390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.6.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248289/; classtype:trojan-activity;sid:84111389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.164.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248288/; classtype:trojan-activity;sid:84111388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.109.188.55"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248287/; classtype:trojan-activity;sid:84111387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.213.125.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248286/; classtype:trojan-activity;sid:84111386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.119.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248285/; classtype:trojan-activity;sid:84111385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.181.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248284/; classtype:trojan-activity;sid:84111384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.192.232.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248283/; classtype:trojan-activity;sid:84111383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.241.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248282/; classtype:trojan-activity;sid:84111382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.42.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248281/; classtype:trojan-activity;sid:84111381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.3.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248280/; classtype:trojan-activity;sid:84111380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.94.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248279/; classtype:trojan-activity;sid:84111379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.84.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248278/; classtype:trojan-activity;sid:84111378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.79.27"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248277/; classtype:trojan-activity;sid:84111377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.217.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248276/; classtype:trojan-activity;sid:84111376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.45.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248275/; classtype:trojan-activity;sid:84111375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.183.179"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248274/; classtype:trojan-activity;sid:84111374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.225.125.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248272/; classtype:trojan-activity;sid:84111372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.176.188.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248273/; classtype:trojan-activity;sid:84111373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.248.12.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248271/; classtype:trojan-activity;sid:84111371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.22.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248270/; classtype:trojan-activity;sid:84111370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.56.94"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248269/; classtype:trojan-activity;sid:84111369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.119.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248268/; classtype:trojan-activity;sid:84111368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.80.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248267/; classtype:trojan-activity;sid:84111367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.103.87"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248266/; classtype:trojan-activity;sid:84111366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.220.77"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248265/; classtype:trojan-activity;sid:84111365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.64.239.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248264/; classtype:trojan-activity;sid:84111364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.181.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248263/; classtype:trojan-activity;sid:84111363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248262/; classtype:trojan-activity;sid:84111362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.80.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248261/; classtype:trojan-activity;sid:84111361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.254.173.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248259/; classtype:trojan-activity;sid:84111359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.31.132"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248260/; classtype:trojan-activity;sid:84111360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k6-cyofkr57olbt-agaeev7zetbxhs_a"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248257/; classtype:trojan-activity;sid:84111357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1bxzsqthwsqe7vcpkw20a5iklbq5zjsh-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248258/; classtype:trojan-activity;sid:84111358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.217.122.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248256/; classtype:trojan-activity;sid:84111356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.157.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248255/; classtype:trojan-activity;sid:84111355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.139.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248254/; classtype:trojan-activity;sid:84111354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.0.136"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248253/; classtype:trojan-activity;sid:84111353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.22.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248252/; classtype:trojan-activity;sid:84111352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.181.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248251/; classtype:trojan-activity;sid:84111351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.216.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248249/; classtype:trojan-activity;sid:84111349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.232.211.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248250/; classtype:trojan-activity;sid:84111350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.7.145"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248248/; classtype:trojan-activity;sid:84111348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.81.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248247/; classtype:trojan-activity;sid:84111347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.207.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248245/; classtype:trojan-activity;sid:84111345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.34.91"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248246/; classtype:trojan-activity;sid:84111346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.100.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248241/; classtype:trojan-activity;sid:84111341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.40.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248242/; classtype:trojan-activity;sid:84111342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.181.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248243/; classtype:trojan-activity;sid:84111343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.51.54"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248244/; classtype:trojan-activity;sid:84111344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.80.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248240/; classtype:trojan-activity;sid:84111340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.55.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248239/; classtype:trojan-activity;sid:84111339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.182.156.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248238/; classtype:trojan-activity;sid:84111338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.165.80.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248237/; classtype:trojan-activity;sid:84111337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.197.112.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248236/; classtype:trojan-activity;sid:84111336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.181.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248232/; classtype:trojan-activity;sid:84111332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.183.130.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248233/; classtype:trojan-activity;sid:84111333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.181.109.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248234/; classtype:trojan-activity;sid:84111334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.93.172"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248235/; classtype:trojan-activity;sid:84111335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248231/; classtype:trojan-activity;sid:84111331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.0.145.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248230/; classtype:trojan-activity;sid:84111330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.13.30.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248229/; classtype:trojan-activity;sid:84111329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.241.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248228/; classtype:trojan-activity;sid:84111328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.121.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248227/; classtype:trojan-activity;sid:84111327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.43.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248226/; classtype:trojan-activity;sid:84111326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.217.122.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248225/; classtype:trojan-activity;sid:84111325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.157.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248224/; classtype:trojan-activity;sid:84111324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.191.31.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248223/; classtype:trojan-activity;sid:84111323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.217.215.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248222/; classtype:trojan-activity;sid:84111322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.177.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248219/; classtype:trojan-activity;sid:84111319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.121.123"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248220/; classtype:trojan-activity;sid:84111320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.136.136"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248221/; classtype:trojan-activity;sid:84111321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.252.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248217/; classtype:trojan-activity;sid:84111317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.222.198.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248218/; classtype:trojan-activity;sid:84111318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.95.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248216/; classtype:trojan-activity;sid:84111316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.175.114.173"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248215/; classtype:trojan-activity;sid:84111315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.176.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248214/; classtype:trojan-activity;sid:84111314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.139.7"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248213/; classtype:trojan-activity;sid:84111313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.121.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248212/; classtype:trojan-activity;sid:84111312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.47.27.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248211/; classtype:trojan-activity;sid:84111311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.81.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248210/; classtype:trojan-activity;sid:84111310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.217.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248208/; classtype:trojan-activity;sid:84111308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.241.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248209/; classtype:trojan-activity;sid:84111309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.13.30.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248207/; classtype:trojan-activity;sid:84111307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.65.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248206/; classtype:trojan-activity;sid:84111306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.214.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248204/; classtype:trojan-activity;sid:84111304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.80.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248205/; classtype:trojan-activity;sid:84111305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.173.105.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248203/; classtype:trojan-activity;sid:84111303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.95.89.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248202/; classtype:trojan-activity;sid:84111302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.252.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248201/; classtype:trojan-activity;sid:84111301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.190.161.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248200/; classtype:trojan-activity;sid:84111300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.140.81.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248199/; classtype:trojan-activity;sid:84111299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.217.215.228"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248198/; classtype:trojan-activity;sid:84111298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.198.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248197/; classtype:trojan-activity;sid:84111297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.177.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248196/; classtype:trojan-activity;sid:84111296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.178.21.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248195/; classtype:trojan-activity;sid:84111295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.91.104.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248194/; classtype:trojan-activity;sid:84111294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.126.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248193/; classtype:trojan-activity;sid:84111293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.0.147.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248192/; classtype:trojan-activity;sid:84111292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.175.29.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248190/; classtype:trojan-activity;sid:84111290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.225.125.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248191/; classtype:trojan-activity;sid:84111291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.212.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248189/; classtype:trojan-activity;sid:84111289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.242.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248188/; classtype:trojan-activity;sid:84111288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.47.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248187/; classtype:trojan-activity;sid:84111287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.80.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248186/; classtype:trojan-activity;sid:84111286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.21.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248185/; classtype:trojan-activity;sid:84111285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.6.214"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248184/; classtype:trojan-activity;sid:84111284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.145.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248183/; classtype:trojan-activity;sid:84111283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.106.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248182/; classtype:trojan-activity;sid:84111282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.87.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248181/; classtype:trojan-activity;sid:84111281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.108.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248180/; classtype:trojan-activity;sid:84111280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.43.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248178/; classtype:trojan-activity;sid:84111278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.47.27.159"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248179/; classtype:trojan-activity;sid:84111279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.90.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248177/; classtype:trojan-activity;sid:84111277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.105"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248176/; classtype:trojan-activity;sid:84111276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.103.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248175/; classtype:trojan-activity;sid:84111275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248174/; classtype:trojan-activity;sid:84111274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.212.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248173/; classtype:trojan-activity;sid:84111273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.92.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248172/; classtype:trojan-activity;sid:84111272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.91.104.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248171/; classtype:trojan-activity;sid:84111271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.133.78.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248170/; classtype:trojan-activity;sid:84111270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.182.204.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248169/; classtype:trojan-activity;sid:84111269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.54.17.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248168/; classtype:trojan-activity;sid:84111268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.98.140.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248166/; classtype:trojan-activity;sid:84111266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.57.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248167/; classtype:trojan-activity;sid:84111267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.212.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248165/; classtype:trojan-activity;sid:84111265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.47.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248164/; classtype:trojan-activity;sid:84111264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.184.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248162/; classtype:trojan-activity;sid:84111262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.128.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248163/; classtype:trojan-activity;sid:84111263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.2.208"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248161/; classtype:trojan-activity;sid:84111261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.84.195.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248160/; classtype:trojan-activity;sid:84111260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.135.213"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248159/; classtype:trojan-activity;sid:84111259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248158/; classtype:trojan-activity;sid:84111258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.53.31.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248157/; classtype:trojan-activity;sid:84111257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.183.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248156/; classtype:trojan-activity;sid:84111256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.180.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248155/; classtype:trojan-activity;sid:84111255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.111.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248153/; classtype:trojan-activity;sid:84111253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.90.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248154/; classtype:trojan-activity;sid:84111254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.104.126.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248152/; classtype:trojan-activity;sid:84111252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.184.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248151/; classtype:trojan-activity;sid:84111251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.242.239.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248150/; classtype:trojan-activity;sid:84111250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.10.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248149/; classtype:trojan-activity;sid:84111249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.142.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248148/; classtype:trojan-activity;sid:84111248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.66.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248147/; classtype:trojan-activity;sid:84111247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.153.186.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248146/; classtype:trojan-activity;sid:84111246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.98.140.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248145/; classtype:trojan-activity;sid:84111245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.182.225.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248144/; classtype:trojan-activity;sid:84111244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.255.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248143/; classtype:trojan-activity;sid:84111243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.3.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248142/; classtype:trojan-activity;sid:84111242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.1.241.115"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248141/; classtype:trojan-activity;sid:84111241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.123.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248140/; classtype:trojan-activity;sid:84111240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.123.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248139/; classtype:trojan-activity;sid:84111239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.24.166.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248138/; classtype:trojan-activity;sid:84111238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.62.229.164"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248136/; classtype:trojan-activity;sid:84111236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.58.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248137/; classtype:trojan-activity;sid:84111237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.212.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248135/; classtype:trojan-activity;sid:84111235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.132.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248134/; classtype:trojan-activity;sid:84111234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.246.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248133/; classtype:trojan-activity;sid:84111233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.153.186.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248132/; classtype:trojan-activity;sid:84111232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.123.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248131/; classtype:trojan-activity;sid:84111231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.241.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248130/; classtype:trojan-activity;sid:84111230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.133.78.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248129/; classtype:trojan-activity;sid:84111229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.169.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248128/; classtype:trojan-activity;sid:84111228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.21.130"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248126/; classtype:trojan-activity;sid:84111226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.20.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248127/; classtype:trojan-activity;sid:84111227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.132.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248125/; classtype:trojan-activity;sid:84111225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.55.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248124/; classtype:trojan-activity;sid:84111224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.165.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248123/; classtype:trojan-activity;sid:84111223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.215.53"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248122/; classtype:trojan-activity;sid:84111222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.164.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248121/; classtype:trojan-activity;sid:84111221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.27.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248120/; classtype:trojan-activity;sid:84111220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.255.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248119/; classtype:trojan-activity;sid:84111219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.34.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248118/; classtype:trojan-activity;sid:84111218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.217.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248117/; classtype:trojan-activity;sid:84111217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.66.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248116/; classtype:trojan-activity;sid:84111216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.120.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248113/; classtype:trojan-activity;sid:84111213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.15.9.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248114/; classtype:trojan-activity;sid:84111214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.131.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248115/; classtype:trojan-activity;sid:84111215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.94.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248112/; classtype:trojan-activity;sid:84111212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.10.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248111/; classtype:trojan-activity;sid:84111211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.157.189.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248110/; classtype:trojan-activity;sid:84111210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.211.165.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248109/; classtype:trojan-activity;sid:84111209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.87.112"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248108/; classtype:trojan-activity;sid:84111208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248107/; classtype:trojan-activity;sid:84111207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.15.9.15"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248106/; classtype:trojan-activity;sid:84111206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.19.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248105/; classtype:trojan-activity;sid:84111205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.27.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248104/; classtype:trojan-activity;sid:84111204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.20.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248103/; classtype:trojan-activity;sid:84111203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.183.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248102/; classtype:trojan-activity;sid:84111202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.82.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248101/; classtype:trojan-activity;sid:84111201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.161.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248099/; classtype:trojan-activity;sid:84111199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.55.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248100/; classtype:trojan-activity;sid:84111200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248097/; classtype:trojan-activity;sid:84111197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.217.55"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248098/; classtype:trojan-activity;sid:84111198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.45.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248095/; classtype:trojan-activity;sid:84111195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.65.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248096/; classtype:trojan-activity;sid:84111196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.164.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248094/; classtype:trojan-activity;sid:84111194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.206.29.195"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248093/; classtype:trojan-activity;sid:84111193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.142.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248092/; classtype:trojan-activity;sid:84111192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.184.117"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248091/; classtype:trojan-activity;sid:84111191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.42.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248090/; classtype:trojan-activity;sid:84111190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.217.199"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248089/; classtype:trojan-activity;sid:84111189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.237.108.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248088/; classtype:trojan-activity;sid:84111188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.151.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248086/; classtype:trojan-activity;sid:84111186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.94.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248087/; classtype:trojan-activity;sid:84111187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.8.214.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248085/; classtype:trojan-activity;sid:84111185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.175.54.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248084/; classtype:trojan-activity;sid:84111184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.210.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248083/; classtype:trojan-activity;sid:84111183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.203.63.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248082/; classtype:trojan-activity;sid:84111182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.120.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248081/; classtype:trojan-activity;sid:84111181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.235.103.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248080/; classtype:trojan-activity;sid:84111180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.137.67"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248079/; classtype:trojan-activity;sid:84111179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.233.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248078/; classtype:trojan-activity;sid:84111178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.183.52.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248077/; classtype:trojan-activity;sid:84111177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.93.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248076/; classtype:trojan-activity;sid:84111176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.97.200.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248075/; classtype:trojan-activity;sid:84111175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.196.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248074/; classtype:trojan-activity;sid:84111174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.254.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248073/; classtype:trojan-activity;sid:84111173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.221.96.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248072/; classtype:trojan-activity;sid:84111172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.23.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248071/; classtype:trojan-activity;sid:84111171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.206.17.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248070/; classtype:trojan-activity;sid:84111170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.144.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248069/; classtype:trojan-activity;sid:84111169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.161.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248068/; classtype:trojan-activity;sid:84111168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.36.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248067/; classtype:trojan-activity;sid:84111167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.165.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248066/; classtype:trojan-activity;sid:84111166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.178.242.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248065/; classtype:trojan-activity;sid:84111165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.241.53.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248064/; classtype:trojan-activity;sid:84111164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.27.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248063/; classtype:trojan-activity;sid:84111163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.53.183"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248062/; classtype:trojan-activity;sid:84111162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.167.204.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248061/; classtype:trojan-activity;sid:84111161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"192.112.100.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248060/; classtype:trojan-activity;sid:84111160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.82.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248058/; classtype:trojan-activity;sid:84111158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.184.249.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248059/; classtype:trojan-activity;sid:84111159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.81.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248057/; classtype:trojan-activity;sid:84111157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.210.191.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248056/; classtype:trojan-activity;sid:84111156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.61.62.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248055/; classtype:trojan-activity;sid:84111155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.247.52.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248054/; classtype:trojan-activity;sid:84111154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.190.161.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248052/; classtype:trojan-activity;sid:84111152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.96.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248053/; classtype:trojan-activity;sid:84111153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.92.141"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248051/; classtype:trojan-activity;sid:84111151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.32.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248048/; classtype:trojan-activity;sid:84111148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.0.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248049/; classtype:trojan-activity;sid:84111149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.162.248"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248050/; classtype:trojan-activity;sid:84111150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.52.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248047/; classtype:trojan-activity;sid:84111147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.81.117"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248046/; classtype:trojan-activity;sid:84111146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.101.237"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248045/; classtype:trojan-activity;sid:84111145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.94.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248044/; classtype:trojan-activity;sid:84111144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.212.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248043/; classtype:trojan-activity;sid:84111143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.203.63.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248042/; classtype:trojan-activity;sid:84111142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.80.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248041/; classtype:trojan-activity;sid:84111141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.210.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248040/; classtype:trojan-activity;sid:84111140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.56.3.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248039/; classtype:trojan-activity;sid:84111139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.15.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248038/; classtype:trojan-activity;sid:84111138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.34.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248037/; classtype:trojan-activity;sid:84111137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.97.200.204"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248036/; classtype:trojan-activity;sid:84111136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.187.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248035/; classtype:trojan-activity;sid:84111135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.84.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248034/; classtype:trojan-activity;sid:84111134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.48.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248033/; classtype:trojan-activity;sid:84111133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.43.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248032/; classtype:trojan-activity;sid:84111132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.spc"; depth:14; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248031/; classtype:trojan-activity;sid:84111131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.sh4"; depth:14; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248023/; classtype:trojan-activity;sid:84111123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.mips"; depth:15; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248024/; classtype:trojan-activity;sid:84111124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm5"; depth:15; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248025/; classtype:trojan-activity;sid:84111125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm"; depth:14; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248026/; classtype:trojan-activity;sid:84111126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.arm7"; depth:15; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248027/; classtype:trojan-activity;sid:84111127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.mpsl"; depth:15; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248028/; classtype:trojan-activity;sid:84111128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.30.241.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248029/; classtype:trojan-activity;sid:84111129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.196.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248030/; classtype:trojan-activity;sid:84111130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.74.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248022/; classtype:trojan-activity;sid:84111122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.36.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248021/; classtype:trojan-activity;sid:84111121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.ppc"; depth:14; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248020/; classtype:trojan-activity;sid:84111120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.17.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248019/; classtype:trojan-activity;sid:84111119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.53.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248018/; classtype:trojan-activity;sid:84111118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.53.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248017/; classtype:trojan-activity;sid:84111117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.214.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248016/; classtype:trojan-activity;sid:84111116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.36.80"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248015/; classtype:trojan-activity;sid:84111115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.140.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248014/; classtype:trojan-activity;sid:84111114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.144.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248013/; classtype:trojan-activity;sid:84111113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.150.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248012/; classtype:trojan-activity;sid:84111112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.34.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248011/; classtype:trojan-activity;sid:84111111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.149.61"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248010/; classtype:trojan-activity;sid:84111110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.204.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248009/; classtype:trojan-activity;sid:84111109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.234.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248008/; classtype:trojan-activity;sid:84111108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.183.126.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248007/; classtype:trojan-activity;sid:84111107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.120.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248006/; classtype:trojan-activity;sid:84111106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248005/; classtype:trojan-activity;sid:84111105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.209.81.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248004/; classtype:trojan-activity;sid:84111104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.52.107"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248003/; classtype:trojan-activity;sid:84111103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.154.46.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248002/; classtype:trojan-activity;sid:84111102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.226.48.64"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247999/; classtype:trojan-activity;sid:84111099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.27.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248000/; classtype:trojan-activity;sid:84111100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3248001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.1.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3248001/; classtype:trojan-activity;sid:84111101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247998/; classtype:trojan-activity;sid:84111098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.139.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247997/; classtype:trojan-activity;sid:84111097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.5.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247996/; classtype:trojan-activity;sid:84111096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.56.3.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247995/; classtype:trojan-activity;sid:84111095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.102.255"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247994/; classtype:trojan-activity;sid:84111094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.80.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247993/; classtype:trojan-activity;sid:84111093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.133.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247992/; classtype:trojan-activity;sid:84111092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.122.115.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247991/; classtype:trojan-activity;sid:84111091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.120.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247990/; classtype:trojan-activity;sid:84111090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.70.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247988/; classtype:trojan-activity;sid:84111088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.214.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247989/; classtype:trojan-activity;sid:84111089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.6.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247987/; classtype:trojan-activity;sid:84111087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.140.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247986/; classtype:trojan-activity;sid:84111086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.235.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247985/; classtype:trojan-activity;sid:84111085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.157.189.159"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247984/; classtype:trojan-activity;sid:84111084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.151.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247983/; classtype:trojan-activity;sid:84111083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.217.44.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247982/; classtype:trojan-activity;sid:84111082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.74.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247981/; classtype:trojan-activity;sid:84111081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.30.241.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247980/; classtype:trojan-activity;sid:84111080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.149.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247979/; classtype:trojan-activity;sid:84111079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.102.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247978/; classtype:trojan-activity;sid:84111078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.140.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247977/; classtype:trojan-activity;sid:84111077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.242.249.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247976/; classtype:trojan-activity;sid:84111076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.29.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247975/; classtype:trojan-activity;sid:84111075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.234.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247974/; classtype:trojan-activity;sid:84111074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.148.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247973/; classtype:trojan-activity;sid:84111073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.103.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247971/; classtype:trojan-activity;sid:84111071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.16.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247972/; classtype:trojan-activity;sid:84111072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.150.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247970/; classtype:trojan-activity;sid:84111070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.103.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247969/; classtype:trojan-activity;sid:84111069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.112.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247968/; classtype:trojan-activity;sid:84111068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.112.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247967/; classtype:trojan-activity;sid:84111067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.43.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247966/; classtype:trojan-activity;sid:84111066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.88.200"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247965/; classtype:trojan-activity;sid:84111065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.176.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247964/; classtype:trojan-activity;sid:84111064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.47.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247963/; classtype:trojan-activity;sid:84111063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.172.97.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247962/; classtype:trojan-activity;sid:84111062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.140.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247961/; classtype:trojan-activity;sid:84111061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247960/; classtype:trojan-activity;sid:84111060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.1.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247959/; classtype:trojan-activity;sid:84111059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.6.231"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247958/; classtype:trojan-activity;sid:84111058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.69.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247957/; classtype:trojan-activity;sid:84111057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.102.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247956/; classtype:trojan-activity;sid:84111056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.74.171"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247954/; classtype:trojan-activity;sid:84111054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.91.167.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247955/; classtype:trojan-activity;sid:84111055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.211.215.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247953/; classtype:trojan-activity;sid:84111053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.85.190.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247952/; classtype:trojan-activity;sid:84111052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.130.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247950/; classtype:trojan-activity;sid:84111050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.54.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247951/; classtype:trojan-activity;sid:84111051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.31.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247949/; classtype:trojan-activity;sid:84111049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.16.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247948/; classtype:trojan-activity;sid:84111048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.98.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247947/; classtype:trojan-activity;sid:84111047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.95.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247946/; classtype:trojan-activity;sid:84111046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.250.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247944/; classtype:trojan-activity;sid:84111044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.127.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247945/; classtype:trojan-activity;sid:84111045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.106.196"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247943/; classtype:trojan-activity;sid:84111043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.94.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247942/; classtype:trojan-activity;sid:84111042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.112.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247941/; classtype:trojan-activity;sid:84111041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.104.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247940/; classtype:trojan-activity;sid:84111040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.0.177.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247939/; classtype:trojan-activity;sid:84111039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.91.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247938/; classtype:trojan-activity;sid:84111038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.130.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247937/; classtype:trojan-activity;sid:84111037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.82.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247936/; classtype:trojan-activity;sid:84111036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.232.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247935/; classtype:trojan-activity;sid:84111035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247934/; classtype:trojan-activity;sid:84111034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.254.96.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247933/; classtype:trojan-activity;sid:84111033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.127.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247932/; classtype:trojan-activity;sid:84111032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.29.247"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247930/; classtype:trojan-activity;sid:84111030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.14.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247931/; classtype:trojan-activity;sid:84111031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.236.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247929/; classtype:trojan-activity;sid:84111029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jade.x86"; depth:14; endswith; nocase; http.host; content:"64.235.37.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247928/; classtype:trojan-activity;sid:84111028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.101.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247927/; classtype:trojan-activity;sid:84111027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.189.120.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247925/; classtype:trojan-activity;sid:84111025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.74.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247926/; classtype:trojan-activity;sid:84111026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.132.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247924/; classtype:trojan-activity;sid:84111024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.211.215.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247923/; classtype:trojan-activity;sid:84111023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.127.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247922/; classtype:trojan-activity;sid:84111022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247921/; classtype:trojan-activity;sid:84111021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.72.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247920/; classtype:trojan-activity;sid:84111020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.94.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247919/; classtype:trojan-activity;sid:84111019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.85.190.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247918/; classtype:trojan-activity;sid:84111018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"193.153.109.152"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247915/; classtype:trojan-activity;sid:84111015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.244.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247916/; classtype:trojan-activity;sid:84111016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.208.104.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247917/; classtype:trojan-activity;sid:84111017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.54.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247913/; classtype:trojan-activity;sid:84111013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.98.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247914/; classtype:trojan-activity;sid:84111014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.191.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247912/; classtype:trojan-activity;sid:84111012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.96.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247911/; classtype:trojan-activity;sid:84111011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.153.129.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247910/; classtype:trojan-activity;sid:84111010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.232.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247909/; classtype:trojan-activity;sid:84111009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.87.176"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247908/; classtype:trojan-activity;sid:84111008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.250.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247907/; classtype:trojan-activity;sid:84111007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.176.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247906/; classtype:trojan-activity;sid:84111006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.91.187"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247905/; classtype:trojan-activity;sid:84111005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.74.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247904/; classtype:trojan-activity;sid:84111004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.82.179"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247903/; classtype:trojan-activity;sid:84111003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.0.146.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247902/; classtype:trojan-activity;sid:84111002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.127.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247901/; classtype:trojan-activity;sid:84111001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.190.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247898/; classtype:trojan-activity;sid:84110998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.51.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247899/; classtype:trojan-activity;sid:84110999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.211.37.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247900/; classtype:trojan-activity;sid:84111000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.127.158"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247897/; classtype:trojan-activity;sid:84110997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.189.120.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247896/; classtype:trojan-activity;sid:84110996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.183.106.243"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247895/; classtype:trojan-activity;sid:84110995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.236.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247894/; classtype:trojan-activity;sid:84110994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.183.131.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247893/; classtype:trojan-activity;sid:84110993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.254.96.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247892/; classtype:trojan-activity;sid:84110992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.72.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247891/; classtype:trojan-activity;sid:84110991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.51.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247890/; classtype:trojan-activity;sid:84110990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.88.239.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247889/; classtype:trojan-activity;sid:84110989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.235.112.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247888/; classtype:trojan-activity;sid:84110988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.43.64.188"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247887/; classtype:trojan-activity;sid:84110987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.204.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247886/; classtype:trojan-activity;sid:84110986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.109.99"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247885/; classtype:trojan-activity;sid:84110985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.184.249.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247884/; classtype:trojan-activity;sid:84110984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.230.244.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247882/; classtype:trojan-activity;sid:84110982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.191.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247883/; classtype:trojan-activity;sid:84110983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.156.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247881/; classtype:trojan-activity;sid:84110981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.45.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247880/; classtype:trojan-activity;sid:84110980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.137.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247879/; classtype:trojan-activity;sid:84110979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.175.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247878/; classtype:trojan-activity;sid:84110978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.176.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247877/; classtype:trojan-activity;sid:84110977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.197.138.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247876/; classtype:trojan-activity;sid:84110976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.112.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247875/; classtype:trojan-activity;sid:84110975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.100.168.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247874/; classtype:trojan-activity;sid:84110974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247873/; classtype:trojan-activity;sid:84110973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.206.21.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247872/; classtype:trojan-activity;sid:84110972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.89.234.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247871/; classtype:trojan-activity;sid:84110971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.32.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247869/; classtype:trojan-activity;sid:84110969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.89.169"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247870/; classtype:trojan-activity;sid:84110970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.224.173.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247868/; classtype:trojan-activity;sid:84110968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.136.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247867/; classtype:trojan-activity;sid:84110967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.51.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247866/; classtype:trojan-activity;sid:84110966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.88.239.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247865/; classtype:trojan-activity;sid:84110965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.184.249.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247864/; classtype:trojan-activity;sid:84110964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.195.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247863/; classtype:trojan-activity;sid:84110963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.219.86.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247861/; classtype:trojan-activity;sid:84110961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.219.86.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247862/; classtype:trojan-activity;sid:84110962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.86.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247860/; classtype:trojan-activity;sid:84110960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.118.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247859/; classtype:trojan-activity;sid:84110959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.156.234"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247858/; classtype:trojan-activity;sid:84110958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.60.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247857/; classtype:trojan-activity;sid:84110957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.169.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247856/; classtype:trojan-activity;sid:84110956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.5.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247855/; classtype:trojan-activity;sid:84110955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.50.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247854/; classtype:trojan-activity;sid:84110954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.12.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247853/; classtype:trojan-activity;sid:84110953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.4.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247852/; classtype:trojan-activity;sid:84110952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.52.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247850/; classtype:trojan-activity;sid:84110950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.2.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247851/; classtype:trojan-activity;sid:84110951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.99.224"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247849/; classtype:trojan-activity;sid:84110949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247848/; classtype:trojan-activity;sid:84110948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.209.2.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247847/; classtype:trojan-activity;sid:84110947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.81.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247846/; classtype:trojan-activity;sid:84110946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.17.133.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247845/; classtype:trojan-activity;sid:84110945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.217.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247844/; classtype:trojan-activity;sid:84110944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.175.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247843/; classtype:trojan-activity;sid:84110943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.197.138.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247842/; classtype:trojan-activity;sid:84110942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.25.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247841/; classtype:trojan-activity;sid:84110941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.224.173.206"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247840/; classtype:trojan-activity;sid:84110940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247839/; classtype:trojan-activity;sid:84110939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.178.156.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247838/; classtype:trojan-activity;sid:84110938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.125.93"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247837/; classtype:trojan-activity;sid:84110937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.103.72.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247836/; classtype:trojan-activity;sid:84110936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.182.190.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247834/; classtype:trojan-activity;sid:84110934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.158.159.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247835/; classtype:trojan-activity;sid:84110935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.87.107.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247833/; classtype:trojan-activity;sid:84110933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.83.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247832/; classtype:trojan-activity;sid:84110932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.185.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247831/; classtype:trojan-activity;sid:84110931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.185.73.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247830/; classtype:trojan-activity;sid:84110930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.60.56"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247829/; classtype:trojan-activity;sid:84110929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.72.97"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247828/; classtype:trojan-activity;sid:84110928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.111.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247827/; classtype:trojan-activity;sid:84110927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.209.89.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247826/; classtype:trojan-activity;sid:84110926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.60.4.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247825/; classtype:trojan-activity;sid:84110925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.195.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_22; reference:url, urlhaus.abuse.ch/url/3247824/; classtype:trojan-activity;sid:84110924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.220.249.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247660/; classtype:trojan-activity;sid:84110760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.132.166.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247570/; classtype:trojan-activity;sid:84110670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.150.45.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247566/; classtype:trojan-activity;sid:84110666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx86"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247417/; classtype:trojan-activity;sid:84110517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmpsl"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247416/; classtype:trojan-activity;sid:84110516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx86_64"; depth:8; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247410/; classtype:trojan-activity;sid:84110510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iarm7"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247411/; classtype:trojan-activity;sid:84110511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmips"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247412/; classtype:trojan-activity;sid:84110512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xarm7"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247414/; classtype:trojan-activity;sid:84110514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iosyu01/okdash/raw/main/assets/eblagh.apk"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247373/; classtype:trojan-activity;sid:84110473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.215.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247272/; classtype:trojan-activity;sid:84110372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.215.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247258/; classtype:trojan-activity;sid:84110358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm7"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247149/; classtype:trojan-activity;sid:84110249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247150/; classtype:trojan-activity;sid:84110250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.106.74.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3246878/; classtype:trojan-activity;sid:84109978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.45.19.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3246790/; classtype:trojan-activity;sid:84109890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"134.122.176.216"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246076/; classtype:trojan-activity;sid:84109176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.54.46.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246062/; classtype:trojan-activity;sid:84109162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"150.158.37.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246057/; classtype:trojan-activity;sid:84109157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5.nn"; depth:8; endswith; nocase; http.host; content:"193.143.1.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246026/; classtype:trojan-activity;sid:84109126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6.nn"; depth:8; endswith; nocase; http.host; content:"193.143.1.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246025/; classtype:trojan-activity;sid:84109125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.nn"; depth:10; endswith; nocase; http.host; content:"193.143.1.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246023/; classtype:trojan-activity;sid:84109123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_32.nn"; depth:10; endswith; nocase; http.host; content:"193.143.1.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246024/; classtype:trojan-activity;sid:84109124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol.sh"; depth:7; endswith; nocase; http.host; content:"193.143.1.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246021/; classtype:trojan-activity;sid:84109121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel.nn"; depth:10; endswith; nocase; http.host; content:"193.143.1.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246022/; classtype:trojan-activity;sid:84109122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mestalic/site/refs/heads/main/file.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sample.hta"; depth:11; endswith; nocase; http.host; content:"210.56.13.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kuwaitsetuphockey.exe"; depth:22; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245755/; classtype:trojan-activity;sid:84108855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/officialsevaluationold.apk"; depth:27; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245756/; classtype:trojan-activity;sid:84108856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"43.252.159.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245737/; classtype:trojan-activity;sid:84108837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.152.219.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.201.40.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245718/; classtype:trojan-activity;sid:84108818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sample.doc"; depth:11; endswith; nocase; http.host; content:"116.48.102.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245663/; classtype:trojan-activity;sid:84108763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload2.txt"; depth:13; endswith; nocase; http.host; content:"116.48.102.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245661/; classtype:trojan-activity;sid:84108761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload"; depth:8; endswith; nocase; http.host; content:"109.248.6.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245646/; classtype:trojan-activity;sid:84108746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpmgsvc.dll"; depth:12; endswith; nocase; http.host; content:"119.203.212.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245637/; classtype:trojan-activity;sid:84108737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fotonview.apk"; depth:14; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245553/; classtype:trojan-activity;sid:84108653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cameracomponent.apk"; depth:20; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245551/; classtype:trojan-activity;sid:84108651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evaluation.apk"; depth:15; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245550/; classtype:trojan-activity;sid:84108650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luma/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245480/; classtype:trojan-activity;sid:84108580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/off/random.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245479/; classtype:trojan-activity;sid:84108579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hs.exe"; depth:7; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kg.exe"; depth:7; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygen.exe"; depth:11; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrq.exe"; depth:8; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245416/; classtype:trojan-activity;sid:84108516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.229.174.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245078/; classtype:trojan-activity;sid:84108178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.150.45.193"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245074/; classtype:trojan-activity;sid:84108174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/creal.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243505/; classtype:trojan-activity;sid:84106605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/setup.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243502/; classtype:trojan-activity;sid:84106602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svchost.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243499/; classtype:trojan-activity;sid:84106599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/test.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243500/; classtype:trojan-activity;sid:84106600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/qqq.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243497/; classtype:trojan-activity;sid:84106597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/soft.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243489/; classtype:trojan-activity;sid:84106589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/main.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243486/; classtype:trojan-activity;sid:84106586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/splwow64.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243482/; classtype:trojan-activity;sid:84106582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kill.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243479/; classtype:trojan-activity;sid:84106579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dcratbuild.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243478/; classtype:trojan-activity;sid:84106578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winrar-x64-701.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243470/; classtype:trojan-activity;sid:84106570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/soft2.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243469/; classtype:trojan-activity;sid:84106569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/edge.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243464/; classtype:trojan-activity;sid:84106564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/univ.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243465/; classtype:trojan-activity;sid:84106565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cvv.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243459/; classtype:trojan-activity;sid:84106559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/frap.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243455/; classtype:trojan-activity;sid:84106555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ovrflw.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243456/; classtype:trojan-activity;sid:84106556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummnew.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243452/; classtype:trojan-activity;sid:84106552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xt.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243445/; classtype:trojan-activity;sid:84106545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xxl.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243448/; classtype:trojan-activity;sid:84106548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/launcher.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243442/; classtype:trojan-activity;sid:84106542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cc2.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243443/; classtype:trojan-activity;sid:84106543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/hashed.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243432/; classtype:trojan-activity;sid:84106532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/probnik.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243431/; classtype:trojan-activity;sid:84106531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/googleupdate.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243421/; classtype:trojan-activity;sid:84106521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winx86.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243412/; classtype:trojan-activity;sid:84106512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ewrvuh.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243407/; classtype:trojan-activity;sid:84106507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/major.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243406/; classtype:trojan-activity;sid:84106506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xxz.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243400/; classtype:trojan-activity;sid:84106500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/out.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243393/; classtype:trojan-activity;sid:84106493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cccc2.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243388/; classtype:trojan-activity;sid:84106488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/divinedialogue.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243387/; classtype:trojan-activity;sid:84106487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cvimelugfq.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243383/; classtype:trojan-activity;sid:84106483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/file.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243379/; classtype:trojan-activity;sid:84106479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/12.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243375/; classtype:trojan-activity;sid:84106475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zzz.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243369/; classtype:trojan-activity;sid:84106469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/diff.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243364/; classtype:trojan-activity;sid:84106464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dos.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243358/; classtype:trojan-activity;sid:84106458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/newfile.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243351/; classtype:trojan-activity;sid:84106451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/noll.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243354/; classtype:trojan-activity;sid:84106454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/shopfree.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243347/; classtype:trojan-activity;sid:84106447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/newbundle.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243337/; classtype:trojan-activity;sid:84106437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vidar.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243335/; classtype:trojan-activity;sid:84106435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mk.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243328/; classtype:trojan-activity;sid:84106428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/neonn.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243325/; classtype:trojan-activity;sid:84106425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/legas.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243322/; classtype:trojan-activity;sid:84106422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/prem1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243317/; classtype:trojan-activity;sid:84106417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/controlledaccesspoint.exe"; depth:30; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243313/; classtype:trojan-activity;sid:84106413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/processclass.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243310/; classtype:trojan-activity;sid:84106410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/completestudio.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243307/; classtype:trojan-activity;sid:84106407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vidsusername.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243309/; classtype:trojan-activity;sid:84106409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/neon.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243306/; classtype:trojan-activity;sid:84106406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/loader_5879465914.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243302/; classtype:trojan-activity;sid:84106402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/onlysteal.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243298/; classtype:trojan-activity;sid:84106398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/softina.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243290/; classtype:trojan-activity;sid:84106390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ubi-inst.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243289/; classtype:trojan-activity;sid:84106389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/singerjudy.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243283/; classtype:trojan-activity;sid:84106383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xm.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243284/; classtype:trojan-activity;sid:84106384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/def.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243285/; classtype:trojan-activity;sid:84106385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ai2.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243278/; classtype:trojan-activity;sid:84106378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/exclude.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243274/; classtype:trojan-activity;sid:84106374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kiyan.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243276/; classtype:trojan-activity;sid:84106376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/windowsexecutable.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243273/; classtype:trojan-activity;sid:84106373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/torque.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243272/; classtype:trojan-activity;sid:84106372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/taskhost.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243271/; classtype:trojan-activity;sid:84106371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/jgevbkn6di30"; depth:18; endswith; nocase; http.host; content:"222.187.223.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243138/; classtype:trojan-activity;sid:84106238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samarinda/filekey.mentah"; depth:25; endswith; nocase; http.host; content:"103.187.146.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enjoyers/file3.mentah"; depth:22; endswith; nocase; http.host; content:"103.187.146.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enjoyers/injek3.mentah"; depth:23; endswith; nocase; http.host; content:"103.187.146.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/s.rar"; depth:9; endswith; nocase; http.host; content:"112.217.207.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243121/; classtype:trojan-activity;sid:84106221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/bot.bin"; depth:12; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243114/; classtype:trojan-activity;sid:84106214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/xmrig.zip"; depth:13; endswith; nocase; http.host; content:"220.149.212.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243089/; classtype:trojan-activity;sid:84106189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/data/update.exe"; depth:23; endswith; nocase; http.host; content:"114.55.106.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/up/shensu/shensu_dingdan.zip"; depth:29; endswith; nocase; http.host; content:"2882.tpddns.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243085/; classtype:trojan-activity;sid:84106185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/update.exe"; depth:20; endswith; nocase; http.host; content:"110.40.51.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243081/; classtype:trojan-activity;sid:84106181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sysupdate/ckbgd/2.3.0624.zip"; depth:29; endswith; nocase; http.host; content:"8.131.63.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output/client/update.exe"; depth:25; endswith; nocase; http.host; content:"168.138.162.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243079/; classtype:trojan-activity;sid:84106179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sysupdate/ckbgd/2.3.0703.zip"; depth:29; endswith; nocase; http.host; content:"8.131.63.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/temp/_rels/key.exe"; depth:26; endswith; nocase; http.host; content:"pb.agnt.ru"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243075/; classtype:trojan-activity;sid:84106175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/glp_installer_900223086_market.exe"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243038/; classtype:trojan-activity;sid:84106138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/no.pdf"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243035/; classtype:trojan-activity;sid:84106135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/1.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243036/; classtype:trojan-activity;sid:84106136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/client.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243037/; classtype:trojan-activity;sid:84106137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/discord.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243028/; classtype:trojan-activity;sid:84106128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/work.bat"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243029/; classtype:trojan-activity;sid:84106129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/client.pdf"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243030/; classtype:trojan-activity;sid:84106130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/client.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243031/; classtype:trojan-activity;sid:84106131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/fud.bat"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243032/; classtype:trojan-activity;sid:84106132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/altabross/fud-batch/refs/heads/main/mario.bat"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243033/; classtype:trojan-activity;sid:84106133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.151.133.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242916/; classtype:trojan-activity;sid:84106016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.151.133.177"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242903/; classtype:trojan-activity;sid:84106003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/rtsyboyqu8/aa.exe"; depth:22; endswith; nocase; http.host; content:"upload.vina-host.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242853/; classtype:trojan-activity;sid:84105953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/tvisnldnvi/ardara.exe"; depth:26; endswith; nocase; http.host; content:"upload.vina-host.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242854/; classtype:trojan-activity;sid:84105954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/xtfglcmk2k/windowshost.exe"; depth:31; endswith; nocase; http.host; content:"upload.vina-host.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242852/; classtype:trojan-activity;sid:84105952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/mzocixkcrs/ee.exe"; depth:22; endswith; nocase; http.host; content:"upload.vina-host.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242851/; classtype:trojan-activity;sid:84105951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/840cpxujvq/w.exe"; depth:21; endswith; nocase; http.host; content:"upload.vina-host.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242850/; classtype:trojan-activity;sid:84105950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.exe"; depth:6; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242849/; classtype:trojan-activity;sid:84105949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmatrix/data/hack0832.zip"; depth:26; endswith; nocase; http.host; content:"cd.textfiles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/file.exe"; depth:12; endswith; nocase; http.host; content:"osecweb.ir"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242649/; classtype:trojan-activity;sid:84105749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/octus.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242595/; classtype:trojan-activity;sid:84105695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sniffthem.exe"; depth:14; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242594/; classtype:trojan-activity;sid:84105694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t9bdjzsl2/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242590/; classtype:trojan-activity;sid:84105690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t9bdjzsl2/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242591/; classtype:trojan-activity;sid:84105691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t9bdjzsl2/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242592/; classtype:trojan-activity;sid:84105692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.zip"; depth:6; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242586/; classtype:trojan-activity;sid:84105686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/g7qeilrosjgjeoz/download"; depth:27; endswith; nocase; http.host; content:"i0001.clarodrive.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242379/; classtype:trojan-activity;sid:84105479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; depth:56; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scode18/all-tweaker/main/tweaks.7z"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intergate0/none/main/main.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mhemon404/project01/main/system404.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241646/; classtype:trojan-activity;sid:84104746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aavaahanan121/tools/main/fern_wifi_recon%252.34.exe"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241643/; classtype:trojan-activity;sid:84104743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ozcanpng/backd00r/main/backd00rhome.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241645/; classtype:trojan-activity;sid:84104745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s107000665/c1/master/1223.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iciamyplant/ctf/master/plantrojan.exe"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/award.pdf.exe"; depth:14; endswith; nocase; http.host; content:"alien-training.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241636/; classtype:trojan-activity;sid:84104736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"qiniuyunxz.yxflzs.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgdhgfh/gfdsgfdsgfdgfsdg.txt"; depth:29; endswith; nocase; http.host; content:"valseg.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241614/; classtype:trojan-activity;sid:84104714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgdhgfh/tetete.bin"; depth:19; endswith; nocase; http.host; content:"valseg.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241613/; classtype:trojan-activity;sid:84104713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onlinematrimonial/shell.exe"; depth:28; endswith; nocase; http.host; content:"103.117.156.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241589/; classtype:trojan-activity;sid:84104689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meteran.exe"; depth:12; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241584/; classtype:trojan-activity;sid:84104684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view.png"; depth:9; endswith; nocase; http.host; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; depth:47; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241563/; classtype:trojan-activity;sid:84104663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient.bin"; depth:12; endswith; nocase; http.host; content:"huyanhnongdo.io.vn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241558/; classtype:trojan-activity;sid:84104658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cve-2024-35250.exe"; depth:19; endswith; nocase; http.host; content:"101.200.223.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241463/; classtype:trojan-activity;sid:84104563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.39.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241404/; classtype:trojan-activity;sid:84104504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.159.148.68"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241397/; classtype:trojan-activity;sid:84104497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"193.122.74.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241401/; classtype:trojan-activity;sid:84104501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.39.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241382/; classtype:trojan-activity;sid:84104482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"114.55.100.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241387/; classtype:trojan-activity;sid:84104487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.238.103.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241378/; classtype:trojan-activity;sid:84104478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.96.140.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241372/; classtype:trojan-activity;sid:84104472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.133.156.69"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241367/; classtype:trojan-activity;sid:84104467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"81.71.18.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241349/; classtype:trojan-activity;sid:84104449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"81.71.18.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241354/; classtype:trojan-activity;sid:84104454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"150.158.37.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241357/; classtype:trojan-activity;sid:84104457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.25.38"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241358/; classtype:trojan-activity;sid:84104458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.223.200.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241331/; classtype:trojan-activity;sid:84104431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ds_store"; depth:10; endswith; nocase; http.host; content:"140.192.101.212"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241320/; classtype:trojan-activity;sid:84104420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/key.pem"; depth:8; endswith; nocase; http.host; content:"152.136.140.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rvg-nikeisfake0/files/main/rat.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241129/; classtype:trojan-activity;sid:84104229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justincoding3/slumfun/main/obfuscated.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/python312/rick-roller/refs/heads/main/main.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241124/; classtype:trojan-activity;sid:84104224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mailclone2500/stealer/refs/heads/main/bot2.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241079/; classtype:trojan-activity;sid:84104179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43a1723/test/releases/download/siu/stub.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241054/; classtype:trojan-activity;sid:84104154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neo23x0/signature-base/archive/master.zip"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gosha1239/onetap/master/onetap.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an0mat/azorult/refs/heads/master/builder.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241020/; classtype:trojan-activity;sid:84104120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryan2159/stuff/main/discord.exe"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrsatan11/mr.satan-ddos/refs/heads/main/mr.satan%20ddos/mr.satan%20ddos.exe"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241003/; classtype:trojan-activity;sid:84104103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrsatan11/mr.satan-ddos/blob/main/mr.satan%20ddos/mr.satan%20ddos.exe|3f|raw=true"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241002/; classtype:trojan-activity;sid:84104102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/appelsappie123/discord-token-generator-1/refs/heads/main/token%20gen.exe"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241001/; classtype:trojan-activity;sid:84104101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sad-dust/death/main/stealinfo.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zx.exe"; depth:8; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240880/; classtype:trojan-activity;sid:84103980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cuckoobox/cuckoo/archive/master.zip"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haxork8880/files/main/windowssync.txt.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackerx237/miner/main/my-files.lnk"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"xss-1253555722.cos.ap-singapore.myqcloud.com"; depth:44; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240729/; classtype:trojan-activity;sid:84103829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; depth:120; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2019/bkbvideos/av.lnk"; depth:22; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240563/; classtype:trojan-activity;sid:84103663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2019/bkbvideos/video.lnk"; depth:25; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240564/; classtype:trojan-activity;sid:84103664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2019/bkbvideos/photo.lnk"; depth:25; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240565/; classtype:trojan-activity;sid:84103665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t9bdjzsl2/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240170/; classtype:trojan-activity;sid:84103270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuke.exe"; depth:9; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3240071/; classtype:trojan-activity;sid:84103171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.35.225.129"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239980/; classtype:trojan-activity;sid:84103080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reverse_ctl.exe"; depth:16; endswith; nocase; http.host; content:"47.236.122.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239841/; classtype:trojan-activity;sid:84102941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/bot64.bin"; depth:14; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239811/; classtype:trojan-activity;sid:84102911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ywx.exe"; depth:8; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239812/; classtype:trojan-activity;sid:84102912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geek.exe"; depth:9; endswith; nocase; http.host; content:"47.236.122.191"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239810/; classtype:trojan-activity;sid:84102910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vizian123/msfvenomz/raw/main/reddit.exe"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239804/; classtype:trojan-activity;sid:84102904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.106.74.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239740/; classtype:trojan-activity;sid:84102840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x64.bin"; depth:14; endswith; nocase; http.host; content:"8.138.96.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enc.bin"; depth:8; endswith; nocase; http.host; content:"103.253.43.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239678/; classtype:trojan-activity;sid:84102778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys/20230120_3.bin"; depth:19; endswith; nocase; http.host; content:"124.248.65.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys/20230120_4.bin"; depth:19; endswith; nocase; http.host; content:"124.248.65.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239666/; classtype:trojan-activity;sid:84102766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys/20230120_2.bin"; depth:19; endswith; nocase; http.host; content:"124.248.65.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys/20230120_1.bin"; depth:19; endswith; nocase; http.host; content:"124.248.65.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/paste.ps1"; depth:13; endswith; nocase; http.host; content:"112.217.207.130"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239574/; classtype:trojan-activity;sid:84102674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/multi"; depth:14; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239323/; classtype:trojan-activity;sid:84102423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malicious.jar"; depth:14; endswith; nocase; http.host; content:"122.51.52.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239106/; classtype:trojan-activity;sid:84102206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaklauncher/eaklauncher.exe"; depth:28; endswith; nocase; http.host; content:"147.50.240.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrp.exe"; depth:9; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238593/; classtype:trojan-activity;sid:84101693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.45.19.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238563/; classtype:trojan-activity;sid:84101663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.45.19.159"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238543/; classtype:trojan-activity;sid:84101643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/onedrive.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238540/; classtype:trojan-activity;sid:84101640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baksvoronov/testingflrplgpreg/zip/refs/heads/main"; depth:50; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238242/; classtype:trojan-activity;sid:84101342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dem7ktu/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"amoamosss.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238228/; classtype:trojan-activity;sid:84101328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dem7ktu/plugins/clip.dll"; depth:25; endswith; nocase; http.host; content:"amoamosss.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238230/; classtype:trojan-activity;sid:84101330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h8s9k20gnb2/plugins/clip64.dll"; depth:31; endswith; nocase; http.host; content:"185.11.61.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238238/; classtype:trojan-activity;sid:84101338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h8s9k20gnb2/plugins/clip.dll"; depth:29; endswith; nocase; http.host; content:"185.11.61.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238226/; classtype:trojan-activity;sid:84101326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dem7ktu/plugins/cred.dll"; depth:25; endswith; nocase; http.host; content:"amoamosss.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238220/; classtype:trojan-activity;sid:84101320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h8s9k20gnb2/plugins/cred.dll"; depth:29; endswith; nocase; http.host; content:"185.11.61.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238218/; classtype:trojan-activity;sid:84101318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h8s9k20gnb2/plugins/cred64.dll"; depth:31; endswith; nocase; http.host; content:"185.11.61.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238202/; classtype:trojan-activity;sid:84101302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npc.exe"; depth:8; endswith; nocase; http.host; content:"39.105.31.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238160/; classtype:trojan-activity;sid:84101260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdb.exe"; depth:8; endswith; nocase; http.host; content:"146.56.118.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238155/; classtype:trojan-activity;sid:84101255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d00mt3l/xworm-5.6/refs/heads/main/xworm%20v5.6.exe"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238124/; classtype:trojan-activity;sid:84101224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.exe"; depth:11; endswith; nocase; http.host; content:"154.197.69.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238122/; classtype:trojan-activity;sid:84101222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peszok/xworm-remote-access-tool/releases/download/v5.0/xworm.rar"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238123/; classtype:trojan-activity;sid:84101223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resources/js/info2r.txt"; depth:24; endswith; nocase; http.host; content:"188.81.134.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ywds3/wealthserver.txt"; depth:23; endswith; nocase; http.host; content:"in-houselegal.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238109/; classtype:trojan-activity;sid:84101209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ywds3/clients.txt"; depth:18; endswith; nocase; http.host; content:"in-houselegal.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238108/; classtype:trojan-activity;sid:84101208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/f3pe.txt"; depth:30; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238086/; classtype:trojan-activity;sid:84101186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nakuss/erth/main/wenzcord.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238082/; classtype:trojan-activity;sid:84101182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azurerex/napewnonievoiderhook/main/seksiak.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238083/; classtype:trojan-activity;sid:84101183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/python312/rusty-dropper/main/client-built.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zusyaku/malware-collection-part-2/main/rat/njrat.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238071/; classtype:trojan-activity;sid:84101171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff245185/payload/main/fast%20download.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/discord.exe"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238074/; classtype:trojan-activity;sid:84101174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/therealastro666/lolz/main/built.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238076/; classtype:trojan-activity;sid:84101176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raz233/rgdgdrg/main/client.exe"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238078/; classtype:trojan-activity;sid:84101178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspdasdksa2/callback/main/client-built.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238079/; classtype:trojan-activity;sid:84101179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hapor2023/quasar/main/x.exe"; depth:28; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238081/; classtype:trojan-activity;sid:84101181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paketpk/trojan/main/njsilent.exe"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238066/; classtype:trojan-activity;sid:84101166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eliasgay23/123/main/svhost.exe"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bublegumle/r32r32/master/server.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238068/; classtype:trojan-activity;sid:84101168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monkey958/sdasd/main/856.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238069/; classtype:trojan-activity;sid:84101169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proltop1/popka/master/svchost.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238070/; classtype:trojan-activity;sid:84101170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fortnitebott/spfnll/main/spofrln.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238064/; classtype:trojan-activity;sid:84101164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grozniy1/folder/main/444.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java32.exe"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238062/; classtype:trojan-activity;sid:84101162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hapor2023/quasar/main/discord.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238063/; classtype:trojan-activity;sid:84101163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xcocgt/priv1/main/testme.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238059/; classtype:trojan-activity;sid:84101159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sesafvr/ayo/refs/heads/main/client-built.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238058/; classtype:trojan-activity;sid:84101158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/impar0/tryyy/main/client.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238056/; classtype:trojan-activity;sid:84101156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/visoxc/misterbombastic/main/don/driverhost.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238055/; classtype:trojan-activity;sid:84101155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptskiddy/remoteadmintool/master/trojan.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238052/; classtype:trojan-activity;sid:84101152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pyxe1/sheesh/9e641bf9dd97a738f11f4b212603758cd9861f27/plswork.exe"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238054/; classtype:trojan-activity;sid:84101154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re9neyt/goodfrag-mh-counter-strike-global-offensive-/master/goodfrag.exe"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238050/; classtype:trojan-activity;sid:84101150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackhatsan/fcuk/main/client.exe"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238051/; classtype:trojan-activity;sid:84101151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/horiffy/sentil/main/sentil.exe"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bublegumle/hyh/master/server.exe"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238048/; classtype:trojan-activity;sid:84101148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kami32x/osiris/refs/heads/main/2klz.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238046/; classtype:trojan-activity;sid:84101146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tezx11/imgui/main/runtimebroker.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238041/; classtype:trojan-activity;sid:84101141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stukit/svhoste/main/svhoste.exe"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238035/; classtype:trojan-activity;sid:84101135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fhebngndsg/thefunny/main/client-built.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238037/; classtype:trojan-activity;sid:84101137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cupofteaa08/autominepermission/main/runtime%20broker.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238031/; classtype:trojan-activity;sid:84101131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiraundercode/rev/main/client-built.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238033/; classtype:trojan-activity;sid:84101133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cmaster324-cell/su/main/client.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238034/; classtype:trojan-activity;sid:84101134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lexazar63/minecraft-client/master/steamdetector.exe"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238027/; classtype:trojan-activity;sid:84101127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toxicxz/fnaf-1/main/fusca%20game.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238028/; classtype:trojan-activity;sid:84101128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vdlosunbik/steam.upgreyd/master/steam.upgreyd.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238023/; classtype:trojan-activity;sid:84101123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bormasina/test/main/defender64.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238024/; classtype:trojan-activity;sid:84101124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpinauskas/anticheat/main/amogus.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonam0369/1/main/discord.zip"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238021/; classtype:trojan-activity;sid:84101121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krevedko3221/porno/main/mos%20ssssttttt.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238022/; classtype:trojan-activity;sid:84101122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gleb221/paki/master/%d0%9f%d0%b0%d0%ba%d0%b8.rar"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238018/; classtype:trojan-activity;sid:84101118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xerussploit/spectrum/main/spectrum.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238019/; classtype:trojan-activity;sid:84101119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kami32x/discord/refs/heads/main/discord.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238015/; classtype:trojan-activity;sid:84101115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwuxu/ghjtdfghnfg/main/lastest.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238016/; classtype:trojan-activity;sid:84101116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pyxe1/sheesh/04f111bc997c01dc4aa6ab035dcb5ff877fc5bbf/client-built.exe"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238014/; classtype:trojan-activity;sid:84101114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theairblow/theairblow/main/njrat.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alnyak/test/main/testingg.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238011/; classtype:trojan-activity;sid:84101111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xerussploit/neverlose-loader/refs/heads/main/neverlose%20loader.exe"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238008/; classtype:trojan-activity;sid:84101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supfrezze/jtebez/master/dayum.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238009/; classtype:trojan-activity;sid:84101109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eluwnkaquxi/elcio/main/server1.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxrecxxil/syndicate/main/main.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238006/; classtype:trojan-activity;sid:84101106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biseo0/neue/raw/main/client-built.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237999/; classtype:trojan-activity;sid:84101099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspdasdksa2/callback/raw/main/client-built.exe"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237993/; classtype:trojan-activity;sid:84101093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5556.rar"; depth:9; endswith; nocase; http.host; content:"188.212.158.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; depth:43; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blank-c/blank-grabber/zip/refs/heads/main"; depth:42; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blank-c/blankobf/zip/refs/heads/v2"; depth:35; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soporte%5csoporteperfect.exe"; depth:29; endswith; nocase; http.host; content:"perfectperu.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237918/; classtype:trojan-activity;sid:84101018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/descargas/ammyy.exe"; depth:20; endswith; nocase; http.host; content:"soportegira.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237916/; classtype:trojan-activity;sid:84101016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1111111/aa_v3.5.exe"; depth:20; endswith; nocase; http.host; content:"180.150.240.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237910/; classtype:trojan-activity;sid:84101010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ammyadmin.exe"; depth:14; endswith; nocase; http.host; content:"arcloud.ru"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237911/; classtype:trojan-activity;sid:84101011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa_v3.exe"; depth:10; endswith; nocase; http.host; content:"artemka.spb.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237909/; classtype:trojan-activity;sid:84101009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa_v3.exe"; depth:10; endswith; nocase; http.host; content:"arcsystem.rodopibg.net"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237898/; classtype:trojan-activity;sid:84100998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/activia/aa_v3.exe"; depth:18; endswith; nocase; http.host; content:"sfa.com.ar"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/programs/aa_v3.5.exe"; depth:21; endswith; nocase; http.host; content:"monastery.mlnk.net"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237893/; classtype:trojan-activity;sid:84100993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa_v3.exe"; depth:10; endswith; nocase; http.host; content:"178.130.39.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237880/; classtype:trojan-activity;sid:84100980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa_v3.exe"; depth:10; endswith; nocase; http.host; content:"89.175.186.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237876/; classtype:trojan-activity;sid:84100976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/aa_v3.exe"; depth:19; endswith; nocase; http.host; content:"www.netsolution.it"; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237877/; classtype:trojan-activity;sid:84100977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joh81/exploi01/zip/refs/heads/main"; depth:35; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc0cps/s1/zip/refs/heads/main"; depth:31; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237859/; classtype:trojan-activity;sid:84100959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mariolalo/myrec/main/notallowedtocrypt.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237856/; classtype:trojan-activity;sid:84100956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yusuf216/sshport/main/evetbeta.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237855/; classtype:trojan-activity;sid:84100955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfedss/exe/main/solara_protect.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237823/; classtype:trojan-activity;sid:84100923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steve824/a/zip/refs/heads/main"; depth:31; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orospuccocugu/aaaaaa/main/anne.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237807/; classtype:trojan-activity;sid:84100907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vash0001/discord/main/discord2.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237806/; classtype:trojan-activity;sid:84100906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vash0001/discord/main/discord.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237794/; classtype:trojan-activity;sid:84100894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realmastercoder69/daww/main/loader.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237795/; classtype:trojan-activity;sid:84100895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jzmvip/jzmfreetool/main/asyncclient.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237796/; classtype:trojan-activity;sid:84100896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vash0001/discord/main/discord3.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237797/; classtype:trojan-activity;sid:84100897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackedmicheal/ccenty/main/crspoofer.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237798/; classtype:trojan-activity;sid:84100898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ducminh23/ddosv1/main/ddosziller.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237799/; classtype:trojan-activity;sid:84100899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h4ck3dv0d4/terminal-test/main/terminal_9235.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237800/; classtype:trojan-activity;sid:84100900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heysama/afsgdhzx/main/asyncclient.exe"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237801/; classtype:trojan-activity;sid:84100901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enonek/csdafewafaw/main/beamng.ui.exe"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237802/; classtype:trojan-activity;sid:84100902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krishnatherock9673/krishna22/main/krishna33.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237803/; classtype:trojan-activity;sid:84100903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dadeiu/codedpython4/main/python%203.10.10.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237804/; classtype:trojan-activity;sid:84100904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/langla.exe"; depth:11; endswith; nocase; http.host; content:"ser.nrovn.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237793/; classtype:trojan-activity;sid:84100893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heysama/afsgdhzx/raw/main/asyncclient.exe"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237792/; classtype:trojan-activity;sid:84100892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/num.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237780/; classtype:trojan-activity;sid:84100880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad8386/ad83868386/zip/refs/heads/main"; depth:38; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237738/; classtype:trojan-activity;sid:84100838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thebb5th/123/zip/refs/heads/main"; depth:33; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad8386/gs8868/zip/refs/heads/main"; depth:34; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237734/; classtype:trojan-activity;sid:84100834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad8386/dt68/zip/refs/heads/main"; depth:32; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237735/; classtype:trojan-activity;sid:84100835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earc"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237478/; classtype:trojan-activity;sid:84100578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ex86"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237480/; classtype:trojan-activity;sid:84100580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ai2_gwd-32v1ihs6akmqp1sw23zi2gdn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237461/; classtype:trojan-activity;sid:84100561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1soxumxee6rx3wzurgdmdfakfdmohvsoj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237458/; classtype:trojan-activity;sid:84100558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new.exe"; depth:8; endswith; nocase; http.host; content:"210.56.13.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237443/; classtype:trojan-activity;sid:84100543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/log.out"; depth:8; endswith; nocase; http.host; content:"47.103.44.184"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237385/; classtype:trojan-activity;sid:84100485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/kedadecoder.zip"; depth:25; endswith; nocase; http.host; content:"60.166.36.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236640/; classtype:trojan-activity;sid:84099740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/center.exe"; depth:11; endswith; nocase; http.host; content:"119.193.158.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/kedadecoder.zip"; depth:25; endswith; nocase; http.host; content:"153.37.77.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/kedadecoder.zip"; depth:25; endswith; nocase; http.host; content:"116.136.142.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f/f89/1174180.exe"; depth:18; endswith; nocase; http.host; content:"by.haory.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236524/; classtype:trojan-activity;sid:84099624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/never.hta"; depth:10; endswith; nocase; http.host; content:"210.56.13.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/cognac/smsinc.txt"; depth:37; endswith; nocase; http.host; content:"sbelegi.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236466/; classtype:trojan-activity;sid:84099566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/loader.bin"; depth:15; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236397/; classtype:trojan-activity;sid:84099497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/xwgl/xw_xxgl.exe"; depth:22; endswith; nocase; http.host; content:"data.yhydl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/xw_setup.exe"; depth:18; endswith; nocase; http.host; content:"data.yhydl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/yhy_setup.exe"; depth:19; endswith; nocase; http.host; content:"data.yhydl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/4001/updates/efatura/efatura.exe"; depth:42; endswith; nocase; http.host; content:"elisans.novayonetim.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dam/software/keygen.exe"; depth:24; endswith; nocase; http.host; content:"desquer.ens.uabc.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236317/; classtype:trojan-activity;sid:84099417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs-daili.exe"; depth:13; endswith; nocase; http.host; content:"dow.andylab.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236316/; classtype:trojan-activity;sid:84099416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipscan.exe"; depth:11; endswith; nocase; http.host; content:"file.edunet.ac"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgxt.rar"; depth:9; endswith; nocase; http.host; content:"dow.andylab.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236315/; classtype:trojan-activity;sid:84099415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirdll2.rar"; depth:12; endswith; nocase; http.host; content:"dow.andylab.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236313/; classtype:trojan-activity;sid:84099413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/datdll.rar"; depth:11; endswith; nocase; http.host; content:"dow.andylab.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236311/; classtype:trojan-activity;sid:84099411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1skilllauncher/1skilllauncher.exe"; depth:34; endswith; nocase; http.host; content:"147.50.240.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; depth:102; endswith; nocase; http.host; content:"hnjgdl.geps.glodon.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbyxsv3.94.exe"; depth:15; endswith; nocase; http.host; content:"www.beiletoys.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236238/; classtype:trojan-activity;sid:84099338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/natgo.exe"; depth:10; endswith; nocase; http.host; content:"dl.natgo.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/etermproxy.exe"; depth:24; endswith; nocase; http.host; content:"pid.fly160.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paonan.exe"; depth:11; endswith; nocase; http.host; content:"paonancs.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236235/; classtype:trojan-activity;sid:84099335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/datatools/datatools.exe"; depth:24; endswith; nocase; http.host; content:"42.193.42.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236234/; classtype:trojan-activity;sid:84099334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mvp.dll"; depth:8; endswith; nocase; http.host; content:"110.42.46.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236232/; classtype:trojan-activity;sid:84099332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp/iupdate.exe"; depth:16; endswith; nocase; http.host; content:"download.innovare.no"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236227/; classtype:trojan-activity;sid:84099327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdd_biaoge/soft/down.exe"; depth:25; endswith; nocase; http.host; content:"49.234.48.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ledgerupdater.exe"; depth:18; endswith; nocase; http.host; content:"176.113.115.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236220/; classtype:trojan-activity;sid:84099320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.229.174.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236185/; classtype:trojan-activity;sid:84099285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.229.174.144"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236160/; classtype:trojan-activity;sid:84099260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/17267811/stm.txt"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.220.12.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235976/; classtype:trojan-activity;sid:84099076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wwplqokahth8zevqzolw0ydvredepuhu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235743/; classtype:trojan-activity;sid:84098843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/randomvapeuser/vape-4.11/releases/download/crack/vape.v4.11.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235524/; classtype:trojan-activity;sid:84098624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xsh/update.exe"; depth:15; endswith; nocase; http.host; content:"101.126.11.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spoofer.exe"; depth:12; endswith; nocase; http.host; content:"45.141.26.180"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235088/; classtype:trojan-activity;sid:84098188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1_encoded.exe"; depth:14; endswith; nocase; http.host; content:"fish.hackbiji.cc"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235084/; classtype:trojan-activity;sid:84098184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libcurl.dll"; depth:12; endswith; nocase; http.host; content:"coach.028csc.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/worker.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235061/; classtype:trojan-activity;sid:84098161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babskai/vir-s/main/asyncclient.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234872/; classtype:trojan-activity;sid:84097972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.255.83.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234868/; classtype:trojan-activity;sid:84097968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crazycoach.exe"; depth:15; endswith; nocase; http.host; content:"coach.028csc.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.exe"; depth:12; endswith; nocase; http.host; content:"fish.hackbiji.cc"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234773/; classtype:trojan-activity;sid:84097873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.215.181"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234673/; classtype:trojan-activity;sid:84097773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/right_distribution.zip"; depth:23; endswith; nocase; http.host; content:"117.72.70.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234465/; classtype:trojan-activity;sid:84097565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/distribution.zip"; depth:17; endswith; nocase; http.host; content:"117.72.70.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234464/; classtype:trojan-activity;sid:84097564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xl_ext_chrome.crx"; depth:18; endswith; nocase; http.host; content:"117.72.70.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234462/; classtype:trojan-activity;sid:84097562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.pdf.lnk"; depth:13; endswith; nocase; http.host; content:"117.72.70.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234460/; classtype:trojan-activity;sid:84097560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/distribution.exe"; depth:17; endswith; nocase; http.host; content:"117.72.70.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234459/; classtype:trojan-activity;sid:84097559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protect_distribution.exe"; depth:25; endswith; nocase; http.host; content:"117.72.70.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234458/; classtype:trojan-activity;sid:84097558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transaction.pdf.lnk"; depth:20; endswith; nocase; http.host; content:"170.75.168.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233702/; classtype:trojan-activity;sid:84096802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"60.246.154.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233103/; classtype:trojan-activity;sid:84096203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"192.162.49.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233069/; classtype:trojan-activity;sid:84096169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/utility-inst.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232529/; classtype:trojan-activity;sid:84095629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/splwow64_1.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232530/; classtype:trojan-activity;sid:84095630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"113.250.188.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232419/; classtype:trojan-activity;sid:84095519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.98.174.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232406/; classtype:trojan-activity;sid:84095506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.98.174.154"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232407/; classtype:trojan-activity;sid:84095507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.196.237.171"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232401/; classtype:trojan-activity;sid:84095501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"152.32.202.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"123.58.220.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232389/; classtype:trojan-activity;sid:84095489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/session-https.exe"; depth:18; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3232090/; classtype:trojan-activity;sid:84095190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/session-http2.hta"; depth:18; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3232089/; classtype:trojan-activity;sid:84095189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231926/; classtype:trojan-activity;sid:84095026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16737801/wave.zip|3f|"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16419615/solara.zip"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.204.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231554/; classtype:trojan-activity;sid:84094654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/4.exe"; depth:12; endswith; nocase; http.host; content:"103.130.147.211"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231419/; classtype:trojan-activity;sid:84094519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.230.38.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231212/; classtype:trojan-activity;sid:84094312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrp.exe"; depth:9; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231110/; classtype:trojan-activity;sid:84094210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.13.91.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231040/; classtype:trojan-activity;sid:84094140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drhbntdenedrhn/2.jpg"; depth:21; endswith; nocase; http.host; content:"odoo.kseibitools.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230704/; classtype:trojan-activity;sid:84093804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drhbntdenedrhn/rainbow.jpg"; depth:27; endswith; nocase; http.host; content:"odoo.kseibitools.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230703/; classtype:trojan-activity;sid:84093803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"42.192.195.221"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230278/; classtype:trojan-activity;sid:84093378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.223.218.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230281/; classtype:trojan-activity;sid:84093381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.96.106.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230282/; classtype:trojan-activity;sid:84093382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.125.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230237/; classtype:trojan-activity;sid:84093337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.92.86.239"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230239/; classtype:trojan-activity;sid:84093339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.3.3"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230243/; classtype:trojan-activity;sid:84093343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ijhnoiitqa0hrwlfr2mhhvqblxgdhtgu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229769/; classtype:trojan-activity;sid:84092869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ozdthulbtwmm7hlrgxef2zxqrysbu6c2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229768/; classtype:trojan-activity;sid:84092868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.215.113.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229665/; classtype:trojan-activity;sid:84092765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mark/def.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.205"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229668/; classtype:trojan-activity;sid:84092768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parthmodi152/web3-coding-challenge/zip/refs/heads/main"; depth:55; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229632/; classtype:trojan-activity;sid:84092732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; depth:46; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.ps1"; depth:9; endswith; nocase; http.host; content:"8.209.212.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228806/; classtype:trojan-activity;sid:84091906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/inject_space.ps1"; depth:22; endswith; nocase; http.host; content:"8.209.212.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228807/; classtype:trojan-activity;sid:84091907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/final_mass.ps1"; depth:20; endswith; nocase; http.host; content:"8.209.212.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228804/; classtype:trojan-activity;sid:84091904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/encoded.txt"; depth:12; endswith; nocase; http.host; content:"8.209.212.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228805/; classtype:trojan-activity;sid:84091905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/encoded.ps1"; depth:17; endswith; nocase; http.host; content:"8.209.212.26"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228803/; classtype:trojan-activity;sid:84091903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winassist/login/login.7z"; depth:25; endswith; nocase; http.host; content:"win.down.55kantu.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.0.199.8"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228367/; classtype:trojan-activity;sid:84091467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel_softfloat"; depth:23; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228368/; classtype:trojan-activity;sid:84091468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228365/; classtype:trojan-activity;sid:84091465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228366/; classtype:trojan-activity;sid:84091466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228363/; classtype:trojan-activity;sid:84091463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64_softfloat"; depth:23; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228364/; classtype:trojan-activity;sid:84091464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el_softfloat"; depth:25; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228362/; classtype:trojan-activity;sid:84091462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228361/; classtype:trojan-activity;sid:84091461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228360/; classtype:trojan-activity;sid:84091460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64el"; depth:14; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228359/; classtype:trojan-activity;sid:84091459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64"; depth:12; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228358/; classtype:trojan-activity;sid:84091458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm64"; depth:12; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228356/; classtype:trojan-activity;sid:84091456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228357/; classtype:trojan-activity;sid:84091457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228355/; classtype:trojan-activity;sid:84091455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228354/; classtype:trojan-activity;sid:84091454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips_softfloat"; depth:21; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228353/; classtype:trojan-activity;sid:84091453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"154.12.82.11"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228352/; classtype:trojan-activity;sid:84091452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/devmgmt.dll"; depth:12; endswith; nocase; http.host; content:"43.241.17.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226957/; classtype:trojan-activity;sid:84090057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/second.dll"; depth:11; endswith; nocase; http.host; content:"43.241.17.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226761/; classtype:trojan-activity;sid:84089861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unmysqld.sh"; depth:12; endswith; nocase; http.host; content:"47.238.84.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226551/; classtype:trojan-activity;sid:84089651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mariadb.sh"; depth:11; endswith; nocase; http.host; content:"47.238.84.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226552/; classtype:trojan-activity;sid:84089652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.252.86.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225936/; classtype:trojan-activity;sid:84089036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.70.238.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.23.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225930/; classtype:trojan-activity;sid:84089030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.204.104.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225917/; classtype:trojan-activity;sid:84089017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thebig/stail.exe"; depth:17; endswith; nocase; http.host; content:"176.113.115.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3225465/; classtype:trojan-activity;sid:84088565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32/items/detah-note-v_202410/detahnote_v.jpg"; depth:45; endswith; nocase; http.host; content:"ia600102.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224782/; classtype:trojan-activity;sid:84087882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installsetup.exe"; depth:17; endswith; nocase; http.host; content:"176.113.115.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224762/; classtype:trojan-activity;sid:84087862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/screenupdatesync.exe"; depth:21; endswith; nocase; http.host; content:"176.113.115.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224579/; classtype:trojan-activity;sid:84087679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/unit.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224313/; classtype:trojan-activity;sid:84087413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bildnewl.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3224192/; classtype:trojan-activity;sid:84087292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/loadnew.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223989/; classtype:trojan-activity;sid:84087089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/session.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223808/; classtype:trojan-activity;sid:84086908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meeting-https.exe"; depth:18; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223739/; classtype:trojan-activity;sid:84086839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension-http.exe"; depth:19; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223708/; classtype:trojan-activity;sid:84086808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/journal-https.exe"; depth:18; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223686/; classtype:trojan-activity;sid:84086786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/broadcomretest.exe"; depth:19; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223573/; classtype:trojan-activity;sid:84086673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prototype-https.exe"; depth:20; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223472/; classtype:trojan-activity;sid:84086572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intercepter-ng.zip"; depth:19; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223377/; classtype:trojan-activity;sid:84086477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transfer.zip"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223354/; classtype:trojan-activity;sid:84086454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/journal-http.hta"; depth:17; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223285/; classtype:trojan-activity;sid:84086385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/excel-https.exe"; depth:16; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223220/; classtype:trojan-activity;sid:84086320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/excel-http.exe"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223169/; classtype:trojan-activity;sid:84086269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prototype-tcp.exe"; depth:18; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223170/; classtype:trojan-activity;sid:84086270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension-tcp.exe"; depth:18; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223171/; classtype:trojan-activity;sid:84086271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meeting-http.exe"; depth:17; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223174/; classtype:trojan-activity;sid:84086274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.106.74.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218143/; classtype:trojan-activity;sid:84081243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.207.216.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.106.101.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.216.139.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218031/; classtype:trojan-activity;sid:84081131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.90.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218018/; classtype:trojan-activity;sid:84081118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218019/; classtype:trojan-activity;sid:84081119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218020/; classtype:trojan-activity;sid:84081120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.90.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218021/; classtype:trojan-activity;sid:84081121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.3.211.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.56.191.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218023/; classtype:trojan-activity;sid:84081123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.92.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218024/; classtype:trojan-activity;sid:84081124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.113.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218026/; classtype:trojan-activity;sid:84081126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.216.139.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218027/; classtype:trojan-activity;sid:84081127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.2.45.132"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218028/; classtype:trojan-activity;sid:84081128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"107.145.144.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218004/; classtype:trojan-activity;sid:84081104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.113.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218005/; classtype:trojan-activity;sid:84081105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.113.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218006/; classtype:trojan-activity;sid:84081106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.247.101.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.113.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218008/; classtype:trojan-activity;sid:84081108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.207.217.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218010/; classtype:trojan-activity;sid:84081110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.76.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218014/; classtype:trojan-activity;sid:84081114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218017/; classtype:trojan-activity;sid:84081117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218002/; classtype:trojan-activity;sid:84081102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218003/; classtype:trojan-activity;sid:84081103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"213.96.13.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.239.74.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217811/; classtype:trojan-activity;sid:84080911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.90.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217809/; classtype:trojan-activity;sid:84080909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"105.184.123.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217805/; classtype:trojan-activity;sid:84080905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217785/; classtype:trojan-activity;sid:84080885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217786/; classtype:trojan-activity;sid:84080886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"93.122.182.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217789/; classtype:trojan-activity;sid:84080889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.239.84.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217791/; classtype:trojan-activity;sid:84080891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.90.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217792/; classtype:trojan-activity;sid:84080892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"200.232.246.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217793/; classtype:trojan-activity;sid:84080893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.91.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217795/; classtype:trojan-activity;sid:84080895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.40.48.95"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217798/; classtype:trojan-activity;sid:84080898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.239.84.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217799/; classtype:trojan-activity;sid:84080899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"85.130.160.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"89.35.233.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217784/; classtype:trojan-activity;sid:84080884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.203.169.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.92.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217781/; classtype:trojan-activity;sid:84080881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.66.108.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217782/; classtype:trojan-activity;sid:84080882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"83.87.117.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217763/; classtype:trojan-activity;sid:84080863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.90.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217764/; classtype:trojan-activity;sid:84080864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.90.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217765/; classtype:trojan-activity;sid:84080865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"194.144.250.22"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217768/; classtype:trojan-activity;sid:84080868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217770/; classtype:trojan-activity;sid:84080870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.191.89.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217776/; classtype:trojan-activity;sid:84080876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.179.254.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217777/; classtype:trojan-activity;sid:84080877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"62.221.155.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217778/; classtype:trojan-activity;sid:84080878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"89.35.233.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217754/; classtype:trojan-activity;sid:84080854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.106.155.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217759/; classtype:trojan-activity;sid:84080859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217749/; classtype:trojan-activity;sid:84080849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"84.198.247.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217746/; classtype:trojan-activity;sid:84080846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.171.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217733/; classtype:trojan-activity;sid:84080833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.191.89.127"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217734/; classtype:trojan-activity;sid:84080834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.119.237.71"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217735/; classtype:trojan-activity;sid:84080835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.136.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217736/; classtype:trojan-activity;sid:84080836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"200.232.246.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217737/; classtype:trojan-activity;sid:84080837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.223.106.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217738/; classtype:trojan-activity;sid:84080838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.203.169.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"125.175.66.59"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217743/; classtype:trojan-activity;sid:84080843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217713/; classtype:trojan-activity;sid:84080813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.91.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217715/; classtype:trojan-activity;sid:84080815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217716/; classtype:trojan-activity;sid:84080816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"89.35.233.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.239.84.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217725/; classtype:trojan-activity;sid:84080825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217728/; classtype:trojan-activity;sid:84080828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.239.84.156"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217730/; classtype:trojan-activity;sid:84080830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"89.35.233.220"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217710/; classtype:trojan-activity;sid:84080810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.46.47.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217711/; classtype:trojan-activity;sid:84080811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.88.92.150"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217701/; classtype:trojan-activity;sid:84080801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"124.19.79.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217702/; classtype:trojan-activity;sid:84080802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.200.178.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217699/; classtype:trojan-activity;sid:84080799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.200.178.82"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217700/; classtype:trojan-activity;sid:84080800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.183.103.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217697/; classtype:trojan-activity;sid:84080797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.200.177.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217698/; classtype:trojan-activity;sid:84080798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.200.177.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217691/; classtype:trojan-activity;sid:84080791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.183.103.221"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217692/; classtype:trojan-activity;sid:84080792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.200.177.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217694/; classtype:trojan-activity;sid:84080794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.209.68.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217695/; classtype:trojan-activity;sid:84080795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"213.96.13.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.43.16.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.45.183.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.45.183.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.41.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217678/; classtype:trojan-activity;sid:84080778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.26.209.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217679/; classtype:trojan-activity;sid:84080779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"213.96.13.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.76.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217666/; classtype:trojan-activity;sid:84080766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.76.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217667/; classtype:trojan-activity;sid:84080767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.12.184.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"206.204.128.37"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217672/; classtype:trojan-activity;sid:84080772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.191.89.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.26.194.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217661/; classtype:trojan-activity;sid:84080761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.41.80"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217662/; classtype:trojan-activity;sid:84080762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.161.46.168"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217634/; classtype:trojan-activity;sid:84080734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.161.6.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.224.190.45"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217640/; classtype:trojan-activity;sid:84080740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.147.165.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217623/; classtype:trojan-activity;sid:84080723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.147.165.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217624/; classtype:trojan-activity;sid:84080724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.171.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217627/; classtype:trojan-activity;sid:84080727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"94.40.25.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trial.bat"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217595/; classtype:trojan-activity;sid:84080695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.212.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e4%bf%ae%e6%94%b9%e6%97%b6%e9%97%b4%e6%a0%bc%e5%bc%8f.bat"; depth:59; endswith; nocase; http.host; content:"47.94.196.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217470/; classtype:trojan-activity;sid:84080570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.118.215.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.212.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217403/; classtype:trojan-activity;sid:84080503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217372/; classtype:trojan-activity;sid:84080472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.147.165.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217367/; classtype:trojan-activity;sid:84080467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.158.95.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217144/; classtype:trojan-activity;sid:84080244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.144.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217124/; classtype:trojan-activity;sid:84080224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.147.119.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217126/; classtype:trojan-activity;sid:84080226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.241.19.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.110.206.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217129/; classtype:trojan-activity;sid:84080229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.81.127.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217130/; classtype:trojan-activity;sid:84080230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.20.51.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217132/; classtype:trojan-activity;sid:84080232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.31.135.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217133/; classtype:trojan-activity;sid:84080233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.43.228.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.15.239.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.254.255.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.105.196.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217139/; classtype:trojan-activity;sid:84080239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.109.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217121/; classtype:trojan-activity;sid:84080221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.149.81.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217122/; classtype:trojan-activity;sid:84080222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.174.152.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217119/; classtype:trojan-activity;sid:84080219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.49.18.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217120/; classtype:trojan-activity;sid:84080220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"86.61.70.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217117/; classtype:trojan-activity;sid:84080217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.90.206.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217112/; classtype:trojan-activity;sid:84080212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.89.11.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217115/; classtype:trojan-activity;sid:84080215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.174.32.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217116/; classtype:trojan-activity;sid:84080216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.185.119.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"193.95.254.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217093/; classtype:trojan-activity;sid:84080193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.223.60.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217095/; classtype:trojan-activity;sid:84080195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.209.184.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217096/; classtype:trojan-activity;sid:84080196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.133.95.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.238.209.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.51.180.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217100/; classtype:trojan-activity;sid:84080200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.188.216.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217101/; classtype:trojan-activity;sid:84080201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217102/; classtype:trojan-activity;sid:84080202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.189.254.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217106/; classtype:trojan-activity;sid:84080206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.249.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.116.68.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.166.197.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217111/; classtype:trojan-activity;sid:84080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.65.205.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217080/; classtype:trojan-activity;sid:84080180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.103.100.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217081/; classtype:trojan-activity;sid:84080181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.101.239.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217082/; classtype:trojan-activity;sid:84080182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.237.174.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217085/; classtype:trojan-activity;sid:84080185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.173.173.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217086/; classtype:trojan-activity;sid:84080186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.252.8.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217087/; classtype:trojan-activity;sid:84080187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.139.153.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217089/; classtype:trojan-activity;sid:84080189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.251.5.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.89.178.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217079/; classtype:trojan-activity;sid:84080179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.72.19.113"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217067/; classtype:trojan-activity;sid:84080167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.86.123.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217068/; classtype:trojan-activity;sid:84080168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.119.95.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.106.221.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217070/; classtype:trojan-activity;sid:84080170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.233.59.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217071/; classtype:trojan-activity;sid:84080171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.135.142.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217072/; classtype:trojan-activity;sid:84080172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.22.237.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217074/; classtype:trojan-activity;sid:84080174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.237.157.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217045/; classtype:trojan-activity;sid:84080145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"167.250.193.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217046/; classtype:trojan-activity;sid:84080146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.189.56.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217047/; classtype:trojan-activity;sid:84080147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.249.52.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217048/; classtype:trojan-activity;sid:84080148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.203.89.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.99.218.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217050/; classtype:trojan-activity;sid:84080150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.187.7.29"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217052/; classtype:trojan-activity;sid:84080152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.64.202.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217053/; classtype:trojan-activity;sid:84080153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.57.121.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217054/; classtype:trojan-activity;sid:84080154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.4.110.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217055/; classtype:trojan-activity;sid:84080155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.101.81.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217056/; classtype:trojan-activity;sid:84080156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"193.106.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217058/; classtype:trojan-activity;sid:84080158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.103.63.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217060/; classtype:trojan-activity;sid:84080160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217061/; classtype:trojan-activity;sid:84080161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"151.237.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.69.219.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217066/; classtype:trojan-activity;sid:84080166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"62.73.121.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217040/; classtype:trojan-activity;sid:84080140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.192.78.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217043/; classtype:trojan-activity;sid:84080143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.41.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"87.197.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.170.222.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217034/; classtype:trojan-activity;sid:84080134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.172.187.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.7.27.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.83.178.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217031/; classtype:trojan-activity;sid:84080131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.230.158.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"156.155.176.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.30.245.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217008/; classtype:trojan-activity;sid:84080108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.94.245.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217012/; classtype:trojan-activity;sid:84080112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.19.183.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217014/; classtype:trojan-activity;sid:84080114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.209.184.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217015/; classtype:trojan-activity;sid:84080115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.25.133.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217017/; classtype:trojan-activity;sid:84080117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.234.151.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217018/; classtype:trojan-activity;sid:84080118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.155.93.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217019/; classtype:trojan-activity;sid:84080119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.123.142.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217021/; classtype:trojan-activity;sid:84080121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"62.162.113.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"194.183.186.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217024/; classtype:trojan-activity;sid:84080124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.190.70.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217025/; classtype:trojan-activity;sid:84080125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.46.255.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217026/; classtype:trojan-activity;sid:84080126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.241.77.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.58.21.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217002/; classtype:trojan-activity;sid:84080102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.5.50.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.253.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.29.152.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217005/; classtype:trojan-activity;sid:84080105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.70.0.22"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216999/; classtype:trojan-activity;sid:84080099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.79.48.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216995/; classtype:trojan-activity;sid:84080095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.254.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216966/; classtype:trojan-activity;sid:84080066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.94.29.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216968/; classtype:trojan-activity;sid:84080068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.145.123.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.0.4.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216970/; classtype:trojan-activity;sid:84080070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.92.94.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216973/; classtype:trojan-activity;sid:84080073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.250.160.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.153.80.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.94.100.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216976/; classtype:trojan-activity;sid:84080076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.155.92.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.245.112.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216980/; classtype:trojan-activity;sid:84080080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.75.32.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216982/; classtype:trojan-activity;sid:84080082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.57.33.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.139.18.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216984/; classtype:trojan-activity;sid:84080084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.253.115.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.119.151.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216987/; classtype:trojan-activity;sid:84080087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.160.128.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.210.27.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216960/; classtype:trojan-activity;sid:84080060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.118.112.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.90.207.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.73.75.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216963/; classtype:trojan-activity;sid:84080063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.235.33.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216965/; classtype:trojan-activity;sid:84080065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.248.23.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216958/; classtype:trojan-activity;sid:84080058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"208.68.68.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216959/; classtype:trojan-activity;sid:84080059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.4.124.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.64.182.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216951/; classtype:trojan-activity;sid:84080051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.107.78.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216952/; classtype:trojan-activity;sid:84080052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.185.127.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216953/; classtype:trojan-activity;sid:84080053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.227.118.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216955/; classtype:trojan-activity;sid:84080055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.248.145.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216923/; classtype:trojan-activity;sid:84080023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"173.26.114.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216928/; classtype:trojan-activity;sid:84080028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.253.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216930/; classtype:trojan-activity;sid:84080030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.93.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216932/; classtype:trojan-activity;sid:84080032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.118.121.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216933/; classtype:trojan-activity;sid:84080033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.90.207.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.211.252.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216937/; classtype:trojan-activity;sid:84080037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.128.231.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216938/; classtype:trojan-activity;sid:84080038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.252.114.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216942/; classtype:trojan-activity;sid:84080042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.7.160.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.164.200.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.2.23.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216946/; classtype:trojan-activity;sid:84080046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.153.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216947/; classtype:trojan-activity;sid:84080047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"206.214.35.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216917/; classtype:trojan-activity;sid:84080017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.92.98.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216919/; classtype:trojan-activity;sid:84080019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.107.239.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216920/; classtype:trojan-activity;sid:84080020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.253.126.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216913/; classtype:trojan-activity;sid:84080013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"146.196.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216890/; classtype:trojan-activity;sid:84079990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.190.20.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216891/; classtype:trojan-activity;sid:84079991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.87.223.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.131.244.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216894/; classtype:trojan-activity;sid:84079994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.195.141.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216895/; classtype:trojan-activity;sid:84079995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"191.103.217.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216896/; classtype:trojan-activity;sid:84079996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.218.42.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216897/; classtype:trojan-activity;sid:84079997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.127.105.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216899/; classtype:trojan-activity;sid:84079999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.94.219.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.209.107.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216902/; classtype:trojan-activity;sid:84080002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.216.164.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216903/; classtype:trojan-activity;sid:84080003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"151.236.247.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.23.192.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216909/; classtype:trojan-activity;sid:84080009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.130.70.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216910/; classtype:trojan-activity;sid:84080010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.125.163.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"193.189.188.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216879/; classtype:trojan-activity;sid:84079979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.67.251.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216880/; classtype:trojan-activity;sid:84079980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.117.197.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216881/; classtype:trojan-activity;sid:84079981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.232.241.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216882/; classtype:trojan-activity;sid:84079982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.43.6.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216884/; classtype:trojan-activity;sid:84079984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.247.68.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216885/; classtype:trojan-activity;sid:84079985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.224.162.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.236.126.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216888/; classtype:trojan-activity;sid:84079988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.193.21.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216876/; classtype:trojan-activity;sid:84079976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"197.159.8.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216872/; classtype:trojan-activity;sid:84079972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.204.177.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216850/; classtype:trojan-activity;sid:84079950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.246.106.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216853/; classtype:trojan-activity;sid:84079953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.131.234.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.41.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216855/; classtype:trojan-activity;sid:84079955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.184.179.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216856/; classtype:trojan-activity;sid:84079956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.59.103.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216859/; classtype:trojan-activity;sid:84079959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.187.82.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.38.241.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216861/; classtype:trojan-activity;sid:84079961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.15.85.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216862/; classtype:trojan-activity;sid:84079962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.200.63.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216863/; classtype:trojan-activity;sid:84079963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.72.199.205"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216865/; classtype:trojan-activity;sid:84079965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.52.86.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216867/; classtype:trojan-activity;sid:84079967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.59.90.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216868/; classtype:trojan-activity;sid:84079968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.199.144.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216869/; classtype:trojan-activity;sid:84079969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.165.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.242.106.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216842/; classtype:trojan-activity;sid:84079942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.151.34.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216845/; classtype:trojan-activity;sid:84079945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.215.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.158.175.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216849/; classtype:trojan-activity;sid:84079949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"146.196.120.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216837/; classtype:trojan-activity;sid:84079937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.254.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216830/; classtype:trojan-activity;sid:84079930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.112.93.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216831/; classtype:trojan-activity;sid:84079931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.119.87.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216833/; classtype:trojan-activity;sid:84079933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.52.48.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216805/; classtype:trojan-activity;sid:84079905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.16.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216808/; classtype:trojan-activity;sid:84079908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.147.225.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.120.98.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216810/; classtype:trojan-activity;sid:84079910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"134.249.141.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.74.207.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.242.50.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216814/; classtype:trojan-activity;sid:84079914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.84.143.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216816/; classtype:trojan-activity;sid:84079916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.222.45.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216817/; classtype:trojan-activity;sid:84079917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.118.104.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216818/; classtype:trojan-activity;sid:84079918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.143.114.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.186.82.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216822/; classtype:trojan-activity;sid:84079922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.179.203.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"210.4.69.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216825/; classtype:trojan-activity;sid:84079925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.93.53.193"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216826/; classtype:trojan-activity;sid:84079926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"70.166.89.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216827/; classtype:trojan-activity;sid:84079927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.103.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216828/; classtype:trojan-activity;sid:84079928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.160.87.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.19.172.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216804/; classtype:trojan-activity;sid:84079904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"138.19.251.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216799/; classtype:trojan-activity;sid:84079899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.125.8.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216790/; classtype:trojan-activity;sid:84079890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"217.11.75.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216793/; classtype:trojan-activity;sid:84079893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.154.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.192.22.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.97.185.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216776/; classtype:trojan-activity;sid:84079876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.148.163.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216777/; classtype:trojan-activity;sid:84079877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.118.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216778/; classtype:trojan-activity;sid:84079878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.247.206.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216779/; classtype:trojan-activity;sid:84079879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.96.214.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216780/; classtype:trojan-activity;sid:84079880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"138.186.156.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216781/; classtype:trojan-activity;sid:84079881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.16.188.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216782/; classtype:trojan-activity;sid:84079882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.97.137.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216784/; classtype:trojan-activity;sid:84079884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.69.88.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216785/; classtype:trojan-activity;sid:84079885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"86.101.187.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216786/; classtype:trojan-activity;sid:84079886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.93.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216787/; classtype:trojan-activity;sid:84079887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.29.162.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216788/; classtype:trojan-activity;sid:84079888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.70.204.249"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216767/; classtype:trojan-activity;sid:84079867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.97.185.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216770/; classtype:trojan-activity;sid:84079870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.231.14.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"168.228.6.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216773/; classtype:trojan-activity;sid:84079873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.70.238.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216775/; classtype:trojan-activity;sid:84079875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.7.209.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.74.29.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216764/; classtype:trojan-activity;sid:84079864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.247.163.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216754/; classtype:trojan-activity;sid:84079854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.70.207.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216755/; classtype:trojan-activity;sid:84079855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.170.203.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.35.34.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216745/; classtype:trojan-activity;sid:84079845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.230.153.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216747/; classtype:trojan-activity;sid:84079847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.254.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216748/; classtype:trojan-activity;sid:84079848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.51.191.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216749/; classtype:trojan-activity;sid:84079849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.92.143.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.211.169.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216729/; classtype:trojan-activity;sid:84079829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"197.155.64.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216730/; classtype:trojan-activity;sid:84079830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.224.243.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216731/; classtype:trojan-activity;sid:84079831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.124.33.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216732/; classtype:trojan-activity;sid:84079832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.127.112.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216733/; classtype:trojan-activity;sid:84079833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"209.124.105.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216734/; classtype:trojan-activity;sid:84079834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"154.0.129.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216735/; classtype:trojan-activity;sid:84079835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.187.118.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216736/; classtype:trojan-activity;sid:84079836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.147.127.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216737/; classtype:trojan-activity;sid:84079837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.77.74.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216740/; classtype:trojan-activity;sid:84079840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.234.186.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216741/; classtype:trojan-activity;sid:84079841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"87.197.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.217.148.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216743/; classtype:trojan-activity;sid:84079843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.29.19.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216744/; classtype:trojan-activity;sid:84079844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.43.59.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216721/; classtype:trojan-activity;sid:84079821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.57.69.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.190.76.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216723/; classtype:trojan-activity;sid:84079823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.34.7.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.81.156.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"210.4.70.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216727/; classtype:trojan-activity;sid:84079827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.116.62.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216719/; classtype:trojan-activity;sid:84079819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.214.56.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216720/; classtype:trojan-activity;sid:84079820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.38.241.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216711/; classtype:trojan-activity;sid:84079811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.138.68.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216713/; classtype:trojan-activity;sid:84079813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.172.170.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216714/; classtype:trojan-activity;sid:84079814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.211.135.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.135.26.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216704/; classtype:trojan-activity;sid:84079804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.77.128.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216706/; classtype:trojan-activity;sid:84079806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.0.136.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216707/; classtype:trojan-activity;sid:84079807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"154.66.125.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216708/; classtype:trojan-activity;sid:84079808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.92.207.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216709/; classtype:trojan-activity;sid:84079809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.142.114.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216678/; classtype:trojan-activity;sid:84079778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.42.121.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216680/; classtype:trojan-activity;sid:84079780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"158.181.34.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216681/; classtype:trojan-activity;sid:84079781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.151.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.97.185.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216683/; classtype:trojan-activity;sid:84079783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.147.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216684/; classtype:trojan-activity;sid:84079784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.151.56.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.119.193.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216686/; classtype:trojan-activity;sid:84079786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.188.215.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216687/; classtype:trojan-activity;sid:84079787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.218.189.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.141.241.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216689/; classtype:trojan-activity;sid:84079789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.85.176.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.210.35.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216691/; classtype:trojan-activity;sid:84079791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"130.185.229.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216692/; classtype:trojan-activity;sid:84079792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.151.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216694/; classtype:trojan-activity;sid:84079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.120.28.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216695/; classtype:trojan-activity;sid:84079795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.129.106.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.128.81.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216698/; classtype:trojan-activity;sid:84079798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.198.199.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216703/; classtype:trojan-activity;sid:84079803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.36.25.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216675/; classtype:trojan-activity;sid:84079775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.100.63.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216676/; classtype:trojan-activity;sid:84079776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"217.169.63.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216677/; classtype:trojan-activity;sid:84079777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.214.56.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216672/; classtype:trojan-activity;sid:84079772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.141.182.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216674/; classtype:trojan-activity;sid:84079774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.232.94.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216671/; classtype:trojan-activity;sid:84079771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.28.58.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.82.211.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216648/; classtype:trojan-activity;sid:84079748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.53.164.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.137.36.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"63.78.214.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.234.253.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216655/; classtype:trojan-activity;sid:84079755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.150.253.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216656/; classtype:trojan-activity;sid:84079756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.111.30.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216657/; classtype:trojan-activity;sid:84079757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.236.46.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216658/; classtype:trojan-activity;sid:84079758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.255.17.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216660/; classtype:trojan-activity;sid:84079760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.39.146.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216662/; classtype:trojan-activity;sid:84079762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.100.50.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216663/; classtype:trojan-activity;sid:84079763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.140.176.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216665/; classtype:trojan-activity;sid:84079765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.223.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216666/; classtype:trojan-activity;sid:84079766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.213.121.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216667/; classtype:trojan-activity;sid:84079767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.5.61.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.67.115.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216642/; classtype:trojan-activity;sid:84079742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.190.109.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216644/; classtype:trojan-activity;sid:84079744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.237.174.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216645/; classtype:trojan-activity;sid:84079745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.253.205.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.206.226.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216647/; classtype:trojan-activity;sid:84079747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.147.93.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216637/; classtype:trojan-activity;sid:84079737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.204.58.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216634/; classtype:trojan-activity;sid:84079734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.156.46.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.169.136.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216632/; classtype:trojan-activity;sid:84079732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"154.0.129.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216626/; classtype:trojan-activity;sid:84079726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.160.102.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.58.83.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216630/; classtype:trojan-activity;sid:84079730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"194.208.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216606/; classtype:trojan-activity;sid:84079706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.247.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"217.218.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216608/; classtype:trojan-activity;sid:84079708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"174.7.42.250"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216609/; classtype:trojan-activity;sid:84079709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.188.254.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216611/; classtype:trojan-activity;sid:84079711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.200.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216613/; classtype:trojan-activity;sid:84079713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.153.22.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216614/; classtype:trojan-activity;sid:84079714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.10.211.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216615/; classtype:trojan-activity;sid:84079715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.233.158.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216617/; classtype:trojan-activity;sid:84079717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.95.14.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216619/; classtype:trojan-activity;sid:84079719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.15.254.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216621/; classtype:trojan-activity;sid:84079721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.105.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216622/; classtype:trojan-activity;sid:84079722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"136.169.119.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216624/; classtype:trojan-activity;sid:84079724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.204.218.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216625/; classtype:trojan-activity;sid:84079725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.6.74.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.233.63.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.18.223.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216602/; classtype:trojan-activity;sid:84079702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.186.54.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.7.20.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216604/; classtype:trojan-activity;sid:84079704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.122.28.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216597/; classtype:trojan-activity;sid:84079697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.49.0.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.230.159.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216596/; classtype:trojan-activity;sid:84079696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"62.169.235.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216593/; classtype:trojan-activity;sid:84079693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.159.74.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.92.181.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216595/; classtype:trojan-activity;sid:84079695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.237.172.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216589/; classtype:trojan-activity;sid:84079689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.137.36.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216591/; classtype:trojan-activity;sid:84079691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"151.248.56.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.189.125.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216574/; classtype:trojan-activity;sid:84079674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.129.2.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216576/; classtype:trojan-activity;sid:84079676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.2.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.77.228.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.91.236.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.255.163.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216585/; classtype:trojan-activity;sid:84079685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"14.200.203.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216588/; classtype:trojan-activity;sid:84079688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.180.9.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.29.14.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.170.112.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216556/; classtype:trojan-activity;sid:84079656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.170.116.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.92.188.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216558/; classtype:trojan-activity;sid:84079658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.46.170.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.9.34.78"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216560/; classtype:trojan-activity;sid:84079660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.164.252.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216562/; classtype:trojan-activity;sid:84079662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.221.111.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.30.85.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216565/; classtype:trojan-activity;sid:84079665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.200.63.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216567/; classtype:trojan-activity;sid:84079667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.251.68.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216568/; classtype:trojan-activity;sid:84079668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.129.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"75.183.98.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216551/; classtype:trojan-activity;sid:84079651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.161.217.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216550/; classtype:trojan-activity;sid:84079650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.115.254.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216547/; classtype:trojan-activity;sid:84079647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.242.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.151.163.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216538/; classtype:trojan-activity;sid:84079638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.246.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216539/; classtype:trojan-activity;sid:84079639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.0.69.42"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216540/; classtype:trojan-activity;sid:84079640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.43.80.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216541/; classtype:trojan-activity;sid:84079641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.74.144.229"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216542/; classtype:trojan-activity;sid:84079642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"86.101.187.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216543/; classtype:trojan-activity;sid:84079643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.224.100.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216545/; classtype:trojan-activity;sid:84079645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.52.111.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216546/; classtype:trojan-activity;sid:84079646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.143.124.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216512/; classtype:trojan-activity;sid:84079612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.247.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216513/; classtype:trojan-activity;sid:84079613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.213.157.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216514/; classtype:trojan-activity;sid:84079614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.204.104.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216516/; classtype:trojan-activity;sid:84079616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.147.132.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216518/; classtype:trojan-activity;sid:84079618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.4.44.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216519/; classtype:trojan-activity;sid:84079619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.160.56.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.150.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216527/; classtype:trojan-activity;sid:84079627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.210.217.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216531/; classtype:trojan-activity;sid:84079631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.28.58.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.61.103.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216534/; classtype:trojan-activity;sid:84079634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.63.242.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216535/; classtype:trojan-activity;sid:84079635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.1.157.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.202.49.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.225.186.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216510/; classtype:trojan-activity;sid:84079610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"93.175.223.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216507/; classtype:trojan-activity;sid:84079607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"90.140.13.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216506/; classtype:trojan-activity;sid:84079606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.180.35.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216503/; classtype:trojan-activity;sid:84079603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.185.229.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216504/; classtype:trojan-activity;sid:84079604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.80.244.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.78.75.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216481/; classtype:trojan-activity;sid:84079581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.22.48.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216484/; classtype:trojan-activity;sid:84079584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.90.207.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216485/; classtype:trojan-activity;sid:84079585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.181.166.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.11.216.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216489/; classtype:trojan-activity;sid:84079589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.26.81.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.191.123.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216492/; classtype:trojan-activity;sid:84079592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.202.220.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216495/; classtype:trojan-activity;sid:84079595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.12.6.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"174.78.254.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216497/; classtype:trojan-activity;sid:84079597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.108.167"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216498/; classtype:trojan-activity;sid:84079598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.252.66.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216499/; classtype:trojan-activity;sid:84079599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.101.191.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216500/; classtype:trojan-activity;sid:84079600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.21.223.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.227.118.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.29.147.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216469/; classtype:trojan-activity;sid:84079569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.109.223.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.186.54.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.246.154.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216472/; classtype:trojan-activity;sid:84079572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.124.61.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216475/; classtype:trojan-activity;sid:84079575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.133.214.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.69.88.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216468/; classtype:trojan-activity;sid:84079568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.237.250.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216464/; classtype:trojan-activity;sid:84079564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.227.118.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216465/; classtype:trojan-activity;sid:84079565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.231.226.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"223.247.198.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216457/; classtype:trojan-activity;sid:84079557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"121.43.104.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"123.235.29.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216452/; classtype:trojan-activity;sid:84079552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"180.167.115.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216450/; classtype:trojan-activity;sid:84079550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"116.62.242.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216447/; classtype:trojan-activity;sid:84079547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"87.249.142.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"114.215.27.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216440/; classtype:trojan-activity;sid:84079540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"87.227.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"204.9.23.122"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216433/; classtype:trojan-activity;sid:84079533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"187.115.56.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216434/; classtype:trojan-activity;sid:84079534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"24.93.22.147"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"194.122.191.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"58.220.203.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216428/; classtype:trojan-activity;sid:84079528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"123.132.224.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216429/; classtype:trojan-activity;sid:84079529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.211.15.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216425/; classtype:trojan-activity;sid:84079525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"60.29.43.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216422/; classtype:trojan-activity;sid:84079522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"47.104.233.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216423/; classtype:trojan-activity;sid:84079523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"217.92.214.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"80.249.6.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.121.161.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216419/; classtype:trojan-activity;sid:84079519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.98.186.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216413/; classtype:trojan-activity;sid:84079513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"71.83.248.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216414/; classtype:trojan-activity;sid:84079514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"118.36.17.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216415/; classtype:trojan-activity;sid:84079515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"219.73.22.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216411/; classtype:trojan-activity;sid:84079511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"82.127.74.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216409/; classtype:trojan-activity;sid:84079509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"49.232.126.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"150.158.25.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"223.247.198.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216403/; classtype:trojan-activity;sid:84079503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"113.106.6.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216398/; classtype:trojan-activity;sid:84079498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"121.43.104.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"119.45.127.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216392/; classtype:trojan-activity;sid:84079492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"113.219.177.95"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216393/; classtype:trojan-activity;sid:84079493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"31.214.180.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216389/; classtype:trojan-activity;sid:84079489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"43.132.12.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"211.220.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216380/; classtype:trojan-activity;sid:84079480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"36.110.15.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"47.104.169.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"124.71.73.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216371/; classtype:trojan-activity;sid:84079471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"47.104.233.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216369/; classtype:trojan-activity;sid:84079469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"101.71.255.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216366/; classtype:trojan-activity;sid:84079466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"39.108.237.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216357/; classtype:trojan-activity;sid:84079457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"123.117.136.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"208.85.241.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216352/; classtype:trojan-activity;sid:84079452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"68.225.217.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"113.106.6.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216348/; classtype:trojan-activity;sid:84079448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"112.120.57.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216344/; classtype:trojan-activity;sid:84079444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"43.132.13.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"115.37.8.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216336/; classtype:trojan-activity;sid:84079436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"178.60.25.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216333/; classtype:trojan-activity;sid:84079433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"166.167.172.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216330/; classtype:trojan-activity;sid:84079430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"166.167.172.14"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216331/; classtype:trojan-activity;sid:84079431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"181.36.153.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"77.240.97.71"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216327/; classtype:trojan-activity;sid:84079427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"113.156.110.218"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"98.109.126.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216324/; classtype:trojan-activity;sid:84079424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"47.62.190.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216325/; classtype:trojan-activity;sid:84079425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"80.11.228.144"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216323/; classtype:trojan-activity;sid:84079423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"184.185.30.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"74.64.155.4"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"217.58.56.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216319/; classtype:trojan-activity;sid:84079419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"72.219.74.233"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"47.62.190.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216317/; classtype:trojan-activity;sid:84079417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"68.108.119.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"93.46.55.190"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216311/; classtype:trojan-activity;sid:84079411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"94.76.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"81.218.175.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216305/; classtype:trojan-activity;sid:84079405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.17.23.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216304/; classtype:trojan-activity;sid:84079404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.195.82.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216303/; classtype:trojan-activity;sid:84079403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.200.106.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%5bwin"; depth:35; endswith; nocase; http.host; content:"117.50.184.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216290/; classtype:trojan-activity;sid:84079390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"149.202.79.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216244/; classtype:trojan-activity;sid:84079344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"149.202.79.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216194/; classtype:trojan-activity;sid:84079294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/win"; depth:32; endswith; nocase; http.host; content:"117.72.74.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215997/; classtype:trojan-activity;sid:84079097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.70.217"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215858/; classtype:trojan-activity;sid:84078958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.206.226.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215856/; classtype:trojan-activity;sid:84078956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.236.126.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215857/; classtype:trojan-activity;sid:84078957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.128.81.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215845/; classtype:trojan-activity;sid:84078945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.4.70.30"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215846/; classtype:trojan-activity;sid:84078946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.246.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215844/; classtype:trojan-activity;sid:84078944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.210.27.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215838/; classtype:trojan-activity;sid:84078938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"156.155.176.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.70.207.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215841/; classtype:trojan-activity;sid:84078941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.124.61.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215842/; classtype:trojan-activity;sid:84078942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.252.8.46"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215843/; classtype:trojan-activity;sid:84078943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.16.188.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215837/; classtype:trojan-activity;sid:84078937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.118.112.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.202.57"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215835/; classtype:trojan-activity;sid:84078935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215831/; classtype:trojan-activity;sid:84078931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.74.207.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.111.30.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215819/; classtype:trojan-activity;sid:84078919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.185.229.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215820/; classtype:trojan-activity;sid:84078920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"173.26.114.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215821/; classtype:trojan-activity;sid:84078921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.97.185.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215822/; classtype:trojan-activity;sid:84078922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.217.215.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.147.225.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.160.56.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.15.239.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215830/; classtype:trojan-activity;sid:84078930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.83.178.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215814/; classtype:trojan-activity;sid:84078914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.57.69.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.36.25.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215817/; classtype:trojan-activity;sid:84078917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.174.32.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215812/; classtype:trojan-activity;sid:84078912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.51.180.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215813/; classtype:trojan-activity;sid:84078913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.214.56.232"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215810/; classtype:trojan-activity;sid:84078910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.205.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.234.151.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215799/; classtype:trojan-activity;sid:84078899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.85.176.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.35.34.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215804/; classtype:trojan-activity;sid:84078904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.233.158.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215805/; classtype:trojan-activity;sid:84078905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.216.164.48"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215807/; classtype:trojan-activity;sid:84078907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.95.14.237"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215809/; classtype:trojan-activity;sid:84078909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.74.29.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215777/; classtype:trojan-activity;sid:84078877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.151.108.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.70.0.22"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215782/; classtype:trojan-activity;sid:84078882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.23.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215784/; classtype:trojan-activity;sid:84078884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.233.63.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.187.7.29"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215787/; classtype:trojan-activity;sid:84078887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.186.54.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.246.106.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215790/; classtype:trojan-activity;sid:84078890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.11.216.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215791/; classtype:trojan-activity;sid:84078891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.179.195"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.112.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215793/; classtype:trojan-activity;sid:84078893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.70.238.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215794/; classtype:trojan-activity;sid:84078894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.221.111.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.147.119.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215796/; classtype:trojan-activity;sid:84078896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.49.18.199"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215774/; classtype:trojan-activity;sid:84078874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.119.193.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215775/; classtype:trojan-activity;sid:84078875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.156.224.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215776/; classtype:trojan-activity;sid:84078876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.197.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.172.187.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.16.133"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215484/; classtype:trojan-activity;sid:84078584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.203.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.179.203.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215482/; classtype:trojan-activity;sid:84078582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.26.81.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.160.102.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.246.154.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215479/; classtype:trojan-activity;sid:84078579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"209.124.105.5"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215470/; classtype:trojan-activity;sid:84078570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.103.100.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215471/; classtype:trojan-activity;sid:84078571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.153.80.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215472/; classtype:trojan-activity;sid:84078572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.155.92.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.214.56.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215474/; classtype:trojan-activity;sid:84078574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.135.26.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215476/; classtype:trojan-activity;sid:84078576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"208.68.68.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215467/; classtype:trojan-activity;sid:84078567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.119.151.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215468/; classtype:trojan-activity;sid:84078568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.97.185.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215462/; classtype:trojan-activity;sid:84078562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.160.87.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.98.186.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215464/; classtype:trojan-activity;sid:84078564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.131.234.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.253.126.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215450/; classtype:trojan-activity;sid:84078550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.97.185.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215451/; classtype:trojan-activity;sid:84078551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.78.75.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215452/; classtype:trojan-activity;sid:84078552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.107.239.43"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215453/; classtype:trojan-activity;sid:84078553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.207.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.195.82.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215456/; classtype:trojan-activity;sid:84078556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.139.18.3"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215457/; classtype:trojan-activity;sid:84078557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.59.103.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215458/; classtype:trojan-activity;sid:84078558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.209.107.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215446/; classtype:trojan-activity;sid:84078546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.9.34.78"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215447/; classtype:trojan-activity;sid:84078547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.223.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215449/; classtype:trojan-activity;sid:84078549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.218.42.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215442/; classtype:trojan-activity;sid:84078542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.204.218.148"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215433/; classtype:trojan-activity;sid:84078533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.91.236.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215434/; classtype:trojan-activity;sid:84078534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.94.219.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.75.32.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215437/; classtype:trojan-activity;sid:84078537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.148.163.218"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215438/; classtype:trojan-activity;sid:84078538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.140.13.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215439/; classtype:trojan-activity;sid:84078539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.185.30.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.43.80.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215430/; classtype:trojan-activity;sid:84078530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.169.63.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215431/; classtype:trojan-activity;sid:84078531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.211.15.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215424/; classtype:trojan-activity;sid:84078524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.82.211.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215425/; classtype:trojan-activity;sid:84078525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.200.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215426/; classtype:trojan-activity;sid:84078526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.147.127.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215427/; classtype:trojan-activity;sid:84078527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.141.241.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215429/; classtype:trojan-activity;sid:84078529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.81.156.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.214.35.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.225.186.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.235.33.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215416/; classtype:trojan-activity;sid:84078516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.252.114.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215418/; classtype:trojan-activity;sid:84078518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.189.56.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215419/; classtype:trojan-activity;sid:84078519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.209.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.196.120.21"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215410/; classtype:trojan-activity;sid:84078510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"130.185.229.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215411/; classtype:trojan-activity;sid:84078511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.97.185.91"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215414/; classtype:trojan-activity;sid:84078514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.143.114.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.223.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.234.186.226"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215400/; classtype:trojan-activity;sid:84078500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.118.121.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215401/; classtype:trojan-activity;sid:84078501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.149.81.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215402/; classtype:trojan-activity;sid:84078502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.166.89.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215390/; classtype:trojan-activity;sid:84078490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.203.89.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215392/; classtype:trojan-activity;sid:84078492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"134.249.141.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215393/; classtype:trojan-activity;sid:84078493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.125.8.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215394/; classtype:trojan-activity;sid:84078494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.231.14.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.251.68.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215384/; classtype:trojan-activity;sid:84078484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.204.58.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215387/; classtype:trojan-activity;sid:84078487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.61.103.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.116.62.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215380/; classtype:trojan-activity;sid:84078480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.242.50.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215381/; classtype:trojan-activity;sid:84078481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.46.170.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.251.151"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215383/; classtype:trojan-activity;sid:84078483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.232.94.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215376/; classtype:trojan-activity;sid:84078476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.15.85.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.204.104.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215378/; classtype:trojan-activity;sid:84078478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.97.137.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215379/; classtype:trojan-activity;sid:84078479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.23.192.224"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.213.121.8"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215368/; classtype:trojan-activity;sid:84078468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.160.128.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.103.63.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215370/; classtype:trojan-activity;sid:84078470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.238.209.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.105.196.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215372/; classtype:trojan-activity;sid:84078472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.218.189.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.166.197.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215359/; classtype:trojan-activity;sid:84078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.109.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215360/; classtype:trojan-activity;sid:84078460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.11.75.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215361/; classtype:trojan-activity;sid:84078461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.147.132.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215362/; classtype:trojan-activity;sid:84078462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.223.60.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215363/; classtype:trojan-activity;sid:84078463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.15.254.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215365/; classtype:trojan-activity;sid:84078465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.211.135.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.224.162.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.61.70.212"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215353/; classtype:trojan-activity;sid:84078453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.115.230.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215327/; classtype:trojan-activity;sid:84078427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.46.212.33"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215328/; classtype:trojan-activity;sid:84078428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"112.124.68.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215322/; classtype:trojan-activity;sid:84078422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"60.204.134.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215323/; classtype:trojan-activity;sid:84078423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.147.234.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215319/; classtype:trojan-activity;sid:84078419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.134.12.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215296/; classtype:trojan-activity;sid:84078396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.148.5.183"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215297/; classtype:trojan-activity;sid:84078397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.92.86.239"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215292/; classtype:trojan-activity;sid:84078392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.242.1.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215293/; classtype:trojan-activity;sid:84078393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"150.158.13.117"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215278/; classtype:trojan-activity;sid:84078378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.153.222.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215259/; classtype:trojan-activity;sid:84078359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.141.166.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215255/; classtype:trojan-activity;sid:84078355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214637/; classtype:trojan-activity;sid:84077737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eppc"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214638/; classtype:trojan-activity;sid:84077738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm5"; depth:6; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214639/; classtype:trojan-activity;sid:84077739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earm7"; depth:6; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214640/; classtype:trojan-activity;sid:84077740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esh4"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214641/; classtype:trojan-activity;sid:84077741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.122.64.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214193/; classtype:trojan-activity;sid:84077293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"20.189.76.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214183/; classtype:trojan-activity;sid:84077283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.254.74.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214160/; classtype:trojan-activity;sid:84077260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.130.42.227"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214161/; classtype:trojan-activity;sid:84077261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.137.56.177"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214162/; classtype:trojan-activity;sid:84077262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.108.134.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214166/; classtype:trojan-activity;sid:84077266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.100.182.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214173/; classtype:trojan-activity;sid:84077273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.143.2.128"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214174/; classtype:trojan-activity;sid:84077274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.131.50.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214157/; classtype:trojan-activity;sid:84077257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"192.252.182.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214137/; classtype:trojan-activity;sid:84077237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.97.105.148"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214136/; classtype:trojan-activity;sid:84077236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"165.154.0.136"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214129/; classtype:trojan-activity;sid:84077229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.48.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214130/; classtype:trojan-activity;sid:84077230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"223.26.61.66"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214126/; classtype:trojan-activity;sid:84077226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"211.149.159.163"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214128/; classtype:trojan-activity;sid:84077228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.94.56.82"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214103/; classtype:trojan-activity;sid:84077203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.199.28.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214105/; classtype:trojan-activity;sid:84077205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"113.250.188.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214106/; classtype:trojan-activity;sid:84077206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.55.195.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214109/; classtype:trojan-activity;sid:84077209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.244.167.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214119/; classtype:trojan-activity;sid:84077219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.96.85.171"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214122/; classtype:trojan-activity;sid:84077222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.106.216.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214097/; classtype:trojan-activity;sid:84077197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.15.224.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214099/; classtype:trojan-activity;sid:84077199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"216.247.214.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214078/; classtype:trojan-activity;sid:84077178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.247.214.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213563/; classtype:trojan-activity;sid:84076663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.247.214.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213507/; classtype:trojan-activity;sid:84076607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3209952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emips"; depth:6; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_04; reference:url, urlhaus.abuse.ch/url/3209952/; classtype:trojan-activity;sid:84073052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3209936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/empsl"; depth:6; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_04; reference:url, urlhaus.abuse.ch/url/3209936/; classtype:trojan-activity;sid:84073036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ewpeloxttug.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208612/; classtype:trojan-activity;sid:84071712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rstxdhuj.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208614/; classtype:trojan-activity;sid:84071714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/newbundle2.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208610/; classtype:trojan-activity;sid:84071710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummetc.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208611/; classtype:trojan-activity;sid:84071711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lgendpremium.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208605/; classtype:trojan-activity;sid:84071705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/deliciouspart.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208603/; classtype:trojan-activity;sid:84071703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pkcontent.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208604/; classtype:trojan-activity;sid:84071704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erhtrnrtw/2.jpg"; depth:16; endswith; nocase; http.host; content:"passagetoeastafrica.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208362/; classtype:trojan-activity;sid:84071462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208345/; classtype:trojan-activity;sid:84071445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208342/; classtype:trojan-activity;sid:84071442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208343/; classtype:trojan-activity;sid:84071443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208334/; classtype:trojan-activity;sid:84071434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208335/; classtype:trojan-activity;sid:84071435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208336/; classtype:trojan-activity;sid:84071436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208337/; classtype:trojan-activity;sid:84071437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208339/; classtype:trojan-activity;sid:84071439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208340/; classtype:trojan-activity;sid:84071440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/3d%20builder_12_1201419.exe"; depth:37; endswith; nocase; http.host; content:"znrq.zifwxq.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208315/; classtype:trojan-activity;sid:84071415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.71.158.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208141/; classtype:trojan-activity;sid:84071241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.98.196.145"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208140/; classtype:trojan-activity;sid:84071240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.196.95.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208139/; classtype:trojan-activity;sid:84071239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.62.70.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208129/; classtype:trojan-activity;sid:84071229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.103.109.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207963/; classtype:trojan-activity;sid:84071063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.14.126.40"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207955/; classtype:trojan-activity;sid:84071055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"80.64.30.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207907/; classtype:trojan-activity;sid:84071007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"102.165.46.145"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206631/; classtype:trojan-activity;sid:84069731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/api/loader.bin"; depth:17; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206483/; classtype:trojan-activity;sid:84069583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/api/bot64.bin"; depth:16; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206484/; classtype:trojan-activity;sid:84069584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3205869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.174.32.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3205869/; classtype:trojan-activity;sid:84068969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3205093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"199.195.249.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3205093/; classtype:trojan-activity;sid:84068193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"192.176.50.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"192.176.50.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; depth:40; endswith; nocase; http.host; content:"download.suxiazai.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.70.82.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204188/; classtype:trojan-activity;sid:84067288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.70.82.206"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204154/; classtype:trojan-activity;sid:84067254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3203017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/drg/rtc/f3dll.txt"; depth:31; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_01; reference:url, urlhaus.abuse.ch/url/3203017/; classtype:trojan-activity;sid:84066117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202309/; classtype:trojan-activity;sid:84065409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm"; depth:7; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202310/; classtype:trojan-activity;sid:84065410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202311/; classtype:trojan-activity;sid:84065411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202312/; classtype:trojan-activity;sid:84065412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202313/; classtype:trojan-activity;sid:84065413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202293/; classtype:trojan-activity;sid:84065393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202295/; classtype:trojan-activity;sid:84065395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202297/; classtype:trojan-activity;sid:84065397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202299/; classtype:trojan-activity;sid:84065399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202300/; classtype:trojan-activity;sid:84065400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202301/; classtype:trojan-activity;sid:84065401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/empsl"; depth:8; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202304/; classtype:trojan-activity;sid:84065404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/t"; depth:4; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202305/; classtype:trojan-activity;sid:84065405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/emips"; depth:8; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202306/; classtype:trojan-activity;sid:84065406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202307/; classtype:trojan-activity;sid:84065407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202285/; classtype:trojan-activity;sid:84065385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm7"; depth:8; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202286/; classtype:trojan-activity;sid:84065386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/emips"; depth:8; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202287/; classtype:trojan-activity;sid:84065387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/eppc"; depth:7; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202288/; classtype:trojan-activity;sid:84065388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm7"; depth:8; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202289/; classtype:trojan-activity;sid:84065389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202290/; classtype:trojan-activity;sid:84065390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202291/; classtype:trojan-activity;sid:84065391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/empsl"; depth:8; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202254/; classtype:trojan-activity;sid:84065354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202255/; classtype:trojan-activity;sid:84065355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/eppc"; depth:7; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202257/; classtype:trojan-activity;sid:84065357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202262/; classtype:trojan-activity;sid:84065362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/esh4"; depth:7; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202263/; classtype:trojan-activity;sid:84065363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202264/; classtype:trojan-activity;sid:84065364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/esh4"; depth:7; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202265/; classtype:trojan-activity;sid:84065365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202269/; classtype:trojan-activity;sid:84065369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/t"; depth:4; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202271/; classtype:trojan-activity;sid:84065371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202272/; classtype:trojan-activity;sid:84065372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202274/; classtype:trojan-activity;sid:84065374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm5"; depth:8; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202275/; classtype:trojan-activity;sid:84065375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm5"; depth:8; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202276/; classtype:trojan-activity;sid:84065376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202277/; classtype:trojan-activity;sid:84065377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"www.clavity.me"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202278/; classtype:trojan-activity;sid:84065378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm"; depth:7; endswith; nocase; http.host; content:"clavity.me"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202280/; classtype:trojan-activity;sid:84065380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/eppc"; depth:7; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202173/; classtype:trojan-activity;sid:84065273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/t"; depth:4; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202169/; classtype:trojan-activity;sid:84065269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/esh4"; depth:7; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202168/; classtype:trojan-activity;sid:84065268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm"; depth:7; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202166/; classtype:trojan-activity;sid:84065266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/empsl"; depth:8; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202167/; classtype:trojan-activity;sid:84065267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm7"; depth:8; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202163/; classtype:trojan-activity;sid:84065263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/earm5"; depth:8; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202164/; classtype:trojan-activity;sid:84065264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/emips"; depth:8; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202165/; classtype:trojan-activity;sid:84065265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3202083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/envs/dj1.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3202083/; classtype:trojan-activity;sid:84065183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3201686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=18-jwgmnsvcsyj0vhz_f9cqmqhwd-8fq8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3201686/; classtype:trojan-activity;sid:84064786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3201676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zjiuyifrkwemay58vp5hw7q3tqzhafaw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_30; reference:url, urlhaus.abuse.ch/url/3201676/; classtype:trojan-activity;sid:84064776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fissionbaby/file/fissionbabyv242.exe"; depth:37; endswith; nocase; http.host; content:"tianyinsoft.top"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200739/; classtype:trojan-activity;sid:84063839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slinky/slinkycrack.zip"; depth:23; endswith; nocase; http.host; content:"crystalpvp.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3199828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0703_uac_doc.exe"; depth:17; endswith; nocase; http.host; content:"47.108.236.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3199828/; classtype:trojan-activity;sid:84062928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itplan.exe"; depth:11; endswith; nocase; http.host; content:"storage.soowim.co.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198896/; classtype:trojan-activity;sid:84061996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itplan.exe"; depth:11; endswith; nocase; http.host; content:"storage.soowim.co.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198884/; classtype:trojan-activity;sid:84061984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it_plan_cifs.exe"; depth:17; endswith; nocase; http.host; content:"storage.soowim.co.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198881/; classtype:trojan-activity;sid:84061981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%99%9a%e6%8b%9f%e6%9c%ba%e9%9a%8f%e6%9c%bamac.exe"; depth:53; endswith; nocase; http.host; content:"180.140.124.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198880/; classtype:trojan-activity;sid:84061980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it_plan_cifs.exe"; depth:17; endswith; nocase; http.host; content:"storage.soowim.co.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198873/; classtype:trojan-activity;sid:84061973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tstory.exe"; depth:11; endswith; nocase; http.host; content:"storage.soowim.co.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198849/; classtype:trojan-activity;sid:84061949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e8%99%9a%e6%8b%9f%e6%9c%ba%e6%8e%92%e5%88%97.exe"; depth:50; endswith; nocase; http.host; content:"180.140.124.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198830/; classtype:trojan-activity;sid:84061930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9402.tmp.exe"; depth:13; endswith; nocase; http.host; content:"195.60.232.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198771/; classtype:trojan-activity;sid:84061871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/python3.exe"; depth:12; endswith; nocase; http.host; content:"39.100.33.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198763/; classtype:trojan-activity;sid:84061863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/host.out"; depth:9; endswith; nocase; http.host; content:"113.50.0.109"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psexec64.exe"; depth:13; endswith; nocase; http.host; content:"storage.soowim.co.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198759/; classtype:trojan-activity;sid:84061859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinginfoview.exe"; depth:17; endswith; nocase; http.host; content:"139.198.15.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notmyfault.exe"; depth:15; endswith; nocase; http.host; content:"195.60.232.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198751/; classtype:trojan-activity;sid:84061851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naver.exe"; depth:10; endswith; nocase; http.host; content:"storage.soowim.co.kr"; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198703/; classtype:trojan-activity;sid:84061803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen22.php"; depth:10; endswith; nocase; http.host; content:"39.100.33.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bluescreen.exe"; depth:15; endswith; nocase; http.host; content:"195.60.232.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198687/; classtype:trojan-activity;sid:84061787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dllgiris.dll"; depth:13; endswith; nocase; http.host; content:"78.188.137.146"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dllgiris.dll"; depth:13; endswith; nocase; http.host; content:"212.98.231.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/360vz.exe"; depth:10; endswith; nocase; http.host; content:"94.177.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195886/; classtype:trojan-activity;sid:84058986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.exe"; depth:6; endswith; nocase; http.host; content:"94.177.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195884/; classtype:trojan-activity;sid:84058984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanport.exe"; depth:13; endswith; nocase; http.host; content:"139.198.15.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hid.dll"; depth:8; endswith; nocase; http.host; content:"112.124.28.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195851/; classtype:trojan-activity;sid:84058951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc.exe"; depth:7; endswith; nocase; http.host; content:"112.124.28.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195849/; classtype:trojan-activity;sid:84058949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client-built.exe"; depth:17; endswith; nocase; http.host; content:"39.105.31.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195848/; classtype:trojan-activity;sid:84058948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc"; depth:4; endswith; nocase; http.host; content:"39.105.31.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195847/; classtype:trojan-activity;sid:84058947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winbox/winbox.exe"; depth:18; endswith; nocase; http.host; content:"103.123.98.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winbox/winbox.exe"; depth:18; endswith; nocase; http.host; content:"103.123.98.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pornhub_downloader.exe"; depth:23; endswith; nocase; http.host; content:"43.240.65.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195759/; classtype:trojan-activity;sid:84058859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipscan221.exe"; depth:14; endswith; nocase; http.host; content:"58.149.249.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195737/; classtype:trojan-activity;sid:84058837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fx8"; depth:4; endswith; nocase; http.host; content:"123.57.250.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imgdisk.exe"; depth:12; endswith; nocase; http.host; content:"141.147.155.36"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195720/; classtype:trojan-activity;sid:84058820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; depth:41; endswith; nocase; http.host; content:"39.103.217.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pesinislem.dll"; depth:15; endswith; nocase; http.host; content:"78.186.157.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195274/; classtype:trojan-activity;sid:84058374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pesinislem.dll"; depth:15; endswith; nocase; http.host; content:"212.156.209.128"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195275/; classtype:trojan-activity;sid:84058375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fiddlersetup.exe"; depth:17; endswith; nocase; http.host; content:"193.123.237.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195257/; classtype:trojan-activity;sid:84058357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exsync.exe"; depth:11; endswith; nocase; http.host; content:"58.137.135.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195255/; classtype:trojan-activity;sid:84058355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/git_win.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195232/; classtype:trojan-activity;sid:84058332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents_win.zip"; depth:18; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195233/; classtype:trojan-activity;sid:84058333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macro2.zip"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195234/; classtype:trojan-activity;sid:84058334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/excel.zip"; depth:10; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195235/; classtype:trojan-activity;sid:84058335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obs_win.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195236/; classtype:trojan-activity;sid:84058336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macro.vbs"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195237/; classtype:trojan-activity;sid:84058337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195225/; classtype:trojan-activity;sid:84058325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obs_lin.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195226/; classtype:trojan-activity;sid:84058326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.zip"; depth:10; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195227/; classtype:trojan-activity;sid:84058327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beta.hta"; depth:9; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195228/; classtype:trojan-activity;sid:84058328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/git.zip"; depth:8; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195229/; classtype:trojan-activity;sid:84058329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ubolite_0.1.23.6055.chromium.mv3.zip"; depth:37; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195221/; classtype:trojan-activity;sid:84058321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utility.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195215/; classtype:trojan-activity;sid:84058315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/journal.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195216/; classtype:trojan-activity;sid:84058316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monitor.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195217/; classtype:trojan-activity;sid:84058317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195218/; classtype:trojan-activity;sid:84058318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macro3.zip"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195219/; classtype:trojan-activity;sid:84058319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bypass.zip"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195220/; classtype:trojan-activity;sid:84058320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macro.zip"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195211/; classtype:trojan-activity;sid:84058311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tracker.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195212/; classtype:trojan-activity;sid:84058312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/excel.zip"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195213/; classtype:trojan-activity;sid:84058313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.zip"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195214/; classtype:trojan-activity;sid:84058314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prototype2.zip"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195210/; classtype:trojan-activity;sid:84058310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/launcher.zip"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195204/; classtype:trojan-activity;sid:84058304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documentsexe.zip"; depth:17; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195205/; classtype:trojan-activity;sid:84058305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/organiser3.zip"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195206/; classtype:trojan-activity;sid:84058306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beta2.zip"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195207/; classtype:trojan-activity;sid:84058307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/organiser2.zip"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195198/; classtype:trojan-activity;sid:84058298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension2.zip"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195199/; classtype:trojan-activity;sid:84058299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accounts.zip"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195200/; classtype:trojan-activity;sid:84058300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trial.zip"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195201/; classtype:trojan-activity;sid:84058301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195202/; classtype:trojan-activity;sid:84058302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prototype.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195203/; classtype:trojan-activity;sid:84058303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/journal.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195187/; classtype:trojan-activity;sid:84058287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monitor.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195188/; classtype:trojan-activity;sid:84058288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utility2.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195189/; classtype:trojan-activity;sid:84058289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avos.exe"; depth:9; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195190/; classtype:trojan-activity;sid:84058290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charter.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195177/; classtype:trojan-activity;sid:84058277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/set_up.exe"; depth:11; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195178/; classtype:trojan-activity;sid:84058278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/excel.exe"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195179/; classtype:trojan-activity;sid:84058279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents.elf"; depth:14; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195181/; classtype:trojan-activity;sid:84058281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/session.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195182/; classtype:trojan-activity;sid:84058282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prototype.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195183/; classtype:trojan-activity;sid:84058283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195184/; classtype:trojan-activity;sid:84058284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macro2.exe"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195185/; classtype:trojan-activity;sid:84058285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploader.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195186/; classtype:trojan-activity;sid:84058286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/launcher.elf"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195168/; classtype:trojan-activity;sid:84058268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploader.elf"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195169/; classtype:trojan-activity;sid:84058269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/service.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195170/; classtype:trojan-activity;sid:84058270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icon.exe"; depth:9; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195171/; classtype:trojan-activity;sid:84058271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension2.exe"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195172/; classtype:trojan-activity;sid:84058272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/organiser.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195173/; classtype:trojan-activity;sid:84058273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tracker.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195174/; classtype:trojan-activity;sid:84058274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utility3.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195175/; classtype:trojan-activity;sid:84058275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meeting.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195176/; classtype:trojan-activity;sid:84058276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aact.exe"; depth:9; endswith; nocase; http.host; content:"218.22.21.248"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195166/; classtype:trojan-activity;sid:84058266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromesetup.exe"; depth:16; endswith; nocase; http.host; content:"104.243.129.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195157/; classtype:trojan-activity;sid:84058257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aq2.exe"; depth:8; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195153/; classtype:trojan-activity;sid:84058253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aq.exe"; depth:7; endswith; nocase; http.host; content:"222.186.172.42"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195151/; classtype:trojan-activity;sid:84058251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/broccoli.rar"; depth:13; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192739/; classtype:trojan-activity;sid:84055839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon.rar"; depth:11; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192740/; classtype:trojan-activity;sid:84055840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq1mon-v.zip"; depth:13; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192738/; classtype:trojan-activity;sid:84055838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/library.so"; depth:11; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192737/; classtype:trojan-activity;sid:84055837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.dll"; depth:12; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192735/; classtype:trojan-activity;sid:84055835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.bin"; depth:9; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192736/; classtype:trojan-activity;sid:84055836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon.bin"; depth:11; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192734/; classtype:trojan-activity;sid:84055834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon_lagacy.bin"; depth:18; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192733/; classtype:trojan-activity;sid:84055833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon.exe"; depth:11; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192732/; classtype:trojan-activity;sid:84055832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cabbage.lnk"; depth:12; endswith; nocase; http.host; content:"203.204.217.190"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192730/; classtype:trojan-activity;sid:84055830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192590/; classtype:trojan-activity;sid:84055690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimikatz_trunk/win32/mimikatz.exe"; depth:34; endswith; nocase; http.host; content:"120.25.163.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmpsl"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192545/; classtype:trojan-activity;sid:84055645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mag"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192534/; classtype:trojan-activity;sid:84055634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/create.py"; depth:10; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192516/; classtype:trojan-activity;sid:84055616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192483/; classtype:trojan-activity;sid:84055583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z.sh"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192484/; classtype:trojan-activity;sid:84055584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaxa"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192482/; classtype:trojan-activity;sid:84055582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192481/; classtype:trojan-activity;sid:84055581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192471/; classtype:trojan-activity;sid:84055571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asd"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192472/; classtype:trojan-activity;sid:84055572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc"; depth:3; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192473/; classtype:trojan-activity;sid:84055573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192474/; classtype:trojan-activity;sid:84055574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li"; depth:3; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192475/; classtype:trojan-activity;sid:84055575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdgsfg"; depth:7; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192476/; classtype:trojan-activity;sid:84055576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.sh"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192477/; classtype:trojan-activity;sid:84055577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toto"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192478/; classtype:trojan-activity;sid:84055578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192479/; classtype:trojan-activity;sid:84055579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192480/; classtype:trojan-activity;sid:84055580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192455/; classtype:trojan-activity;sid:84055555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multi"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192456/; classtype:trojan-activity;sid:84055556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192457/; classtype:trojan-activity;sid:84055557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zz"; depth:3; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192458/; classtype:trojan-activity;sid:84055558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipc"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192459/; classtype:trojan-activity;sid:84055559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linksys"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192460/; classtype:trojan-activity;sid:84055560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192461/; classtype:trojan-activity;sid:84055561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb"; depth:3; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192462/; classtype:trojan-activity;sid:84055562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bx"; depth:3; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192463/; classtype:trojan-activity;sid:84055563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192464/; classtype:trojan-activity;sid:84055564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irz"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192465/; classtype:trojan-activity;sid:84055565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192466/; classtype:trojan-activity;sid:84055566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192467/; classtype:trojan-activity;sid:84055567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192468/; classtype:trojan-activity;sid:84055568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192469/; classtype:trojan-activity;sid:84055569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5"; depth:3; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192470/; classtype:trojan-activity;sid:84055570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192435/; classtype:trojan-activity;sid:84055535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192436/; classtype:trojan-activity;sid:84055536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192431/; classtype:trojan-activity;sid:84055531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192432/; classtype:trojan-activity;sid:84055532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192433/; classtype:trojan-activity;sid:84055533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192434/; classtype:trojan-activity;sid:84055534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192429/; classtype:trojan-activity;sid:84055529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192427/; classtype:trojan-activity;sid:84055527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"hailcocks.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192188/; classtype:trojan-activity;sid:84055288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alfa_shtml/photo.scr"; depth:21; endswith; nocase; http.host; content:"120.77.253.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3191857/; classtype:trojan-activity;sid:84054957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eodgqfp132.bin"; depth:15; endswith; nocase; http.host; content:"cmgtrading.eu"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3191130/; classtype:trojan-activity;sid:84054230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3191037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"217.125.11.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3191037/; classtype:trojan-activity;sid:84054137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"223.223.179.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190974/; classtype:trojan-activity;sid:84054074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"117.50.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190969/; classtype:trojan-activity;sid:84054069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190948/; classtype:trojan-activity;sid:84054048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"116.206.151.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190945/; classtype:trojan-activity;sid:84054045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"187.44.116.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190937/; classtype:trojan-activity;sid:84054037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"217.125.11.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190926/; classtype:trojan-activity;sid:84054026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"117.50.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190920/; classtype:trojan-activity;sid:84054020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"217.125.11.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190808/; classtype:trojan-activity;sid:84053908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190745/; classtype:trojan-activity;sid:84053845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190729/; classtype:trojan-activity;sid:84053829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"218.92.65.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"217.125.11.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190712/; classtype:trojan-activity;sid:84053812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"117.50.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190692/; classtype:trojan-activity;sid:84053792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"117.50.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190693/; classtype:trojan-activity;sid:84053793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av_downloader1.1.exe"; depth:21; endswith; nocase; http.host; content:"43.240.65.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190662/; classtype:trojan-activity;sid:84053762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pornhub_downloader.exe"; depth:23; endswith; nocase; http.host; content:"116.206.151.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190652/; classtype:trojan-activity;sid:84053752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av_downloader.exe"; depth:18; endswith; nocase; http.host; content:"116.206.151.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190650/; classtype:trojan-activity;sid:84053750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av_downloader1.1.exe"; depth:21; endswith; nocase; http.host; content:"116.206.151.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190651/; classtype:trojan-activity;sid:84053751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pornhub_downloader.exe"; depth:23; endswith; nocase; http.host; content:"103.92.101.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190642/; classtype:trojan-activity;sid:84053742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sysloader.exe"; depth:14; endswith; nocase; http.host; content:"8.138.81.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190640/; classtype:trojan-activity;sid:84053740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nn"; depth:3; endswith; nocase; http.host; content:"23.95.79.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190579/; classtype:trojan-activity;sid:84053679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnrig"; depth:6; endswith; nocase; http.host; content:"23.95.79.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190578/; classtype:trojan-activity;sid:84053678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc"; depth:3; endswith; nocase; http.host; content:"23.95.79.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190400/; classtype:trojan-activity;sid:84053500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download"; depth:9; endswith; nocase; http.host; content:"103.242.12.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190382/; classtype:trojan-activity;sid:84053482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.68.74.28"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190347/; classtype:trojan-activity;sid:84053447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.63.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190343/; classtype:trojan-activity;sid:84053443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"110.239.6.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190344/; classtype:trojan-activity;sid:84053444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.63.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190338/; classtype:trojan-activity;sid:84053438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.63.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190326/; classtype:trojan-activity;sid:84053426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.63.130"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190327/; classtype:trojan-activity;sid:84053427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.63.129"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190328/; classtype:trojan-activity;sid:84053428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.23.89.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190329/; classtype:trojan-activity;sid:84053429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.23.89.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190330/; classtype:trojan-activity;sid:84053430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190331/; classtype:trojan-activity;sid:84053431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190332/; classtype:trojan-activity;sid:84053432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"110.239.6.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190333/; classtype:trojan-activity;sid:84053433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190335/; classtype:trojan-activity;sid:84053435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.63.145"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190336/; classtype:trojan-activity;sid:84053436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.63.146"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190325/; classtype:trojan-activity;sid:84053425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190320/; classtype:trojan-activity;sid:84053420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190321/; classtype:trojan-activity;sid:84053421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190322/; classtype:trojan-activity;sid:84053422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.68.74.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.223.106.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190316/; classtype:trojan-activity;sid:84053416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"112.4.110.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.223.106.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190318/; classtype:trojan-activity;sid:84053418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190319/; classtype:trojan-activity;sid:84053419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/cyber-city-53e23.appspot.com/o/base.txt|3f|alt=media|7c|26|7c|token=c5cbd710-7d53-4b3a-87ac-6d45c902be57"; depth:110; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190197/; classtype:trojan-activity;sid:84053297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/descargas-dc4d6.appspot.com/o/envios-nuevos.txt|3f|alt=media|7c|26|7c|token=ce690a60-78eb-401b-bfc6-1dc825e194b2"; depth:118; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190183/; classtype:trojan-activity;sid:84053283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thebig/getlab.exe"; depth:18; endswith; nocase; http.host; content:"176.113.115.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189430/; classtype:trojan-activity;sid:84052530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thebig/stories.exe"; depth:19; endswith; nocase; http.host; content:"176.113.115.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189426/; classtype:trojan-activity;sid:84052526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/installeraus.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189365/; classtype:trojan-activity;sid:84052465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2009/mdagfqvaa2gkfvxxponi.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189290/; classtype:trojan-activity;sid:84052390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknwon1352/qawfdasfaw/main/software.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/repository/aa_v3.exe"; depth:21; endswith; nocase; http.host; content:"83.149.17.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blueskyxn/changesource/master/besttrace"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188025/; classtype:trojan-activity;sid:84051125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187608/; classtype:trojan-activity;sid:84050708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187607/; classtype:trojan-activity;sid:84050707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/temp/_rels/key.exe"; depth:26; endswith; nocase; http.host; content:"pb.agnt.ru"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187582/; classtype:trojan-activity;sid:84050682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/blackload.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187580/; classtype:trojan-activity;sid:84050680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/unison.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187576/; classtype:trojan-activity;sid:84050676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winrarinstall.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187577/; classtype:trojan-activity;sid:84050677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7z.exe"; depth:7; endswith; nocase; http.host; content:"down.mvip8.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187575/; classtype:trojan-activity;sid:84050675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ufw.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187570/; classtype:trojan-activity;sid:84050670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; depth:78; endswith; nocase; http.host; content:"sms-szfang.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxl_win_tool_v9.6.iso"; depth:22; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; depth:43; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxl_win_tool_v9.4.iso"; depth:22; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1_dxl_win_tool_v9.6.zip"; depth:24; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186434/; classtype:trojan-activity;sid:84049534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1_dxl_win_tool_v9.6.zip"; depth:24; endswith; nocase; http.host; content:"104.243.129.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186433/; classtype:trojan-activity;sid:84049533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; depth:43; endswith; nocase; http.host; content:"104.243.129.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186432/; classtype:trojan-activity;sid:84049532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; depth:43; endswith; nocase; http.host; content:"104.243.129.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186431/; classtype:trojan-activity;sid:84049531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; depth:43; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxl_win_tool_v9.4.iso"; depth:22; endswith; nocase; http.host; content:"104.243.129.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186429/; classtype:trojan-activity;sid:84049529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1_dxl_windowsport.zip"; depth:22; endswith; nocase; http.host; content:"104.243.129.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186426/; classtype:trojan-activity;sid:84049526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxl_win_tool_v9.6.iso"; depth:22; endswith; nocase; http.host; content:"104.243.129.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186427/; classtype:trojan-activity;sid:84049527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1_dxl_windowsport.zip"; depth:22; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//macro.vbs"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185948/; classtype:trojan-activity;sid:84049048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//ubolite_0.1.23.6055.chromium.mv3.zip"; depth:38; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185946/; classtype:trojan-activity;sid:84049046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//beta2.zip"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185944/; classtype:trojan-activity;sid:84049044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//prototype.exe"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185938/; classtype:trojan-activity;sid:84049038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//prototype2.zip"; depth:16; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185939/; classtype:trojan-activity;sid:84049039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//journal.zip"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185940/; classtype:trojan-activity;sid:84049040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//tracker.zip"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185942/; classtype:trojan-activity;sid:84049042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//extension2.zip"; depth:16; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185943/; classtype:trojan-activity;sid:84049043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//monitor.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185935/; classtype:trojan-activity;sid:84049035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//utility3.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185936/; classtype:trojan-activity;sid:84049036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//trial.zip"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185937/; classtype:trojan-activity;sid:84049037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//organiser3.zip"; depth:16; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185934/; classtype:trojan-activity;sid:84049034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//organiser2.zip"; depth:16; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185927/; classtype:trojan-activity;sid:84049027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//service.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185928/; classtype:trojan-activity;sid:84049028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//launcher.elf"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185930/; classtype:trojan-activity;sid:84049030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//utility2.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185931/; classtype:trojan-activity;sid:84049031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//utility.zip"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185932/; classtype:trojan-activity;sid:84049032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//setup.zip"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185933/; classtype:trojan-activity;sid:84049033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//excel.exe"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185926/; classtype:trojan-activity;sid:84049026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//uploader.elf"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185924/; classtype:trojan-activity;sid:84049024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//meeting.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185922/; classtype:trojan-activity;sid:84049022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//prototype.zip"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185920/; classtype:trojan-activity;sid:84049020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//tracker.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185912/; classtype:trojan-activity;sid:84049012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//extension.zip"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185913/; classtype:trojan-activity;sid:84049013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//organiser.exe"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185914/; classtype:trojan-activity;sid:84049014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//charter.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185916/; classtype:trojan-activity;sid:84049016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//accounts.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185917/; classtype:trojan-activity;sid:84049017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//journal.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185918/; classtype:trojan-activity;sid:84049018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//uploader.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185919/; classtype:trojan-activity;sid:84049019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//excel.zip"; depth:11; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185909/; classtype:trojan-activity;sid:84049009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//icon.exe"; depth:10; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185910/; classtype:trojan-activity;sid:84049010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//extension2.exe"; depth:16; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185911/; classtype:trojan-activity;sid:84049011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mysqld.sh"; depth:10; endswith; nocase; http.host; content:"47.238.84.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185853/; classtype:trojan-activity;sid:84048953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mysqld"; depth:7; endswith; nocase; http.host; content:"94.177.106.19"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185833/; classtype:trojan-activity;sid:84048933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/envs/ds1.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185566/; classtype:trojan-activity;sid:84048666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/rf.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185567/; classtype:trojan-activity;sid:84048667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/rs.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185568/; classtype:trojan-activity;sid:84048668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/j1.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185560/; classtype:trojan-activity;sid:84048660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/rtj.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185561/; classtype:trojan-activity;sid:84048661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/rrtt.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185562/; classtype:trojan-activity;sid:84048662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/k1r.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185564/; classtype:trojan-activity;sid:84048664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qq-1950222243-x%e2%80%aexcod.exe"; depth:33; endswith; nocase; http.host; content:"8.130.82.167"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185565/; classtype:trojan-activity;sid:84048665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/nusjygs.pack"; depth:17; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185053/; classtype:trojan-activity;sid:84048153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/diamotrix.pack"; depth:19; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185054/; classtype:trojan-activity;sid:84048154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"1.92.146.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185021/; classtype:trojan-activity;sid:84048121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"1.92.146.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185020/; classtype:trojan-activity;sid:84048120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"1.92.146.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185019/; classtype:trojan-activity;sid:84048119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"1.92.146.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185018/; classtype:trojan-activity;sid:84048118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"1.92.146.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185017/; classtype:trojan-activity;sid:84048117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"1.92.146.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185016/; classtype:trojan-activity;sid:84048116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"1.92.146.107"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3185015/; classtype:trojan-activity;sid:84048115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/new_image_vbs/new_image_vbs.jpg"; depth:41; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184928/; classtype:trojan-activity;sid:84048028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoupdate/hostfile/game.exe"; depth:29; endswith; nocase; http.host; content:"103.110.33.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184777/; classtype:trojan-activity;sid:84047877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoupdate/hostfile/config.exe"; depth:31; endswith; nocase; http.host; content:"103.110.33.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184776/; classtype:trojan-activity;sid:84047876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoupdate/hostfile/autoupdate.exe"; depth:35; endswith; nocase; http.host; content:"103.110.33.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184769/; classtype:trojan-activity;sid:84047869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/needmoney.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184301/; classtype:trojan-activity;sid:84047401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/firefox.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184299/; classtype:trojan-activity;sid:84047399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/microsoft.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184293/; classtype:trojan-activity;sid:84047393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummac222222.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184284/; classtype:trojan-activity;sid:84047384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3179273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spetterman66/verynicerepo/main/xmr-go.sh"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_18; reference:url, urlhaus.abuse.ch/url/3179273/; classtype:trojan-activity;sid:84042373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/dlllllll.txt|3f|alt=media|7c|26|7c|token=fdca0921-d71f-49dc-bdf6-08168b6bad86"; depth:109; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178439/; classtype:trojan-activity;sid:84041539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6/items/detah-note-j/detahnotej.txt"; depth:36; endswith; nocase; http.host; content:"ia904601.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178396/; classtype:trojan-activity;sid:84041496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24/items/detah-note-v/detahnotev.txt"; depth:37; endswith; nocase; http.host; content:"ia600100.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178373/; classtype:trojan-activity;sid:84041473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/items/new_image_20240905/new_image.jpg"; depth:41; endswith; nocase; http.host; content:"ia601706.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178347/; classtype:trojan-activity;sid:84041447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/amadeus.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176961/; classtype:trojan-activity;sid:84040061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/clip.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176887/; classtype:trojan-activity;sid:84039987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"61.131.3.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175721/; classtype:trojan-activity;sid:84038821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"61.131.3.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175712/; classtype:trojan-activity;sid:84038812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"195.46.176.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175659/; classtype:trojan-activity;sid:84038759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"195.46.176.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175566/; classtype:trojan-activity;sid:84038666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"195.46.176.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175462/; classtype:trojan-activity;sid:84038562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"61.131.3.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175448/; classtype:trojan-activity;sid:84038548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"61.131.3.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175437/; classtype:trojan-activity;sid:84038537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"195.46.176.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175431/; classtype:trojan-activity;sid:84038531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"61.131.3.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175403/; classtype:trojan-activity;sid:84038503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"195.46.176.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175393/; classtype:trojan-activity;sid:84038493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"61.131.3.86"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175280/; classtype:trojan-activity;sid:84038380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load.exe"; depth:9; endswith; nocase; http.host; content:"8.138.81.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175149/; classtype:trojan-activity;sid:84038249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"122.51.183.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175134/; classtype:trojan-activity;sid:84038234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.config"; depth:13; endswith; nocase; http.host; content:"8.138.81.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175124/; classtype:trojan-activity;sid:84038224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.bat"; depth:10; endswith; nocase; http.host; content:"8.138.81.152"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175127/; classtype:trojan-activity;sid:84038227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175111/; classtype:trojan-activity;sid:84038211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm"; depth:5; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175104/; classtype:trojan-activity;sid:84038204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm7"; depth:6; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175105/; classtype:trojan-activity;sid:84038205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpsl"; depth:6; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175106/; classtype:trojan-activity;sid:84038206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm6"; depth:6; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175107/; classtype:trojan-activity;sid:84038207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmips"; depth:6; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175108/; classtype:trojan-activity;sid:84038208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/bibnza9851zj.exe"; depth:22; endswith; nocase; http.host; content:"121.40.100.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175048/; classtype:trojan-activity;sid:84038148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.41.175"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174975/; classtype:trojan-activity;sid:84038075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"14.103.48.107"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174974/; classtype:trojan-activity;sid:84038074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.178.231.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174957/; classtype:trojan-activity;sid:84038057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.134.251.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174964/; classtype:trojan-activity;sid:84038064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"156.236.75.199"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174943/; classtype:trojan-activity;sid:84038043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.106.216.88"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174936/; classtype:trojan-activity;sid:84038036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bitcoincore.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174586/; classtype:trojan-activity;sid:84037686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/8.11.9-windows.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174584/; classtype:trojan-activity;sid:84037684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/s%d0%b5tup.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174582/; classtype:trojan-activity;sid:84037682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/broadcom5.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174581/; classtype:trojan-activity;sid:84037681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pyld64.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174580/; classtype:trojan-activity;sid:84037680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/client_protected.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174579/; classtype:trojan-activity;sid:84037679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/freedom.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174578/; classtype:trojan-activity;sid:84037678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rms1.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174576/; classtype:trojan-activity;sid:84037676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pichon.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174574/; classtype:trojan-activity;sid:84037674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gift-info.lmg.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174575/; classtype:trojan-activity;sid:84037675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cclent.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174573/; classtype:trojan-activity;sid:84037673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pyl64.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174572/; classtype:trojan-activity;sid:84037672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bandwidth_monitor.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174570/; classtype:trojan-activity;sid:84037670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/whiteheroin.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174569/; classtype:trojan-activity;sid:84037669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/hvnc1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174568/; classtype:trojan-activity;sid:84037668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ghost_0x000263826b9a9b91.exe"; depth:33; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174566/; classtype:trojan-activity;sid:84037666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/morphic.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174567/; classtype:trojan-activity;sid:84037667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cnyvvl.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174564/; classtype:trojan-activity;sid:84037664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xclient_protected.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174565/; classtype:trojan-activity;sid:84037665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/resex.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174560/; classtype:trojan-activity;sid:84037660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5knchalah.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174561/; classtype:trojan-activity;sid:84037661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5_6253708004881862888.exe"; depth:30; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174556/; classtype:trojan-activity;sid:84037656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scribblercoder/browserthief/main/browserthief.ps1"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dobre/splwow64.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174501/; classtype:trojan-activity;sid:84037601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/bundle.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174496/; classtype:trojan-activity;sid:84037596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/penis.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174498/; classtype:trojan-activity;sid:84037598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vlst.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174493/; classtype:trojan-activity;sid:84037593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winring0x64.sys"; depth:16; endswith; nocase; http.host; content:"103.173.254.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174406/; classtype:trojan-activity;sid:84037506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foru.apk"; depth:9; endswith; nocase; http.host; content:"tecunonline.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foru.apk"; depth:9; endswith; nocase; http.host; content:"www.tecunonline.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarm5"; depth:6; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174318/; classtype:trojan-activity;sid:84037418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsh4"; depth:5; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174319/; classtype:trojan-activity;sid:84037419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skid.mips"; depth:10; endswith; nocase; http.host; content:"185.142.53.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174320/; classtype:trojan-activity;sid:84037420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.exe"; depth:10; endswith; nocase; http.host; content:"185.130.45.176"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174283/; classtype:trojan-activity;sid:84037383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me.exe"; depth:7; endswith; nocase; http.host; content:"185.106.176.102"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174267/; classtype:trojan-activity;sid:84037367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygen"; depth:7; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dns1.exe"; depth:9; endswith; nocase; http.host; content:"209.141.35.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174027/; classtype:trojan-activity;sid:84037127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vpn.exe"; depth:8; endswith; nocase; http.host; content:"209.141.35.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174024/; classtype:trojan-activity;sid:84037124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"209.141.35.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174025/; classtype:trojan-activity;sid:84037125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.exe"; depth:9; endswith; nocase; http.host; content:"85.25.72.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logon.exe"; depth:10; endswith; nocase; http.host; content:"113.160.158.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172305/; classtype:trojan-activity;sid:84035405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa.exe"; depth:8; endswith; nocase; http.host; content:"103.73.160.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172303/; classtype:trojan-activity;sid:84035403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install_lodop32.exe"; depth:20; endswith; nocase; http.host; content:"103.59.103.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172298/; classtype:trojan-activity;sid:84035398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od.exe"; depth:7; endswith; nocase; http.host; content:"107.189.5.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172294/; classtype:trojan-activity;sid:84035394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taskmgr.exe"; depth:12; endswith; nocase; http.host; content:"103.173.254.78"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172268/; classtype:trojan-activity;sid:84035368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggg.exe"; depth:8; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172258/; classtype:trojan-activity;sid:84035358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op.exe"; depth:7; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172259/; classtype:trojan-activity;sid:84035359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si.exe"; depth:7; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172251/; classtype:trojan-activity;sid:84035351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j.exe"; depth:6; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172252/; classtype:trojan-activity;sid:84035352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hh.exe"; depth:7; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172253/; classtype:trojan-activity;sid:84035353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reverse.exe"; depth:12; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172254/; classtype:trojan-activity;sid:84035354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.exe"; depth:12; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172255/; classtype:trojan-activity;sid:84035355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"185.202.113.6"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172256/; classtype:trojan-activity;sid:84035356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.m68k"; depth:10; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172125/; classtype:trojan-activity;sid:84035225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.mips"; depth:10; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172126/; classtype:trojan-activity;sid:84035226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm"; depth:9; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172127/; classtype:trojan-activity;sid:84035227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.ppc"; depth:9; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172128/; classtype:trojan-activity;sid:84035228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm7"; depth:10; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172129/; classtype:trojan-activity;sid:84035229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm5"; depth:10; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172130/; classtype:trojan-activity;sid:84035230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fish.arm6"; depth:10; endswith; nocase; http.host; content:"216.126.231.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172131/; classtype:trojan-activity;sid:84035231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.16.102.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171183/; classtype:trojan-activity;sid:84034283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scsi_esrr_1"; depth:12; endswith; nocase; http.host; content:"8.218.239.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170446/; classtype:trojan-activity;sid:84033546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.60.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170445/; classtype:trojan-activity;sid:84033545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/386.exe"; depth:8; endswith; nocase; http.host; content:"112.33.27.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170362/; classtype:trojan-activity;sid:84033462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169894/; classtype:trojan-activity;sid:84032994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169895/; classtype:trojan-activity;sid:84032995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169896/; classtype:trojan-activity;sid:84032996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169897/; classtype:trojan-activity;sid:84032997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169898/; classtype:trojan-activity;sid:84032998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169899/; classtype:trojan-activity;sid:84032999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3169900/; classtype:trojan-activity;sid:84033000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns1.jpg"; depth:8; endswith; nocase; http.host; content:"121.40.85.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169089/; classtype:trojan-activity;sid:84032189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; depth:102; endswith; nocase; http.host; content:"download.cudo.org"; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3168122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3168122/; classtype:trojan-activity;sid:84031222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"185.157.247.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3167915/; classtype:trojan-activity;sid:84031015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/233_uywnfzbryrv"; depth:16; endswith; nocase; http.host; content:"mbsngradnja.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_11; reference:url, urlhaus.abuse.ch/url/3167008/; classtype:trojan-activity;sid:84030108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3167009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/233_uywnfzbryrv"; depth:16; endswith; nocase; http.host; content:"mbsngradnja.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_11; reference:url, urlhaus.abuse.ch/url/3167009/; classtype:trojan-activity;sid:84030109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/2b4pi1hcjx7p.exe"; depth:22; endswith; nocase; http.host; content:"121.40.100.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165913/; classtype:trojan-activity;sid:84029013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.mips"; depth:17; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165793/; classtype:trojan-activity;sid:84028893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.mips"; depth:15; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165794/; classtype:trojan-activity;sid:84028894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.arm6"; depth:15; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165791/; classtype:trojan-activity;sid:84028891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.arm"; depth:14; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165792/; classtype:trojan-activity;sid:84028892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.m68k"; depth:17; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165777/; classtype:trojan-activity;sid:84028877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.sh4"; depth:14; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165778/; classtype:trojan-activity;sid:84028878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.m68k"; depth:15; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165779/; classtype:trojan-activity;sid:84028879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.sparc"; depth:18; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165780/; classtype:trojan-activity;sid:84028880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.powerpc"; depth:18; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165781/; classtype:trojan-activity;sid:84028881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm"; depth:16; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165782/; classtype:trojan-activity;sid:84028882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.mipsel"; depth:19; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165783/; classtype:trojan-activity;sid:84028883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.sparc"; depth:16; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165784/; classtype:trojan-activity;sid:84028884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.mipsel"; depth:17; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165785/; classtype:trojan-activity;sid:84028885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm7"; depth:17; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165786/; classtype:trojan-activity;sid:84028886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.arm5"; depth:15; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165787/; classtype:trojan-activity;sid:84028887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm5"; depth:17; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165788/; classtype:trojan-activity;sid:84028888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.arm6"; depth:17; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165789/; classtype:trojan-activity;sid:84028889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri/la.bot.arm7"; depth:15; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165790/; classtype:trojan-activity;sid:84028890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.powerpc"; depth:20; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165775/; classtype:trojan-activity;sid:84028875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3165776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/la.bot.sh4"; depth:16; endswith; nocase; http.host; content:"103.149.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3165776/; classtype:trojan-activity;sid:84028876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.180.23.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164933/; classtype:trojan-activity;sid:84028033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"88.248.194.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164816/; classtype:trojan-activity;sid:84027916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avoslocker.exe"; depth:15; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163568/; classtype:trojan-activity;sid:84026668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastop.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163237/; classtype:trojan-activity;sid:84026337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"46.16.102.32"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_08; reference:url, urlhaus.abuse.ch/url/3163126/; classtype:trojan-activity;sid:84026226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3161411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/ezife.txt|3f|alt=media|7c|26|7c|token=76efce27-fa0e-4742-86ec-47a2efb14fbd"; depth:106; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_07; reference:url, urlhaus.abuse.ch/url/3161411/; classtype:trojan-activity;sid:84024511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3158404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.230.28.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3158404/; classtype:trojan-activity;sid:84021504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3158390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.230.28.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3158390/; classtype:trojan-activity;sid:84021490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns3.jpg"; depth:8; endswith; nocase; http.host; content:"121.40.85.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157666/; classtype:trojan-activity;sid:84020766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/superdev-1018/casino_game/archive/refs/heads/main.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157551/; classtype:trojan-activity;sid:84020651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/journal.zip"; depth:12; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157432/; classtype:trojan-activity;sid:84020532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prototype.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157433/; classtype:trojan-activity;sid:84020533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accounts.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157428/; classtype:trojan-activity;sid:84020528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterloc.dll"; depth:15; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157429/; classtype:trojan-activity;sid:84020529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accounts.zip"; depth:13; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157430/; classtype:trojan-activity;sid:84020530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157431/; classtype:trojan-activity;sid:84020531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meeting.sfx.exe"; depth:16; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157426/; classtype:trojan-activity;sid:84020526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3157427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meeting.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.115"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_05; reference:url, urlhaus.abuse.ch/url/3157427/; classtype:trojan-activity;sid:84020527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"1.94.67.222"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156471/; classtype:trojan-activity;sid:84019571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"94.20.88.63"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156473/; classtype:trojan-activity;sid:84019573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"122.51.75.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156454/; classtype:trojan-activity;sid:84019554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.178.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156446/; classtype:trojan-activity;sid:84019546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"185.234.216.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156443/; classtype:trojan-activity;sid:84019543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"118.31.16.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156427/; classtype:trojan-activity;sid:84019527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.115.166.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156428/; classtype:trojan-activity;sid:84019528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/virusnnnnnmeu0409.txt|3f|alt=media|7c|26|7c|token=b21da726-7c55-43bb-a0da-7405252c43c6"; depth:118; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156330/; classtype:trojan-activity;sid:84019430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/6ixcgyundte9indcrjg0.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156256/; classtype:trojan-activity;sid:84019356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2108/omf035w09jhsw3qim7yy.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156257/; classtype:trojan-activity;sid:84019357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/s"; depth:7; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156258/; classtype:trojan-activity;sid:84019358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/file"; depth:10; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156259/; classtype:trojan-activity;sid:84019359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2108/obaqiquigeflou8dltcj.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156260/; classtype:trojan-activity;sid:84019360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/spkld0pht5zkdb7062ql.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156261/; classtype:trojan-activity;sid:84019361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156246/; classtype:trojan-activity;sid:84019346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/v"; depth:7; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156248/; classtype:trojan-activity;sid:84019348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/e96h9t9y6mvvm4pyti8p.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156249/; classtype:trojan-activity;sid:84019349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/tqjkts441txvedugsp7z.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156250/; classtype:trojan-activity;sid:84019350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/r"; depth:7; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156251/; classtype:trojan-activity;sid:84019351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/thxb4tu1jp1fqqfsqky1.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156252/; classtype:trojan-activity;sid:84019352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/srsjgq7vhhmecv535vvs.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156253/; classtype:trojan-activity;sid:84019353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156254/; classtype:trojan-activity;sid:84019354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/t8eceab2kwpje4vdedzb.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156255/; classtype:trojan-activity;sid:84019355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2108/kyorihrhn8gphiz4be4p.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156244/; classtype:trojan-activity;sid:84019344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/xdz2maxjk6goovrsde3u.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156245/; classtype:trojan-activity;sid:84019345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/l8dnezoixbihmshsbj12.txt"; depth:30; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156243/; classtype:trojan-activity;sid:84019343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/s"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156233/; classtype:trojan-activity;sid:84019333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/t8eceab2kwpje4vdedzb.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156234/; classtype:trojan-activity;sid:84019334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/6ixcgyundte9indcrjg0.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156235/; classtype:trojan-activity;sid:84019335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/file"; depth:10; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156236/; classtype:trojan-activity;sid:84019336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/srsjgq7vhhmecv535vvs.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156237/; classtype:trojan-activity;sid:84019337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/v"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156238/; classtype:trojan-activity;sid:84019338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/spkld0pht5zkdb7062ql.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156239/; classtype:trojan-activity;sid:84019339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/e96h9t9y6mvvm4pyti8p.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156240/; classtype:trojan-activity;sid:84019340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/l8dnezoixbihmshsbj12.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156241/; classtype:trojan-activity;sid:84019341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/r"; depth:7; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156242/; classtype:trojan-activity;sid:84019342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2108/omf035w09jhsw3qim7yy.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156232/; classtype:trojan-activity;sid:84019332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/hn9om6j1c9ycqkei5xe2.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156226/; classtype:trojan-activity;sid:84019326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1608/xdz2maxjk6goovrsde3u.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156227/; classtype:trojan-activity;sid:84019327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2108/kyorihrhn8gphiz4be4p.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156228/; classtype:trojan-activity;sid:84019328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/thxb4tu1jp1fqqfsqky1.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156229/; classtype:trojan-activity;sid:84019329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/tqjkts441txvedugsp7z.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156230/; classtype:trojan-activity;sid:84019330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/u9iczzb5fm5owwojnw5q.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156231/; classtype:trojan-activity;sid:84019331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3156225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2108/obaqiquigeflou8dltcj.txt"; depth:30; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_04; reference:url, urlhaus.abuse.ch/url/3156225/; classtype:trojan-activity;sid:84019325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackirby/discord-injection/main/injection.js"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell.elf"; depth:10; endswith; nocase; http.host; content:"144.34.162.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154392/; classtype:trojan-activity;sid:84017492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shell86.elf"; depth:12; endswith; nocase; http.host; content:"144.34.162.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154393/; classtype:trojan-activity;sid:84017493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1_encoded.exe"; depth:14; endswith; nocase; http.host; content:"144.34.162.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154394/; classtype:trojan-activity;sid:84017494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.exe"; depth:12; endswith; nocase; http.host; content:"144.34.162.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154395/; classtype:trojan-activity;sid:84017495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ew.exe"; depth:7; endswith; nocase; http.host; content:"134.122.129.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153518/; classtype:trojan-activity;sid:84016618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ew.exe"; depth:7; endswith; nocase; http.host; content:"134.122.129.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153519/; classtype:trojan-activity;sid:84016619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get"; depth:4; endswith; nocase; http.host; content:"134.122.129.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153517/; classtype:trojan-activity;sid:84016617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get"; depth:4; endswith; nocase; http.host; content:"134.122.129.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153516/; classtype:trojan-activity;sid:84016616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get"; depth:4; endswith; nocase; http.host; content:"134.122.129.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153507/; classtype:trojan-activity;sid:84016607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jndiexploit-0x727-1.3-snapshot.jar"; depth:35; endswith; nocase; http.host; content:"8.219.134.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153312/; classtype:trojan-activity;sid:84016412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fastjson.class"; depth:15; endswith; nocase; http.host; content:"8.219.134.35"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153310/; classtype:trojan-activity;sid:84016410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ew.exe"; depth:7; endswith; nocase; http.host; content:"134.122.129.20"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153297/; classtype:trojan-activity;sid:84016397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arma3sync.exe"; depth:14; endswith; nocase; http.host; content:"185.254.96.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152780/; classtype:trojan-activity;sid:84015880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3836fd5700214436/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"91.202.233.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152636/; classtype:trojan-activity;sid:84015736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3836fd5700214436/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"91.202.233.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152637/; classtype:trojan-activity;sid:84015737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3836fd5700214436/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"91.202.233.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152639/; classtype:trojan-activity;sid:84015739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3836fd5700214436/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"91.202.233.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152640/; classtype:trojan-activity;sid:84015740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3836fd5700214436/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"91.202.233.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152641/; classtype:trojan-activity;sid:84015741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3836fd5700214436/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"91.202.233.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152642/; classtype:trojan-activity;sid:84015742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3836fd5700214436/nss3.dll"; depth:26; endswith; nocase; http.host; content:"91.202.233.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3152643/; classtype:trojan-activity;sid:84015743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"59.110.172.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3152132/; classtype:trojan-activity;sid:84015232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3152070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.97.57.124"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3152070/; classtype:trojan-activity;sid:84015170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3151920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.178.63"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3151920/; classtype:trojan-activity;sid:84015020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"94.156.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138431/; classtype:trojan-activity;sid:84001531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.156.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138430/; classtype:trojan-activity;sid:84001530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.156.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138428/; classtype:trojan-activity;sid:84001528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"94.156.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138429/; classtype:trojan-activity;sid:84001529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clean"; depth:6; endswith; nocase; http.host; content:"94.156.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138426/; classtype:trojan-activity;sid:84001526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"94.156.177.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138268/; classtype:trojan-activity;sid:84001368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.224.162.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.200.248.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3136739/; classtype:trojan-activity;sid:83999839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e6%94%be%e5%81%87%e5%80%bc%e7%8f%ad%e5%ae%89%e6%8e%92.exe"; depth:59; endswith; nocase; http.host; content:"8.134.12.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136217/; classtype:trojan-activity;sid:83999317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3btt"; depth:5; endswith; nocase; http.host; content:"8.134.12.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136215/; classtype:trojan-activity;sid:83999315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k8mm"; depth:5; endswith; nocase; http.host; content:"8.134.12.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136216/; classtype:trojan-activity;sid:83999316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3136214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feishu_update.exe"; depth:18; endswith; nocase; http.host; content:"8.134.12.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3136214/; classtype:trojan-activity;sid:83999314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syn"; depth:4; endswith; nocase; http.host; content:"167.234.240.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135734/; classtype:trojan-activity;sid:83998834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miners/myxmrig.tgz"; depth:19; endswith; nocase; http.host; content:"do-dear.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135730/; classtype:trojan-activity;sid:83998830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sosinchik/asd/main/zoom.py"; depth:27; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/dsfuwqu/main/zombie"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135725/; classtype:trojan-activity;sid:83998825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/log/orgn.txt"; depth:13; endswith; nocase; http.host; content:"epanpano.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqhelper_1540.exe"; depth:18; endswith; nocase; http.host; content:"down.qqfarmer.com.cn"; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/login/1188%e7%83%88%e7%84%b0.exe"; depth:33; endswith; nocase; http.host; content:"cdn.ly.9377.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/06-wudao/%e8%88%9e%e8%b9%88%e5%8a%a9%e6%89%8b.exe"; depth:50; endswith; nocase; http.host; content:"up.maolaoban.top"; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134016/; classtype:trojan-activity;sid:83997116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/adadada-fe29c.appspot.com/o/fc.txt|3f|alt=media|7c|26|7c|token=b9e122e9-326d-4e11-b005-be128c5b487e"; depth:105; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130985/; classtype:trojan-activity;sid:83994085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/asas-495ee.appspot.com/o/55.jpg|3f|alt=media|7c|26|7c|token=83466f23-8119-4bc0-8589-76995553bdfa"; depth:102; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130984/; classtype:trojan-activity;sid:83994084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/adadada-fe29c.appspot.com/o/ppaste.txt|3f|alt=media|7c|26|7c|token=2e3df61b-5f41-4e2b-9c0b-5664eded29e5"; depth:109; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130983/; classtype:trojan-activity;sid:83994083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"209.16.67.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130738/; classtype:trojan-activity;sid:83993838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3130459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/aaaaa-dc2a3.appspot.com/o/aaaaaaaaabbbbbbbbbb.txt|3f|alt=media|7c|26|7c|token=b258ab10-99ab-4d37-8a91-7954022a451e"; depth:120; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_27; reference:url, urlhaus.abuse.ch/url/3130459/; classtype:trojan-activity;sid:83993559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/dll3js.appspot.com/o/dlljs2036.txt|3f|alt=media|7c|26|7c|token=f2f9ed1a-db47-4924-bb04-7b3e905bc597"; depth:105; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129877/; classtype:trojan-activity;sid:83992977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nova_flow/patcher.exe"; depth:22; endswith; nocase; http.host; content:"144.172.71.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e6%8b%8d%e7%89%8c%e4%b8%93%e4%b8%9a%e7%89%88.exe"; depth:50; endswith; nocase; http.host; content:"ini.sh-pp.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129592/; classtype:trojan-activity;sid:83992692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/update/css/self/[upg]css.exe"; depth:35; endswith; nocase; http.host; content:"cs.go.kg"; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmbuild/v1.1.exe"; depth:17; endswith; nocase; http.host; content:"www.qqqmy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129512/; classtype:trojan-activity;sid:83992612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; depth:54; endswith; nocase; http.host; content:"down10d.zol.com.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tjqdq.exe"; depth:10; endswith; nocase; http.host; content:"43.249.193.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/restart1.exe"; depth:18; endswith; nocase; http.host; content:"www.aqianniao.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129421/; classtype:trojan-activity;sid:83992521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asmedises/pxray_cast_sort.exe"; depth:30; endswith; nocase; http.host; content:"www.medises.co.kr"; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enp.exe"; depth:8; endswith; nocase; http.host; content:"adf6.adf6.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129223/; classtype:trojan-activity;sid:83992323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; depth:55; endswith; nocase; http.host; content:"temirtau-adm.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xclient.exe"; depth:12; endswith; nocase; http.host; content:"154.197.69.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129177/; classtype:trojan-activity;sid:83992277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crss.exe"; depth:9; endswith; nocase; http.host; content:"154.197.69.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129176/; classtype:trojan-activity;sid:83992276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zx.exe"; depth:7; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129003/; classtype:trojan-activity;sid:83992103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/k1.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128969/; classtype:trojan-activity;sid:83992069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/a1.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128962/; classtype:trojan-activity;sid:83992062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/x2.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128963/; classtype:trojan-activity;sid:83992063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/ark.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128964/; classtype:trojan-activity;sid:83992064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3128965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/rt.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3128965/; classtype:trojan-activity;sid:83992065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greetings/greetings1/wow.exe"; depth:29; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127950/; classtype:trojan-activity;sid:83991050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pyld611114.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127898/; classtype:trojan-activity;sid:83990998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/identification-1.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127897/; classtype:trojan-activity;sid:83990997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/purlog.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127896/; classtype:trojan-activity;sid:83990996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/baddstore.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127895/; classtype:trojan-activity;sid:83990995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mswgoudnv.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127894/; classtype:trojan-activity;sid:83990994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ven_protected.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127893/; classtype:trojan-activity;sid:83990993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/surfex.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127892/; classtype:trojan-activity;sid:83990992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gagagggagagag.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127891/; classtype:trojan-activity;sid:83990991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/install2.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127795/; classtype:trojan-activity;sid:83990895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build9.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127794/; classtype:trojan-activity;sid:83990894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/t3.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127791/; classtype:trojan-activity;sid:83990891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/winn.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127789/; classtype:trojan-activity;sid:83990889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/explorer.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127787/; classtype:trojan-activity;sid:83990887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/new1.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127788/; classtype:trojan-activity;sid:83990888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/omg.apk"; depth:13; endswith; nocase; http.host; content:"129.151.210.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127602/; classtype:trojan-activity;sid:83990702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slv.gif"; depth:8; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127561/; classtype:trojan-activity;sid:83990661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3126010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cve-2021-3156.zip"; depth:18; endswith; nocase; http.host; content:"20.243.255.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3126010/; classtype:trojan-activity;sid:83989110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cve-2021-3156.zip"; depth:18; endswith; nocase; http.host; content:"20.243.255.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125901/; classtype:trojan-activity;sid:83989001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/indentif.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125605/; classtype:trojan-activity;sid:83988705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/s%d0%b5tu%d1%80111.exe"; depth:27; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125604/; classtype:trojan-activity;sid:83988704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/xxxx.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125603/; classtype:trojan-activity;sid:83988703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/windowsui.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125602/; classtype:trojan-activity;sid:83988702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummac22222.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125601/; classtype:trojan-activity;sid:83988701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_default2.exe"; depth:24; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125598/; classtype:trojan-activity;sid:83988698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/caricatured.emz"; depth:19; endswith; nocase; http.host; content:"jahez.me"; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121905/; classtype:trojan-activity;sid:83985005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/azdbzliddkt187.bin"; depth:22; endswith; nocase; http.host; content:"jahez.me"; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121906/; classtype:trojan-activity;sid:83985006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vn70wvxw.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120967/; classtype:trojan-activity;sid:83984067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypted8888.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120608/; classtype:trojan-activity;sid:83983708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f.php|3f|h=2v4ag0ze|7c|26|7c|d=1"; depth:33; endswith; nocase; http.host; content:"soyjak.download"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120498/; classtype:trojan-activity;sid:83983598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/ru/downloader.exe"; depth:27; endswith; nocase; http.host; content:"ldcdn.ldmnq.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120496/; classtype:trojan-activity;sid:83983596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dtrade_v1.3.6.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118418/; classtype:trojan-activity;sid:83981518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_daval.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118411/; classtype:trojan-activity;sid:83981511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/meta.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117673/; classtype:trojan-activity;sid:83980773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/identification.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117555/; classtype:trojan-activity;sid:83980655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/channel.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117553/; classtype:trojan-activity;sid:83980653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/clcs.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117554/; classtype:trojan-activity;sid:83980654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/setup2.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117552/; classtype:trojan-activity;sid:83980652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/seo.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117551/; classtype:trojan-activity;sid:83980651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/coreplugin.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117550/; classtype:trojan-activity;sid:83980650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/diskutility.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117549/; classtype:trojan-activity;sid:83980649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3116194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avastavv.apk"; depth:13; endswith; nocase; http.host; content:"avastpx.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3116194/; classtype:trojan-activity;sid:83979294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/drchoe.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115896/; classtype:trojan-activity;sid:83978996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c103.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113834/; classtype:trojan-activity;sid:83976934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c040.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113833/; classtype:trojan-activity;sid:83976933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c091.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113832/; classtype:trojan-activity;sid:83976932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c156.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113831/; classtype:trojan-activity;sid:83976931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c057.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113830/; classtype:trojan-activity;sid:83976930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c073.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113829/; classtype:trojan-activity;sid:83976929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c012.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113828/; classtype:trojan-activity;sid:83976928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c152.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113827/; classtype:trojan-activity;sid:83976927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c055.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113826/; classtype:trojan-activity;sid:83976926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c011.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113824/; classtype:trojan-activity;sid:83976924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c065.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113825/; classtype:trojan-activity;sid:83976925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c017.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113823/; classtype:trojan-activity;sid:83976923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c019.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113822/; classtype:trojan-activity;sid:83976922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c016.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113821/; classtype:trojan-activity;sid:83976921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c005.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113820/; classtype:trojan-activity;sid:83976920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c001.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113819/; classtype:trojan-activity;sid:83976919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c026.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113818/; classtype:trojan-activity;sid:83976918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c002.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113817/; classtype:trojan-activity;sid:83976917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c053.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113816/; classtype:trojan-activity;sid:83976916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c150.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113815/; classtype:trojan-activity;sid:83976915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c093.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113814/; classtype:trojan-activity;sid:83976914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c088.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113813/; classtype:trojan-activity;sid:83976913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c050.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113811/; classtype:trojan-activity;sid:83976911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c058.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113812/; classtype:trojan-activity;sid:83976912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c012.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113810/; classtype:trojan-activity;sid:83976910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c079.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113809/; classtype:trojan-activity;sid:83976909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c162.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113808/; classtype:trojan-activity;sid:83976908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c010.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113807/; classtype:trojan-activity;sid:83976907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c153.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113806/; classtype:trojan-activity;sid:83976906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c063.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113805/; classtype:trojan-activity;sid:83976905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c009.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113804/; classtype:trojan-activity;sid:83976904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_au003.exe"; depth:14; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113803/; classtype:trojan-activity;sid:83976903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c004.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113802/; classtype:trojan-activity;sid:83976902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c181.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113801/; classtype:trojan-activity;sid:83976901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c020.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113800/; classtype:trojan-activity;sid:83976900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c051.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113799/; classtype:trojan-activity;sid:83976899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c035.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113798/; classtype:trojan-activity;sid:83976898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c007.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113797/; classtype:trojan-activity;sid:83976897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c159.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113796/; classtype:trojan-activity;sid:83976896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c110.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113795/; classtype:trojan-activity;sid:83976895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c029.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113791/; classtype:trojan-activity;sid:83976891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c168.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113792/; classtype:trojan-activity;sid:83976892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c081.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113794/; classtype:trojan-activity;sid:83976894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c030.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113790/; classtype:trojan-activity;sid:83976890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c062.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113789/; classtype:trojan-activity;sid:83976889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_product.exe"; depth:16; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113788/; classtype:trojan-activity;sid:83976888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c061.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113787/; classtype:trojan-activity;sid:83976887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c054.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113786/; classtype:trojan-activity;sid:83976886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c006.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113782/; classtype:trojan-activity;sid:83976882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c072.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113778/; classtype:trojan-activity;sid:83976878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c180.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113779/; classtype:trojan-activity;sid:83976879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c014.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113780/; classtype:trojan-activity;sid:83976880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c024.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113781/; classtype:trojan-activity;sid:83976881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c060.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113777/; classtype:trojan-activity;sid:83976877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c106.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113776/; classtype:trojan-activity;sid:83976876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c052.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113775/; classtype:trojan-activity;sid:83976875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c615.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113774/; classtype:trojan-activity;sid:83976874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c151.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113773/; classtype:trojan-activity;sid:83976873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c101.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113771/; classtype:trojan-activity;sid:83976871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c054.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113769/; classtype:trojan-activity;sid:83976869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c003.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113770/; classtype:trojan-activity;sid:83976870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c028.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113768/; classtype:trojan-activity;sid:83976868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c022.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113767/; classtype:trojan-activity;sid:83976867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c068.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113765/; classtype:trojan-activity;sid:83976865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c005.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113759/; classtype:trojan-activity;sid:83976859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c020.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113760/; classtype:trojan-activity;sid:83976860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c028.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113761/; classtype:trojan-activity;sid:83976861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c018.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113762/; classtype:trojan-activity;sid:83976862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c160.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113758/; classtype:trojan-activity;sid:83976858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c056.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113757/; classtype:trojan-activity;sid:83976857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c169.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113755/; classtype:trojan-activity;sid:83976855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c157.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113751/; classtype:trojan-activity;sid:83976851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c025.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113752/; classtype:trojan-activity;sid:83976852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c024.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113753/; classtype:trojan-activity;sid:83976853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c036.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113754/; classtype:trojan-activity;sid:83976854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c182.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113750/; classtype:trojan-activity;sid:83976850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c164.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113748/; classtype:trojan-activity;sid:83976848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c056.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113749/; classtype:trojan-activity;sid:83976849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c029.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113747/; classtype:trojan-activity;sid:83976847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c006.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113746/; classtype:trojan-activity;sid:83976846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c002.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113745/; classtype:trojan-activity;sid:83976845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c080.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113744/; classtype:trojan-activity;sid:83976844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c083.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113742/; classtype:trojan-activity;sid:83976842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c089.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113743/; classtype:trojan-activity;sid:83976843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c007.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113734/; classtype:trojan-activity;sid:83976834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c023.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113731/; classtype:trojan-activity;sid:83976831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c067.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113732/; classtype:trojan-activity;sid:83976832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c025.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113733/; classtype:trojan-activity;sid:83976833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c163.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113730/; classtype:trojan-activity;sid:83976830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c108.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113728/; classtype:trojan-activity;sid:83976828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c154.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113729/; classtype:trojan-activity;sid:83976829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c021.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113727/; classtype:trojan-activity;sid:83976827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c013.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113726/; classtype:trojan-activity;sid:83976826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c038.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113724/; classtype:trojan-activity;sid:83976824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c050.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113725/; classtype:trojan-activity;sid:83976825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c023.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113723/; classtype:trojan-activity;sid:83976823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c092.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113720/; classtype:trojan-activity;sid:83976820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c033.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113721/; classtype:trojan-activity;sid:83976821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c015.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113722/; classtype:trojan-activity;sid:83976822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c018.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113719/; classtype:trojan-activity;sid:83976819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c003.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113717/; classtype:trojan-activity;sid:83976817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c051.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113716/; classtype:trojan-activity;sid:83976816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c00h.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113715/; classtype:trojan-activity;sid:83976815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c032.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113713/; classtype:trojan-activity;sid:83976813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c062.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113714/; classtype:trojan-activity;sid:83976814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c084.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113711/; classtype:trojan-activity;sid:83976811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c037.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113710/; classtype:trojan-activity;sid:83976810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c026.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113708/; classtype:trojan-activity;sid:83976808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c087.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113709/; classtype:trojan-activity;sid:83976809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c034.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113707/; classtype:trojan-activity;sid:83976807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c161.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113706/; classtype:trojan-activity;sid:83976806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c021.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113705/; classtype:trojan-activity;sid:83976805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c055.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113704/; classtype:trojan-activity;sid:83976804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c004.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113702/; classtype:trojan-activity;sid:83976802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c075.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113699/; classtype:trojan-activity;sid:83976799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c060.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113697/; classtype:trojan-activity;sid:83976797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c066.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113698/; classtype:trojan-activity;sid:83976798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c155.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113692/; classtype:trojan-activity;sid:83976792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c061.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113693/; classtype:trojan-activity;sid:83976793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c022.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113694/; classtype:trojan-activity;sid:83976794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c011.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113696/; classtype:trojan-activity;sid:83976796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c001.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113690/; classtype:trojan-activity;sid:83976790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c014.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113691/; classtype:trojan-activity;sid:83976791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c031.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113689/; classtype:trojan-activity;sid:83976789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c027.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113687/; classtype:trojan-activity;sid:83976787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c019.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113686/; classtype:trojan-activity;sid:83976786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c078.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113685/; classtype:trojan-activity;sid:83976785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c090.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113683/; classtype:trojan-activity;sid:83976783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c086.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113684/; classtype:trojan-activity;sid:83976784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c070.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113681/; classtype:trojan-activity;sid:83976781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c167.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113682/; classtype:trojan-activity;sid:83976782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c085.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113679/; classtype:trojan-activity;sid:83976779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c166.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113680/; classtype:trojan-activity;sid:83976780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c158.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113678/; classtype:trojan-activity;sid:83976778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c013.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113676/; classtype:trojan-activity;sid:83976776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c071.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113675/; classtype:trojan-activity;sid:83976775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c008.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113672/; classtype:trojan-activity;sid:83976772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c109.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113670/; classtype:trojan-activity;sid:83976770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_au002.exe"; depth:14; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113671/; classtype:trojan-activity;sid:83976771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_t001.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113669/; classtype:trojan-activity;sid:83976769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c082.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113666/; classtype:trojan-activity;sid:83976766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c059.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113667/; classtype:trojan-activity;sid:83976767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tms_c053.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113665/; classtype:trojan-activity;sid:83976765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c077.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113664/; classtype:trojan-activity;sid:83976764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c001_backup.rar"; depth:20; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113660/; classtype:trojan-activity;sid:83976760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c165.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113661/; classtype:trojan-activity;sid:83976761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3113659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pos_c107.exe"; depth:13; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3113659/; classtype:trojan-activity;sid:83976759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/set-up.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112853/; classtype:trojan-activity;sid:83975953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/battlegermany.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112844/; classtype:trojan-activity;sid:83975944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/3546345.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112728/; classtype:trojan-activity;sid:83975828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/channel1.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112688/; classtype:trojan-activity;sid:83975788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"190.104.213.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"200.29.120.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"190.104.242.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112423/; classtype:trojan-activity;sid:83975523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.182.76.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.182.76.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.118.19.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112410/; classtype:trojan-activity;sid:83975510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.118.19.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112411/; classtype:trojan-activity;sid:83975511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.118.19.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112415/; classtype:trojan-activity;sid:83975515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"213.219.171.224"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112416/; classtype:trojan-activity;sid:83975516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"89.121.250.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"188.120.203.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112418/; classtype:trojan-activity;sid:83975518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3111151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/contorax.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3111151/; classtype:trojan-activity;sid:83974251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/survox.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110939/; classtype:trojan-activity;sid:83974039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"39.106.77.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110871/; classtype:trojan-activity;sid:83973971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.141.166.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110860/; classtype:trojan-activity;sid:83973960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.153.222.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110861/; classtype:trojan-activity;sid:83973961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.108.142.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110852/; classtype:trojan-activity;sid:83973952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.40.196.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110856/; classtype:trojan-activity;sid:83973956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"112.74.95.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110857/; classtype:trojan-activity;sid:83973957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"111.230.25.167"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110838/; classtype:trojan-activity;sid:83973938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.113.107.52"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110834/; classtype:trojan-activity;sid:83973934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.134.163.72"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110832/; classtype:trojan-activity;sid:83973932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.35.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110813/; classtype:trojan-activity;sid:83973913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.130.32.36"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110794/; classtype:trojan-activity;sid:83973894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.14.69.133"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110771/; classtype:trojan-activity;sid:83973871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.134.12.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110773/; classtype:trojan-activity;sid:83973873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110764/; classtype:trojan-activity;sid:83973864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"121.40.63.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110758/; classtype:trojan-activity;sid:83973858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.36.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110636/; classtype:trojan-activity;sid:83973736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.14.213.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110626/; classtype:trojan-activity;sid:83973726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.15.224.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110579/; classtype:trojan-activity;sid:83973679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110554/; classtype:trojan-activity;sid:83973654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"45.154.14.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110534/; classtype:trojan-activity;sid:83973634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.224.213.125"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110510/; classtype:trojan-activity;sid:83973610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"114.55.250.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110511/; classtype:trojan-activity;sid:83973611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/runtime.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110487/; classtype:trojan-activity;sid:83973587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gsprout.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110485/; classtype:trojan-activity;sid:83973585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stub.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110484/; classtype:trojan-activity;sid:83973584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/file1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110482/; classtype:trojan-activity;sid:83973582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/js.exe"; depth:11; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110483/; classtype:trojan-activity;sid:83973583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mobiletrans.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110402/; classtype:trojan-activity;sid:83973502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/zzzz1.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110401/; classtype:trojan-activity;sid:83973501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/armanivenntii_crypted_easy.exe"; depth:35; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110395/; classtype:trojan-activity;sid:83973495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5_6190317556063017550.exe"; depth:30; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110396/; classtype:trojan-activity;sid:83973496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pctoccurred.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110397/; classtype:trojan-activity;sid:83973497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/doc.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110398/; classtype:trojan-activity;sid:83973498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svc.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110399/; classtype:trojan-activity;sid:83973499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rorukal.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110400/; classtype:trojan-activity;sid:83973500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/northsperm.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110389/; classtype:trojan-activity;sid:83973489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mepaxil.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110390/; classtype:trojan-activity;sid:83973490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/ukodbcdcl.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110391/; classtype:trojan-activity;sid:83973491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/semiconductornot.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110392/; classtype:trojan-activity;sid:83973492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/scheduledllama.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110393/; classtype:trojan-activity;sid:83973493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/14082024.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110394/; classtype:trojan-activity;sid:83973494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/hogs.u32"; depth:18; endswith; nocase; http.host; content:"dnvk1.info"; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110001/; classtype:trojan-activity;sid:83973101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/2041.bin"; depth:12; endswith; nocase; http.host; content:"uyul.oss-cn-beijing.aliyuncs.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/204.bin"; depth:11; endswith; nocase; http.host; content:"uyul.oss-cn-beijing.aliyuncs.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/d204.dll"; depth:12; endswith; nocase; http.host; content:"uyul.oss-cn-beijing.aliyuncs.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.248.204.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109695/; classtype:trojan-activity;sid:83972795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1"; depth:2; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109697/; classtype:trojan-activity;sid:83972797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/002/537/415/full/whatsapp-logo-3-1.png|3f|1584245765"; depth:60; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109452/; classtype:trojan-activity;sid:83972552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/003/140/933/full/capturar.jpg|3f|1616184212"; depth:51; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109453/; classtype:trojan-activity;sid:83972553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/001/967/434/thumb/button.png"; depth:36; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109449/; classtype:trojan-activity;sid:83972549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/001/752/720/original/granitex.jpg|3f|1543516565"; depth:55; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109439/; classtype:trojan-activity;sid:83972539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/001/881/106/original/youtube.png|3f|1549480063"; depth:54; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109425/; classtype:trojan-activity;sid:83972525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/003/620/770/original/f284.jpg|3f|1641668895"; depth:51; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109428/; classtype:trojan-activity;sid:83972528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.200.248.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109419/; classtype:trojan-activity;sid:83972519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/003/956/295/thumb/mplogo22.png|3f|1658783084"; depth:52; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109406/; classtype:trojan-activity;sid:83972506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/551/147/original/sky8.png|3f|1689864217"; depth:51; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109396/; classtype:trojan-activity;sid:83972496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/003/912/781/thumb/logomp.png|3f|1655966639"; depth:50; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109381/; classtype:trojan-activity;sid:83972481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/612/441/full/3.png|3f|1695085716"; depth:44; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109382/; classtype:trojan-activity;sid:83972482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/415/079/original/imagemtimfinal.png|3f|168039419"; depth:60; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109370/; classtype:trojan-activity;sid:83972470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/003/770/199/full/logo-meli-br_2x.png|3f|1647201315"; depth:58; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109366/; classtype:trojan-activity;sid:83972466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/191/985/thumb/logo_evolo.png|3f|1669730114"; depth:54; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109348/; classtype:trojan-activity;sid:83972448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/002/623/original/sky8.png|3f|1661860465"; depth:51; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109330/; classtype:trojan-activity;sid:83972430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/002/976/790/full/cef.png|3f|1606180852"; depth:46; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109314/; classtype:trojan-activity;sid:83972414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/001/031/327/full/qpppppppppp.png|3f|1502141344"; depth:54; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109309/; classtype:trojan-activity;sid:83972409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/001/980/628/full/logo_it_9as8d7f.png|3f|1553264394"; depth:58; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109303/; classtype:trojan-activity;sid:83972403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.204.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109308/; classtype:trojan-activity;sid:83972408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/003/972/981/full/manoel_santos.png|3f|1659978692"; depth:56; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109299/; classtype:trojan-activity;sid:83972399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/000/889/191/full/cntt_prem.jpg|3f|1492018078"; depth:52; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109300/; classtype:trojan-activity;sid:83972400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/002/953/380/full/14pontos14jogos.jpeg|3f|1604940236"; depth:59; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109297/; classtype:trojan-activity;sid:83972397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/002/857/684/full/arte_oficial.jpg|3f|1598893173"; depth:55; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109291/; classtype:trojan-activity;sid:83972391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/039/779/full/amendujt.png|3f|1664339064"; depth:51; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109280/; classtype:trojan-activity;sid:83972380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/759/645/original/0004.jpg|3f|1711126095"; depth:51; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109270/; classtype:trojan-activity;sid:83972370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/004/382/855/full/liveptsveasbrad.jpg|3f|1678339424"; depth:58; endswith; nocase; http.host; content:"uploaddeimagens.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109264/; classtype:trojan-activity;sid:83972364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"88.248.204.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109080/; classtype:trojan-activity;sid:83972180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/new_image/new_image.jpg"; depth:33; endswith; nocase; http.host; content:"archive.org"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109072/; classtype:trojan-activity;sid:83972172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openark/version.txt"; depth:20; endswith; nocase; http.host; content:"file.blackint3.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openark/openark64.exe"; depth:22; endswith; nocase; http.host; content:"file.blackint3.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openark/openark32.exe"; depth:22; endswith; nocase; http.host; content:"file.blackint3.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/robotic.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108459/; classtype:trojan-activity;sid:83971559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.200.248.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108019/; classtype:trojan-activity;sid:83971119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tool/extreme%20injector%20v3.exe"; depth:33; endswith; nocase; http.host; content:"124.220.235.28"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106840/; classtype:trojan-activity;sid:83969940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qexswfv"; depth:8; endswith; nocase; http.host; content:"8.219.57.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106837/; classtype:trojan-activity;sid:83969937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; depth:64; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; depth:58; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; depth:58; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/msedge.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106396/; classtype:trojan-activity;sid:83969496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/test_move.bat"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/backdoor.exe"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/out_test_sig.exe"; depth:21; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103617/; classtype:trojan-activity;sid:83966717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"192.248.13.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103510/; classtype:trojan-activity;sid:83966610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"165.220.134.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103505/; classtype:trojan-activity;sid:83966605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"166.150.43.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103503/; classtype:trojan-activity;sid:83966603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"194.122.165.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103490/; classtype:trojan-activity;sid:83966590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"170.55.7.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"111.217.175.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103486/; classtype:trojan-activity;sid:83966586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"94.255.218.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103482/; classtype:trojan-activity;sid:83966582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"187.247.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"187.115.56.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103477/; classtype:trojan-activity;sid:83966577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"23.241.17.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"81.10.240.105"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103463/; classtype:trojan-activity;sid:83966563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"85.230.143.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103464/; classtype:trojan-activity;sid:83966564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fms/photo.scr"; depth:14; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103420/; classtype:trojan-activity;sid:83966520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fms/video.scr"; depth:14; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103419/; classtype:trojan-activity;sid:83966519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docker-compose/video.scr"; depth:25; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103416/; classtype:trojan-activity;sid:83966516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docker-compose/photo.scr"; depth:25; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103417/; classtype:trojan-activity;sid:83966517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docker-compose/av.scr"; depth:22; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103418/; classtype:trojan-activity;sid:83966518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fms/av.scr"; depth:11; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103415/; classtype:trojan-activity;sid:83966515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docker-compose/video.lnk"; depth:25; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103406/; classtype:trojan-activity;sid:83966506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fms/av.lnk"; depth:11; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103407/; classtype:trojan-activity;sid:83966507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fms/video.lnk"; depth:14; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103408/; classtype:trojan-activity;sid:83966508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2019/bkbvideos/photo.lnk"; depth:25; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103409/; classtype:trojan-activity;sid:83966509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fms/photo.lnk"; depth:14; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103410/; classtype:trojan-activity;sid:83966510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docker-compose/av.lnk"; depth:22; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103411/; classtype:trojan-activity;sid:83966511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docker-compose/photo.lnk"; depth:25; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103412/; classtype:trojan-activity;sid:83966512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2019/bkbvideos/av.lnk"; depth:22; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103413/; classtype:trojan-activity;sid:83966513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2019/bkbvideos/video.lnk"; depth:25; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103414/; classtype:trojan-activity;sid:83966514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103396/; classtype:trojan-activity;sid:83966496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103394/; classtype:trojan-activity;sid:83966494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103395/; classtype:trojan-activity;sid:83966495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.92.101.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103368/; classtype:trojan-activity;sid:83966468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103351/; classtype:trojan-activity;sid:83966451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103339/; classtype:trojan-activity;sid:83966439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"139.167.198.110"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103340/; classtype:trojan-activity;sid:83966440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cookie250.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103197/; classtype:trojan-activity;sid:83966297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/nano.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102194/; classtype:trojan-activity;sid:83965294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/1111.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102108/; classtype:trojan-activity;sid:83965208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/identifications.exe"; depth:24; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101697/; classtype:trojan-activity;sid:83964797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pimer_bbbcontents7.exe"; depth:27; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101696/; classtype:trojan-activity;sid:83964796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents.elf"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101658/; classtype:trojan-activity;sid:83964758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documents.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101655/; classtype:trojan-activity;sid:83964755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/organiser.zip"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101646/; classtype:trojan-activity;sid:83964746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimikatz_trunk.zip"; depth:19; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101647/; classtype:trojan-activity;sid:83964747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extension.exe"; depth:14; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101638/; classtype:trojan-activity;sid:83964738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installkitnew90/setupnew3/raw/5b5d1a339e750dfcc24fd8a7805629dd300db45b/g2m.dll"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101202/; classtype:trojan-activity;sid:83964302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installkitnew90/setupnew3/raw/f6a9d2071e5b6947d79a7e0bba8e57326fcd76e9/aperturelab.exe"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101203/; classtype:trojan-activity;sid:83964303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installkitnew90/setup1055/raw/main/installerpack_20.1.23770_win64.exe"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101191/; classtype:trojan-activity;sid:83964291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installkitnew90/setupnew3/releases/download/setupnew/install.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101087/; classtype:trojan-activity;sid:83964187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/request.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3100622/; classtype:trojan-activity;sid:83963722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sthealthclient.exe"; depth:19; endswith; nocase; http.host; content:"47.104.173.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggws.exe"; depth:9; endswith; nocase; http.host; content:"47.104.173.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggwsupdate.exe"; depth:15; endswith; nocase; http.host; content:"47.104.173.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; depth:58; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.exe"; depth:10; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099892/; classtype:trojan-activity;sid:83962992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/event.php"; depth:10; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099893/; classtype:trojan-activity;sid:83962993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.exe"; depth:10; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099876/; classtype:trojan-activity;sid:83962976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/authenticator222.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099818/; classtype:trojan-activity;sid:83962918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/annesalt.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099812/; classtype:trojan-activity;sid:83962912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/considerablewinners.exe"; depth:28; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099813/; classtype:trojan-activity;sid:83962913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/uhigdbf.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099814/; classtype:trojan-activity;sid:83962914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/redsystem.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099815/; classtype:trojan-activity;sid:83962915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/yoyf.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099816/; classtype:trojan-activity;sid:83962916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/vhpcde.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099810/; classtype:trojan-activity;sid:83962910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cudo.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099811/; classtype:trojan-activity;sid:83962911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/300.exe"; depth:12; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099808/; classtype:trojan-activity;sid:83962908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/343dsxs.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099809/; classtype:trojan-activity;sid:83962909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/amadey.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099807/; classtype:trojan-activity;sid:83962907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/team.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099776/; classtype:trojan-activity;sid:83962876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/consoleapp3.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099772/; classtype:trojan-activity;sid:83962872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/client.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099774/; classtype:trojan-activity;sid:83962874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/opdxdyeul.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099762/; classtype:trojan-activity;sid:83962862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/06082025.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099760/; classtype:trojan-activity;sid:83962860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3098287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"218.91.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3098287/; classtype:trojan-activity;sid:83961387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3098125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"90.63.155.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3098125/; classtype:trojan-activity;sid:83961225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r2.exe"; depth:7; endswith; nocase; http.host; content:"185.180.196.46"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097654/; classtype:trojan-activity;sid:83960754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/test.exe"; depth:12; endswith; nocase; http.host; content:"www.sumiyuki.co.jp"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097476/; classtype:trojan-activity;sid:83960576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/operation6572.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097429/; classtype:trojan-activity;sid:83960529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/armadegon.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097297/; classtype:trojan-activity;sid:83960397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; depth:63; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; depth:65; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/rage.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097110/; classtype:trojan-activity;sid:83960210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmp/1.jpg"; depth:10; endswith; nocase; http.host; content:"inspirepk.org"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096571/; classtype:trojan-activity;sid:83959671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/30072024.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096545/; classtype:trojan-activity;sid:83959645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/kitty.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096542/; classtype:trojan-activity;sid:83959642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_default.exe"; depth:23; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096543/; classtype:trojan-activity;sid:83959643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gold.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096544/; classtype:trojan-activity;sid:83959644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/filecontains.txt"; depth:19; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096428/; classtype:trojan-activity;sid:83959528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/filecontains.txt"; depth:19; endswith; nocase; http.host; content:"vmi1547155.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096417/; classtype:trojan-activity;sid:83959517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/filecontains.txt"; depth:19; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096404/; classtype:trojan-activity;sid:83959504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/filecontains.txt"; depth:19; endswith; nocase; http.host; content:"144.91.79.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096385/; classtype:trojan-activity;sid:83959485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3095177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blink"; depth:6; endswith; nocase; http.host; content:"152.168.125.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3095177/; classtype:trojan-activity;sid:83958277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logon.exe"; depth:10; endswith; nocase; http.host; content:"45.15.9.44"; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094781/; classtype:trojan-activity;sid:83957881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.153.222.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.236.19.63"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093383/; classtype:trojan-activity;sid:83956483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.243.175.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.36.117.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093153/; classtype:trojan-activity;sid:83956253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"58.137.140.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093129/; classtype:trojan-activity;sid:83956229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"20.5.43.62"; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093133/; classtype:trojan-activity;sid:83956233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"114.55.250.233"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093125/; classtype:trojan-activity;sid:83956225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.2.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093077/; classtype:trojan-activity;sid:83956177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.223.200.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093012/; classtype:trojan-activity;sid:83956112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.113.179.177"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092998/; classtype:trojan-activity;sid:83956098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"106.54.199.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092963/; classtype:trojan-activity;sid:83956063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.60.201"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092930/; classtype:trojan-activity;sid:83956030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.100.196.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092916/; classtype:trojan-activity;sid:83956016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.92.95.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092888/; classtype:trojan-activity;sid:83955988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"85.175.101.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092877/; classtype:trojan-activity;sid:83955977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.43.16.149"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092881/; classtype:trojan-activity;sid:83955981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oct/av.scr"; depth:11; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091753/; classtype:trojan-activity;sid:83954853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oct/photo.lnk"; depth:14; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091745/; classtype:trojan-activity;sid:83954845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"89.175.24.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091743/; classtype:trojan-activity;sid:83954843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"89.175.24.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091738/; classtype:trojan-activity;sid:83954838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"41.230.16.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091729/; classtype:trojan-activity;sid:83954829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"89.175.24.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091730/; classtype:trojan-activity;sid:83954830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091732/; classtype:trojan-activity;sid:83954832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"41.230.16.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091734/; classtype:trojan-activity;sid:83954834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"41.230.16.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091735/; classtype:trojan-activity;sid:83954835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"41.230.16.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091725/; classtype:trojan-activity;sid:83954825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"41.230.16.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091727/; classtype:trojan-activity;sid:83954827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091723/; classtype:trojan-activity;sid:83954823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"41.230.16.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091709/; classtype:trojan-activity;sid:83954809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oct/video.lnk"; depth:14; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091696/; classtype:trojan-activity;sid:83954796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oct/photo.scr"; depth:14; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091697/; classtype:trojan-activity;sid:83954797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091673/; classtype:trojan-activity;sid:83954773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oct/av.lnk"; depth:11; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091665/; classtype:trojan-activity;sid:83954765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3091659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oct/video.scr"; depth:14; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3091659/; classtype:trojan-activity;sid:83954759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3090349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"conn.masjesu.zip"; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3090349/; classtype:trojan-activity;sid:83953449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/clsid.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089687/; classtype:trojan-activity;sid:83952787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/3544436.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089612/; classtype:trojan-activity;sid:83952712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.xlsx"; depth:9; endswith; nocase; http.host; content:"103.42.55.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089019/; classtype:trojan-activity;sid:83952119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abc.exe"; depth:8; endswith; nocase; http.host; content:"103.42.55.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089022/; classtype:trojan-activity;sid:83952122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r.exe"; depth:6; endswith; nocase; http.host; content:"103.42.55.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089016/; classtype:trojan-activity;sid:83952116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game.apk"; depth:9; endswith; nocase; http.host; content:"103.42.55.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089017/; classtype:trojan-activity;sid:83952117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adrtest1.apk"; depth:13; endswith; nocase; http.host; content:"103.42.55.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3089018/; classtype:trojan-activity;sid:83952118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; depth:70; endswith; nocase; http.host; content:"47.109.77.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; depth:96; endswith; nocase; http.host; content:"47.109.77.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig"; depth:6; endswith; nocase; http.host; content:"140.238.85.230"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088875/; classtype:trojan-activity;sid:83951975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1722087714.apk"; depth:15; endswith; nocase; http.host; content:"47.116.192.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088858/; classtype:trojan-activity;sid:83951958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"47.116.192.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088857/; classtype:trojan-activity;sid:83951957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utility.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088362/; classtype:trojan-activity;sid:83951462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtl.exe"; depth:8; endswith; nocase; http.host; content:"87.251.102.94"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088306/; classtype:trojan-activity;sid:83951406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/launcher.exe"; depth:13; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088292/; classtype:trojan-activity;sid:83951392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/cbmefxrmnv.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087715/; classtype:trojan-activity;sid:83950815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/systems.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087662/; classtype:trojan-activity;sid:83950762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/2.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087649/; classtype:trojan-activity;sid:83950749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucksupershell"; depth:15; endswith; nocase; http.host; content:"park.chuitian.cn"; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086916/; classtype:trojan-activity;sid:83950016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/rssh"; depth:33; endswith; nocase; http.host; content:"park.chuitian.cn"; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086915/; classtype:trojan-activity;sid:83950015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucksupershell"; depth:15; endswith; nocase; http.host; content:"rd.chuitian.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086914/; classtype:trojan-activity;sid:83950014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/n"; depth:30; endswith; nocase; http.host; content:"ciscocdn.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086911/; classtype:trojan-activity;sid:83950011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rssh"; depth:5; endswith; nocase; http.host; content:"rd.chuitian.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086908/; classtype:trojan-activity;sid:83950008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rssh"; depth:5; endswith; nocase; http.host; content:"park.chuitian.cn"; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086907/; classtype:trojan-activity;sid:83950007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/rssh"; depth:33; endswith; nocase; http.host; content:"rd.chuitian.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086906/; classtype:trojan-activity;sid:83950006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/x64"; depth:32; endswith; nocase; http.host; content:"ciscocdn.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086899/; classtype:trojan-activity;sid:83949999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d2/cdclient.dll"; depth:16; endswith; nocase; http.host; content:"dld.jxwan.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086854/; classtype:trojan-activity;sid:83949954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d2/x64.dll"; depth:11; endswith; nocase; http.host; content:"dld.jxwan.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086853/; classtype:trojan-activity;sid:83949953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowers/flowers1//three-daisies.exe"; depth:36; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086850/; classtype:trojan-activity;sid:83949950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowers/flowers1//yellow-rose.exe"; depth:34; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086851/; classtype:trojan-activity;sid:83949951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowers/flowers1//smell-the-roses.exe"; depth:38; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086849/; classtype:trojan-activity;sid:83949949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/tb/tb.exe"; depth:15; endswith; nocase; http.host; content:"tengfeidn.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/jf/jf.exe"; depth:15; endswith; nocase; http.host; content:"tengfeidn.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greetings//greetings1/wow.exe"; depth:30; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086846/; classtype:trojan-activity;sid:83949946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greetings//greetings1/whats-new.exe"; depth:36; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086844/; classtype:trojan-activity;sid:83949944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greetings//greetings1/hiya.exe"; depth:31; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086843/; classtype:trojan-activity;sid:83949943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1//sunset1.exe"; depth:28; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086830/; classtype:trojan-activity;sid:83949930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1/china.exe"; depth:25; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086831/; classtype:trojan-activity;sid:83949931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1//foggy-mountains.exe"; depth:36; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086832/; classtype:trojan-activity;sid:83949932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1//mountain-pasture.exe"; depth:37; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086833/; classtype:trojan-activity;sid:83949933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1//china.exe"; depth:26; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086828/; classtype:trojan-activity;sid:83949928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps.exe"; depth:7; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086742/; classtype:trojan-activity;sid:83949842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss.exe"; depth:7; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086743/; classtype:trojan-activity;sid:83949843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngrok.exe"; depth:10; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086740/; classtype:trojan-activity;sid:83949840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conhost.exe"; depth:12; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086739/; classtype:trojan-activity;sid:83949839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.bat"; depth:6; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086738/; classtype:trojan-activity;sid:83949838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%e6%a4%8d%e7%89%a9%e5%a4%a7%e6%88%98%e5%83%b5%e5%b0%b82%e4%bf%ae%e6%94%b9%e5%99%a8.exe"; depth:115; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086419/; classtype:trojan-activity;sid:83949519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/x64"; depth:32; endswith; nocase; http.host; content:"43.134.118.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086416/; classtype:trojan-activity;sid:83949516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%e6%88%91%e7%9a%84%e4%b8%96%e7%95%8c_%e5%ad%a4%e5%b2%9b%e6%83%8a%e9%ad%823.exe"; depth:107; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086415/; classtype:trojan-activity;sid:83949515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/2.exe"; depth:34; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086407/; classtype:trojan-activity;sid:83949507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%e5%b0%8f%e9%b8%a1%e5%85%a5%e4%be%b5%e8%80%853.exe"; depth:79; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086408/; classtype:trojan-activity;sid:83949508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%d1%83%d1%81%d0%b5%d1%80%d0%bb%d0%be%d0%bd%d0%b32.exe"; depth:82; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086404/; classtype:trojan-activity;sid:83949504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%e7%8b%99%e5%87%bb%e6%89%8b_%e5%b9%bd%e7%81%b5%e6%88%98%e5%a3%ab2%e7%ae%80%e4%bd%93%e4%b8%ad%e6%96%87%e7%89%88.exe"; depth:143; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086405/; classtype:trojan-activity;sid:83949505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%5bwin"; depth:35; endswith; nocase; http.host; content:"117.72.74.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086402/; classtype:trojan-activity;sid:83949502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/3=====.exe"; depth:39; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086403/; classtype:trojan-activity;sid:83949503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/3.exe"; depth:34; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086395/; classtype:trojan-activity;sid:83949495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/n"; depth:30; endswith; nocase; http.host; content:"43.134.118.131"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086388/; classtype:trojan-activity;sid:83949488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%5bwin"; depth:35; endswith; nocase; http.host; content:"8.218.138.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3084981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chisel.exe"; depth:11; endswith; nocase; http.host; content:"4.180.120.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3084981/; classtype:trojan-activity;sid:83948081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3084371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.zip"; depth:11; endswith; nocase; http.host; content:"114.55.34.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3084371/; classtype:trojan-activity;sid:83947471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store_app/guardservice.exe"; depth:27; endswith; nocase; http.host; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/23c2343.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083792/; classtype:trojan-activity;sid:83946892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build_2024-07-24_23-16.exe"; depth:31; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083790/; classtype:trojan-activity;sid:83946890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installer.zip"; depth:14; endswith; nocase; http.host; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083247/; classtype:trojan-activity;sid:83946347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/installer.exe"; depth:14; endswith; nocase; http.host; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083096/; classtype:trojan-activity;sid:83946196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3082142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ddeb6592c03206/nss3.dll"; depth:26; endswith; nocase; http.host; content:"185.215.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3082142/; classtype:trojan-activity;sid:83945242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3082136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ddeb6592c03206/mozglue.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3082136/; classtype:trojan-activity;sid:83945236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3082137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ddeb6592c03206/sqlite3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3082137/; classtype:trojan-activity;sid:83945237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3082138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ddeb6592c03206/freebl3.dll"; depth:29; endswith; nocase; http.host; content:"185.215.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3082138/; classtype:trojan-activity;sid:83945238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3082140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ddeb6592c03206/msvcp140.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3082140/; classtype:trojan-activity;sid:83945240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3082134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ddeb6592c03206/vcruntime140.dll"; depth:34; endswith; nocase; http.host; content:"185.215.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3082134/; classtype:trojan-activity;sid:83945234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3082135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ddeb6592c03206/softokn3.dll"; depth:30; endswith; nocase; http.host; content:"185.215.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3082135/; classtype:trojan-activity;sid:83945235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/jsawdtyjde.exe"; depth:19; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081942/; classtype:trojan-activity;sid:83945042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/mynewrdx.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081941/; classtype:trojan-activity;sid:83945041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/4434.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081930/; classtype:trojan-activity;sid:83945030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"209.16.67.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081519/; classtype:trojan-activity;sid:83944619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/lummac2.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081274/; classtype:trojan-activity;sid:83944374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/1.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081269/; classtype:trojan-activity;sid:83944369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3080574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.118.152.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3080574/; classtype:trojan-activity;sid:83943674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.147.132.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079797/; classtype:trojan-activity;sid:83942897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"120.77.253.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079718/; classtype:trojan-activity;sid:83942818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webdav"; depth:7; endswith; nocase; http.host; content:"152.136.140.85"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079460/; classtype:trojan-activity;sid:83942560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steam/random.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079150/; classtype:trojan-activity;sid:83942250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"209.16.67.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079051/; classtype:trojan-activity;sid:83942151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/postbox.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078753/; classtype:trojan-activity;sid:83941853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/stealc_valenciga.exe"; depth:25; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078669/; classtype:trojan-activity;sid:83941769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3077115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/update2.pack"; depth:17; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_29; reference:url, urlhaus.abuse.ch/url/3077115/; classtype:trojan-activity;sid:83940215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3077112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/update.pack"; depth:16; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_29; reference:url, urlhaus.abuse.ch/url/3077112/; classtype:trojan-activity;sid:83940212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3076639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/event.php"; depth:10; endswith; nocase; http.host; content:"176.111.174.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_29; reference:url, urlhaus.abuse.ch/url/3076639/; classtype:trojan-activity;sid:83939739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/authenticator.exe"; depth:22; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075283/; classtype:trojan-activity;sid:83938383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malware.exe"; depth:12; endswith; nocase; http.host; content:"dz0nhlj1q8ac3.cloudfront.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075152/; classtype:trojan-activity;sid:83938252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/anticheat.exe"; depth:18; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075047/; classtype:trojan-activity;sid:83938147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build_2024-07-27_00-41.exe"; depth:31; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075049/; classtype:trojan-activity;sid:83938149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svhostc.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3074802/; classtype:trojan-activity;sid:83937902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromedump.exe"; depth:15; endswith; nocase; http.host; content:"50.207.70.160"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3074148/; classtype:trojan-activity;sid:83937248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromedump.exe"; depth:15; endswith; nocase; http.host; content:"158.140.133.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3074142/; classtype:trojan-activity;sid:83937242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3073249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/update.exe"; depth:17; endswith; nocase; http.host; content:"51.77.140.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3073249/; classtype:trojan-activity;sid:83936349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mendoza1123/rgya/raw/main/transaction_error_details_file_981209_jpeg.rar"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072977/; classtype:trojan-activity;sid:83936077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mendoza1123/rgya/main/transaction_error_details_file_981209_jpeg.rar"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072979/; classtype:trojan-activity;sid:83936079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mine/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072521/; classtype:trojan-activity;sid:83935621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build2.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071940/; classtype:trojan-activity;sid:83935040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pharmaciesdetection.exe"; depth:28; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071939/; classtype:trojan-activity;sid:83935039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/influencednervous.exe"; depth:26; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071844/; classtype:trojan-activity;sid:83934944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/buildred.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071843/; classtype:trojan-activity;sid:83934943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"eoufaoeuhoauengi.su"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069729/; classtype:trojan-activity;sid:83932829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"eoufaoeuhoauengi.su"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069343/; classtype:trojan-activity;sid:83932443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"eoufaoeuhoauengi.su"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069334/; classtype:trojan-activity;sid:83932434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"eoufaoeuhoauengi.su"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069242/; classtype:trojan-activity;sid:83932342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"eoufaoeuhoauengi.su"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069239/; classtype:trojan-activity;sid:83932339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"eoufaoeuhoauengi.su"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069082/; classtype:trojan-activity;sid:83932182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"eoufaoeuhoauengi.su"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068965/; classtype:trojan-activity;sid:83932065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/3"; depth:8; endswith; nocase; http.host; content:"aiiaiafrzrueuedur.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068942/; classtype:trojan-activity;sid:83932042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/3"; depth:8; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068939/; classtype:trojan-activity;sid:83932039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/2"; depth:8; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068940/; classtype:trojan-activity;sid:83932040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/3"; depth:8; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068918/; classtype:trojan-activity;sid:83932018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/2"; depth:8; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068905/; classtype:trojan-activity;sid:83932005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/2"; depth:8; endswith; nocase; http.host; content:"aiiaiafrzrueuedur.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068889/; classtype:trojan-activity;sid:83931989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/3"; depth:8; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068892/; classtype:trojan-activity;sid:83931992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/2"; depth:8; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068876/; classtype:trojan-activity;sid:83931976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/3"; depth:8; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068878/; classtype:trojan-activity;sid:83931978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/3"; depth:8; endswith; nocase; http.host; content:"aeufoeahfouefhg.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068828/; classtype:trojan-activity;sid:83931928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/3"; depth:8; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068829/; classtype:trojan-activity;sid:83931929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/2"; depth:8; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068844/; classtype:trojan-activity;sid:83931944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt/2"; depth:8; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068822/; classtype:trojan-activity;sid:83931922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"aiiaiafrzrueuedur.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068820/; classtype:trojan-activity;sid:83931920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"aeufoeahfouefhg.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068792/; classtype:trojan-activity;sid:83931892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068783/; classtype:trojan-activity;sid:83931883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068778/; classtype:trojan-activity;sid:83931878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068779/; classtype:trojan-activity;sid:83931879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068731/; classtype:trojan-activity;sid:83931831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068736/; classtype:trojan-activity;sid:83931836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068727/; classtype:trojan-activity;sid:83931827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"aeufoeahfouefhg.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068714/; classtype:trojan-activity;sid:83931814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068707/; classtype:trojan-activity;sid:83931807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"aeufoeahfouefhg.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068710/; classtype:trojan-activity;sid:83931810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"aiiaiafrzrueuedur.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068711/; classtype:trojan-activity;sid:83931811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068699/; classtype:trojan-activity;sid:83931799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"aiiaiafrzrueuedur.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068693/; classtype:trojan-activity;sid:83931793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068694/; classtype:trojan-activity;sid:83931794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068696/; classtype:trojan-activity;sid:83931796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068668/; classtype:trojan-activity;sid:83931768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068667/; classtype:trojan-activity;sid:83931767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068646/; classtype:trojan-activity;sid:83931746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068655/; classtype:trojan-activity;sid:83931755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068599/; classtype:trojan-activity;sid:83931699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068584/; classtype:trojan-activity;sid:83931684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068569/; classtype:trojan-activity;sid:83931669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.exe"; depth:7; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068538/; classtype:trojan-activity;sid:83931638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068540/; classtype:trojan-activity;sid:83931640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068546/; classtype:trojan-activity;sid:83931646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/dccrypt.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068351/; classtype:trojan-activity;sid:83931451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/decryptjohn.exe"; depth:20; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068352/; classtype:trojan-activity;sid:83931452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/server.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068353/; classtype:trojan-activity;sid:83931453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build_2024-07-25_20-56.exe"; depth:31; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068350/; classtype:trojan-activity;sid:83931450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/well/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067426/; classtype:trojan-activity;sid:83930526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soka/random.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067427/; classtype:trojan-activity;sid:83930527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/2020.exe"; depth:13; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067318/; classtype:trojan-activity;sid:83930418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/gawdth.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067316/; classtype:trojan-activity;sid:83930416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/4ck3rr.exe"; depth:15; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067315/; classtype:trojan-activity;sid:83930415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/pered.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067314/; classtype:trojan-activity;sid:83930414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/25072023.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067313/; classtype:trojan-activity;sid:83930413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/svhosts.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067312/; classtype:trojan-activity;sid:83930412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/5447jsx.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067310/; classtype:trojan-activity;sid:83930410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/build.exe"; depth:14; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067309/; classtype:trojan-activity;sid:83930409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypteda.exe"; depth:17; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067307/; classtype:trojan-activity;sid:83930407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/crypted.exe"; depth:16; endswith; nocase; http.host; content:"185.215.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067308/; classtype:trojan-activity;sid:83930408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/ld2207-88703.appspot.com/o/ldmx2207|3f|alt=media|7c|26|7c|token=ea4d3172-9ea9-4c03-96a7-2174419c6a1e"; depth:106; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063596/; classtype:trojan-activity;sid:83926696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.123.89.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063290/; classtype:trojan-activity;sid:83926390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.91.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063145/; classtype:trojan-activity;sid:83926245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mpsl"; depth:10; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059331/; classtype:trojan-activity;sid:83922431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.spc"; depth:9; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059332/; classtype:trojan-activity;sid:83922432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.x86"; depth:9; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059333/; classtype:trojan-activity;sid:83922433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm5"; depth:10; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059334/; classtype:trojan-activity;sid:83922434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.sh4"; depth:9; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059326/; classtype:trojan-activity;sid:83922426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm"; depth:9; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059327/; classtype:trojan-activity;sid:83922427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips"; depth:10; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059328/; classtype:trojan-activity;sid:83922428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.m68k"; depth:10; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059329/; classtype:trojan-activity;sid:83922429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.ppc"; depth:9; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059330/; classtype:trojan-activity;sid:83922430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059323/; classtype:trojan-activity;sid:83922423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3059324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sensi.sh"; depth:9; endswith; nocase; http.host; content:"45.139.104.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3059324/; classtype:trojan-activity;sid:83922424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bp.exe"; depth:7; endswith; nocase; http.host; content:"34.102.78.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058858/; classtype:trojan-activity;sid:83921958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc64.exe"; depth:9; endswith; nocase; http.host; content:"34.102.78.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058859/; classtype:trojan-activity;sid:83921959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jp.exe"; depth:7; endswith; nocase; http.host; content:"34.102.78.64"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058860/; classtype:trojan-activity;sid:83921960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.i686"; depth:15; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058205/; classtype:trojan-activity;sid:83921305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.x86_64"; depth:16; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058195/; classtype:trojan-activity;sid:83921295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.x86_64"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058196/; classtype:trojan-activity;sid:83921296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.i586"; depth:15; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058197/; classtype:trojan-activity;sid:83921297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.i486"; depth:15; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058198/; classtype:trojan-activity;sid:83921298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.i586"; depth:14; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058199/; classtype:trojan-activity;sid:83921299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.mips"; depth:14; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058200/; classtype:trojan-activity;sid:83921300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.mips"; depth:15; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058201/; classtype:trojan-activity;sid:83921301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.i486"; depth:14; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058202/; classtype:trojan-activity;sid:83921302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.i686"; depth:14; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058194/; classtype:trojan-activity;sid:83921294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv4l"; depth:16; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058187/; classtype:trojan-activity;sid:83921287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.armv6l"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058188/; classtype:trojan-activity;sid:83921288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv6l"; depth:16; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058189/; classtype:trojan-activity;sid:83921289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv7l"; depth:16; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058190/; classtype:trojan-activity;sid:83921290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.armv7l"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058191/; classtype:trojan-activity;sid:83921291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv5l"; depth:16; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058192/; classtype:trojan-activity;sid:83921292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.armv4l"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058193/; classtype:trojan-activity;sid:83921293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.armv5l"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058186/; classtype:trojan-activity;sid:83921286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.mipsel"; depth:16; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058173/; classtype:trojan-activity;sid:83921273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.m68k"; depth:15; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058174/; classtype:trojan-activity;sid:83921274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.mipsel"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058175/; classtype:trojan-activity;sid:83921275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.aarch64"; depth:18; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058176/; classtype:trojan-activity;sid:83921276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.sh4"; depth:13; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058177/; classtype:trojan-activity;sid:83921277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.powerpc"; depth:18; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058178/; classtype:trojan-activity;sid:83921278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.sh4"; depth:14; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058179/; classtype:trojan-activity;sid:83921279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.powerpc"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058180/; classtype:trojan-activity;sid:83921280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loadbot.sh"; depth:11; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058181/; classtype:trojan-activity;sid:83921281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.m68k"; depth:14; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058182/; classtype:trojan-activity;sid:83921282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.sparc"; depth:15; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058183/; classtype:trojan-activity;sid:83921283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/bin.sparc"; depth:16; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058184/; classtype:trojan-activity;sid:83921284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.aarch64"; depth:17; endswith; nocase; http.host; content:"62.204.41.39"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058185/; classtype:trojan-activity;sid:83921285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"106.15.239.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052814/; classtype:trojan-activity;sid:83915914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=8e46c1968a0bd204%21125|7c|26|7c|authkey=!agfr46opw6byh2g"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052749/; classtype:trojan-activity;sid:83915849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"202.107.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"43.240.65.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052704/; classtype:trojan-activity;sid:83915804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"220.248.47.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/mimikatz.exe"; depth:17; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/x64/mimispool.dll"; depth:22; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/x64/mimilib.dll"; depth:20; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/x64/mimidrv.sys"; depth:20; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/win32/mimidrv.sys"; depth:22; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/win32/mimikatz.exe"; depth:23; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/win32/mimispool.dll"; depth:24; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/win32/mimilove.exe"; depth:23; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/win32/mimilib.dll"; depth:22; endswith; nocase; http.host; content:"167.250.49.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045201/; classtype:trojan-activity;sid:83908301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045202/; classtype:trojan-activity;sid:83908302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"aeufoeahfouefhg.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045203/; classtype:trojan-activity;sid:83908303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045192/; classtype:trojan-activity;sid:83908292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045193/; classtype:trojan-activity;sid:83908293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045187/; classtype:trojan-activity;sid:83908287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045191/; classtype:trojan-activity;sid:83908291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045183/; classtype:trojan-activity;sid:83908283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045184/; classtype:trojan-activity;sid:83908284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045177/; classtype:trojan-activity;sid:83908277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"aiiaiafrzrueuedur.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045174/; classtype:trojan-activity;sid:83908274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"deauduafzgezzfgm.top"; depth:20; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045175/; classtype:trojan-activity;sid:83908275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045166/; classtype:trojan-activity;sid:83908266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"twizt.net"; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045169/; classtype:trojan-activity;sid:83908269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"aeufoeahfouefhg.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045163/; classtype:trojan-activity;sid:83908263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"aeufoeahfouefhg.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045165/; classtype:trojan-activity;sid:83908265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045161/; classtype:trojan-activity;sid:83908261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"aiiaiafrzrueuedur.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045156/; classtype:trojan-activity;sid:83908256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"loeghaiofiehfihf.to"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045157/; classtype:trojan-activity;sid:83908257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045159/; classtype:trojan-activity;sid:83908259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"rddissisifigifidi.net"; depth:21; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045160/; classtype:trojan-activity;sid:83908260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045148/; classtype:trojan-activity;sid:83908248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045145/; classtype:trojan-activity;sid:83908245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045146/; classtype:trojan-activity;sid:83908246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av_downloader1.1.exe"; depth:21; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/12.apk"; depth:35; endswith; nocase; http.host; content:"47.98.177.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/22.apk"; depth:35; endswith; nocase; http.host; content:"47.98.177.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.63.155.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953229/; classtype:trojan-activity;sid:83816329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2953173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.63.155.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2953173/; classtype:trojan-activity;sid:83816273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"90.63.155.1"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2952724/; classtype:trojan-activity;sid:83815824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/rz.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952278/; classtype:trojan-activity;sid:83815378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/ny1.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952271/; classtype:trojan-activity;sid:83815371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/async.txt"; depth:37; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952272/; classtype:trojan-activity;sid:83815372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952273/; classtype:trojan-activity;sid:83815373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/rup.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952274/; classtype:trojan-activity;sid:83815374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952275/; classtype:trojan-activity;sid:83815375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/r.txt"; depth:33; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952276/; classtype:trojan-activity;sid:83815376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; depth:36; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952277/; classtype:trojan-activity;sid:83815377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952266/; classtype:trojan-activity;sid:83815366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/nj.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952267/; classtype:trojan-activity;sid:83815367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nc.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952268/; classtype:trojan-activity;sid:83815368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/ny0.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952269/; classtype:trojan-activity;sid:83815369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952263/; classtype:trojan-activity;sid:83815363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952264/; classtype:trojan-activity;sid:83815364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952265/; classtype:trojan-activity;sid:83815365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/fesarog.txt"; depth:28; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952258/; classtype:trojan-activity;sid:83815358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/p.txt"; depth:33; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952259/; classtype:trojan-activity;sid:83815359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/n3.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952260/; classtype:trojan-activity;sid:83815360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/n3.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952261/; classtype:trojan-activity;sid:83815361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/p.txt"; depth:33; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952262/; classtype:trojan-activity;sid:83815362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/ps1.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952253/; classtype:trojan-activity;sid:83815353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/n1.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952254/; classtype:trojan-activity;sid:83815354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/qx.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952255/; classtype:trojan-activity;sid:83815355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/qxx.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952256/; classtype:trojan-activity;sid:83815356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/r.txt"; depth:33; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952257/; classtype:trojan-activity;sid:83815357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rr2.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952244/; classtype:trojan-activity;sid:83815344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/dx.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952245/; classtype:trojan-activity;sid:83815345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/qx.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952246/; classtype:trojan-activity;sid:83815346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/async.txt"; depth:37; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952247/; classtype:trojan-activity;sid:83815347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/dcr.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952248/; classtype:trojan-activity;sid:83815348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/ny1.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952249/; classtype:trojan-activity;sid:83815349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/fesarog.txt"; depth:28; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952250/; classtype:trojan-activity;sid:83815350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952251/; classtype:trojan-activity;sid:83815351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/qxx.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952238/; classtype:trojan-activity;sid:83815338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/nx.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952239/; classtype:trojan-activity;sid:83815339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952240/; classtype:trojan-activity;sid:83815340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/q2.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952241/; classtype:trojan-activity;sid:83815341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/r1.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952242/; classtype:trojan-activity;sid:83815342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/ny0.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952234/; classtype:trojan-activity;sid:83815334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/n1.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952236/; classtype:trojan-activity;sid:83815336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/q2.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952237/; classtype:trojan-activity;sid:83815337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rm.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952231/; classtype:trojan-activity;sid:83815331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rmup.txt"; depth:36; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952232/; classtype:trojan-activity;sid:83815332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952233/; classtype:trojan-activity;sid:83815333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/asx.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952226/; classtype:trojan-activity;sid:83815326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/dx.txt"; depth:23; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952227/; classtype:trojan-activity;sid:83815327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/rup.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952228/; classtype:trojan-activity;sid:83815328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nc.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952229/; classtype:trojan-activity;sid:83815329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/rz.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952230/; classtype:trojan-activity;sid:83815330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/q7.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952224/; classtype:trojan-activity;sid:83815324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sh/asx.txt"; depth:24; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952225/; classtype:trojan-activity;sid:83815325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/zqwer/pef3dir.txt"; depth:31; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952220/; classtype:trojan-activity;sid:83815320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/q1.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952221/; classtype:trojan-activity;sid:83815321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952222/; classtype:trojan-activity;sid:83815322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/q7.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952218/; classtype:trojan-activity;sid:83815318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952219/; classtype:trojan-activity;sid:83815319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/wx1.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952215/; classtype:trojan-activity;sid:83815315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/t3.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952216/; classtype:trojan-activity;sid:83815316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/rmz.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952217/; classtype:trojan-activity;sid:83815317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952212/; classtype:trojan-activity;sid:83815312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/q1.txt"; depth:25; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952213/; classtype:trojan-activity;sid:83815313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/dcr.txt"; depth:26; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952214/; classtype:trojan-activity;sid:83815314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/pr.txt"; depth:34; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952211/; classtype:trojan-activity;sid:83815311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/zqwer/dllxf3.txt"; depth:30; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952209/; classtype:trojan-activity;sid:83815309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/zx2.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952204/; classtype:trojan-activity;sid:83815304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952205/; classtype:trojan-activity;sid:83815305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/njz.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952206/; classtype:trojan-activity;sid:83815306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2952208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/sgrh/nousados/njx.txt"; depth:35; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2952208/; classtype:trojan-activity;sid:83815308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951272/; classtype:trojan-activity;sid:83814372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951273/; classtype:trojan-activity;sid:83814373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951274/; classtype:trojan-activity;sid:83814374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i6"; depth:3; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951275/; classtype:trojan-activity;sid:83814375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i5"; depth:3; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951276/; classtype:trojan-activity;sid:83814376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951266/; classtype:trojan-activity;sid:83814366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951267/; classtype:trojan-activity;sid:83814367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951268/; classtype:trojan-activity;sid:83814368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951269/; classtype:trojan-activity;sid:83814369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951270/; classtype:trojan-activity;sid:83814370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951271/; classtype:trojan-activity;sid:83814371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.sh"; depth:7; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951265/; classtype:trojan-activity;sid:83814365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2951060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_12; reference:url, urlhaus.abuse.ch/url/2951060/; classtype:trojan-activity;sid:83814160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950283/; classtype:trojan-activity;sid:83813383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950266/; classtype:trojan-activity;sid:83813366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2950105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.121.112.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2950105/; classtype:trojan-activity;sid:83813205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tan.jpg"; depth:8; endswith; nocase; http.host; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.210.27.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tan.jpg"; depth:8; endswith; nocase; http.host; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.248.194.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947794/; classtype:trojan-activity;sid:83810894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.194.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947795/; classtype:trojan-activity;sid:83810895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.91.153.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946131/; classtype:trojan-activity;sid:83809231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.206.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946132/; classtype:trojan-activity;sid:83809232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22/items/new_image_20240628_1859/new_image.jpg"; depth:47; endswith; nocase; http.host; content:"ia903207.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945569/; classtype:trojan-activity;sid:83808669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/sss.exe"; depth:36; endswith; nocase; http.host; content:"39.103.150.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2943953/; classtype:trojan-activity;sid:83807053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.183.9.88"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943264/; classtype:trojan-activity;sid:83806364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/win"; depth:32; endswith; nocase; http.host; content:"117.50.184.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942730/; classtype:trojan-activity;sid:83805830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/1.exe"; depth:34; endswith; nocase; http.host; content:"47.98.177.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download//1.exe"; depth:35; endswith; nocase; http.host; content:"47.98.177.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/1.exe"; depth:34; endswith; nocase; http.host; content:"111.231.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942717/; classtype:trojan-activity;sid:83805817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fucksupershell"; depth:15; endswith; nocase; http.host; content:"222.88.186.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942718/; classtype:trojan-activity;sid:83805818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/tool"; depth:33; endswith; nocase; http.host; content:"101.35.228.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942715/; classtype:trojan-activity;sid:83805815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rssh"; depth:5; endswith; nocase; http.host; content:"222.88.186.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942714/; classtype:trojan-activity;sid:83805814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/123.exe"; depth:36; endswith; nocase; http.host; content:"47.98.177.117"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//shell.elf"; depth:11; endswith; nocase; http.host; content:"103.96.128.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942673/; classtype:trojan-activity;sid:83805773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdb"; depth:4; endswith; nocase; http.host; content:"103.96.128.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942671/; classtype:trojan-activity;sid:83805771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/check.exe"; depth:38; endswith; nocase; http.host; content:"8.137.59.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942590/; classtype:trojan-activity;sid:83805690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/win"; depth:32; endswith; nocase; http.host; content:"8.218.138.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/tool.exe"; depth:37; endswith; nocase; http.host; content:"101.35.228.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942557/; classtype:trojan-activity;sid:83805657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; depth:102; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fotonview.apk"; depth:14; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932525/; classtype:trojan-activity;sid:83795625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evaluation.apk"; depth:15; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932524/; classtype:trojan-activity;sid:83795624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cameracomponent.apk"; depth:20; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932523/; classtype:trojan-activity;sid:83795623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kuwaitsetuphockey.exe"; depth:22; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932522/; classtype:trojan-activity;sid:83795622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/officialsevaluationold.apk"; depth:27; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932521/; classtype:trojan-activity;sid:83795621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/srbijasetuphokej.exe"; depth:21; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932520/; classtype:trojan-activity;sid:83795620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64.jpg"; depth:7; endswith; nocase; http.host; content:"211.108.60.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932466/; classtype:trojan-activity;sid:83795566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hooks.jpg"; depth:10; endswith; nocase; http.host; content:"hook.ftp21.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932462/; classtype:trojan-activity;sid:83795562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpmgsvc.jpg"; depth:12; endswith; nocase; http.host; content:"hook.ftp21.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932461/; classtype:trojan-activity;sid:83795561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/445.jpg"; depth:8; endswith; nocase; http.host; content:"down.ftp21.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2922320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lazagne.exe"; depth:12; endswith; nocase; http.host; content:"89.197.154.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2922320/; classtype:trojan-activity;sid:83785420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.15.254.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2921858/; classtype:trojan-activity;sid:83784958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adrtest.apk"; depth:12; endswith; nocase; http.host; content:"103.42.55.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921215/; classtype:trojan-activity;sid:83784315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/a.exe"; depth:11; endswith; nocase; http.host; content:"129.151.210.233"; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_03; reference:url, urlhaus.abuse.ch/url/2921210/; classtype:trojan-activity;sid:83784310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.23.169.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917510/; classtype:trojan-activity;sid:83780610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpmgsvc.jpg"; depth:12; endswith; nocase; http.host; content:"211.108.60.155"; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916093/; classtype:trojan-activity;sid:83779193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tq.jpg"; depth:7; endswith; nocase; http.host; content:"down.ftp21.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wmi.jpg"; depth:8; endswith; nocase; http.host; content:"down.ftp21.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914056/; classtype:trojan-activity;sid:83777156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"60.246.106.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914041/; classtype:trojan-activity;sid:83777141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tq.jpg"; depth:7; endswith; nocase; http.host; content:"ssl.ftp21.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"data.discuz.mobi"; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911245/; classtype:trojan-activity;sid:83774345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"186.3.78.195"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"94.226.135.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"230.sub-166-166-188.myvzw.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911218/; classtype:trojan-activity;sid:83774318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"166.166.188.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911213/; classtype:trojan-activity;sid:83774313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"130.185.193.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"188.250.120.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911211/; classtype:trojan-activity;sid:83774311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"178.60.25.240"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911208/; classtype:trojan-activity;sid:83774308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"23.122.210.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911206/; classtype:trojan-activity;sid:83774306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"5-157-110-232.dyn.eolo.it"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911204/; classtype:trojan-activity;sid:83774304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"5.26.97.52"; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911202/; classtype:trojan-activity;sid:83774302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"170.250.53.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911203/; classtype:trojan-activity;sid:83774303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"78-20-115-5.access.telenet.be"; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911196/; classtype:trojan-activity;sid:83774296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"195.103.203.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"78.20.115.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911190/; classtype:trojan-activity;sid:83774290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"88.28.218.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"102.53.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"126.23.203.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"110.143.54.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911182/; classtype:trojan-activity;sid:83774282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"59.29.46.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911179/; classtype:trojan-activity;sid:83774279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"91.142.27.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911170/; classtype:trojan-activity;sid:83774270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"183.115.102.3"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911167/; classtype:trojan-activity;sid:83774267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"85.22.139.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"95.255.114.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"181.36.153.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"190.215.253.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911150/; classtype:trojan-activity;sid:83774250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"1.214.192.147"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911148/; classtype:trojan-activity;sid:83774248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"218.147.147.172"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911141/; classtype:trojan-activity;sid:83774241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"82.31.159.47"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911140/; classtype:trojan-activity;sid:83774240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"23-122-210-174.lightspeed.cicril.sbcglobal.net"; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911136/; classtype:trojan-activity;sid:83774236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"47.229.251.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911137/; classtype:trojan-activity;sid:83774237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"102.53.15.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"123.253.12.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911131/; classtype:trojan-activity;sid:83774231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net"; depth:50; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911129/; classtype:trojan-activity;sid:83774229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"125.186.91.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"102.53.15.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911122/; classtype:trojan-activity;sid:83774222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"67.213.59.251"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911123/; classtype:trojan-activity;sid:83774223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"83.87.76.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"91.225.132.57"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911116/; classtype:trojan-activity;sid:83774216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"syn-047-229-251-027.res.spectrum.com"; depth:36; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911114/; classtype:trojan-activity;sid:83774214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"softbank126023203236.bbtec.net"; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"epei77.direct.quickconnect.to"; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911109/; classtype:trojan-activity;sid:83774209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"host-195-103-203-106.business.telecomitalia.it"; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"qgf338jtt8tty7rx.myfritz.net"; depth:28; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911106/; classtype:trojan-activity;sid:83774206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"host-95-255-114-11.business.telecomitalia.it"; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"static-91-225-132-57.devs.futuro.pl"; depth:35; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911104/; classtype:trojan-activity;sid:83774204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"100.16.168.239"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911011/; classtype:trojan-activity;sid:83774111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.248.81.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910756/; classtype:trojan-activity;sid:83773856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/config/qnvqkfym.exe"; depth:20; endswith; nocase; http.host; content:"b46.oss-cn-hongkong.aliyuncs.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910687/; classtype:trojan-activity;sid:83773787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/dmshell.exe"; depth:21; endswith; nocase; http.host; content:"shell.dimitrimedia.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910224/; classtype:trojan-activity;sid:83773324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/dmshell.exe"; depth:21; endswith; nocase; http.host; content:"172-105-66-118.ip.linodeusercontent.com"; depth:39; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910223/; classtype:trojan-activity;sid:83773323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"45.118.79.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"89.184.185.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.224.107.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"170.210.81.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908910/; classtype:trojan-activity;sid:83772010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"182.72.167.124"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"12.196.184.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"211.192.113.232"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"190.108.63.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"211.192.113.231"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"202.57.39.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"14.142.209.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"211.40.16.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908906/; classtype:trojan-activity;sid:83772006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"200.123.251.66"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908891/; classtype:trojan-activity;sid:83771991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"170.210.81.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deccastationers.msi"; depth:20; endswith; nocase; http.host; content:"karoonpc.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908888/; classtype:trojan-activity;sid:83771988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8/items/new_image_20240619_1432/new_image.jpg"; depth:46; endswith; nocase; http.host; content:"ia800400.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908012/; classtype:trojan-activity;sid:83771112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2907615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17/items/new_image_20240625_2128/new_image.jpg"; depth:47; endswith; nocase; http.host; content:"ia803402.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2907615/; classtype:trojan-activity;sid:83770715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img001.exe"; depth:11; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906475/; classtype:trojan-activity;sid:83769575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906195/; classtype:trojan-activity;sid:83769295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"89.175.24.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905256/; classtype:trojan-activity;sid:83768356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"89.175.24.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905208/; classtype:trojan-activity;sid:83768308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"89.175.24.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905209/; classtype:trojan-activity;sid:83768309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img001.exe"; depth:11; endswith; nocase; http.host; content:"202.107.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905204/; classtype:trojan-activity;sid:83768304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install_python3.sh"; depth:19; endswith; nocase; http.host; content:"116.206.151.203"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905199/; classtype:trojan-activity;sid:83768299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905159/; classtype:trojan-activity;sid:83768259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905158/; classtype:trojan-activity;sid:83768258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905154/; classtype:trojan-activity;sid:83768254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"117.50.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905149/; classtype:trojan-activity;sid:83768249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905150/; classtype:trojan-activity;sid:83768250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"117.50.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905147/; classtype:trojan-activity;sid:83768247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av_downloader.exe"; depth:18; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"47.236.23.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905140/; classtype:trojan-activity;sid:83768240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"119.32.29.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905133/; classtype:trojan-activity;sid:83768233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"117.50.95.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905129/; classtype:trojan-activity;sid:83768229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pornhub_downloader.exe"; depth:23; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install_python3.sh"; depth:19; endswith; nocase; http.host; content:"203.232.37.151"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.187.118.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_23; reference:url, urlhaus.abuse.ch/url/2901924/; classtype:trojan-activity;sid:83765024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zwzonepieces/posapsi/master/chatlife.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.118.121.223"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16/items/new_image_202406/new_image.jpg"; depth:40; endswith; nocase; http.host; content:"ia803405.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899910/; classtype:trojan-activity;sid:83763010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipfs/qmu99juvu4mweyuw7e6kkw8mheocjzoem5nueb87fdfpeh"; depth:52; endswith; nocase; http.host; content:"ipfs.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899853/; classtype:trojan-activity;sid:83762953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.202.101.153"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.56.250.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897167/; classtype:trojan-activity;sid:83760267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"77.72.254.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896954/; classtype:trojan-activity;sid:83760054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"77.72.254.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896955/; classtype:trojan-activity;sid:83760055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"77.72.254.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896956/; classtype:trojan-activity;sid:83760056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"77.72.254.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896950/; classtype:trojan-activity;sid:83760050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"77.72.254.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896951/; classtype:trojan-activity;sid:83760051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"77.72.254.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896948/; classtype:trojan-activity;sid:83760048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2895457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3r%bc%bc%ca%f5.exe"; depth:19; endswith; nocase; http.host; content:"112.74.185.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_18; reference:url, urlhaus.abuse.ch/url/2895457/; classtype:trojan-activity;sid:83758557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.19.13.27"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup/clientcaller.exe"; depth:24; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891705/; classtype:trojan-activity;sid:83754805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientcaller.exe"; depth:17; endswith; nocase; http.host; content:"183.57.21.131"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891703/; classtype:trojan-activity;sid:83754803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/software/%e6%89%93%e5%8d%b0%e4%bb%bb%e5%8a%a1%e6%b8%85%e9%99%a4%e5%99%a8.exe"; depth:79; endswith; nocase; http.host; content:"183.166.57.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891702/; classtype:trojan-activity;sid:83754802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"58.215.245.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888479/; classtype:trojan-activity;sid:83751579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"59.175.183.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"203.2.65.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888474/; classtype:trojan-activity;sid:83751574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"222.244.110.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"118.178.133.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"203.2.65.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888460/; classtype:trojan-activity;sid:83751560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"112.27.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888459/; classtype:trojan-activity;sid:83751559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"203.2.65.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888458/; classtype:trojan-activity;sid:83751558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"203.2.65.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888456/; classtype:trojan-activity;sid:83751556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"115.28.26.10"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888447/; classtype:trojan-activity;sid:83751547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"203.2.65.29"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888445/; classtype:trojan-activity;sid:83751545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"124.67.254.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"61.182.69.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888443/; classtype:trojan-activity;sid:83751543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"139.159.155.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"139.159.155.204"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"117.157.17.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/photo.scr"; depth:19; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888259/; classtype:trojan-activity;sid:83751359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888258/; classtype:trojan-activity;sid:83751358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/av.scr"; depth:16; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888257/; classtype:trojan-activity;sid:83751357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888254/; classtype:trojan-activity;sid:83751354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888255/; classtype:trojan-activity;sid:83751355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/photo.lnk"; depth:19; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888251/; classtype:trojan-activity;sid:83751351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/av.lnk"; depth:16; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888252/; classtype:trojan-activity;sid:83751352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/video.scr"; depth:19; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888253/; classtype:trojan-activity;sid:83751353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888247/; classtype:trojan-activity;sid:83751347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888248/; classtype:trojan-activity;sid:83751348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888249/; classtype:trojan-activity;sid:83751349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/video.lnk"; depth:19; endswith; nocase; http.host; content:"193.162.43.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888250/; classtype:trojan-activity;sid:83751350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ade4f437.exe"; depth:13; endswith; nocase; http.host; content:"106.14.143.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888016/; classtype:trojan-activity;sid:83751116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asusdebug.exe"; depth:14; endswith; nocase; http.host; content:"106.14.143.152"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888001/; classtype:trojan-activity;sid:83751101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2886550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.109.148.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2886550/; classtype:trojan-activity;sid:83749650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smug246/luna-grabber-injection/main/injection-obfuscated.js"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2885017/; classtype:trojan-activity;sid:83748117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.39.146.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_12; reference:url, urlhaus.abuse.ch/url/2885006/; classtype:trojan-activity;sid:83748106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.156.224.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uphoarding.hhp"; depth:15; endswith; nocase; http.host; content:"www.atordeg.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883765/; classtype:trojan-activity;sid:83746865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2882153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/dmshell.exe"; depth:21; endswith; nocase; http.host; content:"172.105.66.118"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2882153/; classtype:trojan-activity;sid:83745253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cg100/update.exe"; depth:17; endswith; nocase; http.host; content:"update.cg100iii.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pwnkit"; depth:7; endswith; nocase; http.host; content:"217.71.224.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879886/; classtype:trojan-activity;sid:83742986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cve/cve-2021-4034"; depth:18; endswith; nocase; http.host; content:"47.120.46.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879846/; classtype:trojan-activity;sid:83742946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exe/test.exe"; depth:13; endswith; nocase; http.host; content:"47.120.46.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879845/; classtype:trojan-activity;sid:83742945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellcode"; depth:10; endswith; nocase; http.host; content:"101.101.160.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879683/; classtype:trojan-activity;sid:83742783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound.exe"; depth:15; endswith; nocase; http.host; content:"92.127.156.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.149.81.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879531/; classtype:trojan-activity;sid:83742631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2878419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.188.82.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2878419/; classtype:trojan-activity;sid:83741519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/8fc809.exe"; depth:18; endswith; nocase; http.host; content:"jtpdev.co.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877962/; classtype:trojan-activity;sid:83741062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/8fc809.exe"; depth:18; endswith; nocase; http.host; content:"jtpdev.co.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877425/; classtype:trojan-activity;sid:83740525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=be74a2a80f46402f%21108|7c|26|7c|authkey=!apakrcjm7r_t5aa"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877333/; classtype:trojan-activity;sid:83740433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slade107.psm"; depth:13; endswith; nocase; http.host; content:"karoonpc.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/zqwer/dllxf3.txt"; depth:30; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875723/; classtype:trojan-activity;sid:83738823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak/reg/marz/zqwer/pef3dir.txt"; depth:31; endswith; nocase; http.host; content:"91.202.233.169"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875722/; classtype:trojan-activity;sid:83738822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.elf"; depth:6; endswith; nocase; http.host; content:"reusable-flex.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/walesboller.pcx"; depth:16; endswith; nocase; http.host; content:"karoonpc.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.118.112.68"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=7eb674a88ccf381d%21552|7c|26|7c|authkey=!ah8ykhc8fseogq0"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872943/; classtype:trojan-activity;sid:83736043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=7eb674a88ccf381d%21554|7c|26|7c|authkey=!al2jzv2j-kuxnxi"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872938/; classtype:trojan-activity;sid:83736038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=7eb674a88ccf381d%21553|7c|26|7c|authkey=!am3kf8wmh98xn0y"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_03; reference:url, urlhaus.abuse.ch/url/2872939/; classtype:trojan-activity;sid:83736039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2871410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12gxtnsqsjokneqetkvk1a99fni-es6ir"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_01; reference:url, urlhaus.abuse.ch/url/2871410/; classtype:trojan-activity;sid:83734510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/40/4a6ca328-7888-3279-b672-d1d9d0a46ee2/gta_v.exe"; depth:59; endswith; nocase; http.host; content:"softcatalog.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870229/; classtype:trojan-activity;sid:83733329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.187.7.29"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870174/; classtype:trojan-activity;sid:83733274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"119.91.25.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"119.91.25.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/rssh"; depth:33; endswith; nocase; http.host; content:"222.88.186.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2869436/; classtype:trojan-activity;sid:83732536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/dahmfv126.bin"; depth:23; endswith; nocase; http.host; content:"dnvk1.info"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868847/; classtype:trojan-activity;sid:83731947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.i_1003h.exe"; depth:14; endswith; nocase; http.host; content:"221.143.49.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/batch.zip"; depth:10; endswith; nocase; http.host; content:"39.99.131.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868722/; classtype:trojan-activity;sid:83731822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coreminer-linux-x86_64.tar.gz"; depth:30; endswith; nocase; http.host; content:"39.99.131.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868720/; classtype:trojan-activity;sid:83731820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powershell/start-powershellfordopaddcrontab.psl"; depth:48; endswith; nocase; http.host; content:"39.99.131.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868719/; classtype:trojan-activity;sid:83731819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powershell/start-powershellfordop.txt"; depth:38; endswith; nocase; http.host; content:"39.99.131.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868710/; classtype:trojan-activity;sid:83731810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powershell/start-powershellxlies.txt"; depth:37; endswith; nocase; http.host; content:"39.99.131.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868714/; classtype:trojan-activity;sid:83731814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.185.229.73"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868624/; classtype:trojan-activity;sid:83731724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggws_upload.exe"; depth:16; endswith; nocase; http.host; content:"47.104.173.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sthealthbq.exe"; depth:15; endswith; nocase; http.host; content:"47.104.173.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sthealthupload.exe"; depth:19; endswith; nocase; http.host; content:"47.104.173.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sthealthupdate.exe"; depth:19; endswith; nocase; http.host; content:"47.104.173.216"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864267/; classtype:trojan-activity;sid:83727367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.241.74.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864266/; classtype:trojan-activity;sid:83727366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"103.42.198.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864259/; classtype:trojan-activity;sid:83727359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"103.42.198.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864261/; classtype:trojan-activity;sid:83727361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.143.139.103"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864262/; classtype:trojan-activity;sid:83727362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"24.120.175.134"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864256/; classtype:trojan-activity;sid:83727356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"103.42.198.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864245/; classtype:trojan-activity;sid:83727345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864247/; classtype:trojan-activity;sid:83727347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864249/; classtype:trojan-activity;sid:83727349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"103.42.198.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864252/; classtype:trojan-activity;sid:83727352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"162.191.190.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864253/; classtype:trojan-activity;sid:83727353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864254/; classtype:trojan-activity;sid:83727354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.216.139.132"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864255/; classtype:trojan-activity;sid:83727355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.247.206.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864244/; classtype:trojan-activity;sid:83727344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.133"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863534/; classtype:trojan-activity;sid:83726634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"221.10.233.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.88.50.73"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863373/; classtype:trojan-activity;sid:83726473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863371/; classtype:trojan-activity;sid:83726471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.85.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863363/; classtype:trojan-activity;sid:83726463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863366/; classtype:trojan-activity;sid:83726466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.112.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863359/; classtype:trojan-activity;sid:83726459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863360/; classtype:trojan-activity;sid:83726460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.112.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863362/; classtype:trojan-activity;sid:83726462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863358/; classtype:trojan-activity;sid:83726458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.88.50.74"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863354/; classtype:trojan-activity;sid:83726454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.88.50.76"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863355/; classtype:trojan-activity;sid:83726455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.108.58.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"162.191.190.249"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863343/; classtype:trojan-activity;sid:83726443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.43.19.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863323/; classtype:trojan-activity;sid:83726423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863326/; classtype:trojan-activity;sid:83726426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.135.42.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863331/; classtype:trojan-activity;sid:83726431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.76.12.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863332/; classtype:trojan-activity;sid:83726432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.77.57.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.49.168.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.112.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863335/; classtype:trojan-activity;sid:83726435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.112.188"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863339/; classtype:trojan-activity;sid:83726439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863340/; classtype:trojan-activity;sid:83726440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.135.42.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.135.42.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxijgyp.exe"; depth:12; endswith; nocase; http.host; content:"bafybeicoo7kwhmnl6q7prd65aimf5byzrihrklgviebm2pkyzyepdaigf4.ipfs.dweb.link"; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862297/; classtype:trojan-activity;sid:83725397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"125.168.166.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862107/; classtype:trojan-activity;sid:83725207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/8gikly"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/medjl1"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/dy1f16"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/kx3wl4"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/ppxodm"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/e7opy8"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/7dhid7"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/tbfvpd"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/6f2c5c"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/g2js91"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/lt00vw"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/i7tdbr"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/3a9xj1"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/wyg3h5"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.3.211.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.216.105.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.62.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862018/; classtype:trojan-activity;sid:83725118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.202.0.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862005/; classtype:trojan-activity;sid:83725105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.144.131.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.223.106.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862011/; classtype:trojan-activity;sid:83725111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.113.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861994/; classtype:trojan-activity;sid:83725094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.127.22.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861996/; classtype:trojan-activity;sid:83725096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.85.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861998/; classtype:trojan-activity;sid:83725098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.112.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861999/; classtype:trojan-activity;sid:83725099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.76.12.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861992/; classtype:trojan-activity;sid:83725092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861989/; classtype:trojan-activity;sid:83725089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.147.175.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861986/; classtype:trojan-activity;sid:83725086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.165.122.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.223.106.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861980/; classtype:trojan-activity;sid:83725080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.125.243.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.140.147.185"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861964/; classtype:trojan-activity;sid:83725064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"107.145.144.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861967/; classtype:trojan-activity;sid:83725067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.76.12.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861968/; classtype:trojan-activity;sid:83725068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"132.255.192.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"39.175.56.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861972/; classtype:trojan-activity;sid:83725072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.113.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861953/; classtype:trojan-activity;sid:83725053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.26.194.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.84.167.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"95.47.248.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.22.143.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14stirling.dyndns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"84.199.4.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861917/; classtype:trojan-activity;sid:83725017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.113.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861918/; classtype:trojan-activity;sid:83725018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.196.96.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861922/; classtype:trojan-activity;sid:83725022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.82.83.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"95.230.215.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"141.134.214.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.85.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861914/; classtype:trojan-activity;sid:83725014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.121.112.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861915/; classtype:trojan-activity;sid:83725015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861910/; classtype:trojan-activity;sid:83725010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/dvbcvt"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/exw2o1"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861856/; classtype:trojan-activity;sid:83724956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"174.71.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861841/; classtype:trojan-activity;sid:83724941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"66.49.95.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"96.76.18.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861846/; classtype:trojan-activity;sid:83724946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.121.112.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861848/; classtype:trojan-activity;sid:83724948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.176.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"74.72.72.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861836/; classtype:trojan-activity;sid:83724936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"202.3.248.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.176.204.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"193.160.86.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861830/; classtype:trojan-activity;sid:83724930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"141.134.214.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"68.107.218.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"202.22.143.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861820/; classtype:trojan-activity;sid:83724920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"66.214.27.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861821/; classtype:trojan-activity;sid:83724921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"124.19.79.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861817/; classtype:trojan-activity;sid:83724917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"80.64.76.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"204.11.227.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861815/; classtype:trojan-activity;sid:83724915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"109.69.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861809/; classtype:trojan-activity;sid:83724909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"1.179.62.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861810/; classtype:trojan-activity;sid:83724910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861812/; classtype:trojan-activity;sid:83724912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"107.145.144.57"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861801/; classtype:trojan-activity;sid:83724901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"132.255.192.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861796/; classtype:trojan-activity;sid:83724896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"78.21.148.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861788/; classtype:trojan-activity;sid:83724888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.231.190.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.121.113.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861787/; classtype:trojan-activity;sid:83724887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861786/; classtype:trojan-activity;sid:83724886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861776/; classtype:trojan-activity;sid:83724876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"77.237.29.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"102.165.122.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.121.112.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861774/; classtype:trojan-activity;sid:83724874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"159.196.71.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.183.85.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861754/; classtype:trojan-activity;sid:83724854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"185.127.22.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861752/; classtype:trojan-activity;sid:83724852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861745/; classtype:trojan-activity;sid:83724845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"31.0.241.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"123.200.171.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861730/; classtype:trojan-activity;sid:83724830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"166.144.131.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"89.31.226.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.121.113.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861723/; classtype:trojan-activity;sid:83724823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"74.72.72.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"39.175.56.249"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861717/; classtype:trojan-activity;sid:83724817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"87.251.249.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"82.76.12.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861715/; classtype:trojan-activity;sid:83724815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"188.170.32.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861714/; classtype:trojan-activity;sid:83724814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"80.14.38.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"85.99.124.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861709/; classtype:trojan-activity;sid:83724809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.84.167.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861708/; classtype:trojan-activity;sid:83724808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"209.162.229.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"41.71.51.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861694/; classtype:trojan-activity;sid:83724794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"102.216.105.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"222.252.15.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861697/; classtype:trojan-activity;sid:83724797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"14stirling.dyndns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"188.147.175.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861702/; classtype:trojan-activity;sid:83724802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"117.202.0.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861683/; classtype:trojan-activity;sid:83724783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861686/; classtype:trojan-activity;sid:83724786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"124.19.77.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861687/; classtype:trojan-activity;sid:83724787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861688/; classtype:trojan-activity;sid:83724788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"31.125.243.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"202.3.248.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"84.199.4.170"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861674/; classtype:trojan-activity;sid:83724774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"209.162.229.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861676/; classtype:trojan-activity;sid:83724776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861677/; classtype:trojan-activity;sid:83724777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"96.76.18.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861678/; classtype:trojan-activity;sid:83724778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"36.95.166.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861672/; classtype:trojan-activity;sid:83724772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.127.104.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861668/; classtype:trojan-activity;sid:83724768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"159.196.71.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861664/; classtype:trojan-activity;sid:83724764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861652/; classtype:trojan-activity;sid:83724752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"31.173.70.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"212.3.211.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861646/; classtype:trojan-activity;sid:83724746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861639/; classtype:trojan-activity;sid:83724739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.122.141.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861632/; classtype:trojan-activity;sid:83724732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"77.237.29.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"95.47.248.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"102.223.106.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861637/; classtype:trojan-activity;sid:83724737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"86.121.113.72"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861627/; classtype:trojan-activity;sid:83724727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861613/; classtype:trojan-activity;sid:83724713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861614/; classtype:trojan-activity;sid:83724714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861619/; classtype:trojan-activity;sid:83724719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"66.49.95.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"174.71.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861622/; classtype:trojan-activity;sid:83724722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"1.179.62.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861624/; classtype:trojan-activity;sid:83724724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"82.148.194.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"69.75.168.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"223.82.83.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"78.21.148.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861602/; classtype:trojan-activity;sid:83724702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"31.0.241.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861594/; classtype:trojan-activity;sid:83724694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"109.69.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861589/; classtype:trojan-activity;sid:83724689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"93.63.154.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861588/; classtype:trojan-activity;sid:83724688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.84.167.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861567/; classtype:trojan-activity;sid:83724667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"113.160.251.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861570/; classtype:trojan-activity;sid:83724670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"202.22.143.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"119.13.179.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861579/; classtype:trojan-activity;sid:83724679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"59.154.252.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861580/; classtype:trojan-activity;sid:83724680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.183.85.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861556/; classtype:trojan-activity;sid:83724656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"68.226.36.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"102.223.106.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861563/; classtype:trojan-activity;sid:83724663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"172.115.81.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861564/; classtype:trojan-activity;sid:83724664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"82.76.12.91"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861551/; classtype:trojan-activity;sid:83724651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"109.69.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861552/; classtype:trojan-activity;sid:83724652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"95.230.215.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"87.26.194.197"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"88.123.92.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.196.96.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861548/; classtype:trojan-activity;sid:83724648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.231.190.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"85.99.124.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861541/; classtype:trojan-activity;sid:83724641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsaplqyj.exe"; depth:13; endswith; nocase; http.host; content:"bafybeicnmx2fcaolinpdaiqjo7hgsourg3qzaxf57psdrbqic4qrm4pf3i.ipfs.dweb.link"; depth:74; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861538/; classtype:trojan-activity;sid:83724638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/srbijasetuphokej.exe"; depth:21; endswith; nocase; http.host; content:"79.101.0.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860721/; classtype:trojan-activity;sid:83723821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipfs/bafybeihztxwimpjrjtlr3djk5sxcxnyiubceso2zkoijuplsccegiceqya/ngown.exe"; depth:75; endswith; nocase; http.host; content:"ipfs.io"; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860121/; classtype:trojan-activity;sid:83723221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.148.194.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/arm"; depth:30; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859117/; classtype:trojan-activity;sid:83722217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.225.186.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"66.49.95.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.139.21.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857893/; classtype:trojan-activity;sid:83720993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.3.248.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857888/; classtype:trojan-activity;sid:83720988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"1.179.62.255"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857884/; classtype:trojan-activity;sid:83720984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857881/; classtype:trojan-activity;sid:83720981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"217.86.136.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857874/; classtype:trojan-activity;sid:83720974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.122.141.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857878/; classtype:trojan-activity;sid:83720978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857871/; classtype:trojan-activity;sid:83720971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.196.121.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857872/; classtype:trojan-activity;sid:83720972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"159.196.71.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857870/; classtype:trojan-activity;sid:83720970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.154.122.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857865/; classtype:trojan-activity;sid:83720965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.0.241.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"74.72.72.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857861/; classtype:trojan-activity;sid:83720961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"5.154.67.251"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857854/; classtype:trojan-activity;sid:83720954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"159.196.71.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"144.6.87.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.92"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857848/; classtype:trojan-activity;sid:83720948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.2.229.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857846/; classtype:trojan-activity;sid:83720946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"149.62.200.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857835/; classtype:trojan-activity;sid:83720935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"36.95.166.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857836/; classtype:trojan-activity;sid:83720936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"98.180.230.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857831/; classtype:trojan-activity;sid:83720931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.69.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857829/; classtype:trojan-activity;sid:83720929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.176.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"41.71.51.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857819/; classtype:trojan-activity;sid:83720919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"89.31.226.224"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.176.204.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"124.19.79.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857810/; classtype:trojan-activity;sid:83720910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857806/; classtype:trojan-activity;sid:83720906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.3.248.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"66.49.95.131"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857797/; classtype:trojan-activity;sid:83720897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"68.107.218.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"68.226.36.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.69.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857789/; classtype:trojan-activity;sid:83720889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857780/; classtype:trojan-activity;sid:83720880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"62.202.20.85"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857776/; classtype:trojan-activity;sid:83720876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857770/; classtype:trojan-activity;sid:83720870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857771/; classtype:trojan-activity;sid:83720871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"69.75.168.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.15.181.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857768/; classtype:trojan-activity;sid:83720868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857763/; classtype:trojan-activity;sid:83720863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857758/; classtype:trojan-activity;sid:83720858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857752/; classtype:trojan-activity;sid:83720852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.139.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857753/; classtype:trojan-activity;sid:83720853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.123.92.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857755/; classtype:trojan-activity;sid:83720855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"125.168.166.40"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857750/; classtype:trojan-activity;sid:83720850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857746/; classtype:trojan-activity;sid:83720846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.154.122.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857736/; classtype:trojan-activity;sid:83720836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.69.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857729/; classtype:trojan-activity;sid:83720829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857724/; classtype:trojan-activity;sid:83720824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.139.20.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857722/; classtype:trojan-activity;sid:83720822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.200.171.184"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857721/; classtype:trojan-activity;sid:83720821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"217.86.136.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857717/; classtype:trojan-activity;sid:83720817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.160.185.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857710/; classtype:trojan-activity;sid:83720810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"209.162.229.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857712/; classtype:trojan-activity;sid:83720812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"74.72.72.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857706/; classtype:trojan-activity;sid:83720806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857704/; classtype:trojan-activity;sid:83720804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"94.241.90.73"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.173.70.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"193.160.10.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.160.251.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.154.123.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857679/; classtype:trojan-activity;sid:83720779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857674/; classtype:trojan-activity;sid:83720774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"204.11.227.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857676/; classtype:trojan-activity;sid:83720776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857678/; classtype:trojan-activity;sid:83720778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857670/; classtype:trojan-activity;sid:83720770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857662/; classtype:trojan-activity;sid:83720762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.251.249.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857657/; classtype:trojan-activity;sid:83720757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"144.6.87.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.185"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.139.20.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857655/; classtype:trojan-activity;sid:83720755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.170.32.148"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857645/; classtype:trojan-activity;sid:83720745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857633/; classtype:trojan-activity;sid:83720733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.0.241.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"204.11.227.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857635/; classtype:trojan-activity;sid:83720735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857640/; classtype:trojan-activity;sid:83720740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857628/; classtype:trojan-activity;sid:83720728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857621/; classtype:trojan-activity;sid:83720721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857616/; classtype:trojan-activity;sid:83720716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"217.86.136.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857613/; classtype:trojan-activity;sid:83720713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"59.154.252.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857614/; classtype:trojan-activity;sid:83720714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.176.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"96.76.18.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857603/; classtype:trojan-activity;sid:83720703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"66.214.27.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857606/; classtype:trojan-activity;sid:83720706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"217.86.136.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857607/; classtype:trojan-activity;sid:83720707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857600/; classtype:trojan-activity;sid:83720700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.93.103.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"112.4.110.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"193.160.10.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.61"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857585/; classtype:trojan-activity;sid:83720685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857586/; classtype:trojan-activity;sid:83720686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857583/; classtype:trojan-activity;sid:83720683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.108.58.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"193.160.86.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857579/; classtype:trojan-activity;sid:83720679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857578/; classtype:trojan-activity;sid:83720678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857576/; classtype:trojan-activity;sid:83720676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.14.38.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.180"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857574/; classtype:trojan-activity;sid:83720674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.120.181.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857568/; classtype:trojan-activity;sid:83720668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.237.29.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857563/; classtype:trojan-activity;sid:83720663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"193.251.62.153"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857564/; classtype:trojan-activity;sid:83720664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857566/; classtype:trojan-activity;sid:83720666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.22.143.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.139.21.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857556/; classtype:trojan-activity;sid:83720656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"78.21.148.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857550/; classtype:trojan-activity;sid:83720650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857542/; classtype:trojan-activity;sid:83720642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.253.35"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857543/; classtype:trojan-activity;sid:83720643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857541/; classtype:trojan-activity;sid:83720641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"193.160.10.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.139.20.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"78.21.148.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857530/; classtype:trojan-activity;sid:83720630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"164.126.129.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.64.76.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"209.162.229.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"78.21.148.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857517/; classtype:trojan-activity;sid:83720617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.93.103.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"74.72.72.247"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"172.115.81.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857506/; classtype:trojan-activity;sid:83720606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857507/; classtype:trojan-activity;sid:83720607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"124.19.77.89"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857508/; classtype:trojan-activity;sid:83720608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857501/; classtype:trojan-activity;sid:83720601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.108.58.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857500/; classtype:trojan-activity;sid:83720600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"93.63.154.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857492/; classtype:trojan-activity;sid:83720592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.237.29.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.196.121.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857485/; classtype:trojan-activity;sid:83720585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857475/; classtype:trojan-activity;sid:83720575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857472/; classtype:trojan-activity;sid:83720572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.222.113.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.71.130.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.68.74.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"222.252.15.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857462/; classtype:trojan-activity;sid:83720562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"68.226.36.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857454/; classtype:trojan-activity;sid:83720554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857455/; classtype:trojan-activity;sid:83720555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"119.13.179.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857457/; classtype:trojan-activity;sid:83720557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.160.185.79"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857458/; classtype:trojan-activity;sid:83720558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.65.37.116"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.238.93"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857438/; classtype:trojan-activity;sid:83720538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.118.199.209"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857439/; classtype:trojan-activity;sid:83720539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"96.76.18.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857440/; classtype:trojan-activity;sid:83720540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.182.253.59"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857434/; classtype:trojan-activity;sid:83720534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.84.167.164"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857169/; classtype:trojan-activity;sid:83720269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.223.60.33"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856551/; classtype:trojan-activity;sid:83719651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig-6.18.0-linux-x64.tar.gz"; depth:30; endswith; nocase; http.host; content:"46.231.32.135"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854636/; classtype:trojan-activity;sid:83717736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig0.zip"; depth:11; endswith; nocase; http.host; content:"14.224.174.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854622/; classtype:trojan-activity;sid:83717722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig0.zip"; depth:11; endswith; nocase; http.host; content:"14.224.174.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854623/; classtype:trojan-activity;sid:83717723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig-6.19.3-linux-x64.tar.gz"; depth:30; endswith; nocase; http.host; content:"31.186.217.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854611/; classtype:trojan-activity;sid:83717711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2853223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdrpload.exe"; depth:13; endswith; nocase; http.host; content:"aefieiaehfiaehr.top"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2853223/; classtype:trojan-activity;sid:83716323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x103.log"; depth:9; endswith; nocase; http.host; content:"zffsg.oss-ap-northeast-2.aliyuncs.com"; depth:37; isdataat:!1,relative; metadata:created_at 2024_05_15; reference:url, urlhaus.abuse.ch/url/2850765/; classtype:trojan-activity;sid:83713865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"52.83.32.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845989/; classtype:trojan-activity;sid:83709089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"52.83.32.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845988/; classtype:trojan-activity;sid:83709088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"52.83.32.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845981/; classtype:trojan-activity;sid:83709081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"52.83.32.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845969/; classtype:trojan-activity;sid:83709069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"52.83.32.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845952/; classtype:trojan-activity;sid:83709052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"52.83.32.119"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845958/; classtype:trojan-activity;sid:83709058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av_downloader.exe"; depth:18; endswith; nocase; http.host; content:"43.240.65.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845932/; classtype:trojan-activity;sid:83709032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install_python3.sh"; depth:19; endswith; nocase; http.host; content:"43.240.65.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845931/; classtype:trojan-activity;sid:83709031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=8950d94f9949f870%213505|7c|26|7c|authkey=!afhuotcjydvf6pg"; depth:76; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845350/; classtype:trojan-activity;sid:83708450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.231.14.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.119.193.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.116.62.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.119.151.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.201.7.189"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842720/; classtype:trojan-activity;sid:83705820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.i"; depth:4; endswith; nocase; http.host; content:"90.176.171.4"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842719/; classtype:trojan-activity;sid:83705819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"139.5.152.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842662/; classtype:trojan-activity;sid:83705762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.92.29.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842655/; classtype:trojan-activity;sid:83705755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.35.49.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842650/; classtype:trojan-activity;sid:83705750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.28.38.135"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842413/; classtype:trojan-activity;sid:83705513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.35.49.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842402/; classtype:trojan-activity;sid:83705502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.92.29.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842405/; classtype:trojan-activity;sid:83705505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.205.81.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//.i"; depth:4; endswith; nocase; http.host; content:"31.43.16.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842070/; classtype:trojan-activity;sid:83705170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.151.34.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"71.42.105.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842056/; classtype:trojan-activity;sid:83705156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.4.51.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842053/; classtype:trojan-activity;sid:83705153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.245.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.109.205.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.192.22.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.187.118.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842020/; classtype:trojan-activity;sid:83705120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.39.247.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842023/; classtype:trojan-activity;sid:83705123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.110.206.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842026/; classtype:trojan-activity;sid:83705126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.151.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.8.227.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842003/; classtype:trojan-activity;sid:83705103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.51.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.107.232.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.176.27.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841996/; classtype:trojan-activity;sid:83705096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.237.172.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841997/; classtype:trojan-activity;sid:83705097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"70.45.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841999/; classtype:trojan-activity;sid:83705099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.87.223.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.46.255.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841978/; classtype:trojan-activity;sid:83705078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.107.78.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841979/; classtype:trojan-activity;sid:83705079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"144.48.170.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841983/; classtype:trojan-activity;sid:83705083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.36.11.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841972/; classtype:trojan-activity;sid:83705072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.236.247.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.249.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.239.254.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841962/; classtype:trojan-activity;sid:83705062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.101.191.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841963/; classtype:trojan-activity;sid:83705063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.209.184.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841953/; classtype:trojan-activity;sid:83705053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.209.184.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841954/; classtype:trojan-activity;sid:83705054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.189.254.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841945/; classtype:trojan-activity;sid:83705045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.151.163.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841947/; classtype:trojan-activity;sid:83705047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.115.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.147.168.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841934/; classtype:trojan-activity;sid:83705034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.169.136.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841931/; classtype:trojan-activity;sid:83705031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.145.123.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.119.87.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841926/; classtype:trojan-activity;sid:83705026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.28.38.135"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841917/; classtype:trojan-activity;sid:83705017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptography_module_windows.exe"; depth:32; endswith; nocase; http.host; content:"122.170.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.110.206.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841726/; classtype:trojan-activity;sid:83704826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.169.136.50"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841716/; classtype:trojan-activity;sid:83704816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.247.13.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841715/; classtype:trojan-activity;sid:83704815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.211.112.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841707/; classtype:trojan-activity;sid:83704807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.237.172.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841709/; classtype:trojan-activity;sid:83704809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.46.255.40"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841697/; classtype:trojan-activity;sid:83704797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.87.223.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.147.168.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841688/; classtype:trojan-activity;sid:83704788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.151.34.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.101.191.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841679/; classtype:trojan-activity;sid:83704779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.36.11.31"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841676/; classtype:trojan-activity;sid:83704776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.119.87.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841673/; classtype:trojan-activity;sid:83704773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.239.254.115"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841666/; classtype:trojan-activity;sid:83704766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.39.247.173"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841667/; classtype:trojan-activity;sid:83704767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.236.247.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.4.51.242"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841636/; classtype:trojan-activity;sid:83704736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.79.48.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841639/; classtype:trojan-activity;sid:83704739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.145.123.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.115.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.151.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.209.184.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841624/; classtype:trojan-activity;sid:83704724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.189.254.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841617/; classtype:trojan-activity;sid:83704717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"71.42.105.54"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841619/; classtype:trojan-activity;sid:83704719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.245.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.192.22.166"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.187.118.46"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841606/; classtype:trojan-activity;sid:83704706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.209.184.121"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841608/; classtype:trojan-activity;sid:83704708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.205.237"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841609/; classtype:trojan-activity;sid:83704709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.51.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.8.227.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841587/; classtype:trojan-activity;sid:83704687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"70.45.241.192"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841591/; classtype:trojan-activity;sid:83704691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"144.48.170.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841594/; classtype:trojan-activity;sid:83704694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.107.78.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841582/; classtype:trojan-activity;sid:83704682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.176.27.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841584/; classtype:trojan-activity;sid:83704684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.151.163.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841575/; classtype:trojan-activity;sid:83704675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.249.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.107.232.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aioc_5.0.0.63_it.exe"; depth:21; endswith; nocase; http.host; content:"912648.aioc.qbgxl.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841312/; classtype:trojan-activity;sid:83704412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2840470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lidiyakamalova89/www/raw/main/ver.1.4.1.zip"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2840470/; classtype:trojan-activity;sid:83703570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2839963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aioc_5.0.0.63_it.exe"; depth:21; endswith; nocase; http.host; content:"139520.aioc.qbgxl.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_06; reference:url, urlhaus.abuse.ch/url/2839963/; classtype:trojan-activity;sid:83703063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ag_injector_latest.apk"; depth:23; endswith; nocase; http.host; content:"dl.aginjector.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"103.146.202.41"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/build.s.apk"; depth:12; endswith; nocase; http.host; content:"195.211.101.219"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/bots_mips"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/tiktok/ready.apk"; depth:24; endswith; nocase; http.host; content:"gawx.florenda.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835124/; classtype:trojan-activity;sid:83698224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/tiktok/ready.apk"; depth:24; endswith; nocase; http.host; content:"gawx.florenda.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835122/; classtype:trojan-activity;sid:83698222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.249.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frexoff/efefwefwwf/main/cock.exe"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/disbot"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm7"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm6"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/mips"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/x86_64"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm5"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/m68k"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/sh4"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/mpsl"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/arm"; depth:33; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caonim2le/yournigas/raw/main/x86_32"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/386"; depth:30; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/mips"; depth:31; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20matrix77/2fts3/raw/main/mpsl"; depth:31; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=59261c7e41b6478a%21212|7c|26|7c|authkey=!agx6xu7a8tjfwjs"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832385/; classtype:trojan-activity;sid:83695485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=59261c7e41b6478a%21215|7c|26|7c|authkey=!ailxsvzlzbop3io"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832383/; classtype:trojan-activity;sid:83695483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delta-io/delta/files/15016110/delta.zip"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/imtoken-intl-v2.apk"; depth:24; endswith; nocase; http.host; content:"154.23.240.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828091/; classtype:trojan-activity;sid:83691191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1/build3.exe"; depth:19; endswith; nocase; http.host; content:"cajgtus.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825976/; classtype:trojan-activity;sid:83689076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=b24528e77689f9ac%21162|7c|26|7c|authkey=!apfh4vxvdjek1qc"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825975/; classtype:trojan-activity;sid:83689075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=fdb0512de793b32e%21192|7c|26|7c|authkey=!aabmannkbvjdxgc"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825003/; classtype:trojan-activity;sid:83688103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/45.64.rar"; depth:15; endswith; nocase; http.host; content:"121.167.2.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825002/; classtype:trojan-activity;sid:83688102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/45.64.json"; depth:16; endswith; nocase; http.host; content:"121.167.2.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824999/; classtype:trojan-activity;sid:83688099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824981/; classtype:trojan-activity;sid:83688081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"24.79.48.21"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824688/; classtype:trojan-activity;sid:83687788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y-steamworks.exe"; depth:17; endswith; nocase; http.host; content:"117.50.194.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.150.253.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.89.188.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.30.85.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.50.148.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822890/; classtype:trojan-activity;sid:83685990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.136.240.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822894/; classtype:trojan-activity;sid:83685994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.18.223.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.38.60.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822902/; classtype:trojan-activity;sid:83686002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.188.48.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822903/; classtype:trojan-activity;sid:83686003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.92.222.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822886/; classtype:trojan-activity;sid:83685986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.30.245.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.154.131.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.141.135.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.76.195.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.254.173.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.65.15.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.114.137.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.184.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822870/; classtype:trojan-activity;sid:83685970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.120.179.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822874/; classtype:trojan-activity;sid:83685974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.189.172.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.77.74.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.248.81.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822844/; classtype:trojan-activity;sid:83685944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"75.183.98.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822845/; classtype:trojan-activity;sid:83685945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.67.251.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.242.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.253.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822833/; classtype:trojan-activity;sid:83685933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.154.187.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.210.217.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822821/; classtype:trojan-activity;sid:83685921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.227.118.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.94.245.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"122.201.25.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.254.223.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.116.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.89.11.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.34.20.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822814/; classtype:trojan-activity;sid:83685914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.189.125.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.5.36.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822816/; classtype:trojan-activity;sid:83685916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.114.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.96.214.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822802/; classtype:trojan-activity;sid:83685902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.116.68.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822806/; classtype:trojan-activity;sid:83685906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.131.81.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.69.88.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.176.137.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.158.175.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.154.135.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.37.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822783/; classtype:trojan-activity;sid:83685883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.237.174.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822784/; classtype:trojan-activity;sid:83685884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.120.179.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822789/; classtype:trojan-activity;sid:83685889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.227.118.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822790/; classtype:trojan-activity;sid:83685890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.252.66.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.210.50.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.5.61.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"139.60.191.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.246.177.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.34.7.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.244.112.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.175.223.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.1.157.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.42.201.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.21.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.28.58.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.21.223.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.63.242.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.242.106.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822737/; classtype:trojan-activity;sid:83685837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"168.228.6.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.7.153.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.184.231.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"138.19.251.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822727/; classtype:trojan-activity;sid:83685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.70.242.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822733/; classtype:trojan-activity;sid:83685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.193.120.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"196.41.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.215.61.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.57.121.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822707/; classtype:trojan-activity;sid:83685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.71.191.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822697/; classtype:trojan-activity;sid:83685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.236.114.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822699/; classtype:trojan-activity;sid:83685799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.171.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.52.164.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.182.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.224.100.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822688/; classtype:trojan-activity;sid:83685788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.43.201.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822689/; classtype:trojan-activity;sid:83685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.129.106.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.76.195.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822677/; classtype:trojan-activity;sid:83685777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.212.109.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822678/; classtype:trojan-activity;sid:83685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.196.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822681/; classtype:trojan-activity;sid:83685781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.156.46.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.197.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.78.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"191.103.217.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822667/; classtype:trojan-activity;sid:83685767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.42.121.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822663/; classtype:trojan-activity;sid:83685763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.19.172.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.129.2.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"221.120.98.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822655/; classtype:trojan-activity;sid:83685755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.100.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.218.50.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822658/; classtype:trojan-activity;sid:83685758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.204.177.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.183.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.86.123.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822639/; classtype:trojan-activity;sid:83685739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.78.118.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822633/; classtype:trojan-activity;sid:83685733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.154.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.94.29.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.113.141.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822603/; classtype:trojan-activity;sid:83685703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.245.131.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822605/; classtype:trojan-activity;sid:83685705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.159.0.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.34.22.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822611/; classtype:trojan-activity;sid:83685711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"63.78.214.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.109.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.188.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822617/; classtype:trojan-activity;sid:83685717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.22.48.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.211.252.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.175.134.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.43.59.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822580/; classtype:trojan-activity;sid:83685680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.171.80.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.89.199.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"144.48.169.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.179.41.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822587/; classtype:trojan-activity;sid:83685687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.104.195.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822567/; classtype:trojan-activity;sid:83685667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.150.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822568/; classtype:trojan-activity;sid:83685668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.5.19.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.115.174.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822572/; classtype:trojan-activity;sid:83685672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.41.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.9.192.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822559/; classtype:trojan-activity;sid:83685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.249.52.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.0.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.73.70.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.254.255.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.53.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"139.255.17.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822545/; classtype:trojan-activity;sid:83685645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.69.219.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822546/; classtype:trojan-activity;sid:83685646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822537/; classtype:trojan-activity;sid:83685637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.190.109.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822542/; classtype:trojan-activity;sid:83685642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.119.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.167.25.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.136.195.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822524/; classtype:trojan-activity;sid:83685624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.232.241.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822525/; classtype:trojan-activity;sid:83685625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"90.182.214.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.64.96.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.120.241.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822533/; classtype:trojan-activity;sid:83685633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.124.33.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.140.32.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.12.6.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"136.169.119.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.248.145.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.66.105.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.141.122.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822507/; classtype:trojan-activity;sid:83685607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.189.188.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822501/; classtype:trojan-activity;sid:83685601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.28.123.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.253.154.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.211.153.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822490/; classtype:trojan-activity;sid:83685590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.124.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822487/; classtype:trojan-activity;sid:83685587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.187.82.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.200.106.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.224.243.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.216.28.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.99.230.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822484/; classtype:trojan-activity;sid:83685584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.134.42.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.126.186.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.91.144.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.2.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.4.110.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.5.50.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.69.79.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.130.70.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822455/; classtype:trojan-activity;sid:83685555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.214.241.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.59.90.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822449/; classtype:trojan-activity;sid:83685549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"90.182.214.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.114.109.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822439/; classtype:trojan-activity;sid:83685539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.90.207.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822441/; classtype:trojan-activity;sid:83685541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"71.83.248.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822442/; classtype:trojan-activity;sid:83685542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.237.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.230.159.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822446/; classtype:trojan-activity;sid:83685546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.228.134.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822426/; classtype:trojan-activity;sid:83685526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.112.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822430/; classtype:trojan-activity;sid:83685530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.71.69.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.6.74.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.15.92.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.92.98.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.43.34.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.111.14.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.7.158.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822414/; classtype:trojan-activity;sid:83685514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.140.176.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822409/; classtype:trojan-activity;sid:83685509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.10.211.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822406/; classtype:trojan-activity;sid:83685506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.106.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.77.128.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822398/; classtype:trojan-activity;sid:83685498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"216.155.93.238"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822399/; classtype:trojan-activity;sid:83685499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.189.222.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.157.212.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.252.69.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.7.27.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.122.28.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822393/; classtype:trojan-activity;sid:83685493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.89.178.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822394/; classtype:trojan-activity;sid:83685494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.50.169.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.101.81.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"158.181.34.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822378/; classtype:trojan-activity;sid:83685478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.217.148.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822382/; classtype:trojan-activity;sid:83685482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.114.200.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.84.212.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.147.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.143.133.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.190.76.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822358/; classtype:trojan-activity;sid:83685458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"66.198.199.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822361/; classtype:trojan-activity;sid:83685461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822362/; classtype:trojan-activity;sid:83685462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.176.113.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.211.197.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.29.14.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.99.218.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822354/; classtype:trojan-activity;sid:83685454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.127.105.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.200.203.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.68.95.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.111.116.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.29.162.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822332/; classtype:trojan-activity;sid:83685432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.207.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.123.142.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822335/; classtype:trojan-activity;sid:83685435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.161.217.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822330/; classtype:trojan-activity;sid:83685430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.193.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"108.162.187.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822320/; classtype:trojan-activity;sid:83685420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.175.42.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.28.11.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.245.112.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822299/; classtype:trojan-activity;sid:83685399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.52.48.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822300/; classtype:trojan-activity;sid:83685400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.73.49.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.29.19.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.239.120.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822291/; classtype:trojan-activity;sid:83685391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"75.136.50.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.0.131.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"173.235.65.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.237.250.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.236.46.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.43.16.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822274/; classtype:trojan-activity;sid:83685374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.131.244.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.120.28.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822272/; classtype:trojan-activity;sid:83685372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"120.31.135.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822267/; classtype:trojan-activity;sid:83685367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.122.96.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.172.170.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822262/; classtype:trojan-activity;sid:83685362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.228.64.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.199.144.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822265/; classtype:trojan-activity;sid:83685365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.159.74.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.237.174.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822258/; classtype:trojan-activity;sid:83685358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.215.23.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.117.210.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.83.245.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.28.58.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.218.172.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822242/; classtype:trojan-activity;sid:83685342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.24.131.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822236/; classtype:trojan-activity;sid:83685336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.246.214.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822225/; classtype:trojan-activity;sid:83685325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.155.64.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.17.248.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"208.89.168.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822229/; classtype:trojan-activity;sid:83685329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.254.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.153.22.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.165.192.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822221/; classtype:trojan-activity;sid:83685321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.93.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822211/; classtype:trojan-activity;sid:83685311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.17.61.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822212/; classtype:trojan-activity;sid:83685312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.217.148.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.157.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.188.254.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822205/; classtype:trojan-activity;sid:83685305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.183.186.164"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822208/; classtype:trojan-activity;sid:83685308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.40.84.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.186.54.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.163.57.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.211.154.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822200/; classtype:trojan-activity;sid:83685300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.254.192.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.255.164.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.211.169.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822187/; classtype:trojan-activity;sid:83685287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.162.113.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822182/; classtype:trojan-activity;sid:83685282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.187.151.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.60.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.241.19.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.4.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822160/; classtype:trojan-activity;sid:83685260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.250.160.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"211.186.82.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.173.173.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.190.20.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.222.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822157/; classtype:trojan-activity;sid:83685257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.52.86.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.18.223.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.129.2.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.218.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.44.110.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.0.4.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.191.123.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.107.205.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.21.132.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822130/; classtype:trojan-activity;sid:83685230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.162.141.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.129.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.154.84.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.89.240.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822134/; classtype:trojan-activity;sid:83685234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.174.152.29"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822137/; classtype:trojan-activity;sid:83685237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.17.23.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.200.63.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.115.254.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822116/; classtype:trojan-activity;sid:83685216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.7.20.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822117/; classtype:trojan-activity;sid:83685217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.92.143.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.234.253.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822109/; classtype:trojan-activity;sid:83685209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.101.187.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822114/; classtype:trojan-activity;sid:83685214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.147.93.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.65.35.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.241.77.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.158.238.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822094/; classtype:trojan-activity;sid:83685194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.162.70.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822083/; classtype:trojan-activity;sid:83685183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.20.51.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.118.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822086/; classtype:trojan-activity;sid:83685186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.122.210.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.62.179.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.70.204.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.121.161.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.115.254.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822076/; classtype:trojan-activity;sid:83685176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.4.44.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.199.144.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822080/; classtype:trojan-activity;sid:83685180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.29.147.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822065/; classtype:trojan-activity;sid:83685165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.173.163.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.203.218.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"174.78.254.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.221.254.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822063/; classtype:trojan-activity;sid:83685163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.137.36.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.0.129.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.73.121.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.69.88.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.113.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.29.249.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.120.179.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822031/; classtype:trojan-activity;sid:83685131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.208.145.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.114.97.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822040/; classtype:trojan-activity;sid:83685140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.115.103.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.84.143.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822023/; classtype:trojan-activity;sid:83685123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.4.147.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"216.188.216.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.100.241.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.192.78.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"69.70.215.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822013/; classtype:trojan-activity;sid:83685113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.119.95.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.237.157.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.122.211.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.205.131.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822008/; classtype:trojan-activity;sid:83685108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.230.158.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.38.171.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.251.5.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.58.83.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.242.106.137"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.109.168.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821984/; classtype:trojan-activity;sid:83685084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.94.100.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821979/; classtype:trojan-activity;sid:83685079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.32.86.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.189.218.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821966/; classtype:trojan-activity;sid:83685066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.93.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.254.23.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821958/; classtype:trojan-activity;sid:83685058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.151.56.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.133.95.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.0.69.42"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821957/; classtype:trojan-activity;sid:83685057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.139.153.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.231.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.56.164.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821941/; classtype:trojan-activity;sid:83685041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.177.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"191.103.250.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821945/; classtype:trojan-activity;sid:83685045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.0.129.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.16.143.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821930/; classtype:trojan-activity;sid:83685030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.2.23.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821931/; classtype:trojan-activity;sid:83685031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.53.164.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.127.112.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.193.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.55.98.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821924/; classtype:trojan-activity;sid:83685024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.111.119.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"210.4.69.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821926/; classtype:trojan-activity;sid:83685026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.195.191.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.101.187.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821914/; classtype:trojan-activity;sid:83685014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.43.228.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"120.50.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.189.188.129"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821857/; classtype:trojan-activity;sid:83684957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.10.211.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821858/; classtype:trojan-activity;sid:83684958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.29.162.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821861/; classtype:trojan-activity;sid:83684961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.43.228.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.114.137.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.182.186"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.211.153.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821839/; classtype:trojan-activity;sid:83684939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.59.90.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821840/; classtype:trojan-activity;sid:83684940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.155.64.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.95.254.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821828/; classtype:trojan-activity;sid:83684928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.19.183.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821831/; classtype:trojan-activity;sid:83684931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.196.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821825/; classtype:trojan-activity;sid:83684925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.190.57.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821826/; classtype:trojan-activity;sid:83684926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.0.131.200"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.218.50.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821819/; classtype:trojan-activity;sid:83684919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.195.191.123"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.37.71"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821823/; classtype:trojan-activity;sid:83684923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.129.2.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821811/; classtype:trojan-activity;sid:83684911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.0.129.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.41.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.185.119.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.147.120.145"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.187.149.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.122.28.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821795/; classtype:trojan-activity;sid:83684895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.7.158.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821787/; classtype:trojan-activity;sid:83684887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.20.38"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.136.50.41"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.66.125.202"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821782/; classtype:trojan-activity;sid:83684882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.149.127.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821783/; classtype:trojan-activity;sid:83684883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.175.134.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.55.98.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.236.46.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.124.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821769/; classtype:trojan-activity;sid:83684869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.34.20.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821770/; classtype:trojan-activity;sid:83684870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.190.20.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.124.33.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.96.214.111"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821759/; classtype:trojan-activity;sid:83684859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.2.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"173.235.65.44"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.211.252.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.103.217.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821757/; classtype:trojan-activity;sid:83684857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.2.23.244"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821747/; classtype:trojan-activity;sid:83684847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.239.120.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821749/; classtype:trojan-activity;sid:83684849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.18.223.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.151.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"158.181.34.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821741/; classtype:trojan-activity;sid:83684841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.205.131.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821743/; classtype:trojan-activity;sid:83684843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.104.195.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.4.44.202"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.100.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821736/; classtype:trojan-activity;sid:83684836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.150.253.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.154.187.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.133.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821734/; classtype:trojan-activity;sid:83684834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.5.19.220"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.115.103.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.126.178.16"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821714/; classtype:trojan-activity;sid:83684814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.254.23.210"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821716/; classtype:trojan-activity;sid:83684816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.237.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.117.210.108"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.173.173.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.246.177.214"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.159.0.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.50.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.106.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.186.82.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.224.243.165"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.63.242.37"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.136.195.200"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821681/; classtype:trojan-activity;sid:83684781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.86.123.43"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821685/; classtype:trojan-activity;sid:83684785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"168.228.6.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.158.238.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821688/; classtype:trojan-activity;sid:83684788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.0.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.0.129.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.231.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.190.109.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821678/; classtype:trojan-activity;sid:83684778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.129.147.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821673/; classtype:trojan-activity;sid:83684773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.22.237.98"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.137.36.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.211.169.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821665/; classtype:trojan-activity;sid:83684765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.200.106.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.242.106.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821656/; classtype:trojan-activity;sid:83684756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.109.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.99.230.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821653/; classtype:trojan-activity;sid:83684753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.248.145.19"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.252.66.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.205.125.58"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821643/; classtype:trojan-activity;sid:83684743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.12.6.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.94.245.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.65.35.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.158.95.85"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.207.29"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.237.250.100"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.2.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.208.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.128.231.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821618/; classtype:trojan-activity;sid:83684718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.16.143.101"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821611/; classtype:trojan-activity;sid:83684711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.92.222.96"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821613/; classtype:trojan-activity;sid:83684713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.211.154.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821609/; classtype:trojan-activity;sid:83684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.129.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.68.95.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.134.42.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.101.80"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821580/; classtype:trojan-activity;sid:83684680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"195.218.152.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.200.63.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.224.100.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.52.86.60"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.241.19.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.30.245.243"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.15.92.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.254.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.38.24.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.76.195.60"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.140.32.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.43.16.120"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818978/; classtype:trojan-activity;sid:83682078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.164.200.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818953/; classtype:trojan-activity;sid:83682053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.252.69.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.167.25.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.182.214.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.137.36.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.241.77.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.113.141.237"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818932/; classtype:trojan-activity;sid:83682032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.207.58"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818939/; classtype:trojan-activity;sid:83682039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.135.142.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.21.132.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818922/; classtype:trojan-activity;sid:83682022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.50.148.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818926/; classtype:trojan-activity;sid:83682026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.41.225.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.78.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.73.49.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.254.192.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.70.242.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818907/; classtype:trojan-activity;sid:83682007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.202.49.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.133.95.164"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.193.21.48"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818887/; classtype:trojan-activity;sid:83681987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.0.69.42"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818889/; classtype:trojan-activity;sid:83681989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.119.95.176"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.120.28.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818878/; classtype:trojan-activity;sid:83681978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.255.17.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818872/; classtype:trojan-activity;sid:83681972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.127.112.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.94.9.181"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818867/; classtype:trojan-activity;sid:83681967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.111.14.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.222.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818870/; classtype:trojan-activity;sid:83681970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.215.23.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.127.105.182"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.100.63.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818857/; classtype:trojan-activity;sid:83681957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.113.227"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.122.210.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.101.187.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818847/; classtype:trojan-activity;sid:83681947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.210.35.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818840/; classtype:trojan-activity;sid:83681940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.77.128.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818830/; classtype:trojan-activity;sid:83681930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.176.113.135"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.25.133.191"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818829/; classtype:trojan-activity;sid:83681929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.102.177.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"136.169.119.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.60.191.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.161.217.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818797/; classtype:trojan-activity;sid:83681897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.40.84.254"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.153.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.162.187.11"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818807/; classtype:trojan-activity;sid:83681907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.136.240.220"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"63.78.214.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.114.200.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.203.218.38"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.83.245.86"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.180.35.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.227.118.71"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818763/; classtype:trojan-activity;sid:83681863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.247.163.125"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818753/; classtype:trojan-activity;sid:83681853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.219.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818271/; classtype:trojan-activity;sid:83681371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.150"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818269/; classtype:trojan-activity;sid:83681369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.105.177"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.231.15"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.251.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.150.221"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818227/; classtype:trojan-activity;sid:83681327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818228/; classtype:trojan-activity;sid:83681328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|resid=4e6f63f4c3c86180%21112|7c|26|7c|authkey=!aji85fsyq6pgubw"; depth:75; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817360/; classtype:trojan-activity;sid:83680460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsrj_v11.exe"; depth:13; endswith; nocase; http.host; content:"47.111.180.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814939/; classtype:trojan-activity;sid:83678039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logindll.dll"; depth:13; endswith; nocase; http.host; content:"47.111.180.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814937/; classtype:trojan-activity;sid:83678037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.52.48.235"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814130/; classtype:trojan-activity;sid:83677230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.162.141.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.21.223.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.250.160.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.168.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814119/; classtype:trojan-activity;sid:83677219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.113.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.133.214.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.123.142.116"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814100/; classtype:trojan-activity;sid:83677200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.126.186.56"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.231.226.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.93.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814086/; classtype:trojan-activity;sid:83677186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.254.173.147"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.22.48.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.189.218.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814083/; classtype:trojan-activity;sid:83677183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.217.148.149"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813794/; classtype:trojan-activity;sid:83676894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.67.115.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.247.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.153.22.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.28.123.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.30.85.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.210.217.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.253.154.142"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.144.195"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.43.59.154"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813134/; classtype:trojan-activity;sid:83676234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.100.50.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.198.242.56"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.157.219.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813130/; classtype:trojan-activity;sid:83676230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.248.81.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813122/; classtype:trojan-activity;sid:83676222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.29.14.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.151.56.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.165.209.73"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.120.179.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813091/; classtype:trojan-activity;sid:83676191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.141.135.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813101/; classtype:trojan-activity;sid:83676201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.142.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813103/; classtype:trojan-activity;sid:83676203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.230.159.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813083/; classtype:trojan-activity;sid:83676183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.249.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.39.242.53"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.163.57.65"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.249.52.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.228.64.59"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.77.74.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.189.125.90"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.120.179.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813047/; classtype:trojan-activity;sid:83676147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"144.48.169.8"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.42.122.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813053/; classtype:trojan-activity;sid:83676153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.230.153.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.70.204.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.21.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.19.251.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813028/; classtype:trojan-activity;sid:83676128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.169.235.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813024/; classtype:trojan-activity;sid:83676124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dinsherman202/solid-lamp/releases/download/download/github.software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812539/; classtype:trojan-activity;sid:83675639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.69.79.44"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.255.164.35"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.175.223.140"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.211.197.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.81.7"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.100.241.12"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.60.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.9.192.52"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809221/; classtype:trojan-activity;sid:83672321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.93.101"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.95.186.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.4.124.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.122.96.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.71.69.198"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.143.195.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809192/; classtype:trojan-activity;sid:83672292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.89.188.97"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.114.109.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809182/; classtype:trojan-activity;sid:83672282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.254.223.175"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.54.121.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809177/; classtype:trojan-activity;sid:83672277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.215.61.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.65.45.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.42.201.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.101.191.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809160/; classtype:trojan-activity;sid:83672260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.130.70.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809143/; classtype:trojan-activity;sid:83672243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"208.89.168.31"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809146/; classtype:trojan-activity;sid:83672246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.65.15.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.98.94"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.53.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809135/; classtype:trojan-activity;sid:83672235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.32.86.42"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.254.255.246"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.94.29.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.38.60.246"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809116/; classtype:trojan-activity;sid:83672216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.83.76"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.50.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.120.211.83"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809108/; classtype:trojan-activity;sid:83672208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.195.141.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809109/; classtype:trojan-activity;sid:83672209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.214.56.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.43.201.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809113/; classtype:trojan-activity;sid:83672213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.7.153.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.155.192.139"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809106/; classtype:trojan-activity;sid:83672206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.56.164.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809099/; classtype:trojan-activity;sid:83672199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.42.121.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809100/; classtype:trojan-activity;sid:83672200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.200.63.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.165.112.168"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809088/; classtype:trojan-activity;sid:83672188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.251.5.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"191.103.250.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809070/; classtype:trojan-activity;sid:83672170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.158.175.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809071/; classtype:trojan-activity;sid:83672171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.28.58.132"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.248.56.14"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.156.143.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809065/; classtype:trojan-activity;sid:83672165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.222.45.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.29.19.18"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.227.118.33"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809005/; classtype:trojan-activity;sid:83672105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.72.31.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808994/; classtype:trojan-activity;sid:83672094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.28.11.111"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.228.135.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.154.131.153"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.31.135.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808982/; classtype:trojan-activity;sid:83672082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.237.157.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.19.174.250"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.186.156.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808974/; classtype:trojan-activity;sid:83672074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.84.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808975/; classtype:trojan-activity;sid:83672075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.184.188.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808976/; classtype:trojan-activity;sid:83672076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.88.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.210.50.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.57.33.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.105.79.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808968/; classtype:trojan-activity;sid:83672068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.192.78.254"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.157.212.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.126.170.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808958/; classtype:trojan-activity;sid:83672058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.4.147.109"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.121.161.31"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.245.112.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.208.145.49"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.241.143"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808932/; classtype:trojan-activity;sid:83672032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.101.81.142"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.227.118.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.18.223.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.234.203.16"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808937/; classtype:trojan-activity;sid:83672037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.188.254.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808939/; classtype:trojan-activity;sid:83672039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.162.113.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.253.241.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808926/; classtype:trojan-activity;sid:83672026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.116.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.70.215.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808917/; classtype:trojan-activity;sid:83672017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.151.29.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808906/; classtype:trojan-activity;sid:83672006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.84.212.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.188.215.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808909/; classtype:trojan-activity;sid:83672009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.154.135.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.99.218.152"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808905/; classtype:trojan-activity;sid:83672005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.20.122.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808895/; classtype:trojan-activity;sid:83671995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.64.96.209"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.131.95.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.61.33"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.201.25.95"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.16.75.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.218.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808875/; classtype:trojan-activity;sid:83671975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.177.42"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.52.164.170"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.78.118.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808861/; classtype:trojan-activity;sid:83671961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.234.253.53"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808862/; classtype:trojan-activity;sid:83671962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.11.81"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"189.204.177.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.34.22.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808853/; classtype:trojan-activity;sid:83671953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.44.110.215"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.247.116"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.236.114.174"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808840/; classtype:trojan-activity;sid:83671940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.4.110.130"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.60.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.228.134.161"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808822/; classtype:trojan-activity;sid:83671922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.179.41.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808824/; classtype:trojan-activity;sid:83671924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.189.172.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.177.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"174.78.254.83"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.93.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808819/; classtype:trojan-activity;sid:83671919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.112.158"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808820/; classtype:trojan-activity;sid:83671920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.154.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.188.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808807/; classtype:trojan-activity;sid:83671907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.92.181.49"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808808/; classtype:trojan-activity;sid:83671908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.187.151.189"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.81.127.208"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.164.252.18"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808793/; classtype:trojan-activity;sid:83671893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.122.211.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.107.205.29"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.20.51.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.217.148.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"71.83.248.9"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808786/; classtype:trojan-activity;sid:83671886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.36.243"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808790/; classtype:trojan-activity;sid:83671890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.84.143.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808783/; classtype:trojan-activity;sid:83671883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.173.163.110"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.120.241.207"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808781/; classtype:trojan-activity;sid:83671881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.24.131.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808782/; classtype:trojan-activity;sid:83671882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.43.34.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.165.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.202.220.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808760/; classtype:trojan-activity;sid:83671860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.139.153.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.183.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.34.157.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.17.23.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.175.42.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.147.93.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.120.98.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.214.241.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.111.116.96"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.159.74.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.71.191.178"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808738/; classtype:trojan-activity;sid:83671838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.197.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.114.97.30"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.93.28.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808721/; classtype:trojan-activity;sid:83671821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.17.248.14"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.62.179.34"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.73.121.49"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.106.146"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.42.121.22"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808705/; classtype:trojan-activity;sid:83671805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.176.7.134"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808701/; classtype:trojan-activity;sid:83671801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.38.241.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808702/; classtype:trojan-activity;sid:83671802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.199.144.62"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808704/; classtype:trojan-activity;sid:83671804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.65.205.108"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808697/; classtype:trojan-activity;sid:83671797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.120.179.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808659/; classtype:trojan-activity;sid:83671759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.34.7.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.131.244.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.212.109.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808643/; classtype:trojan-activity;sid:83671743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.191.123.196"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.60.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.28.58.97"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.176.137.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.4.69.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808616/; classtype:trojan-activity;sid:83671716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.74.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.218.152.38"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.80.244.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.38.241.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808586/; classtype:trojan-activity;sid:83671686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.69.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.1.157.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808564/; classtype:trojan-activity;sid:83671664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.115.174.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808565/; classtype:trojan-activity;sid:83671665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.0.4.86"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.7.27.90"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.218.172.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808556/; classtype:trojan-activity;sid:83671656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.118.45.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808557/; classtype:trojan-activity;sid:83671657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.186.54.203"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.142.114.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808540/; classtype:trojan-activity;sid:83671640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808542/; classtype:trojan-activity;sid:83671642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.234.147.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808544/; classtype:trojan-activity;sid:83671644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.189.222.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.141.122.162"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808546/; classtype:trojan-activity;sid:83671646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.101.187.226"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808549/; classtype:trojan-activity;sid:83671649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.180.9.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.29.147.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808552/; classtype:trojan-activity;sid:83671652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.87.5.2"; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.149"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808536/; classtype:trojan-activity;sid:83671636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.191.218.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.140.176.228"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808522/; classtype:trojan-activity;sid:83671622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.171.80.104"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.205.90.51"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808525/; classtype:trojan-activity;sid:83671625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.244.112.102"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.187.82.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.111.119.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.139.249.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.89.178.102"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808489/; classtype:trojan-activity;sid:83671589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.19.172.50"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.199.144.65"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808486/; classtype:trojan-activity;sid:83671586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.68.161.157"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.172.170.111"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808483/; classtype:trojan-activity;sid:83671583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.69.88.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.42.243.110"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808478/; classtype:trojan-activity;sid:83671578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.242.139.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.247.68.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808473/; classtype:trojan-activity;sid:83671573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.17.61.236"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808457/; classtype:trojan-activity;sid:83671557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.154.84.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.4.199"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808460/; classtype:trojan-activity;sid:83671560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.237.174.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808452/; classtype:trojan-activity;sid:83671552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.92.143.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.200.203.114"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808432/; classtype:trojan-activity;sid:83671532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.237.174.27"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808434/; classtype:trojan-activity;sid:83671534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.0.136.2"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.247.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.156.46.134"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.185.127.181"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808422/; classtype:trojan-activity;sid:83671522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.213.157.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808423/; classtype:trojan-activity;sid:83671523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.199.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.246.214.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808425/; classtype:trojan-activity;sid:83671525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.116.68.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.73.70.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.119.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.216.28.112"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.249.54.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.221.254.140"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808406/; classtype:trojan-activity;sid:83671506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.91.171.37"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.195.100.69"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"47.50.169.82"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.94.100.202"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808392/; classtype:trojan-activity;sid:83671492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.240.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808396/; classtype:trojan-activity;sid:83671496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.57.121.123"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808397/; classtype:trojan-activity;sid:83671497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.182.214.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.165.192.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808379/; classtype:trojan-activity;sid:83671479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.230.158.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.190.76.126"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.245.131.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808385/; classtype:trojan-activity;sid:83671485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"86.38.171.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808388/; classtype:trojan-activity;sid:83671488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.72.39.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.125.163.10"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.114.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.188.48.90"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808367/; classtype:trojan-activity;sid:83671467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808303/; classtype:trojan-activity;sid:83671403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808304/; classtype:trojan-activity;sid:83671404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808306/; classtype:trojan-activity;sid:83671406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808307/; classtype:trojan-activity;sid:83671407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808271/; classtype:trojan-activity;sid:83671371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808276/; classtype:trojan-activity;sid:83671376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808277/; classtype:trojan-activity;sid:83671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808278/; classtype:trojan-activity;sid:83671378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808264/; classtype:trojan-activity;sid:83671364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808233/; classtype:trojan-activity;sid:83671333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808247/; classtype:trojan-activity;sid:83671347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808250/; classtype:trojan-activity;sid:83671350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808226/; classtype:trojan-activity;sid:83671326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808216/; classtype:trojan-activity;sid:83671316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808219/; classtype:trojan-activity;sid:83671319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808221/; classtype:trojan-activity;sid:83671321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.78.215.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.120.54.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.190.70.78"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808190/; classtype:trojan-activity;sid:83671290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808191/; classtype:trojan-activity;sid:83671291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.91.125.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808193/; classtype:trojan-activity;sid:83671293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.64.219.140"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808195/; classtype:trojan-activity;sid:83671295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.67.66.178"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808176/; classtype:trojan-activity;sid:83671276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"80.255.187.190"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808178/; classtype:trojan-activity;sid:83671278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.139.121.189"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808179/; classtype:trojan-activity;sid:83671279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ping"; depth:5; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/http.txt"; depth:9; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"138.36.239.20"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; depth:56; endswith; nocase; http.host; content:"distro.ibiblio.org"; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/printspoofer.exe"; depth:17; endswith; nocase; http.host; content:"35.185.187.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803517/; classtype:trojan-activity;sid:83666617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"83.209.41.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"83.209.41.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/letmatros.snp"; depth:23; endswith; nocase; http.host; content:"dnvk1.info"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795504/; classtype:trojan-activity;sid:83658604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wlbkszoxpvyovh65.bin"; depth:30; endswith; nocase; http.host; content:"dnvk1.info"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792394/; classtype:trojan-activity;sid:83655494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.index/scan.tar"; depth:16; endswith; nocase; http.host; content:"58.216.207.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incoper887/tua/raw/main/build.exe"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; depth:57; endswith; nocase; http.host; content:"60.22.23.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"65.49.44.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.113.35.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp"; depth:4; endswith; nocase; http.host; content:"47.101.206.165"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"83.96.147.6"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"46.44.203.207"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786665/; classtype:trojan-activity;sid:83649765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"2.42.168.99"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exploit.class"; depth:14; endswith; nocase; http.host; content:"39.98.107.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"39.98.107.227"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; depth:50; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/updates/tinder%20bot.exe"; depth:35; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ransomware.wannacry_plus.zip"; depth:29; endswith; nocase; http.host; content:"14.224.174.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/driveapplet.exe"; depth:16; endswith; nocase; http.host; content:"noithaticon.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17c4755d1d45ed1bb454/8703634058188758823"; depth:41; endswith; nocase; http.host; content:"f24-zfcloud.zdn.vn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1cbzrekgr3qfqlniab3cpysqnzafff|3f|content_disposition=attachment|7c|3b|7c|filename=%22upload_20240311-130634.zip"; depth:119; endswith; nocase; http.host; content:"public.adobecc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782286/; classtype:trojan-activity;sid:83645386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.72.39.196"; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"oys0ro.static.otenet.gr"; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.py"; depth:5; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"193.93.248.103"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greenpackage.exe"; depth:17; endswith; nocase; http.host; content:"bitkiselurunsiparis.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/cheat.dll"; depth:17; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776111/; classtype:trojan-activity;sid:83639211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/main.dll"; depth:16; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776110/; classtype:trojan-activity;sid:83639210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/zverify.dll"; depth:19; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776109/; classtype:trojan-activity;sid:83639209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/mhpverify.dll"; depth:21; endswith; nocase; http.host; content:"103.183.113.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776108/; classtype:trojan-activity;sid:83639208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/x.rar"; depth:11; endswith; nocase; http.host; content:"106.254.250.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/met111.sh"; depth:15; endswith; nocase; http.host; content:"106.254.250.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"75.183.98.139"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769194/; classtype:trojan-activity;sid:83632294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.188.216.17"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.198.199.18"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769198/; classtype:trojan-activity;sid:83632298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/down/jeditor/jeditor.exe"; depth:34; endswith; nocase; http.host; content:"www.ojang.pe.kr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2024/e_r1.bmp"; depth:33; endswith; nocase; http.host; content:"catbaparadisehotel.com.vn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aminer.gz"; depth:10; endswith; nocase; http.host; content:"45.64.128.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765918/; classtype:trojan-activity;sid:83629018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.tgz"; depth:12; endswith; nocase; http.host; content:"45.64.128.244"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765915/; classtype:trojan-activity;sid:83629015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hitmanpro.zip"; depth:14; endswith; nocase; http.host; content:"hitman-pro.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86_64"; depth:17; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.i686"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.mips"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.arm"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.spc"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.188.215.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764488/; classtype:trojan-activity;sid:83627588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobileanjian.apk"; depth:17; endswith; nocase; http.host; content:"103.6.5.3"; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.i686"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.spc"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.mips"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.arm"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86_64"; depth:17; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/view/ta.sh"; depth:15; endswith; nocase; http.host; content:"118.26.174.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/build6_unencrypted.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752434/; classtype:trojan-activity;sid:83615534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gzckgqlufkfpmlzsd4dlrp8-nrdeju1w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751248/; classtype:trojan-activity;sid:83614348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/first.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_22; reference:url, urlhaus.abuse.ch/url/2750554/; classtype:trojan-activity;sid:83613654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/windows.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749981/; classtype:trojan-activity;sid:83613081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/eszop.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749973/; classtype:trojan-activity;sid:83613073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/wefhrf.exe"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749975/; classtype:trojan-activity;sid:83613075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riseme-origami/g/raw/main/client-built.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748820/; classtype:trojan-activity;sid:83611920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kseniakucherksenia/.github.io/raw/main/cayv0deo9jst417.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748808/; classtype:trojan-activity;sid:83611908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kseniakucherksenia/.github.io/main/cayv0deo9jst417.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748809/; classtype:trojan-activity;sid:83611909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rqhgsr779gyzvi15p-bmkx8txq4bj-yi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748350/; classtype:trojan-activity;sid:83611450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.180.35.231"; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24/b.jpg"; depth:9; endswith; nocase; http.host; content:"185.16.38.38"; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_27; reference:url, urlhaus.abuse.ch/url/2744609/; classtype:trojan-activity;sid:83607709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.149.127.214"; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744516/; classtype:trojan-activity;sid:83607616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.193.21.48"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_24; reference:url, urlhaus.abuse.ch/url/2744000/; classtype:trojan-activity;sid:83607100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"177.129.147.4"; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742584/; classtype:trojan-activity;sid:83605684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/automaticamente/index.php"; depth:33; endswith; nocase; http.host; content:"wynecare.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735437/; classtype:trojan-activity;sid:83598537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chdyz/chdyz.dll"; depth:16; endswith; nocase; http.host; content:"47.110.247.171"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735400/; classtype:trojan-activity;sid:83598500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chdyz/chdyz.exe"; depth:16; endswith; nocase; http.host; content:"47.110.247.171"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735399/; classtype:trojan-activity;sid:83598499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lti_ruby/av/development/insertionsortpro.js"; depth:44; endswith; nocase; http.host; content:"lti.cs.vt.edu"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734988/; classtype:trojan-activity;sid:83598088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wei"; depth:4; endswith; nocase; http.host; content:"80.68.196.6"; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734983/; classtype:trojan-activity;sid:83598083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vendor/bin/nobody/clean.it"; depth:27; endswith; nocase; http.host; content:"xiangshunjy.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/404"; depth:4; endswith; nocase; http.host; content:"31.184.194.114"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.139.249.103"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.100.63.216"; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733662/; classtype:trojan-activity;sid:83596762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.165.209.73"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oto"; depth:4; endswith; nocase; http.host; content:"sos.vivi.sg"; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729116/; classtype:trojan-activity;sid:83592216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns3.jpg"; depth:8; endswith; nocase; http.host; content:"sos.vivi.sg"; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729115/; classtype:trojan-activity;sid:83592215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jmvlc342a-9khhwqofk1aticown34bxe"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728916/; classtype:trojan-activity;sid:83592016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zte2ty_wldnnepgomzi6zqqad7moc4kk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726789/; classtype:trojan-activity;sid:83589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; depth:56; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2725971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ctnmusyjuqkrxgvd6uph5ttb4-sb1zxr"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2725971/; classtype:trojan-activity;sid:83589071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2723186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nx37rcyoclifch3waaddhuzclyj4ouue"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2723186/; classtype:trojan-activity;sid:83586286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.210.35.140"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720676/; classtype:trojan-activity;sid:83583776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.213.157.76"; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720427/; classtype:trojan-activity;sid:83583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112s"; depth:5; endswith; nocase; http.host; content:"43.249.172.195"; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112"; depth:4; endswith; nocase; http.host; content:"43.249.172.195"; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.82.211.164"; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/test.exe"; depth:14; endswith; nocase; http.host; content:"pouya.blob.core.windows.net"; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_19; reference:url, urlhaus.abuse.ch/url/2712484/; classtype:trojan-activity;sid:83575584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.94.9.181"; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_21; reference:url, urlhaus.abuse.ch/url/2705989/; classtype:trojan-activity;sid:83569089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"90.68.161.157"; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2703301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/twentytwenty/html.exe"; depth:40; endswith; nocase; http.host; content:"fetchdesignprint.co.za"; depth:22; isdataat:!1,relative; metadata:created_at 2023_08_09; reference:url, urlhaus.abuse.ch/url/2703301/; classtype:trojan-activity;sid:83566401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.135.142.235"; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2698184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"z.shavsl.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_04; reference:url, urlhaus.abuse.ch/url/2698184/; classtype:trojan-activity;sid:83561284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.214.56.234"; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/housenetshare.exe"; depth:18; endswith; nocase; http.host; content:"stdown.dinju.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.100.50.137"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yfrfklulpjtnvv25.bin"; depth:21; endswith; nocase; http.host; content:"diclegrup.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682047/; classtype:trojan-activity;sid:83545147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.234.203.16"; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678477/; classtype:trojan-activity;sid:83541577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/qmydsnl.dll"; depth:28; endswith; nocase; http.host; content:"lostheaven.com.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676880/; classtype:trojan-activity;sid:83539980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/apctntoca.bmp"; depth:30; endswith; nocase; http.host; content:"lostheaven.com.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.87.5.2"; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"217.114.43.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.sh"; depth:7; endswith; nocase; http.host; content:"194.38.23.2"; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxmr.exe"; depth:9; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_26; reference:url, urlhaus.abuse.ch/url/2618340/; classtype:trojan-activity;sid:83481440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.59.133.14"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_22; reference:url, urlhaus.abuse.ch/url/2615901/; classtype:trojan-activity;sid:83479001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.34.177.78"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.208.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.195.141.241"; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615296/; classtype:trojan-activity;sid:83478396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.65.45.186"; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.93.41.223"; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615280/; classtype:trojan-activity;sid:83478380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.81.127.208"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.22.237.98"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.20.122.114"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615259/; classtype:trojan-activity;sid:83478359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.153.20.102"; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2598926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4afziyfqzm/afziyfqzm/downloads/new_kiddions.rar"; depth:48; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_05; reference:url, urlhaus.abuse.ch/url/2598926/; classtype:trojan-activity;sid:83462026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2562937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b512c9bf0b/rnlgmamvrrbyey3nzb/"; depth:31; endswith; nocase; http.host; content:"ns1.koleso.tc"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2562937/; classtype:trojan-activity;sid:83426037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unlockteame/unlimited/zip/refs/heads/main"; depth:42; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pei.exe"; depth:8; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npp.exe"; depth:8; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517803/; classtype:trojan-activity;sid:83380903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kb824105-x86-enu.exe"; depth:21; endswith; nocase; http.host; content:"microsecurityupdate.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517462/; classtype:trojan-activity;sid:83380562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1"; depth:2; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517273/; classtype:trojan-activity;sid:83380373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"185.215.113.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517268/; classtype:trojan-activity;sid:83380368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1"; depth:2; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513697/; classtype:trojan-activity;sid:83376797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513699/; classtype:trojan-activity;sid:83376799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2504339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/89wkr/"; depth:13; endswith; nocase; http.host; content:"coadymarine.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_11; reference:url, urlhaus.abuse.ch/url/2504339/; classtype:trojan-activity;sid:83367439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys.x86_64"; depth:11; endswith; nocase; http.host; content:"194.38.23.2"; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/idr/v3/pub/idrb5event.exe"; depth:29; endswith; nocase; http.host; content:"update.itopvpn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_12_01; reference:url, urlhaus.abuse.ch/url/2441027/; classtype:trojan-activity;sid:83304127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twztl.exe"; depth:10; endswith; nocase; http.host; content:"185.215.113.84"; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/core"; depth:5; endswith; nocase; http.host; content:"cnom.sante.gov.ml"; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12"; depth:3; endswith; nocase; http.host; content:"cnom.sante.gov.ml"; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414733/; classtype:trojan-activity;sid:83277833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analytics/zy5ntk/"; depth:18; endswith; nocase; http.host; content:"fromthetrenchesworldreport.com"; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2407720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/eaeuutop/"; depth:19; endswith; nocase; http.host; content:"www.globallaborsupply.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2407720/; classtype:trojan-activity;sid:83270820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/fw/fw.exe"; depth:15; endswith; nocase; http.host; content:"tengfeidn.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.180.9.57"; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.38.24.186"; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2261300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opencart/system/library/cache/.cache/loader.exe"; depth:48; endswith; nocase; http.host; content:"www.maxmoney.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_07_26; reference:url, urlhaus.abuse.ch/url/2261300/; classtype:trojan-activity;sid:83124400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2260566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.65.205.108"; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_24; reference:url, urlhaus.abuse.ch/url/2260566/; classtype:trojan-activity;sid:83123666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.173.39.201"; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.205.236"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250831/; classtype:trojan-activity;sid:83113931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"62.169.235.215"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246119/; classtype:trojan-activity;sid:83109219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system/gbh/"; depth:12; endswith; nocase; http.host; content:"airhobi.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237418/; classtype:trojan-activity;sid:83100518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/sm02zsvdywdotb7rql/"; depth:29; endswith; nocase; http.host; content:"dhnconstrucciones.com.ar"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty4|3f|ddos"; depth:16; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_10; reference:url, urlhaus.abuse.ch/url/2233031/; classtype:trojan-activity;sid:83096131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/newsales/adm_atu.exe"; depth:26; endswith; nocase; http.host; content:"palharesinformatica.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/rm0xpx/"; depth:12; endswith; nocase; http.host; content:"jobcity.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2218862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accesorios/plg/"; depth:16; endswith; nocase; http.host; content:"tecni-soft.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_31; reference:url, urlhaus.abuse.ch/url/2218862/; classtype:trojan-activity;sid:83081962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2211781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accesorios/xqp/"; depth:16; endswith; nocase; http.host; content:"tecni-soft.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_26; reference:url, urlhaus.abuse.ch/url/2211781/; classtype:trojan-activity;sid:83074881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crt/xe"; depth:7; endswith; nocase; http.host; content:"pns.org.pk"; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/application/phebceg4tx/"; depth:24; endswith; nocase; http.host; content:"www.ingonherbal.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2150451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.vi"; depth:4; endswith; nocase; http.host; content:"185.216.133.16"; depth:14; isdataat:!1,relative; metadata:created_at 2022_04_16; reference:url, urlhaus.abuse.ch/url/2150451/; classtype:trojan-activity;sid:83013551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2143816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/server.txt"; depth:20; endswith; nocase; http.host; content:"linkvilleplayers.org"; depth:20; isdataat:!1,relative; metadata:created_at 2022_04_12; reference:url, urlhaus.abuse.ch/url/2143816/; classtype:trojan-activity;sid:83006916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; depth:37; endswith; nocase; http.host; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/|3f|i=1"; depth:47; endswith; nocase; http.host; content:"www.chemsky.tn"; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120576/; classtype:trojan-activity;sid:82983676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/"; depth:40; endswith; nocase; http.host; content:"www.chemsky.tn"; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120577/; classtype:trojan-activity;sid:82983677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2113865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty3|3f|ddos"; depth:16; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2113865/; classtype:trojan-activity;sid:82976965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logfiles/u2o/"; depth:14; endswith; nocase; http.host; content:"89.25.223.211"; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty4"; depth:8; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086476/; classtype:trojan-activity;sid:82949576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.l/pty3"; depth:8; endswith; nocase; http.host; content:"106.246.224.219"; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086449/; classtype:trojan-activity;sid:82949549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2076705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.158.95.85"; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_04; reference:url, urlhaus.abuse.ch/url/2076705/; classtype:trojan-activity;sid:82939805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2066122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/vin1.jpg"; depth:16; endswith; nocase; http.host; content:"namthaibinh.net"; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_28; reference:url, urlhaus.abuse.ch/url/2066122/; classtype:trojan-activity;sid:82929222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2051389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.142.114.242"; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_21; reference:url, urlhaus.abuse.ch/url/2051389/; classtype:trojan-activity;sid:82914489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.231.226.35"; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1996626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.92.181.49"; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_21; reference:url, urlhaus.abuse.ch/url/1996626/; classtype:trojan-activity;sid:82859726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1988943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.sh|3f|le0943_http"; depth:22; endswith; nocase; http.host; content:"194.145.227.21"; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_19; reference:url, urlhaus.abuse.ch/url/1988943/; classtype:trojan-activity;sid:82852043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5j1ae/apmyyqsc6q3p5y/"; depth:22; endswith; nocase; http.host; content:"aosafrica.co.za"; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autokey/update/autokey.exe"; depth:27; endswith; nocase; http.host; content:"api.52kkg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887133/; classtype:trojan-activity;sid:82750233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; depth:88; endswith; nocase; http.host; content:"server.toeicswt.co.kr"; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/ana/update.exe"; depth:22; endswith; nocase; http.host; content:"www.teknoarge.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/23s"; depth:12; endswith; nocase; http.host; content:"101.51.121.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653848/; classtype:trojan-activity;sid:82516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/23"; depth:11; endswith; nocase; http.host; content:"101.51.121.206"; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653849/; classtype:trojan-activity;sid:82516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1577204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.126.170.119"; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_30; reference:url, urlhaus.abuse.ch/url/1577204/; classtype:trojan-activity;sid:82440304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/safmanager/safman_setup.exe"; depth:38; endswith; nocase; http.host; content:"www.saf-oil.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1539372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.120.211.83"; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_16; reference:url, urlhaus.abuse.ch/url/1539372/; classtype:trojan-activity;sid:82402472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ortakmodul/nbys%20asm.net.exe"; depth:30; endswith; nocase; http.host; content:"files5.uludagbilisim.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506064/; classtype:trojan-activity;sid:82369164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; depth:48; endswith; nocase; http.host; content:"files5.uludagbilisim.com"; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.164.200.170"; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hajime"; depth:7; endswith; nocase; http.host; content:"103.125.163.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1459190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cliopmq/cluton.exe"; depth:19; endswith; nocase; http.host; content:"protechasia.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_16; reference:url, urlhaus.abuse.ch/url/1459190/; classtype:trojan-activity;sid:82322290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.205.235"; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downfile.asp|3f|sid=276663/"; depth:28; endswith; nocase; http.host; content:"www.ysbaojia.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.125.163.10"; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inst77player/inst77player_1.0.0.1.exe"; depth:38; endswith; nocase; http.host; content:"softdl.360tpcdn.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.38.241.103"; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223122/; classtype:trojan-activity;sid:82086222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; depth:199; endswith; nocase; http.host; content:"cfs9.blog.daum.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; depth:184; endswith; nocase; http.host; content:"cfs13.tistory.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; depth:163; endswith; nocase; http.host; content:"cfs10.blog.daum.net"; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; depth:232; endswith; nocase; http.host; content:"cfs13.tistory.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; depth:303; endswith; nocase; http.host; content:"cfs7.blog.daum.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.sh"; depth:7; endswith; nocase; http.host; content:"194.145.227.21"; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1091105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r6x7x6rf.zip"; depth:13; endswith; nocase; http.host; content:"travelwithmanta.co.za"; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1091105/; classtype:trojan-activity;sid:81954205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1090482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r6x7x6rf.zip"; depth:13; endswith; nocase; http.host; content:"travelwithmanta.co.za"; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1090482/; classtype:trojan-activity;sid:81953582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dos/nemesy13.zip"; depth:17; endswith; nocase; http.host; content:"dl.packetstormsecurity.net"; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agha25.tar"; depth:11; endswith; nocase; http.host; content:"spaceframe.mobi.space-frame.co.za"; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2017/06/radbxnzdxbd.exe"; depth:24; endswith; nocase; http.host; content:"360down7.miiyun.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txs9e9.zip"; depth:11; endswith; nocase; http.host; content:"buscascolegios.diit.cl"; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (986697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcbl8fi.zip"; depth:12; endswith; nocase; http.host; content:"library.arihantmbainstitute.ac.in"; depth:33; isdataat:!1,relative; metadata:created_at 2021_02_01; reference:url, urlhaus.abuse.ch/url/986697/; classtype:trojan-activity;sid:81849797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamewd/yhdl.exe"; depth:16; endswith; nocase; http.host; content:"download.caihong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/bg4n3/"; depth:11; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935817/; classtype:trojan-activity;sid:81798917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u0eukz.zip"; depth:11; endswith; nocase; http.host; content:"abissnet.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2x2vexx.jpg"; depth:13; endswith; nocase; http.host; content:"yzkzixun.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (754857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfl7i3kp.rar"; depth:13; endswith; nocase; http.host; content:"karer.by"; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/754857/; classtype:trojan-activity;sid:81617957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; depth:37; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/attachments/"; depth:17; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723711/; classtype:trojan-activity;sid:81586811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paetools.exe"; depth:13; endswith; nocase; http.host; content:"soft.110route.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (611407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/3u/"; depth:8; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_25; reference:url, urlhaus.abuse.ch/url/611407/; classtype:trojan-activity;sid:81474507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (598684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/6qv2o2ehwzh1d/"; depth:19; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/598684/; classtype:trojan-activity;sid:81461784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/file/x7z9wbk77tt6v9/"; depth:30; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (552113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/llc/fa1torcvwmvsw1ioua/"; depth:28; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/552113/; classtype:trojan-activity;sid:81415213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmatrix/data/hack1226.exe"; depth:26; endswith; nocase; http.host; content:"cd.textfiles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (444932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/document/81828115/bkxjh/"; depth:33; endswith; nocase; http.host; content:"hr2019.vrcom7.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_27; reference:url, urlhaus.abuse.ch/url/444932/; classtype:trojan-activity;sid:81308032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/statement/ul397wfyb/"; depth:29; endswith; nocase; http.host; content:"reifenquick.de"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; depth:49; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/statement/sv8ah2oz31fj/"; depth:28; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438621/; classtype:trojan-activity;sid:81301721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/statement/ul397wfyb/"; depth:29; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; depth:82; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/hl8-8w4cs-6325/"; depth:24; endswith; nocase; http.host; content:"reifenquick.de"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/doc/kbc9dts71991684654644570io07lx5tws9zd0q/"; depth:49; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432815/; classtype:trojan-activity;sid:81295915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/hl8-8w4cs-6325/"; depth:24; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (431601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homegrownorlando.com/scan/5k2b2y4/"; depth:35; endswith; nocase; http.host; content:"exilum.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/431601/; classtype:trojan-activity;sid:81294701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/fqcfrfvwflt3/"; depth:18; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429864/; classtype:trojan-activity;sid:81292964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homegrownorlando.com/closed-section/additional-area/740331365-r4cxbyqtk/"; depth:73; endswith; nocase; http.host; content:"exilum.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427195/; classtype:trojan-activity;sid:81290295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/private_module/test_cloud/z3gjv_w4zyu545ts846/"; depth:51; endswith; nocase; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427189/; classtype:trojan-activity;sid:81290289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; depth:82; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invoice/aog-3515110/"; depth:21; endswith; nocase; http.host; content:"lindnerelektroanlagen.de"; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/parts_service/ly944myw/"; depth:28; endswith; nocase; http.host; content:"hitstation.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homegrownorlando.com/djsv1tay8/"; depth:32; endswith; nocase; http.host; content:"exilum.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419853/; classtype:trojan-activity;sid:81282953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (363653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.38.241.105"; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_16; reference:url, urlhaus.abuse.ch/url/363653/; classtype:trojan-activity;sid:81226753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; depth:151; endswith; nocase; http.host; content:"cfs5.tistory.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1/jet.exe"; depth:23; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322467/; classtype:trojan-activity;sid:81185567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scenic/scenic1/sunset1.exe"; depth:27; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowers/flowers1/smell-the-roses.exe"; depth:37; endswith; nocase; http.host; content:"funletters.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.4.124.58"; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.113.227"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.151.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"154.126.178.16"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239977/; classtype:trojan-activity;sid:81103077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.11.75.162"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237970/; classtype:trojan-activity;sid:81101070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; depth:38; endswith; nocase; http.host; content:"src1.minibai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meteoradminz/hidden-tear/zip/master"; depth:36; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opolis.exe"; depth:11; endswith; nocase; http.host; content:"www.opolis.io"; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/qt51crk.exe"; depth:21; endswith; nocase; http.host; content:"www.hseda.com"; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/qt51crk.exe"; depth:21; endswith; nocase; http.host; content:"hseda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/screenmate/cute/sm1302.zip"; depth:27; endswith; nocase; http.host; content:"www.starcountry.net"; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/siplast/_vti_cnf/_vti_cnf.exe"; depth:39; endswith; nocase; http.host; content:"unicorpbrunei.com"; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_25; reference:url, urlhaus.abuse.ch/url/201893/; classtype:trojan-activity;sid:81064993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; depth:60; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/12.2013/nrv-ppwr.zip"; depth:30; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razor/rzr-winner_intro.zip"; depth:27; endswith; nocase; http.host; content:"chiptune.com"; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; depth:67; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; depth:51; endswith; nocase; http.host; content:"download.skycn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; depth:49; endswith; nocase; http.host; content:"download.skycn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft_hair/pcsupport.exe"; depth:24; endswith; nocase; http.host; content:"support.clz.kr"; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_14; reference:url, urlhaus.abuse.ch/url/195911/; classtype:trojan-activity;sid:81059011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; depth:50; endswith; nocase; http.host; content:"jointings.org"; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; depth:50; endswith; nocase; http.host; content:"jointings.org"; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; depth:50; endswith; nocase; http.host; content:"jointings.org"; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/active/pcclear_eng_mini.exe"; depth:28; endswith; nocase; http.host; content:"down.pcclear.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (101043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/employeemasterimages/qace.jpg"; depth:30; endswith; nocase; http.host; content:"livetrack.in"; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_02; reference:url, urlhaus.abuse.ch/url/101043/; classtype:trojan-activity;sid:80964143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gvhr-mmj5u8zn2kc5aoq_nkxhprvvh-t9/"; depth:35; endswith; nocase; http.host; content:"aulist.com"; depth:10; isdataat:!1,relative; metadata:created_at 2018_12_18; reference:url, urlhaus.abuse.ch/url/96791/; classtype:trojan-activity;sid:80959891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/20140812/14078161556897.rar"; depth:35; endswith; nocase; http.host; content:"static.3001.net"; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; depth:41; endswith; nocase; http.host; content:"p6.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/rc1veeex.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/a9to40e7.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-07/28/117228/4wtjdjio.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/06/98428/07c9mfhe.zip"; depth:35; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) # Number of entries: 55609